The OpenChain Project provided a Global Update at Open Source Tech Day 2025 event in Seoul, South Korea on the 21st of October 2025. This event brought together government, industry and academic experts to discuss the intersection of open innovation and commerce. Shane Coughlan, OpenChain General Manager, took the stage to represent the community and encourage a more trusted supply chain.
The OpenChain AI Work Group has been considering how to manage AI compliance in the supply chain since January 2024. During this time the community has collaboratively produced a guide to identify key process points for a quality AI compliance program. After completing a drafting process, a review process and a public comment period, that guide is now freely available to all in its release version.
Review the Editing Version on GitHub (MarkDown format)
Get Involved:
Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai
Attend Future Meetings:
You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate
Join a webinar on the Digital Personal Data Protection Act, 2023 to understand key compliance obligations, consent mechanisms, and cross-border data transfer requirements. This 60-minute session offers a general overview and practical understanding to help both individuals and companies align with India’s DPDPA 2023. The event will be lead by Biju Nair, Chair of the OpenChain India Work Group.
Please register to join the webinar:
The OpenChai Meridian 22 Work Group will be represented by Vladimir Slavov at OpenFest 2025 this weekend.
OpenFest is the biggest Bulgarian conference dedicated to free culture, free knowledge sharing, free and open source software. It is the most anticipated annual gathering of fans, creators and supporters of open source and free art in Bulgaria.
Learn more:
Check out the talk:
- https://www.linkedin.com/posts/vladimir-slavov-%F0%9F%87%AA%F0%9F%87%BA-578726180_%D0%B4%D0%BD%D0%B5%D1%81-%D0%BD%D0%B0-openfest-bulgaria-%D0%BD%D0%B0%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%85-lightning-activity-7385350682226114560-a6pb?utm_source=share&utm_medium=member_desktop&rcm=ACoAAACvKzUByb5VJsorojLALtdi-cBeq-StgR4
Ciaran O’Riordan of the Eclipse Foundation will join our newest work group to discuss the diverse European Union regulation incoming, how it impacts open source, and what we need to do to meet requirements. Our Meridian 22 community will also discuss what’s happening in their locality, including similar (or compatible) regulations. We will start with Bulgaria. All welcome! This is a community meeting in English.
This event takes place:
2025-10-20 @ 07:30 UTC / 08:30 BST / 09:30 CEST / 16:30 JST
Dial-in at the time of the event:
JUN Legal GmbH is the latest official OpenChain Partner, expanding coverage and diversity of options in the German market.
“Open source is a strategic topic for the European Union,” says Florian Hackel, specialized lawyer for IT law. “Projects like OpenChain, and the ISO process standards they maintain, offer a path to sustainable, reliable and trustworthy management. We are delighted to be able to support our clients and the broader community in the continued professionalization of open source.”
“Germany is a key market for the OpenChain Project,” says Shane Coughlan, OpenChain General Manager. “I am delighted to see our options for the community expanding, and our avenues for advocacy and support doing the same. I look forward to future collaboration with JUN and their team.”
About JUN Legal GmbH
JUN Legal is a medium-sized German law firm specializing in IT law, AI and open source compliance. Our team currently includes 27 attorneys with FOSS experience, eight of whom are Certified Specialist Lawyers for IT Law. For more than a decade, we have supported major corporate clients in ensuring license-compliant integration of open source software components and in developing strategic policies for the use of open source and its diverse licensing models. Our experience also includes delivering expert lectures, publishing on open source legal topics, and representing clients in selected court proceedings.
Learn more: https://jun.legal/en/
The OpenChain Project delivered a keynote at the recent ZF Conference in Germany. This event, targeted towards internal terms across the ZF Group, and to customers and suppliers, provided a platform to discuss open source strategy and practical management. As an adopter of OpenChain ISO/IEC 5230, ZG Group has taken a leadership position in seeking excellence in the open source automotive supply chain.
Check Out The OpenChain Keynote Slides Below:
We Discussed:
Lead by Chris Wood (Chair, Specification Work Group) and Martin Yagi (Chair Education Work Group), the call covered the following agenda:
- OpenChain Project News
- Specification Work Group – CRA, other regulations and our standards
- Education Work Group – Update on Status and Community Work Items
- Any Other Business?
A reminder for those in Asia – while this edition of the monthly call is happening in the darkest hours of the night (01:30 in Japan!), we also have a monthly Europe / Asia call that works better for those in Eastern time zones. Check out the schedule for this and all our other meetings here:
https://openchainproject.org/participate
Watch the Recording:
Check out the Meeting Slides:
Coming Next:
- A ton of work pending on education, and a survey to be released for the spec. Expect a strong focus on looking at what we have accomplished, looking at feedback, and making it better.
Join Our Work:
Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/
You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate
During our regular OpenChain AI Work Group meeting for North America and Europe the agenda was:
- Item #1: We have completed the AI SBOM Compliance Management Guide
- Item #2: We are going live on 20th October – your help with promotion is requested
- Item #3: We have started coordination with Lord Clement-Jones in the UK, UK working group, Spec Group, LF legal conference and PyTorch conference
- Item #4: Early market feedback can be used to update the guide for solution/market fit – Your help is requested
- Item #5: FINOS working group
- Item #6: Any Other Business
Watch the Recording:
Get Involved:
Everyone is welcome to be part of this activity! OpenChain has free, open access to all its work groups and study groups. Just turn up, and listen in, and contribute comments, ideas and suggestions.
✉️ We have a dedicated mailing list for the AI Work Group: https://lists.openchainproject.org/g/ai
Attend Future Meetings:
You can find and get the dial-in details for all future meetings from our participate page here: https://www.openchainproject.org/participate
The Event:
OSS Security Technology Workshop (OWS) aims to encourage interaction between the corporate OSS community and academia, thereby stimulating research on OSS security and movement toward its practical application. OWS 2025 will be a key event to share knowledge and experience.
The Speakers:
Kobota San and Namae San of Sony (and the OpenChain community) will be speaking in Okayama on the 28th of October at 15:50.
Title:
Improving SBOM Quality: Practitioner Challenges and Initiatives to Strengthen Software Supply Chain Trust
Abstract:
This presentation examines the critical role of high-quality SBOMs in regulatory compliance and software supply chain hardening. SBOM is essential for robust security management and compliance with OSS licenses. However, as things stand at present, many implementations are inadequate – for example, “Source SBOM” is often unable to capture real binaries or runtime components, while “Build SBOM” generated via CI/CD pipelines tends to rely on package metadata, resulting in incomplete or mismatched data. Sony is focusing its efforts on the OpenChain project, developing SBOM Document Quality Guides based on ISO/IEC 5230 and ISO/IEC 18974, implementing measures such as ESSTRA, software for embedding source code details of executable binaries released by Sony as OSS, and providing upstream OSS packages in collaboration with the Debian community.
