The introduction of eSIM technology approximately a decade ago marked a significant breakthrough: Remote SIM Provisioning. For the first time, users could manage network profile changes without the physical act of swapping SIM cards. While Remote SIM Provisioning is covered for M2M and consumers, it wasn’t as applicable to IoT – until SGP.32.
GSMA SGP.32 contains the technical specifications for eSIM IoT, the remote eSIM management of Internet of things (IoT) devices and other mobile devices with limitations on network and user-interface.
This guide will walk you through the GSMA SGP.32: eSIM IoT standard. It explains what SGP.32 is, how it came to be, what the technical architecture is, and its implications for the telecommunications and IoT industries.
Table of Contents
What is GSMA SGP.32: eSIM IoT?
Imagine a zero-touch connectivity management experience for globally-distributed IoT devices of scale. With the GSMA SGP.32: eSIM IoT standard this should now be possible.
The new eSIM IoT takes the best of both M2M and Consumer eSIM specifications into a standard that fits the purpose of IoT while utilizing two key elements of the eSIM technology:
- Directly incorporating the eUICC onto the device (note that the SIM can be in any form factor, and may be embedded or not)
- Profile switching between network providers — remotely and en masse (the innovation lies on the “en masse” part)
GSMA SGP.32 forms part of the entire technology ecosystem for eSIM IoT, which includes the following official documentations:
- GSMA SGP.31: eSIM IoT Architecture and Requirements Specifications
- GSMA SGP.32: eSIM IoT Technical Specification
- GSMA SGP.33: eSIM IoT Test Specification for the eUICC
How was eSIM IoT developed?
The overarching goal of the GSMA eSIM standard is to minimize complexities when managing connectivity for mobile devices. The previous eSIM standards, SGP.02 for M2M and SGP.22 for consumers, changed connectivity in two major ways:
- Eliminated physical SIM card swaps.
- Introduced technology that allows over-the-air profile management, known as Remote SIM Provisioning (RSP)
These two things were simply not possible with traditional SIM cards, where each and every device must be fitted manually with a SIM from a network partner with tight lock-in agreements.
The process was tedious, rigid, and often pricey. GSMA gradually introduced the eSIM standards as a solution to these user problems, introducing choice and flexibility.
Before 2023, GSMA outlined two specifications for eSIM technology standards which enable Remote SIM Provisioning for two types of mobile devices.
- eSIM for M2M devices (SGP.02, 2014)
- eSIM for Consumer devices (SGP.22, 2016)
These prior specifications broke new ground for remote SIM management in M2M and consumer devices, but the full application of the standard was not always possible in IoT devices. Let’s take a quick look at the previous standards for M2M and consumer devices and the limitations that led to the development of SGP.32, eSIM for IoT.
Key concepts to master: eSIM and eUICC
To reference official Global System for Mobile Communications (GSMA) literature, the term eSIM technically refers to two different things:
1. eSIM as a SIM form factor – the physical component, called MFF2.
2. eSIM as a SIM technology standard – the software architecture, called eUICC
With eSIM technology, the Subscriber Identification Module (SIM) is embedded in a secure element called eUICC (Embedded Universal Integrated Circuit Card).
Important distinction:
An eUICC can run on any form factor – not just MFF2. This means that any form factor, including any variation of the plastic SIM card, can contain an eUICC element.
If you wish to learn more about the nuances of the eSIM terminology within industry usage, you can read more about it in this blog.
eSIM M2M
The first eSIM standard, eSIM M2M, is GSMA’s direct response for the automotive industry’s needs to manage remotely and provision network profiles on the SIM. It is the first time remote SIM provisioning was introduced for M2M SIMs, which is central for all eSIM specifications.
It is designed with a server-driven approach (pull-model) and quickly became limited for many applications outside of its original purpose.
eSIM M2M limitations:
- Profile management can’t be initiated from the device: Profile management for some devices can be complex because eSIM M2M requires SMS to update and manage profiles, and SMS is not always a supported feature for networks like NB-IoT.
- Lacks simplicity: Complex integration process between crucial components to remotely provision SIMs.
- Vendor-locked: Often, network connectivity has to be agreed pre-deployment (typically at the manufacturing stage). This configuration is inflexible and unsuitable for the dynamic needs of many IoT devices with global deployments.
So it naturally needed to evolve for the varying needs of many different types of mobile-connected device applications, one of which is for consumer devices.
eSIM Consumer
eSIM Consumer differs from eSIM M2M with the user doing it locally using a client-driven methodology (pull model). This implies that remotely managing and provisioning a SIM profile occurs when enabled by the end-users (e.g. through the smartphone, the user scans a QR code which then starts the process of switching the mobile operator profile assigned to the eSIM instead of manually swapping out the SIM card to change network providers).
The architecture was also streamlined to avoid the integration complexities faced in the eSIM M2M specification.
A list of GSMA’s official documentations for eSIM Consumer:
The key features of eSIM IoT
eSIM IoT builds upon the successes of the two previous standards and removes the limitations of the previous standards for IoT with a new key improvement:
- Remotely provision and manage SIM profiles in bulk.
This is key for IoT that are deployed in fleets across locations with varying connectivity needs. eSIM IoT simplifies the eSIM solution and makes connectivity more cost-effective for different IoT use cases. SGP.32 was developed to deliver on the promise of insurance and flexibility in IoT connectivity.
The SGP.32 standard is tailored for IoT with additional optimizing features:
- A light profile template for optimized profile downloads
- End-user intent is moved from the device to cloud/server
- No SMS or TCP/IP dependencies
- Supports wider range of transport protocols (CoAP/UDP/DTLS)
While eSIM IoT is a term often used interchangeably with GSMA’s SGP.32, it is important to note that IoT applications can span across both M2M and consumer devices. However, the technical specifications and key components for eSIM in M2M, consumer, and IoT contexts do have distinct differences.
Comparing eSIM M2M, eSIM consumer, and eSIM IoT
The GSMA has outlined separate specifications for eSIM technology standards which enable Remote SIM Provisioning of many mobile devices. Specifications vary depending on the device type, which are:
- eSIM for M2M devices (2014)
- eSIM for Consumer devices (2016)
- eSIM for IoT devices (2023)
While all three eSIM specifications facilitate Remote SIM Provisioning, the process to do so is different for each of the three.
The differences lie in the way network profiles are managed and the level of user interaction required. IoT and M2M eSIMs are designed for minimal human interaction with a focus on remote management, while consumer eSIMs emphasize user interface and flexibility for the end-user to manage their own network provider. Similarly, both consumer and IoT eSIMs focus on robustness that was notably lacking from M2M eSIM.
| Elements | Description | eSIM M2M | eSIM Consumer | eSIM IoT |
|---|---|---|---|---|
| eUICC | The Embedded Universal Integrated Circuit Card is the physical chip in devices that supports remote SIM provisioning. The eUICC profiles for M2M, consumer, and IoT devices are managed differently. | ✓ | ✓ | ✓ |
| RSP | Remote SIM provisioning | ✓ | ✓ | ✓ |
| SM-DP | The Subscription Manager Data Preparation are components responsible for preparing and securely downloading operator profiles to the eUICC. | ✓ | ||
| SM-SR | The Subscription Manager Secure Routing is responsible for securely managing eUICC profiles through encrypted communications. | ✓ | ||
| SM-DP+ | Adapted functionalities from the SM-SR and SM-DP, plus it supports additional features, including enabling the end-user to download profiles to their device. | ✓ | ✓ | |
| SM-DS | The Subscription Manager Discovery Server is responsible for providing addresses of one or more SM-DP+. Some capabilities of the SM-SR are incorporated here. | ✓ | ✓ | |
| LPA | The Local Profile Assistant is software installed on consumer devices that facilitates the management of SIM profiles through the device’s user interface. Some capabilities of the SM-SR are incorporated on the LPA. | ✓ | ||
| IPA | The IoT Profile Assistant facilitates profile switching and bridges eIM and device or eUICC communications. | ✓ | ||
| eIM | The eSIM IoT Remote Manager is responsible for profile state management on a single IoT device or a fleet. | ✓ |
?How does eSIM IoT stack up against eSIM M2M and Consumer? Learn which eSIM standard works best for your deployment in this article.
GSMA SGP.32: eSIM IoT technical specifications
To deliver on the promise of Remote SIM Provisioning at scale in IoT, GSMA introduced some new technical components in SGP.32:
- the IoT Profile Assistant (IPA), and
- the eUICC IoT Manager (eIM) for remote SIM management.
Don’t skip the deep dive coming up! Understanding these components and how they work is critical to making the right eSIM IoT product purchasing decision – how each vendor sets them up can have a direct impact on how flexible eSIM IoT will actually turn out to be and whether your investment is worth its money.
What is eIM?
The eIM (eUICC IoT Manager) is a component that handles remote profile state management operations for eSIM IoT devices. It enables the remote enabling, disabling, deletion, and downloading of profiles on eUICCs, all of which are standardized by the GSMA.
Think of it as the management software with the visual user interface that enables the user to provision SIMs remotely and en masse. The eIM links to the eUICC by sending eIM configuration data to the eUICC. This association can occur at any stage in the device lifecycle, which means that the user can manage the device post-deployment.
The eIM is key to making the eSIM IoT flexible on top of these benefits:
- Reduces the integration time.
- Handles bulk volumes of profiles.
- Queue profile operations are easier.
- Profile switching is simplified.
- The eIM can be owned by the IoT device manufacturer to oversee device connectivity.
Once linked, a single eUICC or a fleet can associate with one or multiple eIMs. To introduce a new eIM, if the existing eIM is configurable, it sends its configuration data without requiring any technical integration between the two. eIM associations can also be removed, preventing lock-in issues like those in eSIM M2M.
This flexibility allows deployments to switch between connectivity providers, adopt multi-vendor strategies, and efficiently manage large volumes of profiles and queued operations. The eIM also improves interoperability as it can communicate with any SM-DP+ without any pre-agreements between parties.
What is IPA?
The IPA (IoT Profile Assistant) is a component of the GSMA SGP.32: eSIM IoT. The IPA is the eUICC function that acts as the intermediary between the eSIM and the eIM. The IPA talks to the eIM to receive and execute the user’s commands on the specific eUICC.
IPA is a crucial element for remote management of eSIM profiles and it developed as an IoT adaptation of the eSIM Consumer component, LPA (Local Profile Assistant).
Per the SGP.32 specs, the IPA can either reside on the IoT device itself (IPAd) or on the eUICC (IPAe). For makers of IoT devices, a benefit to using IPAe rather than IPAd may result in less development work.
What is PSMO?
In GSMA SGP.32, the Profile State Management Operations (PSMOs) are securely handled by the eIM and are cryptographically authenticated to prevent malicious operations. This ensures that IoT fleet owners receive verifiable confirmation of the status of each PSMO from a trusted eUICC. This cryptographic authentication is new to the eSIM IoT standard, and was not present in the previous standards.
This secure binding between the eIM and the eUICC protects against unauthorized profile management (for example, from malware) by only allowing operations that are correctly signed by the eIM. The eUICC responds to these operations with its own secure, signed messages. This authentication process, which protects both the issuing and execution of PSMOs, is consistent throughout all profile management activities, including profile downloads.
What are the advantages of GSMA SGP.32: eSIM IoT?
Technology from 10 years ago doesn’t fit the needs of IoT devices today. The eSIM IoT standard provides a layer of future-proofing to IoT while providing flexibility and simplicity lacking from the previous eSIM M2M standard.
- Support for user interface (UI)-constrained IoT device deployments
- Ideal for LPWAN devices
- Bulk SIM management
- Enables simplified integration: using the eIM to remotely trigger profile downloads from the SM-DP+ server.
- Enterprise-oriented and less telco-centric: geared for large-scale IoT deployments with global connectivity requirements that can be restricted by vendor lock-ins.
The implementation of the SGP.32 standard into fully fledged eSIM IoT products is emerging and rapidly developing. As the eSIM IoT products and user needs crystallize over the next few months, here are some caveats to keep in mind when scoping eSIM IoT products today:
- While the eSIM IoT component eIM can communicate with any SM-DP+ (eg. SGP.22: eSIM Consumer), eSIM IoT is not “backward compatible” with eSIM M2M and there are no standardized migration processes for migration to eSIM IoT from eSIM M2M.
- Operator lock-ins: While it may not be technically needed to pre-set an agreed network provider from the start of the device lifecycle (eSIM IoT can come with one or several bootstrapped profiles that can be connected to a chosen network), providers may still offer “out-of-the-box” solutions that tie you with networks with irreversible configurations.
→ Download our free cheat sheet for a quick reference to basic technical information about the GSMA SGP.32: eSIM IoT, including a checklist for the next steps to prepare your IoT deployment for SGP.32
What to look for when choosing an eSIM IoT solution?
For the longest time, the IoT market lacked such a solution. Now that eSIM IoT is here, it brings with it the promise of simplicity, flexibility, and interoperability. These qualities lead to easier deployment and, ultimately, reduced costs.
Despite its numerous advantages, it’s important to approach the eSIM IoT market with caution. When evaluating an “out-of-the-box” eSIM IoT solution, for the sake of your future bottom line, verify that it doesn’t restrict you with vendor lock-in by asking prospective vendors one question: Is the eIM configurable?
Why the first eIM might be the last
As we mentioned above, the SGP.32 standard for eSIM IoT outlines the technical requirements and components to remotely control eUICCs. While the technical requirements are universal for the eSIM IoT ecosystem, it doesn’t mean that they are necessarily enabled by all related software or technical components, e.g., the eIM. Flexibility is hard-baked into the standard but whether it is implementable depends on what the components allow.
Here’s what we mean:
Per the standard, any eSIM IoT ecosystem should allow users to add, manage, update and list eIMs. This is a straightforward technical requirement. But when we look at the individual components, the eUICC MUST be able to support these operations, but the eIM MAY – or may not! This feature, eIM configurability, is optional for eIMs but mandatory for eUICC.
Now think about this: An initial eIM is necessary to perform and manage any eSIM IoT function, including installing another eIM. If this initial eIM is not configurable, you cannot add another eIM, ergo you are locked into your initial eIM and its attached profiles forever. Meanwhile, the eUICC technically supports adding another eIM, but you cannot perform this operation in the initial non-configurable eIM.
This is why a configurable eIM that supports the addEim, deleteEim, updateEim, listEim commands is a must in an eSIM IoT purchasing decision, even though it’s a shall in the SGP.32 specification: It is the one feature that delivers the eSIM IoT promise of profile flexibility and interoperability.
How to approach eSIM IoT today
Vendor lock-ins can limit your ability to choose the best connection options for your IoT deployments, potentially compromising the efficiency and cost-effectiveness of your operations. To fully benefit from an eSIM IoT solution, it should be truly interoperable and business-oriented — offering the freedom to make changes as needed without being constrained by the same telecom agreements in a new eSIM IoT outfit.
While the entire eSIM IoT ecosystem guidelines are still being built by the GSMA, you can get started today with Onomondo’s range of global IoT SIMs, embedded or SoftSIM.
Test the features and capabilities you require through our free trial. When you’re ready to onboard, our APIs and webhooks are available to enable seamless integrations to fit your system requirements.
