A guide for selecting eSIM for IoT devices

A guide for selecting eSIM for IoT Devices

Last Updated: October, 2023

When receiving a request to supply an eSIM for IoT projects or smart devices, we often encounter it is technically or commercially not viable to deploy an eSIM. This blog gives you some insights and clarification, on how to differentiate the standard and IoT eSIM and when you should be using eSIM in your IoT deployments.

But before we go deeper into this topic we need to clarify, that when we use the word “eSIM”, we aim to indicate an eUICC-enabled device, as this standard defines the possibility of switching SIM profiles over the air. This also allows the provisioning of SIM profiles, which simply means a certificate that enables a device to connect with the mobile operator’s cellular network.

It is important to understand that eUICC can be deployed to all different physical form factors, which are:
Full (FF1), Mini (FF2), Macro (FF3), or Nano (FF4) plastic SIM cards. But also the embedded SIM chip (MFF2) as discussed above, as well as SIMs that are part of the integrated circuit (iSIM).

→ Here you can read more about Differences between SIM card types – 4FF SIM cards, 2FF SIM cards, and more

In this blog, when using eSIM or eUICC we want to refer to the remote provisioning of SIM profiles to a device. The technical implementation is often referred to as a Remote SIM Provisioning platform (RSP) that is usually operated by SIM manufacturers like Thales, WorkX, Idemia, etc., by a specialized RSP provider like Nordic eSIM, or sometimes operated by Mobile Network Operators (MNOs).

Now that we have warmed up with the eSIM foundations, we can move on to the center of our topic, the eSIM for IoT devices.

Standardization of eSIM

The eSIM technical architecture is defined by GSMA (For more details about it please refer to the following link GSMA_eSIM).

For any eSIM deployment, you need to make sure the platforms which implement RSP capabilities are either built based on the consumer eSIM, or on the IoT/M2M eSIM for IoT devices specification.

We find it critical to understand that there are two different standardizations in eSIM as defined above. The confusion between the two is often a source of false assumptions regarding how easily SIM profiles can be brought to the IoT device. Let us help you understand what is the real difference between the basic eSIM we all hear about and the IoT/M2M eSIM standard, and why they are not the same.

Difference between standard eSIM and IoT eSIM

  • Consumer eSIM Standard

The consumer eSIM standard addresses the requirement to install SIM profiles to a consumer’s device, such as a mobile phone, tablet, or laptop. In this case, the end-user can sign an agreement with any mobile operator and usually gets a QR code that is scanned with the device’s camera, allowing the SIM profile to be downloaded automatically. An important detail here is that the SIM profile download is triggered by the end-user. The consumers’ standard is now supported by most devices coming to the market, and a popular application is travel eSIMs, where you buy a SIM profile and mobile subscription in the country where you stay for vacation in order to avoid excess roaming fees.

  • IoT / M2M eSIM Standard

What works well in the consumers’ standard is often not possible in IoT deployments, because the capability of the IoT devices is limited to scan a QR code; as those are often widely and diversely distributed, or there is simply no human interaction. Hence, you cannot just scan a SIM profile whenever it is needed. In contrast to the consumer standard, the IoT/M2M eSIM standard enables to download of a profile by means of OTA (over-the-air activation) and it is usually not initiated by the device itself but by the RSP. This process may create problems for many IoT devices and is discussed in more detail below.

What to consider when using eUICC in your IoT project

Apart from requesting the right GSMA eSIM standard from your potential provider, you should consider the following additional aspects when getting an eUICC in order to decide whether it is the right choice for your IoT deployments, over a legacy IoT SIM Card.

Hardware Capability

The selected IoT hardware and GSM modules included need to support the actual specifications for eUICC on their firmware. In addition, as the SIM profiles are pushed to the device OTA (over the air), the device must support OTA by means of receiving a binary-coded SMS.

We often receive requests from clients whose IoT deployments work with the new standards for narrowband, e.g. NB-IoT. However, the issue is the NB-IoT standard does not support SMS and therefore an IoT device that uses NB-IoT as Radio Access Technology, cannot support eUICC today.

This issue has been recognized by the GSMA and there is a new eSIM for IoT devices standard released; referred to as SGP.32 and it shall address those shortcomings. Nevertheless, as this standard has been just released, we expect the first deployments to go commercial during 2024, and its wider availability in early 2025.

Mobile Operator Lock

The main reason for business owners to change to eUICC is to address the problem of being locked in with one mobile operator; the lock-in comes with the deployment of legacy SIM cards where SIM profile changes are not supported.

Moreover, in the actual GSMA eSIM Standard SGP.1, the SIM card running an OS that supports eUICC is technically locked to one RSP platform, depending on where you buy the eUICCs from (MNO or MVNO). Hence, in case you want to change an active SIM profile on your eUICC, you can only swap between SIM profiles of different MNOs that are enabled on this particular RSP platform.

The ultimate freedom to change and/or swap any operator around the globe is therefore an overstated promise in today’s eSIM deployments.

For that reason, we suggest (based on your own business requirements) to evaluate whether this lock-in with a particular operator is such an important factor in your current IoT deployments. You may evaluate this in relation to the usual lifetime of an IoT device, and the likelihood that you may change your mobile operator to another one during this period.

The key promise of “no operator locking” or “the freedom to leave” is better addressed by the new SGP.32 standard in the next 1-2 years. As the new GSMA eSIM for IoT devices standard addresses many shortcomings, you may consider waiting for SGP.32 and choosing a traditional IoT SIM card for the time being.

Excess Costs

The implementation and running of an RSP platform is costly, as it requires high-security standards because the SIM profile keys need to be protected. Operators of RSP platforms need to be GSMA certified in order to store, manage, and remotely provision SIM profiles.

But there is another aspect to it; the ability to change the SIM profile at any point in time is a risk for an MNO to lose a customer in a flash. When we speak to our MNO partners, they often refer to eUICC as a “sponsored churn”, claiming a customer can leave at any time.

Both the technical complexity and the “sponsored churn” lead to the conclusion that eSIMs are more costly than legacy M2M SIM cards. The excess costs vary by different MNOs, but they usually relate to the following two elements:

  • More costly SIM hardware modules as the OS (operating system) is more complex
  • A fee to be charged for any SIM profile download and swap that is initiated when trying to localize a SIM profile in every country where the device aims to connect

Since IoT deployments need cost-efficient data connections, these excess costs can break the specific IoT business case. Again, you need to evaluate whether the use of an eUICC-enabled SIM can be justified commercially and technically, over the legacy (SIM) one. Very often, the promised benefits of an eUICC are simply outweighed by the additional costs imposed on IoT deployments.

The future of IoT eSIM for IoT devices

The eSIM has been growing in importance and increasing the demand to use such technology in IoT deployments. However, the current GSMA standard for eSIM has some specific requirements for IoT deployments, such as hardware support, locking-in with the RSP provider, as well as (often overseen) excess costs. All these factors should be carefully evaluated by businesses when launching a new project.

As the new eSIM GSMA standard, SGP.32 is now being released, we expect general commercial availability of RSP platforms in 2024 and early 2025. By then, we suggest taking a closer look at whether eUICC is the best choice for your project technically, as well as commercially.

Contact us

At Freeeway we are committed to helping our customers to be successful with their IoT projects. Contact us to discuss the most applicable SIM technology for your respective IoT use case and receive free test IoT SIM cards: