How the new eSIM remote provisioning standard is going to impact the IoT market

by Baruch Pinto

According to Transforma Insights, by the end of 2023 there will be over 15 billion connected IoT devices globally, and their quantity will double by 2030. The emergence of eSIM was supposed to drive the expansion of IoT and boost the connected devices market. However, the existing eSIM remote provisioning standards seem to make IoT deployments too complex and inflexible or just don’t address a huge segment of devices that need connectivity. It deters enterprises from major IoT projects and significantly holds back the development of the IoT market.

There still is a great demand for a simple, scalable solution and in 2022 the GSMA published the architecture and requirements for the new eSIM remote provisioning standard intended for IoT devices, SGP.31 eSIM IoT Architecture and Requirements for remote provisioning of eUICCs in Network Constrained and/or User Interface (UI) Constrained IoT Devices. Since then, the whole industry has been waiting for the GSMA to release SGP.32, the technical implementation specification of SGP.31. Just a few days ago, on May 26, the GSMA SGP.32 eSIM IoT Technical Specification was published, finally allowing device makers to reap the benefits of the new standard and scale their IoT projects.

The existing eSIM standards and why there was a need for a new one

There are two standardized eSIM remote provisioning specifications in use at the moment: Machine-to-Machine eSIM Standard (M2M) and Consumer eSIM Standard.

The M2M is designed for IoT devices that may operate without a user and have no user interface. The main elements of the M2M architecture are eUICC (eSIM) in the device, Subscription Manager -Data Preparation (SM-DP), and Subscription Manager – Secure Routing (SM-SR) modules. The SM-DP performs eSIM profiles preparation and download, while the SM-SR is responsible for eSIM and profile management and secure routing between the SM-DP and eUICC.

The M2M ecosystem has a lot of downsides to it though. The M2M specification is operator-centric, which means the Operator triggers the profile ordering and the eSIM profile management operations. The switching of the profile from one Operator to another requires a very complex integration process between SM-DP and SM-SR servers from different Operators and is not necessarily automated. There’s also a need for cooperation with the serving Operator in each location and significant up-front investment to enable network components to deal with profiles and provisioning.



M2M remote provisioning architecture


Business inflexibility of the M2M standard causes situations such as SM-SR lock-in. Although it’s technically possible to change a SM-SR, in practice it’s very difficult to switch devices from one Operator’s SM-SR to the other, since it requires legal contracting between competitors. It might become very complex, and very often is just not feasible.

The Consumer eSIM remote provisioning specification is intended for user devices such as Smartphones and Tablets. It makes managing profiles simple, only requiring user consent to add a new profile or switch between profiles. The Consumer architecture has no SM-SR module – instead it has a component called Subscription Manager – Data Preparation+ (SM-DP+), which effectively combines SM-SR and SM-DP functionalities. For profile management there is a Local Profile Assistant (LPA), a mobile application residing on the device. It serves as a proxy between the SM-DP+ and eSIM and allows the user to enable, disable, delete or download the profiles. There is also an optional module called Subscription Manager – Discovery Server (SM-DS) that ensures a better user experience for profile downloading in certain use cases.

However simple, this standard is notan option for most IoT deployments, since it implies that eSIM management is performed by a user either triggering or giving consent to changes physically on each device, and this requires a user interface that IoT devices basically do not have.



Consumer remote provisioning architecture 


With the M2M remote provisioning specification lacking flexibility and simplicity and the Consumer remote provisioning standard not covering the majority of IoT devices, IoT deployments are quite a challenge. Besides, it was essential to address a big segment of resource limited IoT devices, be it in network constrained devices having low bandwidth connectivity or no SMS or TCP/IP capabilities or user interface constrained devices that operate without a user and may have no user interface at all. Eventually it became apparent that the IoT market needed a new remote provisioning standard.

What is going to change in the new remote provisioning standard?

GSMA SGP.32 is the new technical specification for eSIM remote provisioning that is used for IoT devices which are network constrained or user interface constrained. SGP.32 is broadly based on the Consumer specification, but there are certain differences between them.

In the new standard the LPA component of the Consumer specification is separated into two modules – IPA and eIM. The IoT Profile Assistant (IPA) will be on the device. It serves as a proxy between the eSIM and the eSIM IoT Remote Manager or eIM. The eIM sends profile state management operations to the eSIM, allowing to remotely enable, disable, delete profiles and trigger profile downloads. The eIM facilitates the management of a single device or a fleet of IoT Devices and can be owned by the IoT OEM to manage their devices.

SGP.32 implies that an eSIM must be associated with the eIM before it can do any profile state management operations. The association is done in a simple way, by sending the eIM configuration data to the eUICC either by the eIM itself or by the backend system. An eIM can be associated with an eSIM at any point in its lifecycle.

Once the configuration data is sent, the eUICC and the eIM are associated. More than one eIM can be associated with one eUICC. To add the new association, the configuration data of the new eIM must be sent by an already associated eIM, but there is no technical integration required between the eIMs. It is also possible to delete the existing associations. This resolves the SM-SR lock-in challenge that is part of the M2M solution.

All this enables OEMs to easily switch connectivity providers or have a multivendor connectivity provider strategy, as well as handle bulk volumes of profiles and queue profile operations easier. Although GSMA SGP.32 was finally released, now it will take some time to complete all specifications for devices and eSIM test and compliance, so the standard will likely become available for use in 2024.



IoT remote provisioning architecture 


Who will benefit from GSMA SGP.32 IoT eSIM remote provisioning standard?

The new IoT eSIM remote provisioning standard is going to benefit every company that deploys IoT devices as well as most of the players within the telecom ecosystem.

For IoT device manufacturers the new eSIM remote provisioning standard means they will be able to solve the problem of multiple production lines while making simpler and more reliable devices. With the M2M remote provisioning standard, they must choose an operator at the moment they manufacture the device and can’t change it afterwards unless they go through a complex process of contracting and integrating with several Operators.

SGP.32 also allows enterprises to buy services from a broader range of players and easily obtain subscriptions from operators outside their home country.

Since all players will have more possibilities to offer services to the growing IoT devices market, this expansion of service offering will bring more options of device connectivity both during the deployment and throughout their lifecycle.

How the GSMA SGP.32 standard is going to impact the IoT Market

The publication of the GSMA SGP.32 specification is expected to significantly accelerate growth of connected device use both in established and emerging markets, and eSIM providers that comply with the architecture will have the opportunity to benefit from it.

There is unanimous consent in the industry that most of the new deployments will be made using the new eSIM IoT remote provisioning standard. The M2M infrastructure is not going to completely vanish with the new SGP.32 specification though, as enterprises that already use M2M specification will most likely continue to do so since there is no migration path to the new standard and the lifecycle of the devices already deployed may be long, up to 20 years. There also might be a niche for companies that have no issues with M2M.

Some experts expect that the eIM as a standalone component may become an offering not only from the vendors of Remote eSIM Provisioning or SM-DP services, but also from Device Management platform or IoT platform vendors.

There are many companies that were desperately waiting for the new specification since it can solve problems that sometimes prevented them from launching their IoT projects. Other companies hesitated to upgrade their products to the next version of the M2M remote provisioning specification because of the expected new standard.

While the lack of standardization creates risks of interoperability issues that lead to extra costs and complications when deploying and managing IoT devices, the demand for the products based on the new IoT remote provisioning standard is so high that there are already some proprietary pre-standard solutions that may be very close to the GSMA SGP.32 specification. The question is, have  those solutions been commercially deployed and tested and are able to provide a streamlined and seamless transition to the new standard?

WebbingCTRL, a proven pre-standard eSIM solution

When the first Consumer remote provisioning specifications were published, it quickly became apparent to Webbing the advantages this standard had over the M2M remote provisioning specification and the benefits it could bring to the IoT realm. Webbing started working on a new product that would follow the same concept but allow for simple and flexible remote eSIM provisioning in IoT devices. In April 2022, Webbing rolled out WebbingCTRL, a pre-standard eSIM remote provisioning solution that adapted the Consumer architecture for use in IoT devices with no user interface.


WebbingCTRL remote provisioning architecture 

WebbingCTRL remote provisioning architecture 


WebbingCTRL enables organizations to remotely add, remove, and swap Operators for any number of IoT deployments. As no SM-DP and SM-SR infrastructure is involved, the Operator change in WebbingCTRL takes place immediately without Operator integration or collaboration. It also provides a centralized way to manage eSIMs and profile inventory, as well as visibility into device data usage. Companies can set up business rules that would allow devices to change the serving Operator automatically under specific conditions, such as location, country, loss of connectivity or even after a certain amount of time.

As of May 2023, there are more than 1 million WebbingCTRL eSIMs deployed globally.

Webbing has long been an active member of the GSMA working group developing the SGP.32 IoT remote provisioning standard and put a lot of effort into making it easily implemented and applicable to various kinds of devices. As both the architecture and required functionality of GSMA SGP.31 and WebbingCTRL are similar, our solution is compatible with the new standard and allows for the seamless transition of IoT deployments to SGP.32. All platforms and processes are ensured to continue working as usual whenever organizations decide to switch to the IoT remote provisioning standard.

With WebbingCTRL, enterprises don’t need to wait until the new standard becomes available to have a simple, scalable and future-proof connectivity for their IoT deployments.

Reach out to [email protected] to learn more.