30th Meeting
AI Governance and Open Source Compliance in Finance
Practical cases on open source governance in the AI era and audit-readiness checkpoints for the financial sector.
Registration is announced via the OpenChain KWG mailing list. Subscribe to receive the sign-up link.
- OpenChain
- AI Governance
- Financial Audit
- OSS Compliance
Who Should Attend
- Practitioners managing open source compliance policies in finance and regulated industries
- Organizations redefining open source governance scope after AI adoption
- Teams preparing checklists and evidence for audits and inspections
Agenda
OpenChain Updates: Global Highlights
During the OpenChain Updates segment, Mary Wang, Executive Director of the OpenChain Project, joined remotely to share global highlights. Alongside the current status of the standards, she positioned OpenChain as a key foundation linking compliance with the EU Cyber Resilience Act (CRA) and AI regulation.
Standards and Community Status
OpenChain maintains two international standards, ISO 5230 and ISO 18974, adopted by more than 100 companies worldwide. It runs a 25-member governance board, and in 2026 Renesas joined as a new board member. The OpenChain China Work Group is set to launch, and new partners including OSCHINA have joined.
ISO 5230 Revision Status
Under ISO rules, every standard must be renewed every five years. Five years on from ISO 5230:2020, the standard has been officially renewed without any change. Separately, the latest version reflecting minor modifications made over the past three years is 3.0; at the Q2 board meeting, the project decided to formally submit these to ISO. The designation 5230 will be retained, with a revision label applied only if necessary.
Next Chapter: CRA
The EU Cyber Resilience Act (CRA) requires four things of companies selling software in the EU: Secure by Design, transparency over all open source components, continuous vulnerability management, and rapid reporting of security incidents. To respond, OpenChain formed a Business Operation Work Group, whose current topic is CRA. It is researching CRA-compliance gaps across organizations and identifying how OpenChain can support them.
Next Chapter: AI Governance
OpenChain is also expanding into AI. It addresses the EU AI Act, integrates with ISO 42001, 42002, and 42003, and runs the OpenChain AI Work Group. The OpenChain AI SBOM Self Certification is also under way.
Also Worth Noting
An OpenChain introduction video is planned for OCS (Open Compliance Summit) in December, and the “Adopt our standards” webpage has been updated. The OpenChain and Friends webinar series is ongoing. Organizations looking to adopt the standards can refer to the OpenChain get-started page.
Speakers
Open source governance, DevSecOps, and CMDB operations at KakaoBank.
Team Lead of the Research Infrastructure Team at AhnLab. He designs and operates R&D development-support environments — CI/CD infrastructure, OSS (Open Source Software) verification, static analysis, development-process standardization, build and signing, and patent and external-project management. His main focus is open source compliance and security-vulnerability response for security products, and building a static-analysis-centered CI/CD pipeline spanning development through release.
Open source governance at KakaoBank, in-house IT policy, and internal/external audit response.
Sponsor
Album
![[2026 June] OpenChain Korea Work Group in Kakao Bank](https://live.staticflickr.com/65535/55324287806_9c07d82ddc_h.jpg)