SGP.32 introduces a streamlined eSIM architecture for IoT, enabling global, zero-touch provisioning. It reduces complexity, boosts flexibility, and shifts power dynamics all over the place. Here’s the skinny… Note, this is the last chance to sign up to RCR’s webinar on this topic (tomorrow, June 26) – where KORE and Kaleido Intelligence will set the record straight on eSIM for IoT.
In sum – what to know:
Remote control, zero-touch – SGP.32 enables seamless, hands-free SIM provisioning for IoT fleets, managed securely over-the-air via new eIM and IPA components.
Global rules, factory tools – Designed for regulatory compliance and in-factory activation, it simplifies logistics and ensures locally legal connectivity out-of-the-box.
Industry shift, mindset shift – Power is shifting as MVNOs take orchestration roles and MNOs rely on them for reach, while OEMs must own SIM strategy early to reduce lifecycle risk.
In truth, the eSIM revolution never happened in IoT – until now, maybe. The technology, to embed subscriber identity modules (SIMs) as soldered chips (eSIMs, eUICCs) into a device’s main circuit board, has been around for 15 years already. But developers of cellular-based IoT gadgetry have been forced to provision these using either hard-coded M2M integrations, defined in the SGP.02 specification, or UI-led consumer activation flows, as set out in SGP.22. In the end, neither have worked very well for battery-powered IoT – as a mechanism to support globally-available and locally compliant fleet deployments, with assurance and flexibility to last a decade in the field.
But the new SGP.32 specification for remote SIM provisioning (RSP), just now being certified in IoT platforms and devices, seeks to change all of that. It is a clean-slate redesign, and the first to support this zero-touch ‘build-once, ship-anywhere’ concept. Its key components, as defined in the attendant SGP.31 framework, include a new eSIM IoT Remote Manager (eIM) to oversee SIM profiles in the field and an IoT Profile Assistant (IPA) for secure downloads and updates. As well, it mandates cryptographic authentication and introduces new reset procedures, and allows for delayed / scheduled asynchronous updates, and early RSP provisions for in-factory/field airtime activations.
There is a lot in there, and RCR Wireless is hosting a webinar tomorrow (June 26; available on demand) with IoT airtime specialist KORE and IoT analyst house Kaleido Intelligence to unpack its meaning. A report will follow, with contributions from the wider IoT community; some of their commentary is included below, quoted or paraphrased, as a kind of primer on this new eSIM era. So here, then, are five talking points from these prelim discussions, which capture some of the hopeful opportunity and familiar problems around it. So it sounds, in the end, like every other IoT tale – said RCR to Kaleido. One of brilliant innovation and difficult progress. “Yes, it kind of is,” came the response.
1 | Drivers
Until now, for 15 years or more, eSIM adoption has been mostly limited to IoT deployments in the automotive and utilities sectors due to complex integrations and high deployment costs. Previous eSIM setups were expensive and restrictive. The SGP.02 specification, published in 2014 for old-style M2M deployments, was a breakthrough in its day. But the work to integrate new carriers required expensive interoperability work (“often six figures”), limiting flexibility and locking customers into their initial hardware/airtime pairings. Meanwhile, the SGP.02 specification, from 2016, is great for consumer smartphones and wearables with user interfaces, but a non-starter for headless IoT.
The idea is that the SGP.32 specification will change that. A key driver for the GSMA to write the architecture is changing regulation about data roaming and localisation – which makes the requirement to switch SIM providers not just an expensive one, achievable for the likes of BMW (SGP.02) and Apple (SGP.22), say, but a legal one for every IoT maker – locked out until now because of the cost to integrate with new airtime providers. Permanent roaming restrictions are all about, and completely chaotic for IoT. Designed ostensibly to limit consumers roaming onto local cellular networks – with cut-offs of 90-180 days, typically – these rules make IoT a non-starter, effectively.
The list of countries with outright bans or strict limitations is long: Australia, Brazil, Canada, China, Egypt, India, Nigeria, Saudi Arabia, Singapore, Turkey, UAE. The task to ship eSIM-based IoT solutions into these markets without pre-integrated local carrier contracts has been complex, to the point of writing-off business. Equally, developing data sovereignty laws – around where data is captured, processed, stored – have driven the case for flexible RSP mechanics. The GSMA has responded with SGP.32 – which, usefully, it has also specified to work with existing SGP.22 consumer RSP infrastructure to minimise overheads for operators to support IoT opportunities.
Early deployments of SGP.32 eSIM are expected through the second half of 2025, as platforms and devices are certified. Broader adoption is likely through 2026. Kaleido Intelligence reckons a tipping point will come in 2027/28, when over 50 percent of new IoT connections will use eSIM.
2 | Value
There is a sense, somehow, that the new RSP flexibility afforded by the SGP.32 architecture will see service providers (MVNOs mostly) switch customer fleets of IoT devices between carrier networks in pursuit of the clearest signal, sharpest pricing, smartest access; that, somehow, it will bring total dynamism to IoT provision, in order to max out price and performance. This is wrong. While technically possible with local eSIM profile switching, the idea of on-the-fly switching between carriers is not widely supported. (It is perhaps more likely that mobile operators will lock an eSIM to a specific eIM, and effectively reinstate the rigid SMDP+/SM-SR dependency of the SGP.02 era.)
In the end, network management, even when it is remote-controlled and flexible, is a headache. Enterprises don’t want to switch just for the sake of it; they don’t want to know about the connectivity technology or the bearer network. Which is the message that comes out of every tech-led digital-change consultancy – like it is a revelation. They don’t care, so long as it works properly. Which is the secret sauce, here: the real value with these new eSIM capabilities is around risk mitigation, rather than opportunistic churn for better signal or price. It is about insurance against long-term risk – in case the signal or signal provider fails or changes over a 10–15 year lifecycle.
And that is a powerful offer for mission-critical enterprises and applications.
3 | Dynamics
Having said all of that, the power dynamics in the IoT space are shifting away from traditional mobile operators (MNOs) with the introduction of flexible new RSP mechanics. “Walled gardens are coming down,” comments Sorrel at Kaleido Intelligence. Transforma Insights has issued a press note that suggests mobile operators are “increasingly cautious about granting network access, particularly for eSIMs”. Which reads like they are paranoid about churn. Sorrel at Kaleido Intelligence says there may be “some hesitation” about “willy-nilly” churn among the “the usual suspects”, and references the new eSIM lock-in functions.
But he also says, as above, that there is no incentive for enterprises to switch carrier networks without reason, and that sense and logic should prevail, and even embolden operators to make a virtue of their service. “That can be a differentiator,” he says. I don’t really see any of them saying, ‘no, you’re locked in’.” And actually, Transforma Insights is probably saying the same. “They want stronger guarantees on device security, certification, and network resource utilisation,” it writes – as if the worry is that wayward over-the-top MVNO partners will drive up their churn figures for reasons beyond their control. But the power shift might work for MVNOs in other ways.
It gives them a chance to get close to their MNO sponsors. In some cases, MVNOs are even turning the old MVNO model on its head, so that MNOs are piggybacking on their infrastructure instead – which is cloud-based, nimble, and global, and plugged-in northbound (airtime roaming, network APIs) and southbound (SIM provisioning, vendor platforms), and able to handle billing and management between both. This has been discussed in these pages – notably in relation to floLIVE’s moves in the market. Transforma Insights argues such expertise might position MVNOs in a new ‘orchestrator’ role to bridge eIM-based RSP and full-stack roaming and billing.
Which might also be an analyst house looking to coin new terminology; but the idea is well received. Loic Bonvarlet at SIM specialist Kigen responds: “Where it is right, is that there is a better way to do it. If someone can preintegrate and manage all the activation and optimization – with logins from this provider and that provider, and APIs to manage those plans – in a single pane-of-glass platform, then the end-user has a really full view of their eSIM lifecycle, across their whole fleet.” He points to ‘orchestrator’ offers from the likes of SIMETRIC and IoTM. But connectivity management systems (CMPs) have been integrated to orchestrate eSIMs across RSP platforms already.
Roles and responsibilities are changing in the IoT market, anyway; the new eSIM specification only accelerates the shift. Sorrel explains: “On the one hand, the data resale play is less attractive for MVNOs. On the other hand, MNOs realize they can’t go it alone. Together with the eSIM spec, that creates an interesting scenario – where MNOs start to use MVNO platforms to extend coverage and manage devices. But MNOs are still doing the selling, and onboarding and managing contracts – while MVNOs are shifting to a more indirect role, where they support MNOs in their operations. Yes, MVNOs will orchestrate eSIMs for MNOs, but only as part of a wider shift in the market.”
4 | Production
A key part of the SGP.32 gambit is to also provide a foundation for in-factory profile provisioning (iFPP), to be formally defined in SGP.41 and specified in SGP.42 some time in late 2025/early 2026. The SGP.41 framework is deliberately loose, to make current experiments commercial endeavours. As it describes, iFPP will see original equipment manufacturers (OEMs) load SIM profiles onto IoT devices during their production – instead of wasting battery power, and risking the customer experience, to locate and download them in the field. More than this, it affords a way to reduce SKU complexity, and associated management costs, which multiply in post-deployment when field variants connect to different airtime connections.
Kigen, closely involved in the GSMA standardisation process, has commercial trials in Asia that use an eIM agent to decouple provisioning from live connectivity, and support local activation even in air-gapped or offline venues. Bonvarlet explains: “[The OEM] can manufacture a completely generic and vanilla device with the eSIM embedded in it… and test it out… in under two minutes… The really new thing with SGP.32 is that the eIM becomes this agent that securely takes a download package and roots it down to your device or factory line.” On paper, it solves a major bottleneck for OEMs in the low-power cellular IoT space.
“Whatever you can do in the factory means more control and less cost,” adds Bonvarlet, with a cautionary tale about proper planning. “Too often, OEMs think they can choose a module, antenna, connectivity, and that’s it – like the SIM is somebody else’s job. ‘Not my problem’. But the wrong [SIM] choice in production means a higher TCO downstream.” The point is the iFPP mechanic brings greater control over IoT development by shifting connectivity decisions upstream, into the manufacturing phase. Instead of relying on post-deployment downloads and SIM swaps, reliant on difficult bootstrap profiles, OEMs can embed a neutral eSIM and provision it as a SKU before it is shipped.
For industries where device lifetime, battery efficiency, and regulatory compliance are critical, it starts to look like a game-changer.
5 | Mindset
This idea that the “SIM is someone else’s job” is important, as well. With all this new power and flexibility, OEMs are being encouraged to take ownership of SIM provisioning upfront, rather than treating it as a telco responsibility. Fragmentation, complexity, and ROI remain big hurdles for IoT makers, even in the new eSIM era. Switching providers still involves new contracts, SLAs, and platforms – making multi-provider deployments complex and costly, possibly driving a new MVNO value offer. Entry costs are higher with eSIM, and hard money-metrics are scarce. “An eSIM is always going to be more costly than a standard UICC (SIM) solution. It will always be the case,” says Sorrel.
It probably means cellular smart labels, stickable and printable (and disposable, ultimately), will never be an SGP.32 market. Sorrel goes on: “Price parity will never be reached. So the entry will always be more challenging from a financial perspective. There will be a segment of the market that is very, very cost sensitive, which won’t go with eSIM – because it’s just too much buy-in. So they may look at soft SIM solutions, instead. But that will be a very small segment. At the same time, there is work for companies to explain and understand that a little extra cost can save a lot more if it comes down to it.”
Kigen says the same. There is an ‘education gap’, which is holding back adoption. Early IoT adopters, from the M2M days, know where these solutions break down, already; they know where to find technology solutions, even if they don’t care about the technology much at all. But many potential users, holding the keys to ‘massive IoT’ in new markets, still do not see the whole picture. The biggest challenge is mindset, says Kigen. “The fundamental mistake in IoT [is to] save on the BOM at the risk of incurring downstream costs,” says Bonvarlet. Early design choices have long-term business impacts. “So many IoT initiatives launch and so many fail. The business case only works when devices are in the field for a long time.”
Be deliberate – from factory to field. Invest in technology that will last a lifetime – from SIM to network to application, to result and return.
