2. Anti-Trust Policy Notice
● Linux Foundation meetings involve participation by industry competitors, and it is the
intention of the Linux Foundation to conduct all of its activities in accordance with
applicable antitrust and competition laws. It is therefore extremely important that
attendees adhere to meeting agendas, and be aware of, and not participate in, any
activities that are prohibited under applicable US state, federal or foreign antitrust and
competition laws.
● Examples of types of actions that are prohibited at Linux Foundation meetings and in
connection with Linux Foundation activities are described in the Linux Foundation
Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have
questions about these matters, please contact your company counsel, or if you are a
member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of
Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
3. Agenda
This meeting will recap and provide context for the recent OpenChain AI Study
Group Workshop held for Europe / North America on 2024-04-02.
You can find the full recording of that meeting here:
https://openchainproject.org/news/2024/04/09/openchain-ai-study-group-
monthly-workshop-for-north-america-and-europe-2024-04-02-full-recording
4. Key Points Covered Suggest We Should
● Contextualize AI compliance as an Internal Management System concern that organizations need
to consider to ensure AI Compliance in the supply chain is effectively addressed. In practice, the
Minimal Viable Product is managing the movement of AI-related artifacts across the supply chain.
● Identify ISO 5230 commonalities with AI compliance in the supply chain, an initiative that
requires a read-through and red-lining / green-lining matches or non-matches in this ISO standard.
Supporting this, there is a thinking document with potential to address red-lined sections from ISO
5230, or at least provoke discussion where required on other topics at different levels of fidelity.
● Ensure alignment with existing ISO standards, starting with a review of ISO 42001 as an optic
for AI-specific matters and consider how the core concepts from ISO 5230 - mapping more closely
with AI - support this broader standard, or provide a natural on-ramp to it and other standards as
required.
5. Example: ISO/IEC 5230 Red-Line / Green-Line
It would be useful to have an open discussion using:
https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/ISO-5230-2020/en/ISO-5230-2020.md
6. Example: Thinking Document To Support Review
● It is currently assumed the ISO/IEC 5230 read-through to identify existing
commonalities with AI compliance in the supply chain will result in red-line /
green-line identification of non-matching or matching process requirements.
● There is a “scratchpad” document ready to help with further discussion,
especially from the optic of ”ok, section X of ISO 5230 is not a perfect match,
what type of language could potentially be a drop-in replacement?”:
https://1drv.ms/w/s!AsXJVqby5kpnkkeMc1iGom9WdVP9
7. Example: Starting a review of ISO/IEC 42001:2023
● As per our previous slides, there is benefit in carefully considering alignment
with ISO/IEC 42001:2023 - Information technology - Artificial intelligence -
Management system
● The logistics of this review needs to be considered. The standard covers the
topic domain and has market traction. However, it is not freely available.
● OpenChain can underwrite the purchase of a certain number of copies at 194
CHF to assist with progress.