Ensuring the Long-Term Sustainability of ClearlyDefined: OSI and AboutCode Sign MoU

Brussels, February 2 – The Open Source Initiative (OSI) is pleased to share an important update with the ClearlyDefined and the broader Open Source communities: OSI and AboutCode have formally signed a Memorandum of Understanding (MoU) that establishes a new collaborative approach to stewarding and sustaining the ClearlyDefined project.

Following extensive discussion and review with the community, the OSI Board has endorsed this new model for OSI stewardship of ClearlyDefined and approved entering into the MoU. This decision reflects a shared commitment by OSI, AboutCode, and the broader community to ensure the long-term sustainability, growth, and impact of ClearlyDefined.

ClearlyDefined Advancements and Challenges

Originally developed by Microsoft and donated to OSI in 2018, the ClearlyDefined project has grown into a global, open database of licensing and related metadata for Open Source software components. Modern applications depend on thousands of upstream components, each with its own licensing, provenance, and metadata. ClearlyDefined makes this information easily available in a consistent, machine-readable, and open manner, helping developers, legal teams, and organizations understand what they are using and how it can be reused.

ClearlyDefined is well adopted across the ecosystem, with contributions and usage spanning companies, foundations, and Open Source projects. The project’s infrastructure has been spearheaded by Microsoft, with organizations such as GitHub, SAP, Bloomberg, and Deutsche Bahn actively participating in its development and evolution. Open Source stewards including the Linux Foundation and the Eclipse Foundation make extensive use of ClearlyDefined to help ensure that widely popular projects have accurate, consistent, and openly available licensing and provenance data.

Over the past years, the ClearlyDefined community has achieved significant progress. Major milestones include the launch of ClearlyDefined 2.0, expanded license coverage through LicenseRef support, and substantial performance improvements. Since 2023, the project has advanced in various ways, including:

• ClearlyDefined 2.0 launch: a major milestone in improving license data quality.
• LicenseRef support: expanding coverage beyond the SPDX license list.
• Conda harvester: adding support for Conda with a focus on Machine Learning and data science packages.
• GUAC integration: providing users from this OpenSSF project with enriched data for compliance and security.
• Performance improvements: substantial optimization for better licensing data request and component harvesting.
• Secure Open Source Program: partnering with this program from GitHub and promoting the participation of Scancode (one of the key projects of ClearlyDefined) to be part of the first batch of recipients.
• Conferences: participation in events like Code & Compliance, FOSDEM, SOSS Fusion, Open Compliance Summit, Open Source Summit, FOSS Backstage, and ORT Community Days.
• SPDX and OWASP collaboration: working closely together with these organizations to advance SBOM standardization.
• Ecosystem: collaboration with adjacent organizations like ORT (OSS Review Toolkit), ScanCode, GUAC, and OpenChain. 
• GitHub adoption: incorporation of 40 million definitions (latest as of 2025) that appear on dependency graph, dependency insights, dependency review, and a repository’s SBOM.
• Linux Foundation adoption: initially covering projects from CNCF, OpenSSF, and LF AI & Data, among others, but which will eventually encompass all 1200+ LF projects.
• New website: featuring comprehensive documentation and resources.
• Open governance model: electing leaders to the Steering and Outreach Committees.

At the same time, the community has recognized the challenges facing the project. ClearlyDefined is not yet self-sustaining. Infrastructure costs remain high, the implementation carries technical debt, and the OSI does not have the technical or financial resources to independently modernize and operate the platform at the scale the community increasingly expects. These realities prompted OSI to explore new options for sustaining and evolving the project over the long term.

A New Collaborative Path Forward

Against this backdrop, AboutCode emerged as a natural and mission-aligned partner. AboutCode is a public-benefit nonprofit with deep expertise in license compliance and Open Source data, and it is the creator and maintainer of ScanCode, one of the core tools used by ClearlyDefined. Importantly, AboutCode’s leadership includes Philippe Ombredanne and Thomas Steenbergen, co-founders of ClearlyDefined and long-standing contributors to the ecosystem.

The newly signed MoU formalizes a collaboration in which OSI remains the steward of the ClearlyDefined project, the community retains governance, and AboutCode takes responsibility for day-to-day operations. Under this model, AboutCode will lead planning, coordination, and execution involving users, adopters, contributors, and partners; modernize the technical stack; and work to significantly reduce infrastructure costs, all while operating within ClearlyDefined’s existing open governance model.

Roles, Responsibilities, and Governance

The MoU clearly delineates responsibilities. OSI retains stewardship of ClearlyDefined, including ownership of the project name, logo, and marks, and continues its role as a convener and advocate for the project. AboutCode is delegated operational authority, but no funding or infrastructure obligations are transferred to OSI under this agreement.

All software enhancements made by AboutCode will continue to be released under OSI-approved licenses, and all data enhancements will remain openly available under open data licenses. AboutCode has also committed to providing regular public updates on progress and to operating the project in full respect of its published governance charter and community-led structures.

The OSI Board views this collaboration as a pragmatic and forward-looking step, one that preserves the open, community-driven nature of ClearlyDefined while unlocking a realistic path to sustainability, growth, and impact.

Growing Trustworthy Open Source Adoption

The signing of this Memorandum of Understanding marks an important milestone, but it is only the beginning. The long-term success of ClearlyDefined continues to depend on an engaged and active community of users, contributors, and adopters. OSI and AboutCode share a strong belief that, by combining clear stewardship with focused operational leadership, ClearlyDefined can evolve into a more resilient, modern, and sustainable platform that serves the entire Open Source ecosystem.

As Open Source adoption accelerates and regulatory frameworks such as the EU Cyber Resilience Act (CRA) raise expectations around transparency and compliance, ClearlyDefined plays an increasingly critical role in helping organizations understand, trust, and responsibly use Open Source software. Driving this work forward is core to the missions of both OSI and AboutCode.

We thank the ClearlyDefined community for its continued contributions and collaboration. We look forward to working together on this next chapter to ensure the continued growth of Open Source adoption in a more transparent, trustworthy, and responsible manner.