GSMA SGP.32: A look at the new eSIM IoT standard

The eUICC technology enables SIM profiles to be changed without having to replace the physical SIM card. However, the previous eUICC standards never really met the requirements of IoT projects. SGP.02 was too complex and too dependent on SMS, SGP.22 does not work for minimalist IoT devices without a user interface. Now, with SGP.32, the GSMA has succeeded in closing the gaps in the previous standards.

WhereverSIM M2M sim card

What is SGP.32? The new eSIM IoT standard and what it changes

The larger and more international IoT projects become, the clearer the limits of the existing eUICC standards become. Irrespective of the fact that both standards were not intended directly for IoT applications from the outset, different technical approaches for M2M and consumer applications have so far led to fragmented solutions that have made scaling and interoperability more difficult. The new SGP.32 standard is now intended to lay the foundation for a uniform, globally scalable IoT ecosystem.

From M2M and consumer to IoT: the eUICC evolution

The development of eUICC standards began back in 2014, but when the GSMA launched SGP.02 (M2M eSIM), the focus was on the automotive industry. The reason for the focus on automotive: in 2015, the EU introduced the mandatory eCall system, which meant that vehicles had to be able to automatically make emergency calls in the event of an accident - a driver for the early introduction of M2M eSIMs in the automotive industry.

SGP.02 made remote provisioning of SIM profiles possible for the first time, but was dependent on complex integrations and with a clear vendor lock-in (SM-SR). This meant that the standard was not only unsuitable for fast and uncomplicated provider changes - which contradicted the original wishes of many IoT projects - but was primarily geared towards the requirements of huge automotive projects with millions of SIM cards. As a result, SGP.02 projects were complex, lengthy, extremely costly and locked into rigid 10-year contracts with a vendor lock-in.

2016 saw the breakthrough in the smartphone segment with SGP.22 (Consumer eSIM). Simpler, user-friendly, QR code-based. But IoT devices are not smartphones: they often have no screens (and no one sitting in front of them to change them manually if necessary), run on minimal hardware and have to function autonomously for years. This left a gap for many IoT applications despite the second standard: M2M was too rigid, consumer too complex. The new eSIM IoT standard SGP.32 breaks away from this and is tailored to the specific requirements of IoT applications.

M2M SIM card - portrait format from Wherever SIM

What makes SGP.32 different?

Technically, SGP.32 is based on a modular architecture that allows eSIM profiles to be managed remotely and independently of the end device. Mobile network providers no longer determine how profiles are uploaded and managed, but other market players and companies are given significantly more say and the right to shape the management of IoT devices. In particular, the actual customers will have almost sole control over remote SIM provisioning.

The standard also integrates enhanced security mechanisms and defines clear compatibility requirements that ensure smooth cooperation between different manufacturers, network operators and service providers. This turns a previously fragmented market into an interoperable ecosystem that enables true scaling.

At the heart of the new architecture are the following three components:

  • eIM (eSIM IoT Remote Manager): It takes over what was previously anchored in the SM-SR, but more flexibly and without lock-in. It can download, activate, deactivate and delete profiles. The eIM thus replaces the user and the screen on the end device from the SGP.22 standard.
  • IPA (IoT Profile Assistant): It is the link between eIM and eUICC and enables standardized communication between the two. This makes it easy to switch between eIM and SMDP+. Whether as software directly on the card (IPAe) or in the device (IPAd), it ensures that even resource-poor IoT devices can manage profiles. 
  • SM-DP+ (Subscription Manager - Data Preparation +): It hosts and encrypts the eSIM profiles before they are loaded onto the eUICC. This role is already known from the consumer standard and is still mandatory in the IoT standard.

SGP.32 thus solves several old problems at the same time:

  • No more SMS obligation as with SGP.02, making it also suitable for NB-IoT, where SMS is often not supported or only supported to a limited extent. LTE-M also benefits, as profiles can be provisioned via standardized IP-based procedures without having to use SMS as a transport route.
  • There are push and pull models for profiles, which allows more flexibility.
  • Interoperability: Every device can communicate with every SM-DP+. It is also possible to change the eIM.
eUICC Ready

The advantages of SGP.32 for IoT deployments

The new standard brings with it a number of practical benefits that significantly simplify the rollout and operation of IoT solutions:

Free Network Selection

Harmonization of M2M and consumer approaches:

Companies no longer have to choose between two incomplete standards that are unsuitable for IoT projects. SGP.32 creates a uniform framework that works for both industrial and consumer-related IoT scenarios for the first time.

Free Network Selection

Easier scalability of global rollouts:

Whether there are 1, 1,000 or 1 million networked devices, the provisioning and management of eSIM profiles can be carried out centrally and in a standardized manner, regardless of the country or network operator.

Free Network Selection

Improved interoperability:

Clearly defined interfaces and security mechanisms reduce dependency on individual providers. This gives companies more flexibility when choosing their partners and networks. Whereas with SGP.02, the integration of all network operators had to be planned right from the start - which increased the complexity of the projects in terms of both planning and costs - with SGP.32, additional network operators can be integrated gradually and as required.

Free Network Selection

Less complexity for users:

The management of IoT SIMs is becoming less technical and complex, so that even companies without in-depth telecommunications expertise can manage IoT deployments efficiently.

All in all, this means

SGP.32 brings the vision of a truly globally scalable IoT ecosystem much closer. Two aspects are particularly relevant here. Firstly, some countries require the use of local SIM profiles for regulatory reasons - with SGP.32, such local profiles can be easily provided remotely without the need to physically adapt devices. Secondly, the standard eliminates the previous lock-in with IoT SIM providers. Until now, it was practically impossible to change providers, as devices are distributed worldwide and often difficult to access. With SGP.32, companies can react flexibly to new providers or changing framework conditions without having to touch their IoT fleets on site.

M2M sim card blue WhereverSIM
Test WhereverSIM free of charge
Test 6 months free of charge
worldwide network coverage
M2M platform
The submitted data will only be processed for handling your request. You can find more information in our privacy policy.

eUICC in practical use

Let's imagine an energy supplier rolls out millions of smart meters in different countries. If a SIM provider needs to be changed, every card would have to be physically swapped with traditional SIMs. A logistical nightmare. With SGP.32, the SIM profiles can be updated remotely, for thousands of devices at the same time if necessary. This not only saves time and money, but also makes it possible to remain globally flexible in the first place.

This makes it clear that SGP.32 is not a niche standard, but a key driver for almost all IoT segments with high scaling requirements. This standard will prevail in the IoT environment - because it removes technical hurdles, creates interoperability and gives companies the flexibility they need for international rollouts.

Impact on the telco and IoT market

The introduction of SGP.32 not only changes the technical basis, but also shifts the roles and balance of power in the IoT ecosystem:

- Mobile network operators (MNOs) must adapt their previous, often proprietary provisioning solutions and rely more heavily on open interfaces. This may require investments in the short term, but also opens up new business areas, such as globally scalable IoT services.

- The new standard gives virtual network operators (MVNOs) and connectivity providers the opportunity to develop more flexible and interoperable offerings. Companies can switch between providers more easily or use several providers in parallel, which should intensify competition. Technologically leading connectivity providers with their own platform development will benefit in particular. Thanks to continuous further developments, they are often superior to the rigid, cumbersome platforms of traditional MNOs. In an environment in which switching providers will be easier than ever before thanks to SGP.32, the better products and services will prevail in the long term. In short: SGP.32 offers MVNOs and connectivity providers less lock-in, more competition and new business models.

- Companies as users are probably the biggest winners from the introduction of SGP.32. Not only do they gain significant control, but they can also rely on a standard from the start of their projects that enables global scaling and long-term operating cost optimization. Projects with high data consumption in particular are likely to benefit from lower operating costs, as provisioning and management are centralized and standardized. They will also have greater flexibility in their choice of partners, networks and devices.

The expected increase in competition means that providers will have to offer greater service quality and flexibility, while companies will have significantly more control over their IoT connectivity.

eUICC in use in energy technology Wind farm

Weak points of SGP.32: Young & under construction

As promising as SGP.32 is, the standard still has its limits. The complete test specifications have only been available since the beginning of 2025, which means there is a lack of field experience. Providers and companies are therefore still in the early stages of integrating eIM and IPA properly into their platforms. Precisely because the standard is still young, it is worthwhile for companies to work closely with partners who have already gained initial practical experience. eUICCs and the necessary infrastructure are also more expensive than classic IoT SIM solutions - an aspect that is likely to be particularly important for projects with lower data volumes.

Another important point: SGP.32 is not backwards compatible. Existing fleets based on SGP.02 or SGP.22 cannot simply be migrated, but must be replaced in the long term. In addition, the risk of commercial lock-ins remains even with SGP.32. Although the standard is generally more open in technical terms, providers can still create dependencies on the user side via business models or proprietary platform functions.

Despite all the limitations, SGP.32 is the first standard to seriously address the reality of IoT deployments and overcome the biggest obstacles of its predecessors. After the first standards (SGP.02 and SGP.22), which were often difficult to use in practice, SGP.32 is now a truly successful standard. It creates the basis for making IoT connectivity easier and more flexible to use - and this is precisely what plays into the hands of strong IoT providers. Because those who offer powerful, modern solutions can assert themselves even more clearly in a market without technical lock-in. As a result, IoT connectivity is consistently developing in the direction of CaaS - Connectivity as a Service: standardized, interchangeable and yet with clear advantages for providers who are leaders in technology and service quality.

Outlook: How things can continue with and after SGP.32

SGP.32 represents a decisive step towards a standardized, global IoT standard. However, development is not standing still. Future enhancements could focus on even greater automation of provisioning processes, improved security frameworks and the integration of non-cellular IoT technologies (e.g. satellite connectivity or LPWAN).

In the long term, the standard should create the basis for a fully interoperable IoT ecosystem, roughly comparable to today's standards on the internet. For companies, this means more sustainable investments in IoT infrastructures, as devices, platforms and networks will remain compatible for years to come. Anyone planning IoT projects with an eUICC approach today should therefore focus exclusively on SGP.32 - older standards are effectively obsolete.

The challenge for providers will be to develop value-added services such as monitoring, security-as-a-service or intelligent platform solutions in order to differentiate themselves in the more standardized market.

Date:
06.10.2025
Last updated:
06.10.2025
Tim Müller is the founder and Managing Director of wherever SIM GmbH and someone who not only understands technology, but also makes it successful. What began as a small two-person team is now one of the largest European providers of M2M connectivity via multi-network SIM cards. Tim has over 20 years of experience in the mobile and M2M sector and is an expert in IoT connectivity and SIM-based communication solutions. With his flair for infrastructure, AI and scalable technologies, he supports companies in the reliable and future-proof implementation of their IoT projects.

Frequently Asked Questions