Skip to main content

OpenChain 2.1 is ISO/IEC 5230:2020, the International Standard for open source compliance.

By 2020-12-15January 19th, 2023Featured, News

The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.

Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at:

ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.

“ISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,” says Shane Coughlan, OpenChain General Manager. “Our transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”

Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here:


“Arm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,” says Sami Atabani, Director of Third Party IP Licensing at Arm. “Establishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.”


“At BMW CarIT we continually work on improving the quality of our processes,” says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. “We welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”


“Bosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,” says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. “Our engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.”


“Cisco is honored to partner with an incredible team on the OpenChain project. Earlier this year (June 2020), our conformance with the OpenChain’s latest 2.0 specification for open source compliance has been the needle mover towards streamlining compliance as an indispensable entity across our organization, building Trust and improving overall productivity,” says Prasad Iyer Director, Product Operations at Cisco. “Now with ISO/IEC standardization of this latest OpenChain specification, it really solidifies Cisco’s commitment to excellence in Open source governance along with OpenChain which is well positioned at the top of the Compliance stack. We’re sincerely looking forward to our continued collaboration and partnership with all our OpenChain project peers across industry in the successful evolution of more such formal standards in the years ahead.”


“Fujitsu has contributed to the development of OpenChain as an industry standard for several years,” says Yasuko Aoki, Manager of Open Source Software Technology Center, Fujitsu Limited. “Our engagement is part of our broader engagement throughout the supply chain to promote excellence in governance and sustainability in practical deployment. The publication of OpenChain as a formal ISO/IEC International Standard is a significant milestone in the evolution of open source. We are proud of the accomplishment of all the contributors involved, and we look forward to the next steps in ensuring simple, reliable open source license compliance across the world.”


“Google has been at the forefront of open source development and the use of open source in business since its inception,” says Max Sills, Lead Open Source Attorney at Google. “Our collaboration with the OpenChain Project has been an important part of supporting greater maturity and predictability in this space. The release of ISO/IEC 5230:2020 provides a clear path to future inter-company collaboration. Defining a standard for quality open source compliance lowers the cost of doing business, and makes it easier for the entire industry to comply with open source obligations.”


“OpenChain has played a leading role in building trust in the open source ecosystem,” said David Rudin, Microsoft Assistant General Counsel. “When you receive software that has been produced through an OpenChain conformant program, it’s a great indication that the open source compliance obligations were taken seriously. With Microsoft’s OpenChain conformant program, we are keeping the trust our customers have placed in us to make sure their software is compliant and reducing friction in software transactions. As OpenChain takes the next step of becoming an international standard, we’re looking forward to continuing to advance open source adoption and trust in the community.”


“As the first Taiwanese company working with the OpenChain governing board, our work with the OpenChain Project is part of a larger vision for mature, sustainable open-source governance,” said David Chen, Engineering Director of the Technology & Research Corporate Division at Moxa. “Today’s announcement is a milestone in building efficiency and trust among companies using open source for innovative products and solutions. We look forward to working with our fellow board members in the deployment of OpenChain as an ISO/IEC International Standard to an audience of thousands of companies in the world.”


“As a member of OpenChain, OPPO is very pleased to see OpenChain being accepted as an ISO/IEC International Standard,” says Andy Wu, Vice President of OPPO and President of Software Engineering. “We believe this will help to further promote open source compliance. OPPO very much hopes to promote OpenChain with its partners, so that open source compliance becomes more consistent and simple.”


“Siemens is a founding member of the OpenChain Project and we have contributed to OpenChain since its beginning. Today we reached an outstanding milestone – the OpenChain specification is now an ISO/IEC International Standard,” says Oliver Fendt, Senior Manager Open Source. “Our engagement with OpenChain is based on a clear understanding that effective governance in open source must be practical, efficient, sustainable and affordable for everyone. With the ISO/IEC Standard we will enter a new stage in the evolution of our collective work, and we look forward to working with our peers in building further trust in the open source supply chain.”


“Sony has been part of the OpenChain industry standard and its related community for a substantial amount of time,” says Hisashi Tamai, SVP, Sony Corporation, representative of the Software Strategy Committee. “We have had the great pleasure to host the first meeting in Japan and support growth across this nation and abroad in the subsequent years. The publication of OpenChain by ISO as a formal International Standard is an important milestone in our shared mission to ensure excellence in open source. We look forward to working with our fellow board members, our diverse community and our colleagues at ISO in bringing this standard to thousands of new companies across the globe.”


“This achievement by OpenChain brings into reality the effort that so many across the software ecosystem has recognized for years – that when you can build trust into the open source compliance ecosystem, you create a path towards consistent, efficient, and reliable license compliance,” says Dave Marr, Vice President, Qualcomm Technologies, Inc. “We applaud the many contributors to OpenChain for achieving this terrific milestone, and for collaboratively building the internationally recognized standard for open source license compliance.”


“Uber has supported the development and deployment of the OpenChain industry standard from its early stages to becoming today’s de facto standard,” says Matthew Kuipers, Senior Counsel, Intellectual Property at Uber Technologies. “Today’s publication as an ISO International Standard is a key milestone in bringing clear, practical and effective open source license compliance to thousands of companies across the supply chain. We look forward to collaborating with our peers in accomplishing this mission and supporting our growing international community.”

Western Digital

“Western Digital has been part of the development and deployment of the industry standard for open source compliance since its formative years,” says Alan Tse, Associate General Counsel at Western Digital. “Today’s announcement marks a significant milestone in the maturity of both this standard and the wider field of open source governance. We look forward to working with our fellow board members and the diverse community of community participants in the growing adoption of a single, simple way to identify quality open source compliance programs.”

Global Community Quotes

“Today is the historic day for the OpenChain project and The Linux Foundation that the open standard has become an ISO/IEC standard,” said Masato Endo, Chair of the OpenChain Automotive Work Group. “Open Source is becoming more and more important in the automotive industry as well. The automotive industry’s supply chain is large and every company in the supply chain needs to manage OSS properly. I believe the OpenChain Specification will be a strong support for companies to build their OSS governance structure. I’d like to thank David Rudin and members of the JDF community for their efforts in obtaining ISO/IEC. I want to express my gratitude to Mark Gisi, David Marr and all OpenChain community members for their significant contributions to the project. Finally, I congratulate our leader Shane Coughlan on this great achievement!”

About the OpenChain Project

OpenChain began when a group of open source compliance professionals met in a conference lounge and chatted about how so much duplicative, redundant open source license compliance work was being done inefficiently in the software supply chain simply. They realized that while each company did the same work behind the scenes in a different manner the output for downstream recipients could not realistically be relied on because there was no visibility into the process that generated the output.

The answer the early principles of this discussion arrived at was to standardize open source compliance, make it transparent and build trust across the ecosystem. The project began as outreach to the community with the idea of a new standard for open source license compliance with slides titled, “When Conformity is Innovative.” A growing community quickly recognized the value of this approach and contributed to the nascent collaboration soon named The OpenChain Project.