SGP.31/32 – Remote SIM Provisioning for IoT

The Good, the Bad and the Way Ahead

Ian Marsden

Founder & CTO


The GSMA has released SGP.31/32: the Remote SIM Provisioning standard for IoT. Will this really enable global, ubiquitous connectivity and trigger the predicted upsurge in IoT deployments? Or is there more to it than that? (Spoiler alert: there is.)

Read on to find out about the standard and how it might affect your new or existing IoT initiatives.

A brief history of eSIM – Remote SIM Provisioning

Cellular connectivity was designed to support consumer devices. People (in general) live in one country, only need to roam for short periods, and can change their network provider by swapping SIMs or scanning a QR code.

It’s a different story for IoT. Manufacturers may not know where devices will be deployed – and they’d rather not build multiple variants for different locations. Many devices have limited intelligence and no users to operate them. They may need to roam for long periods (but that causes problems). And changing network providers by swapping SIMs or scanning QR codes is usually impossible.

In response, the GSMA introduced eSIM, the embedded Remote SIM Provisioning (RSP) Architecture, for provisioning and managing network profiles on devices using over-the-air commands.

The first standard, SGP.01/02, addressed the requirements for machine-to-machine (M2M) devices. (GSMA standards use the naming format SGP.x1 for architecture and requirements documents, SGP.x2 for the related technical specifications.)

Driven by demands from companies like Apple and Samsung, the GSMA then introduced a second, simpler standard called SGP.21/22 for consumer devices.

Both standards require eUICC SIMs to store and manage multiple network profiles on devices. The M2M standard involves pushing profiles to devices while the consumer standard enables users to pull profiles to their devices.

So why do we need a new standard for IoT?

The M2M standard works well for larger players, such as the automotive industry and mobile virtual network operators (MVNOs) with the resources and capability to fully implement the standard.

But for some other players and deployments with constrained devices, it has significant challenges.

Operational challenges with SGP.01/02

When a business wants to change their connectivity provider, the current and new providers need to integrate their systems so that device management data can be transferred and the devices linked to the new provider’s system. This is complex and costly, with commercial, legal, and engineering implications. Often it’s just not a feasible proposition.

The standard is designed to make it easier for Original Equipment Manufacturers (OEMs) and mobile virtual network operators (MVNOs) to access profiles from mobile network operators (MNOs). But this isn’t straightforward, requiring significant engineering work and interoperability testing.

Device challenges with SGP.01/02

The M2M standard was created before the dramatic increase in constrained IoT devices, such as asset trackers, meters, and sensors.

These devices are often battery-operated and need to conserve power as much as possible. They typically connect to low-power wide area networks (LPWANs), sleep for long periods, use lightweight protocols and have limited intelligence.

The standard requires devices to support SMS, use connection-oriented protocols and respond promptly to management instructions. The devices must complete profile downloads in one session, even though large profiles can take several minutes to download on LPWANs.

Many constrained devices don’t meet these requirements. NB-IoT networks don’t support SMS, data can be lost if devices are sleeping when messages are sent to them, and modems sometimes close connections to conserve power before downloads are complete.

SGP.31/32 – the new RSP standard for IoT

In response to the challenges, the GSMA has developed the SGP.31/32 standard for IoT.

The IoT standard is based on the simpler consumer RSP standard. It removes the requirement for complex integrations between providers and addresses the needs of constrained devices.

A backend server (called an eSIM IoT Manager or eIM) can act as a proxy user interface, enabling devices to trigger a profile download from an MNO’s profile store. It can also be used to manage deployments centrally, pushing profiles to individual devices or fleets of devices when required.

SGP.31/32 benefits for IoT

SGP.31/32 makes a number of provisions to support constrained devices and simplify integrations between providers:

Hold the celebrations

It’s going to be a while before fully functional SGP.31/32 solutions are available.

The GSMA released the technical specification in May 2023. We anticipate that platform and SIM certifications will be achieved in 2024. The earliest that the first GSMA-certified solutions will be available is likely to be in 2025.

And these first solutions won’t include the full set of new features. A number of provisions, such as support for using lightweight protocols, are not included in the first release of the standard. Some vendors may release proprietary solutions that include these features but there’s no guarantee their solutions will integrate and operate with other providers.

The IoT standard is not backwards compatible with the M2M standard and there’s no migration path forward from the M2M standard. Any deployments using the M2M standard will need to continue using that model until end-of-life.

Despite the drawbacks, SGP.31/32 aligns better with the needs of many IoT use cases. It’s likely to increasingly be used in place of the M2M standard for new deployments, particularly when solutions with the full set of provisions become available.

Is SGP.31/32 the magic bullet for IoT?

SGP.31/32 has a key part to play in creating a better functioning IoT ecosystem.

Breaking the proprietary link between MNOs and devices means businesses can choose the right providers for their deployments – and change providers if they need to. Manufacturers can build single SKU devices. Ubiquitous, global connectivity becomes a realistic goal.

And though some MNOs fear losing their close relationship with customers, tier 1 operators and platform providers see the value in the potential upsurge in IoT deployments. These players will drive the availability of solutions built to the standard.

But it’s not the whole story.

Building IoT devices that work

Our work with Kaleido Intelligence shows that many companies find device and hardware optimisation a much greater problem than global connectivity.

The way a device, modem and SIM operate together is critical. Building fit-for-purpose devices requires IoT design expertise and thorough prototyping, proof of concept and testing phases.

Mobile networks operate in different ways and it’s vital to test devices in a lab environment to determine how they operate with all the networks they might connect to, including how they handle firmware-over-the-air (FOTA) updates from the operators.

Managing devices on multiple networks

The new standard will make it easier for providers to access profiles from partner MNOs, opening up opportunities to switch devices to different networks to achieve optimum connectivity.

But accessing profiles from an MNO is just the start. Switching devices to different networks risks creating an operational nightmare: multiple contracts, billing, lifecycle management, monitoring and analytics.

To avoid this, connectivity providers need to offer a federated management platform so there’s one contract and a single pane of glass for managing all devices.

Accessing multiple networks

Connectivity providers need interconnects to other networks before they can switch devices onto them. This requires engineering and integration work – and it’s something that’s not always in place ­(despite providers claiming to offer network switching capabilities).

In addition, many operators now segment and regulate their networks to handle increasing volumes of connections. Providers must have the knowledge and skill to ensure that devices connect to the right segment and behave correctly to avoid being penalised by operators.

The Eseye approach

At Eseye, we’ve long recognised the need to manage SIMs remotely and switch devices to different networks to comply with regulations and achieve optimum connectivity.

That’s why we introduced our intelligent, multi-IMSI SIM in 2013, developed a sophisticated rules-based connectivity management platform, and built the AnyNet Federation with interconnects to 16 different networks.

When the GSMA introduced the eSIM architecture, we developed our own backend RSP systems and enhanced our AnyNet+ SIM to combine multi-IMSI and eUICC capabilities. The latest AnyNet product – SMARTconnect – embeds intelligent, global IoT connectivity directly into devices. It gives devices the intelligence to connect out-of-the-box and stay connected, whatever happens.

Now we’re designing new SIMs and developing our connectivity management platform to work with SGP.31/32 so that we can offer GSMA-certified solutions at the earliest opportunity.

And we’ll also support deployments that use the M2M standard for as long as needed and advise on how to proceed during this period of transition.

It’s not just SGP.31/32 – there are a lot of other developments happening in the world of IoT. We’re enhancing our solutions to support innovations in iSIM, 5G, private and public network integrations, satellite connectivity, factory personalization and more.

You don’t need to wait for SGP.31/32 solutions

Remote SIM provisioning using SGP.31/32 will – one day – be a big step towards the goal of global, ubiquitous connectivity for IoT devices.

But the good news for Eseye customers is that you don’t need to wait for SGP.31/32 certified solutions to be released. Nor do you need to be an expert in the latest standards and technologies to find the right connectivity solution for your deployment.

That’s what we do.

Our partnerships with multiple MNOs mean that our multi-IMSI solution can meet the connectivity requirements in many use cases without incurring the additional cost of implementing an eSIM-compliant deployment.

In other cases, our partnerships with MNOs and the work we’ve done to integrate with other providers means that we can download profiles for many different networks to your devices and switch them when required.

Talk to an expert

We can evaluate all the options and advise you on on the most cost-effective solution to meet your needs, both today and throughout the lifetime of your deployment.

Ian Marsden

Founder & CTO


Ian has a passion for developing technology-based solutions that deliver real improvements to businesses, the environment and quality of life.

Previously he co-founded CompXs to deliver the world’s first ZigBee design. Prior to CompXs, Ian held senior software leadership roles at Philips and has since spearheaded the ground-breaking innovation of our global AnyNet Secure cellular solution.