OpenChain 2.1 is ISO/IEC 5230:2020, the International Standard for open source compliance

Home Info & Security IoT IT Asset Management Management News Open Source Software Risk & Audit Software

by | December 16, 2020

The Linux Foundation, Joint Development Foundation and the OpenChain Project are delighted to announce the publication of ISO/IEC 5230:2020 as an International Standard. Formally known as OpenChain 2.1, ISO/IEC 5230:2020 is a simple, clear and effective process management standard for open source license compliance. It allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program.

Companies around the world can learn more about ISO/IEC 5230:2020, methods of self-certification, independent assessment or third-party certification, as well as access a large library of reference material at:

ISO/IEC 5230:2020 is an open standard and all parties are welcome to engage with our community, learn from their peers, share their knowledge, and to contribute to the future of our standard. There is no charge to access and use our reference material, self-certification or to engage with our numerous calls, webinars, mailing lists and meetings.

“ISO/IEC 5230:2020 will improve OSS compliance, enhance trust in the supply chain, and reduce friction in transactions. It has been deployed as a de facto standard for four years and fostered exceptional engagement from a diversity of companies across multiple sectors,” says Shane Coughlan, OpenChain General Manager. “Our transition to a formal International Standard as ISO/IEC 5230:2020 marks an important inflection point for OpenChain and open source as a whole. For the first time there is an International Standard that defines open source compliance and process management. We look forward to expanding our community from hundreds to thousands of companies in the coming months, and we look forward to supporting many of these companies access and apply best practice material developed in real world market conditions.”

Toyota is the first company to formally announce conformance to ISO/IEC 5230:2020. Additionally, companies that have an OpenChain 2.0 conformant program will automatically conform with the requirements of ISO/IEC 5230:2020. You can learn more about the Toyota announcement here:


“Arm joined the OpenChain Project as a founding member because building trust across the supply chain and ensuring IP rights are fully respected has long been one of the highest priorities for Arm,” says Sami Atabani, Director of Third Party IP Licensing at Arm. “Establishing OpenChain as a formal ISO/IEC International Standard is an important milestone for open source governance as a field, and we look forward to collaborating with our peers and the wider open source community in seeking excellence and efficiency in software delivery.”


“At BMW CarIT we continually work on improving the quality of our processes,” says Helio Chissini de Castro, Senior Software Engineer at BMW CarIT. “We welcome the approval of ISO/IEC 5230:2020 as the right path for the future of software compliance and how companies will perceive it. We are proud to be part of the OpenChain governing board and wider community that make this possible.”


“Bosch and its affiliates have a firm commitment to quality in all aspects of creating, deploying and supporting solutions and products,” says Hans Malte Kern, Head of the Center of Competence Open Source, Robert Bosch GmbH. “Our engagement with the OpenChain industry standard for open source compliance is part of this larger vision, and we are delighted to see it graduate ISO as a formal International Standard. We now have a global, universal and easily understood mechanism to build increased clarity and trust across the supply chain.”


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!