An update on global IoT connectivity regulations
by Yoram Zerahia
For the last two years, we’ve been tracking the changes in regulations that impact IoT deployments around the world. Some of our previous blog posts explained how these rules may become a challenge for cross-border IoT operations, others provided an overview of the global regulatory framework. Since it’s been over a year since our last update on the matter, it’s time to look at the key changes that are important for compliance with local regulations.
Recently, there’s been a notable development in the legislation on connectivity, data sovereignty, and data privacy, all of which may impact IoT deployments. Considering that the number of countries that have such laws has risen to 172,88% of all countries in the world, and that at least 10% of them are expected to update those laws each year, revisions to existing laws are now more significant than the introduction of entirely new laws.
Moreover, even within the existing legal frameworks, regulatory actions may have immediate operational consequences. For instance, on July 10, 2025, Turkey’s telecommunications regulator BTK issued an official decision to block access to eight major international eSIM providers. A week later, on July 17, another 21 eSIM providers were blocked. While some services reportedly remained functional for certain users, the full extent of the impact is still being assessed. These events are a clear reminder of how rapidly regulations can shift, and why IoT devices must be equipped with fully compliant and future-ready connectivity solutions.
Permanent Roaming Restrictions
In 2024, global cellular IoT connections surpassed 4 billion. Kaleido Intelligence projects that IoT roaming connections around the world will grow faster than the overall cellular IoT connection base, and reach 1 billion by 2028.
While the number of roaming connections is growing, the problem of permanent roaming restrictions persists. Several countries have updated their regulations, but overall legislation landscape around permanent roaming hasn’t changed much.
Some regulators believe their framework is adequate. In our previous update, we mentioned BEREC’s report on M2M and Permanent Roaming, which was finally published in December 2024. BEREC highlighted that the rise of machine-to-machine (M2M) communications, especially use cases involving devices permanently roaming outside their home networks, is creating new challenges and opportunities in Europe. The European Commission used BEREC’s document while preparing its Report on the Review of the Roaming Market released on June 25th, 2025. The report states that technological developments do not call for changes, and that the Commission will continue to monitor the development of the M2M/IoT market to ensure the Roaming Regulation’s adequacy for its specific needs.
Some national regulators clarified their regulations around permanent roaming in ways that, in certain cases, somewhat relaxed previous operator-driven restrictions. For example, in October 2024, Brazilian regulatory body ANATEL officially defined “permanent roaming” as remaining on a foreign mobile network for more than 90 consecutive days. Before this, interpretations varied, and some operators counted any 90 days within a year. It’s also important that this definition enables operators to issue fines but prohibits automatic service disconnection for non-compliant roaming.
Naturally, some countries have moved toward banning permanent roaming outright. Qatar is a good example: currently permanent roaming is not banned, but in April 2025, the country’s telecom regulator CRA released a strategic position paper that sets the foundation for future IoT/M2M regulation. While it does not introduce immediate roaming rules, the paper states that any foreign‑IMSI device that connects to a Qatari network for at least one session per week for 90 consecutive days will be automatically blocked, and remain blocked for another 90 days. Exceptions may apply through commercial agreements or bilateral arrangements, but these are subject to regulator discretion. However, though the groundwork has been laid, no timeline or ruling was given for this future ban.
It is important to remember that permanent roaming can be restricted not only by explicitly declaring it in legislation acts. In many countries, it is effectively banned by other means, such as Know-Your-Customer rules, the demands of licensing, when the services provider needs to be a locally licensed legal entity, or any other kind of regulatory barriers. For example, Nigerian regulators don’t restrict permanent roaming but require every SIM, both for consumer and IoT use, to be registered with a local National Identification Number (NIN) under the Registration of Communications Subscribers Regulation (RCS Reg 2024). Unregistered SIMs are deactivated and cannot be used on local networks.
SGP.32 Is Here, But Does It Fully Solve the Problem?
The emergence of eSIM technology enabled advantages which are particularly crucial for businesses aiming to operate internationally. Devices equipped with an eSIM can connect to local networks worldwide without requiring manual reconfiguration or physical SIM swapping. Through Remote SIM Provisioning, eSIMs enable seamless and cost-effective roaming by dynamically selecting and switching between local carriers as needed. This eliminates the need for traditional roaming agreements and helps support compliance with local regulations.
In 2023, the GSMA published the SGP.32 IoT Remote SIM Provisioning specification that streamlined profile uploading and swapping for IoT devices and can help to alleviate the problem with permanent roaming. Now, all technical work around this new standard is finally complete, and the industry experts expect to see first deployments of fully end-to-end SGP32-compliant solutions toward the end of Q3 or the beginning of Q4 2025.
However, though all technicalities have been taken care of, switching between networks is only part of the equation. Enterprises may still face the need to negotiate commercial relationships with network operators and acquiring the eUICC profiles from them, as well as a critical requirement to coordinate data flows and back-end systems to enable smooth transitions between carriers and uninterrupted operations of IoT devices. Overall, experts say that minimizing the complexity of localization and regulatory compliance most likely will be part of a managed service of eSIM orchestration delivered by cellular IoT connectivity providers.
IoT Connectivity and Regulatory Compliance with Webbing
Webbing offers solutions that ensure streamlined connectivity for IoT devices all over the world. A distributed core network with data centers on every continent and partner network of over 600 mobile network operators in more than 190 countries and regions allow us to guarantee continuous connectivity with low latency and global coverage.
Our solutions help to comply with all kinds of regulatory requirements, be it preventing traffic to leave the country borders, using local IMSI or full localization. Technology and infrastructure-wise, Webbing is capable of forming any architecture required by local legislation. Our eSIM solution allows for remote provisioning and a swap between profiles, easily turning it into any operator’s SIM. Webbing helps to comply with local regulations even in heavily regulated markets such as Turkey, when they mandate not only the use of a local profile but also that all elements involved in remote provisioning, such as infrastructure, systems, and data storage, are operated by a local telecom provider. Our solution was the first to ensure seamless localization in Turkey for any IoT deployment.
Webbing also offers a portal to manage eSIMs throughout their lifecycle. It allows for defining business rules that govern the automatic profile swap process and provides visibility to profile usage and network events, making connectivity transparent.
Webbing’s solutions simplify IoT connectivity, allowing enterprises to leverage connected devices while maintaining full control of their connectivity deployments. It helps to overcome the connectivity restrictions challenge in a simple and seamless way, avoiding the hassle of contracting with local wireless carriers and reducing expenses, making IoT deployments fast, cost-effective and future-ready.
Reach out to learn how Webbing solutions can help you achieve IoT regulatory compliance.
