What you need to know to prepare for the GSMA’s new eSIM IoT specification

As the GSMA prepares to roll out the much anticipated IoT specification, major industry players are gearing up for the launch. We sat down with Stephane Jayet, Head of Digital Business Line in Connectivity Services Business Unit at IDEMIA, to get the lowdown on everything you need to know—from the launch timeline to practical tips for optimizing cost and operational efficiency.

How will the new eSIM IoT specification (SGP.3x) coexist with the former eSIM M2M specification (SGP.0x)?

The GSMA’s new specification wasn’t designed to put an end to the existing M2M specification, it was introduced to provide a simpler and more adequate deployment model for the massive IoT market. This new specification also leverages investments made by a large number of MNOs around the world to connect consumer devices with eSIM technology via SM-DP+ platforms. Ultimately, the market will decide which types of use cases will continue to use the eSIM M2M architecture and which will adopt the new eSIM IoT model.

Some industries and use cases will continue to use the M2M specification, in particular for devices that are already deployed and have a long life in the field. For example, given the very long lifecycle of a vehicle or a sensor (roughly 20 years), contracts in those industries are significantly longer than those in consumer goods, where a smartphone becomes obsolete after 18 months. As a result, MNOs and major stakeholders will still need to invest in the existing SM-DP¹ and SM-SR platforms to manage existing contracts. However, we don’t expect to see a lot of new deployments using the M2M architecture. We can probably assume that the majority of new projects will focus on the new eSIM IoT model. Today, we’re seeing actors across several industries, such as transportation and energy, active in standardization work who are preparing to use the new eSIM IoT specification.

What is the expected timeline for the new eSIM IoT specification rollout?

The GSMA working group published the SGP.31 eSIM IoT Architecture and Requirements in April 2022 and the technical specification (SGP.32) is expected in April 2023. The complete set of specifications for tests and compliance should be completed by the end of the year. Everyone working on this project is focused on moving forward as quickly as possible, while also taking the time to be certain that the new specification will work properly with maximum security for all stakeholders. In the meantime, MNOs, OEMs and eSIM solution providers such as IDEMIA can already start preparing.

Are there any standardized eSIM IoT solutions already on the market?

Since the new specification set is not yet finalized, any solution already out there is sure to have at least some proprietary aspects—meaning aspects that may not align with the final specification. At IDEMIA we’re focusing our energy on working with major MNOs and OEMs to deploy successful proof-of-concepts (PoCs). This is a great way to test and learn and be sure that all issues are addressed by the specifications and fine-tuned based on learnings from live experimentations. This also means that the finished solution will be an iteration of our ongoing work. Since we’re not starting from scratch, we will be ready as soon as the final specification is issued.

How will OEMs and MNOs choose between existing eSIM M2M and the new eSIM IoT specification for new deployments?

As I mentioned, the majority of new eSIM IoT projects will rely on the new eSIM IoT specification. Nevertheless, for some use cases, certain industries may choose to stick with the M2M ecosystem. Since OEMs own the SM-SR, which holds a key that is pre-shared with the eUICC, it serves as a gate to the eUICC. This means that if you control the SM-SR, you control access to the eUICC. Therefore, in specific situations, OEMs that need to retain strong control of their devices will stick with the M2M specification. That said, for the vast majority of use cases, MNOs and OEMs can already begin planning to deploy eSIM solutions based on the new specification.

In many cases, MNOs will have to simultaneously manage eSIM connectivity use cases for the consumer market, the existing M2M ecosystem and/or the new eSIM loT ecosystem.

How can IDEMIA’s eSIM solutions simplify the integration of the new specification and help MNOs manage multiple workflows in parallel?

Just to give a little bit of context, it is important to take into account that MNOs typically don’t have the same back-end system for their consumer and M2M/IoT business. To serve the M2M/IoT market, MNOs have either set-up a specific M2M back-end to address the needs of their enterprise customers – which is the case for major MNOs like Vodafone – or they are using a third-party Connectivity Management Platform (CMP) for their M2M back-end. Today, MNO’s SM-DP+ is integrated with MNOs’ consumer back-end, tomorrow it will need to be integrated with their M2M back-end as well. This is where IDEMIA’s orchestration layer (Smart Connect Manager) comes into play.

Can you explain the benefits of the orchestration layer?

This orchestration layer provides a single point of integration for both M2M Remote SIM Provisioning (RSP) platforms and Consumer RSP platforms, which will be used for new eSIM IoT use cases. In the existing M2M ecosystem we had already set up all the necessary adapters to connect with CMP (Connectivity Management Platforms) providers such as Ericsson IoT Accelerator, Cisco Jasper and the proprietary Vodafone GDP (Global Data Service Platform).

Once the new specification goes live, we will handle the integration process with these providers because we already have the adapters in place. This will enable any OEM to easily connect to multiple CMPs and any MNO to connect their own CMP to their SM-DP+. And because of our scale and our ability to spread the costs between multiple players, we can connect smaller MNOs and OEMs that might not have as much financial pull as major actors. At the same time, it simplifies the process for CMP providers since they won’t have to deal with each individual MNO and OEM.

In addition, this intelligent orchestration layer automatically detects the underlying technology (eSIM IoT or eSIM M2M) and redirects orders towards the relevant platform.

What are the specific benefits of the orchestration layer for the OEMs?

In addition to connecting OEMs to multiple CMP platforms, our orchestration layer ensures total business process management, allowing OEMs to initiate any action pertaining to eSIM profiles (enable, disable, delete, etc ) directed towards connectivity providers.

What else can IDEMIA do to help MNOs optimize cost and operational efficiency as the eSIM market scales up to service massive IoT?

Concretely, when an MNO orders profiles to sell to its customers, they don’t know if the enterprise customer will be in the existing M2M ecosystem or the new IoT ecosystem, nor will they know what kind of eUICC the device will use or the device’s specific capabilities. This is the beauty of our just-in-time profile generation service. It supports every kind of device and eUICCs and is capable of changing profile content or metadata on the fly. While this IDEMIA service already exists in the consumer market, it is all the more important in the IoT ecosystem where the variety of devices is exponentially greater. Without the ability to customize eSIM profiles at the last minute, MNOs would have to order profiles for each ecosystem and for each device with its own specific eUICC profile parameters—a costly and time consuming, if not impossible, task.

What should stakeholders do to prepare for the new specification?

MNOs will need to integrate their SM-DP+ platform with their M2M back-end system. They can either manage this integration directly with their existing CMP partner or they can leverage the adapters already in place, with Cisco, Ericsson and Vodafone, in IDEMIA’s orchestration layer. They will also need to ensure that their SM-DP+ platform, currently used to manage eSIM Consumer profiles, is upgraded to handle all the necessary metadata required to manage eSIM IoT profiles.

MNOs and OEMs should also start end-to-end tests between their SM-DP+ and the eUICC and devices they will use in their eSIM IoT ecosystem. Not every device will behave the same way. This depends on its eUICC, whether the IPA (IoT Profile Assistant) will be running on the eUICC or in the device module, whether the eUICC can directly connect with the SM-DP+ or whether the eIM will be used as an intermediary, etc. This might seem like a big task, but it’s already pretty standard for IDEMIA. We are working closely with module and device makers and we can support MNOs and OEMs to ensure that their eSIM solution will work end-to-end with all IoT stakeholders.

One last recommendation?

I cannot stress enough that the success of MNOs and OEMs in the massive IoT market will depend on the scalability and elasticity of their eSIM solution. It is very important to choose a performant platform, one capable of accommodating spikes in activity. Cloud-based eSIM solutions are the way to go as they provide the flexibility to rapidly increase service capability during peaks and downscale when demand drops.

All in all, MNOs should start preparing for this new specification right now. Although the specification took a bit longer than expected, it will be finalized in the very near future. Those who get a jump start with a future-proof eSIM solution, will surely reap the benefits once the finalized version is released.

¹ SM-DP (Subscription Manager – Data Preparation): prepares and triggers profile download in the eSIM M2M ecosystem
SM-SR (Subscription Manager – Secure Routing): manages the profile on the eUICC in the eSIM M2M ecosystem
SM-DP+ (Subscription Manager – Data Preparation +): performs both preparation and profile download in the eSIM Consumer ecosystem and in the upcoming eSIM Consumer IoT ecosystem