burgerlogo

What Is Permanent Roaming, and Why Does It Break Global IoT Deployments?

What Is Permanent Roaming, and Why Does It Break Global IoT Deployments?

avatar
IXT

- Last Updated: July 9, 2026

avatar

IXT

- Last Updated: July 9, 2026

featured imagefeatured imagefeatured image

Most people picture roaming as a holiday thing. You land abroad, your phone hops onto a local network, and a week later you fly home, and it reconnects to your own carrier. For a phone, roaming is temporary by design.

A cellular IoT device does not behave like a phone. A smart meter bolted to a wall in Germany, fitted with a SIM from a Dutch operator, connects to a German network on day one and stays there for the next ten years. It never flies home. It never reconnects to its own carrier. It roams for its entire working life. This is permanent roaming, and it sits underneath a large share of the world's deployed IoT.

For years, nobody worried about it. The SIM connected, the data flowed, and the arrangement held. The reason it now deserves attention is simple. The rules are changing, and the technical assumptions behind permanent roaming were never built for stationary devices that stay online for a decade.

What Permanent Roaming Actually Is

Roaming happens when a SIM connects to a network other than the one it is registered to. A traveler does this for a few days. An IoT device does it forever, because the SIM is registered in one country and the device lives and works in another.

Two traits separate IoT devices from phones. They stay in one place, and they stay connected for years. A utility meter, a charging station, an industrial sensor, a building alarm. None of them roam the way a salesperson with a laptop does. All of them spend their whole life leaning on a network the SIM was never meant to call home.

Three Problems Hiding Inside a Working Connection

Regulatory Exposure

A growing number of countries restrict permanent roaming, either through outright bans or licensing rules that make it unworkable in practice. Brazil, Turkey, and Nigeria have explicit restrictions. In China, India, Saudi Arabia, and the United Arab Emirates, connectivity services must be provided by a locally registered operator, which achieves the same outcome through a different mechanism. Deploy a foreign SIM in one of these markets, and you are facing a compliance problem and the risk of sudden disconnection. Regulations shift often, so any deployment plan needs a current check per market.

Network Performance

Operators look after their own subscribers first. A roaming device sits lower in the queue, resulting in reduced bandwidth, higher latency, and throttling when the network is busy. For an application built on steady data flow, second-class treatment is an operational problem, not a footnote.

Data Routing

When a SIM is registered in one country, and the device runs in another, traffic often follows the SIM home before reaching its destination. This is home-routed roaming. Data generated within one country is routed abroad and back. In markets with data localization rules, the detour itself is a compliance issue, in addition to the latency it adds.

What Failure Looks Like

Permanent roaming does not degrade quietly. It stops. An operator notices a SIM roaming past the permitted window, often somewhere around 90 to 120 days depending on the market, and cuts the connection. The device drops offline. In many IoT applications, there is no backup path.

In the field, this reads as a fleet of asset trackers going silent. A row of charging stations going dark. A set of factory sensors that stop reporting. Recovery usually means sending someone to the site or reprovisioning the SIM remotely, and for a soldered MFF2 chip in a sealed enclosure, or tens of thousands of units spread across borders, neither option is quick or cheap.

Operational risk and regulatory risk are separate. They tend to arrive together.

The Workarounds and Where They Stop

Teams running global fleets have handled this in three ways, each with a cost.

Stocking different SIMs for different markets solves the regulatory side and replaces it with a logistics headache. More suppliers, more contracts, more data plans, more inventory to track.

Picking one global carrier with broad roaming agreements reduces operational mess. It does nothing for markets that outright reject foreign SIMs, and nothing for the performance hit from home-routed traffic.

Swapping SIMs by hand when a restriction kicks in works in a lab or a pilot. At the scale of a real deployment, it does not.

None of these address the regulatory map as it stands today. And the map keeps growing.

How Remote Profile Switching Solves It

The technical answer is the ability to change a device's network identity remotely, without touching the hardware.

Multi-IMSI allows a single SIM to hold multiple network identities. The SIM presents a local identity to whichever network it joins, so the connection is not classified as roaming in the first place.

eUICC goes further. An eUICC SIM stores multiple operator profiles and switches between them over the air. In a market that requires a local profile, the device loads one. Move the device, change the profile. No site visit.

GSMA's SGP.32 standard, published in 2023 and updated in late 2024, was written for exactly this. Headless IoT devices that need profile changes managed in bulk, from a server, with no screen and no human on site. Certified products started appearing in 2025, with wider commercial use expected through 2026 and into 2027.

One caution is worth stating plainly. These tools provide the mechanism for switching profiles. Whether a given profile satisfies a country's rules depends on which operator supplies it and whether the provisioning setup meets local requirements. The technology and the compliance question have to be solved together, not one and then the other.

Connectivity Is Not the Same as Security

Solving permanent roaming gets your devices online in a compliant way. It does not make them secure. A device connected via a clean local profile still sends data over public infrastructure unless something at the network level keeps it private. Most IoT hardware cannot run a VPN client to do that job. The devices are headless and constrained. They were never built to carry the overhead.

"Security is not a feature. It is a foundation." The same applies to compliant connectivity. Both work best when they are designed in, not bolted on." -Henning Solberg, CTO of IXT

This is the reason the strongest deployment plans treat three questions as one decision. Where will the device connect, will that connection comply with local law, and how will the traffic be protected once it is live? Answer them separately, and the gaps show up later, usually at the worst time.

Permanent roaming was never designed for IoT. It is a side effect of building connected products on SIM technology made for traveling consumers. As the rules tighten and the tools mature, the teams in the best position are those treating connectivity, compliance, and security as a single architectural choice from the start.

Need Help Identifying the Right IoT Solution?

Our team of experts will help you find the perfect solution for your needs!

Get Help