GSMA SGP.32: Bringing the eSIM IoT Promise to Life

Baruch Pinto -
GSMA SGP.32: Bringing the eSIM IoT Promise to Life
Illustration: © IoT For All

The emergence of eSIM more than a decade ago was expected to significantly expand the use of connected devices and achieve massive IoT. But the promise remained unfulfilled – mainly due to the eSIM remote provisioning standards, that either made IoT deployments too complex and inflexible or just didn’t address a huge segment of devices that needed connectivity. It stopped enterprises from starting large-scale IoT projects, held back the development of the IoT realm, and inhibited market growth.

Finally, a change is coming. About a month ago, on May 26th, the GSMA SGP.32 eSIM IoT Technical Specification was published. This new remote provisioning standard will be a key enabler for IoT services, providing simplified integration, ensuring seamless switching between providers, and accelerating time to market. With a great demand for a simple, scalable solution for IoT deployments, the changes are coming as soon as 2024 and the new standard will likely impact all companies in the market.

“With a great demand for a simple, scalable solution for IoT deployments, the changes are coming as soon as 2024 and the new standard will likely impact all companies in the market.”

The Problem

There are two standardized eSIM remote provisioning specifications in use: Machine-to-Machine eSIM Standard (M2M) and Consumer eSIM Standard.

The M2M is designed for IoT devices that may operate without a user and have no user interface. The main elements of the M2M architecture are eUICC (eSIM) in the device, Subscription Manager -Data Preparation (SM-DP), and Subscription Manager – Secure Routing (SM-SR) modules. The SM-DP performs eSIM profile preparation and download, while the SM-SR is responsible for eSIM and profile management and secure routing between the SM-DP and eUICC.

SM-SR chart

The M2M ecosystem has a lot of downsides to it, though. The M2M specification is operator-centric, which means the operator triggers the profile ordering and the eSIM profile management operations. The switching of the profile from one operator to another requires a very complex integration process between SM-DP and SM-SR servers from different operators and is not necessarily automated. There’s also a need for cooperation with the serving operator in each location and significant up-front investment to enable network components to deal with profiles and provisioning.

Business inflexibility of the M2M standard causes situations such as SM-SR lock-in. Although it’s technically possible to change a SM-SR, in practice it’s very difficult to switch devices from one operator’s SM-SR to the other, since it requires legal contracting between competitors. It might become very complex, and very often is just not feasible.

The Consumer eSIM remote provisioning specification is intended for user devices such as smartphones and tablets. It makes managing profiles simple, only requiring user consent to add a new profile or switch between profiles.

The Consumer architecture has no SM-SR module – instead, it has a component called Subscription Manager – Data Preparation+ (SM-DP+), which effectively combines SM-SR and SM-DP functionalities. For profile management, there is a Local Profile Assistant (LPA), a mobile application residing on the device.

It serves as a proxy between the SM-DP+ and eSIM and allows the user to enable, disable, delete, or download the profiles. There is also an optional module called Subscription Manager – Discovery Server (SM-DS) that ensures a better user experience for profile downloading in certain use cases.

SM-DP+ chart

However simple, this standard is not an option for most IoT deployments, since it implies that eSIM management is performed by a user either triggering or giving consent to changes physically on each device, and this requires a user interface that IoT devices do not have.

With the M2M remote provisioning specification lacking flexibility and simplicity and the Consumer remote provisioning standard not covering the majority of IoT devices, IoT deployments were quite a challenge. Besides, it was essential to address a big segment of resource-limited IoT devices, be it in network-constrained devices having low bandwidth connectivity or no SMS or TCP/IP capabilities or user interface-constrained devices that operate without a user and may have no user interface at all. Eventually, it became apparent that the IoT market needed a new remote provisioning standard.

The Change

GSMA SGP.32 is the new technical specification for eSIM remote provisioning that is used for IoT devices that are network-constrained or user interface constrained. SGP.32 is broadly based on the Consumer specification, but there are certain differences between them.

In the new standard, the LPA component of the Consumer specification is separated into two modules – IPA and eIM. The IoT Profile Assistant (IPA) will be on the device. It serves as a proxy between the eSIM and the eSIM IoT Remote Manager or eIM. The eIM sends profile state management operations to the eSIM, allowing it to remotely enable, disable, delete profiles, and trigger profile downloads. The eIM facilitates the management of a single device or a fleet of IoT Devices and can be owned by the IoT OEM to manage their devices.

IPA chart

SGP.32 implies that an eSIM must be associated with the eIM before it can do any profile state management operations. The association is done simply, by sending the eIM configuration data to the eUICC either by the eIM itself or by the backend system. An eIM can be associated with an eSIM at any point in its lifecycle.

Once the configuration data is sent, the eUICC and the eIM are associated. More than one eIM can be associated with one eUICC. To add the new association, the configuration data of the new eIM must be sent by an already associated eIM, but there is no technical integration required between the eIMs. It is also possible to delete the existing associations. This resolves lock-in scenarios similar to the SM-SR lock-in challenge that is part of the M2M solution.

All this enables OEMs to easily switch connectivity providers or have a multivendor connectivity provider strategy, as well as handle bulk volumes of profiles and queue profile operations easier.

Although GSMA SGP.32 was finally released, now it will take some time to complete all specifications for devices and eSIM test and compliance, so the standard will likely become available for use in 2024.

The Impact

So, what is going to happen in the IoT market now that the GSMA SGP.32 is released?
Many companies were desperately waiting for the new specification since it can solve problems that sometimes prevented them from launching their IoT projects. Other companies hesitated to upgrade their products to the next version of the M2M remote provisioning specification because of the expected new standard.

There is no migration path from M2M specification to the new standard, so some enterprises that already use M2M will continue to do so for the rest of their deployed devices’ lifecycle, which may span up to 20 years.

There also might be some companies that have no issues with M2M, but there is no doubt that from now on most of the new deployments will be using the new eSIM IoT remote provisioning standard.

The new standard will significantly accelerate the growth of connected device use both in established and emerging markets, benefiting every company that deploys IoT devices as well as most of the players within the telecom ecosystem.

IoT device manufacturers will be able to solve the problem of multiple production lines while making simpler and more reliable devices. With the M2M remote provisioning standard, they must choose an operator when they manufacture the device and can’t change it afterward unless they go through a complex process of contracting and integrating with several operators.

All players will have more possibilities to offer services to the growing IoT devices market. This expansion of service offerings will bring more options for device connectivity both during the deployment and throughout their lifecycle.

The SGP.32 also allows enterprises to buy services from a broader range of players and easily obtain subscriptions from operators outside their home country.

The Promise

The GSMA SGP.32 is finally going to bring to life the promise of ubiquitous IoT that the market has been waiting for over the last decade. According to Transforma Insights forecast, by the end of 2023, there will be over 15 billion connected IoT devices globally, and their quantity will double by 2030, but this number can grow with the impact of the new GSMA specification.

The demand for the products based on this new IoT remote provisioning standard is so high that there are already proprietary pre-standard solutions in the market, and some of them are very closely aligned with the GSMA SGP.32 specification.

Having a working solution that is fully compatible with the new standard can become a major advantage for enterprises and allows them to implement IoT deployments immediately, before all test specifications are finished in 2024. But to make sure that all their platforms and processes work smoothly when they decide to switch to SGP.32, the solution should meet several criteria.

First and most obviously, its architecture and functionality should be compatible with the new GSMA standard. Second, it is important that it can easily be implemented and applicable to various kinds of devices. Finally, it has been commercially deployed and tested. There are already millions of devices that have been deployed using pre-standard solutions, so some of the latter are proven to work properly and adapted to customers’ needs.

While companies decide whether to make their IoT deployments now or in the future, one thing is certain: the GSMA SGP.32 is going to be a game-changer for the whole IoT market, and the changes are around the corner.

Baruch Pinto - VP Product, Webbing

Webbing is a full MVNO that delivers innovative enterprise-grade global connectivity and IoT services. Since our inception, Webbing has created connectivity infrastructures and platforms that enable the IoT to leverage exponential growth in connec...
Webbing is a full MVNO that delivers innovative enterprise-grade global connectivity and IoT services. Since our inception, Webbing has created connectivity infrastructures and platforms that enable the IoT to leverage exponential growth in connec...