GSMA SGP.32: Fulfilling the IoT eSIM promise

The emergence of eSIM more than a decade ago was predicted to significantly expand the use of connected devices and achieve a massive IoT. But that promise fell short primarily because of eSIM remote provisioning standards, which made IoT deployments too complex and inflexible, or simply didn’t address a huge segment of devices that needed connectivity. It has prevented enterprises from starting large-scale IoT projects, curbed the development of the IoT realm, and inhibited the growth of the market.

Finally, a change is coming. About a month ago, on May 26, the GSMA SGP.32 eSIM IoT technical specification was published. This new remote provisioning standard will be a key enabler for IoT services, providing streamlined integration, ensuring seamless handover between vendors, and accelerating time to market. With a huge demand for a simple and scalable solution for IoT deployments, the changes will arrive as early as 2024 and the new standard will likely impact every company in the market.

“With a huge demand for a simple and scalable solution for IoT deployments, the changes will arrive as early as 2024 and the new standard will likely impact every company in the market.”

The problem

Two standardized eSIM remote provisioning specifications are in use: Machine-to-Machine eSIM Standard (M2M) and Consumer eSIM Standard.

The M2M is designed for IoT devices that can operate without a user and have no user interface. The main elements of the M2M architecture are the eUICC modules (eSIM) in the device, Subscription Manager -Data Preparation (SM-DP) and Subscription Manager – Secure Routing (SM-SR). The SM-DP performs the preparation and download of the eSIM profile, while the SM-SR is responsible for the eSIM and profile management and secure routing between the SM-DP and the eUICC.

However, the M2M ecosystem has many downsides. The M2M specification is carrier-centric, which means that the carrier triggers profile ordering and eSIM profile management operations. Profile switching from one operator to another requires a very complex integration process between SM-DP and SM-SR servers of different operators and is not necessarily automated. There is also a need for cooperation with the service operator at each location and significant upfront investment to enable network components to handle profiling and provisioning.

The corporate inflexibility of the M2M standard causes situations such as SM-SR lock-in. While it is technically possible to switch an SM-SR, in practice it is very difficult to switch devices from one SM-SR carrier to another, as it requires legal contracts between competitors. It could get very complex and very often it is not feasible.

The Consumer eSIM remote provisioning specification is targeted at user devices such as smartphones and tablets. Simplifies profile management, requiring only user consent to add a new profile or switch between profiles.

The Consumer architecture does not have an SM-SR module instead, it has a component called Subscription Manager – Data Preparation+ (SM-DP+), which effectively combines the SM-SR and SM-DP functionalities. For profile management, there is a Local Profile Assistant (LPA), a mobile application that resides on the device.

It acts as a proxy between SM-DP+ and eSIM and allows the user to enable, disable, delete or download profiles. There is also an optional module called Subscription Manager – Discovery Server (SM-DS) which provides a better user experience for profile download for certain use cases.

While simple, this standard is not an option for most IoT deployments, as it implies that eSIM management is performed by a user who physically activates or consents to the changes on each device, and this requires a user interface that IoT devices do not have.

With the M2M remote provisioning specification lacking in flexibility and simplicity, and the consumer remote provisioning standard not covering most IoT devices, IoT implementations were a real challenge. In addition, it was essential to address a large segment of resource-constrained IoT devices, whether in network-constrained devices with low-bandwidth connectivity or no SMS or TCP/IP capabilities or UI-constrained devices that function without a user and they may have no user interface. Eventually, it became apparent that the IoT market needed a new remote provisioning standard.

Change

GSMA SGP.32 is the new technical specification for eSIM remote provisioning used for IoT devices with network or user interface constraints. SGP.32 is largely based on the consumer specification, but there are some differences between them.

In the new standard, the LPA component of the Consumer specification is separated into two modules IPA and eIM. The IoT Profile Assistant (IPA) will be on the device. Acts as a proxy between the eSIM and the IoT Remote Manager or eIM eSIM. The eIM sends profile status management operations to the eSIM, allowing it to remotely enable, disable, delete profiles, and trigger profile downloads. The eIM facilitates the management of a single device or a fleet of IoT devices and can be owned by the IoT OEM to manage their own devices.

SGP.32 implies that an eSIM must be associated with the eIM before it can perform any profile state management operations. Pairing is done simply by sending the eIM configuration data to the eUICC either from the eIM itself or from the backend system. An eIM can be associated with an eSIM at any point in its lifecycle.

Once the configuration data has been sent, the eUICC and the eIM are paired. More than one eIM can be associated with an eUICC. To add the new pairing, the new eIM’s configuration data must be sent from an already paired eIM, but no technical integration between the eIMs is required. You can also delete existing associations. This solves lock-in scenarios similar to the SM-SR lock-in challenge which is part of the M2M solution.

This allows OEMs to easily switch connectivity providers or have a multivendor connectivity provider strategy, as well as manage mass volumes of profiles and queue profile operations more easily.

Although GSMA SGP.32 has finally been released, it will now take some time to complete all device specifications and eSIM compliance and testing, so the standard will likely be available for use in 2024.

The impact

So, what will happen in the IoT market now that GSMA SGP.32 is released?
Many companies have been desperately waiting for the new specification as it can fix the issues that sometimes prevented them from launching their IoT projects. Other companies have been hesitant to upgrade their products to the next version of the M2M remote provisioning specification due to the expected new standard.

There is no migration path from the M2M specification to the new standard, so some companies that already use M2M will continue to do so for the rest of the lifecycle of the deployed devices, which can be up to 20 years.

There might even be some companies that don’t have a problem with M2M, but there’s no doubt that from now on most new deployments will use the new IoT remote provisioning standard eSIM.

The new standard will significantly accelerate the growth of connected device usage in both established and emerging markets, benefiting every company deploying IoT devices and most players within the telecom ecosystem.

IoT device manufacturers will be able to solve the problem of multiple production lines by building simpler and more reliable devices. With the M2M remote provisioning standard, they have to choose a carrier when they manufacture the device and can’t change it later unless they go through a complex process of contracting and integrating with different carriers.

All players will have more opportunities to offer services to the growing IoT device market. This expansion of service offerings will provide more options for device connectivity both during deployment and throughout their lifecycle.

The GSP.32 also allows businesses to purchase services from a wider range of operators and easily obtain subscriptions from operators outside their home country.

The promise

The GSMA SGP.32 is finally about to deliver the promise of ubiquitous IoT that the market has been waiting for for the past decade. According to Transforma Insights, there will be over 15 billion connected IoT devices globally by the end of 2023 and their number will double by 2030, but this number may grow with the impact of the new GSMA specification.

Demand for products based on this new IoT remote provisioning standard is so high that there are already proprietary pre-standard solutions on the market, some of which are closely aligned with the GSMA SGP.32 specification.

Having a working solution that is fully compliant with the new standard can become a great advantage for companies and allows them to roll out IoT implementations immediately, before all test specs are finished in 2024. But to make sure that all their platforms and processes work without problems when they decide to switch to SGP.32, the solution should meet several criteria.

First and foremost, and obviously, its architecture and functionality should be compatible with the new GSMA standard. Secondly, it is important that it can be easily implemented and applied to various types of devices. Finally, it was distributed and tested commercially. There are already millions of devices that have been implemented using pre-standard solutions, so some of the latter have been proven to work properly and adapt to customer needs.

As enterprises decide whether to make their IoT deployments now or in the future, one thing is certain: GSMA SGP.32 will change the rules of the game for the entire IoT market and changes are just around the corner.