Understanding SGP.32: The Latest eSIM IoT Standard

SGP.32 is a specification in SIM technology focusing on eSIM management and deployment. It is published by GSMA. An eSIM is a type of SIM card that can be remotely provisioned using a technology called eUICC. SGP.32 enables connectivity and secure data management for IoT applications. By integrating SGP.32 standards, developers can ensure security and interoperability for their connected devices.

The adoption of SGP.32 helps simplify operations, providing more control and flexibility to service providers and IoT device owners. Special emphasis is placed on security protocols within SGP.32, allowing for refined control over network access and data integrity.

This specification is an upgrade for industries that rely on secure communication networks. It provides a framework for managing multiple carrier profiles simultaneously, improving consumer experience by simplifying carrier switching and network management processes.

You can read the full GSMA specification for SGP.32 here.

This is part of a series of articles about Subscriber Identity Module

Understanding the SGP Series Specifications

SGP.21 / SGP.22 – Consumer eSIM Specifications

SGP.21 and SGP.22 define the architecture and operational framework for consumer eSIMs, primarily used in smartphones, tablets, and wearables. These specifications establish the Remote SIM Provisioning (RSP) system, allowing users to download and manage operator profiles without needing a physical SIM card.

SGP.21 outlines the technical architecture, detailing the roles of the eUICC (embedded Universal Integrated Circuit Card), SM-DP+ (Subscription Manager – Data Preparation), and SM-DS (Subscription Manager – Discovery Server). These components enable secure profile management and carrier switching.

SGP.22 specifies the operational and procedural aspects, guiding mobile network operators (MNOs) and service providers in implementing consumer eSIM technology. It ensures compatibility across devices and networks while maintaining security mechanisms to protect user data and prevent unauthorized access.

SGP.31 – IoT/M2M eSIM 

SGP.31 defines the architecture and requirements for remotely provisioning eUICCs in IoT devices that are network-constrained or lack a user interface. This specification builds on the SGP.21 framework, adapting it to the needs of IoT applications. It ensures secure and efficient profile management for devices operating in challenging connectivity environments, such as low-power wide-area (LPWA) networks.

The SGP.31 framework introduces key components, including the eSIM IoT Remote Manager (eIM) and the IoT Profile Assistant (IPA). The eIM oversees remote profile management for individual IoT devices or entire fleets, while the IPA enables secure profile downloads and updates. 

The specification mandates cryptographic authentication for profile operations and supports mechanisms to prevent unauthorized access or tampering. It also introduces rollback procedures to restore connectivity in case of failed profile activation. 

SGP.31 supports asynchronous operations. Since IoT devices often operate in power-saving modes, the specification allows profile downloads and updates to occur in a delayed or scheduled manner. Additionally, it includes provisions for deploying profiles during device manufacturing or in-field activation.

Introduction to SGP.32 

SGP.32 is a GSMA specification that defines the technical framework for managing eSIMs in IoT devices. It builds on the SGP.31 specification, offering a more structured approach to remote SIM provisioning for network-constrained and user-interface-limited IoT devices.

This specification ensures interoperability between different deployment scenarios and provides mechanisms for secure eUICC management, profile provisioning, and lifecycle management. By implementing SGP.32, IoT service providers can streamline device activation, reduce operational costs, and improve security while maintaining flexibility in network connectivity.

Key Features of SGP.32

Here are some of the main features introduced in the SGP.32 specification:

• Remote SIM provisioning (RSP): Enables secure remote downloading, enabling, disabling, and deletion of operator profiles without physical SIM replacement.
• IoT profile assistant (IPA): A key functional component that enables communication between the device, eUICC, and provisioning servers.
• eSIM IoT remote manager (eIM): Manages profile downloads and security operations, acting as an intermediary between the device and mobile network operators.
• Enhanced security measures: Implements cryptographic authentication, TLS/DTLS encryption, and profile protection mechanisms to prevent unauthorized access and data tampering.
• Support for low-power IoT networks: Designed for constrained IoT environments, allowing profile management even when devices operate intermittently or with limited connectivity.
• Asynchronous profile management: Allows deferred profile downloads and updates to accommodate power-saving IoT devices.

SGP.32 Architecture and Components

The SGP.32 architecture is structured to provide a scalable, secure, and flexible framework for eSIM management across diverse IoT deployments. It defines key roles, interfaces, and processes to support efficient remote SIM provisioning.

SGP.32 introduces two architectural variations based on the location of the IoT Profile Assistant (IPA):

1. IPA in the IoT Device (IPAd): The IPA operates within the device, handling direct communication with the eUICC and provisioning servers.
2. IPA in the eUICC (IPAe): The IPA is embedded within the eUICC, minimizing device-side complexity.

In addition, the architecture supports multiple interfaces for secure data exchange, including ES9+ (SM-DP+ to IPA) and ES10a/b (IPA to eUICC), ensuring reliable profile management.

Core Components of SGP.32

The key components of SGP.32 include:

• eUICC (Embedded Universal Integrated Circuit Card): Stores and manages multiple operator profiles securely.
• IPA (IoT Profile Assistant): Acts as an intermediary, facilitating communication between the eUICC and remote provisioning servers.
• eIM (eSIM IoT Remote Manager): Handles profile downloads, authentication, and security operations.
• SM-DP+ (Subscription Manager – Data Preparation): Prepares and securely delivers operator profiles to eUICCs.
• SM-DS (Subscription Manager – Discovery Server): Helps discover available SM-DP+ servers for profile downloads.
• Security Domains (ISD-R & ISD-P): Manage secure access control within the eUICC.

Architectural Framework

The SGP.32 framework is designed to support IoT-specific requirements, focusing on security, scalability, and interoperability.

• Security architecture: Uses cryptographic authentication, TLS/DTLS encryption, and secure profile provisioning mechanisms.
• Profile management: Supports lifecycle operations such as profile download, activation, deactivation, and deletion.
• Communication interfaces: Defines secure communication paths between the eUICC, IPA, eIM, and SM-DP+.
• IoT-optimized design: Accommodates constrained environments, ensuring seamless eSIM management with minimal power consumption.

Integration with Existing Systems

SGP.32 is designed to integrate with SGP.22 (consumer eSIM specification) and SGP.31 (IoT/M2M eSIM requirements), ensuring compatibility with existing RSP infrastructure:

• Interoperability with mobile network operators (MNOs): Ensures smooth integration with carrier networks.
• Support for industrial and consumer IoT: Can be implemented across industries, including automotive, smart metering, and logistics.
• Backward compatibility: Maintains alignment with existing GSMA eSIM standards, allowing easy adoption for service providers already using eSIM technology.

Advantages of SGP.32

SGP.32 introduces several improvements over previous eSIM specifications, enhancing flexibility, efficiency, and scalability for IoT and enterprise applications.

• Server-initiated profile management: Unlike consumer eSIM models that rely on user-initiated profile downloads (pull mechanism), SGP.32 adopts a server-driven approach (push mechanism). This allows network operators to manage and update profiles remotely without requiring user interaction, making it ideal for large-scale IoT deployments and UI-constrained devices.
• Reuse of existing SM-DP+ infrastructure: SGP.32 is compatible with the SM-DP+ infrastructure from SGP.22, which is already widely deployed in the consumer eSIM ecosystem. This reduces the need for entirely new provisioning systems, allowing for smoother adoption and integration with existing networks.
• Elimination of SMS activation traffic: Traditional M2M eSIM solutions relied on binary SMS messages for activation, adding complexity and potential delays. SGP.32 eliminates this requirement, streamlining device activation and reducing reliance on SMS traffic, which can be costly or unavailable in certain regions.
• Optimized profile download efficiency: SGP.32 employs a lightweight profile template, reducing the amount of data required for profile downloads. This improves efficiency, particularly for LPWAN (low power wide area network) devices and other IoT applications with limited bandwidth.
• Scalability for enterprise and IoT deployments: Designed with enterprise-scale IoT in mind, SGP.32 simplifies bulk provisioning and management of connected devices. This makes it easier for businesses to deploy, update, and maintain large fleets of IoT devices without logistical challenges associated with physical SIM cards.

How Will SGP.32 Affect the IoT Device Life Cycle?

SGP.32 streamlines the IoT device life cycle by simplifying manufacturing, deployment, and management. With a universal eSIM, manufacturers can produce a single device model instead of multiple hardware variations, reducing stock-keeping units (SKUs) and lowering costs. 

Deployment also becomes easier since devices no longer require manual SIM insertion, making installation faster and more efficient, especially for remote or hard-to-access locations. Additionally, SGP.32 allows seamless network switching without replacing SIMs or devices, enabling businesses to adapt to regional network availability and pricing without hardware constraints.

For large-scale IoT deployments, SGP.32 improves scalability and network resilience. Bulk provisioning and centralized management simplify operations, allowing enterprises to monitor and update thousands of devices remotely. The ability to store multiple network profiles enhances connectivity reliability, ensuring continuous operation even if the primary network fails. 

This flexibility helps businesses expand into new markets while remaining adaptable to regulatory changes and evolving connectivity needs, making IoT deployments more sustainable and cost-effective in the long run.

5 Best Practices for Deploying SGP.32

Here are some useful measures to consider when implementing this specification.

1. Implement a Unified Management Platform for IoT and M2M Devices

SGP.32 does not provide a direct migration path from M2M (SGP.02) to IoT (SGP.31/32), making it essential to manage both legacy and new deployments simultaneously. A centralized eSIM management platform should be used to handle both M2M and IoT eSIMs in one interface. 

This ensures seamless network switching and policy-based automation, such as automatically selecting the best network provider for a fleet of devices crossing international borders.

2. Select the Right IoT Profile Assistant (IPA) Placement

Different IoT devices have varying capabilities, so choosing the appropriate IPA placement is crucial:

• IPA in the device (IPAd): Best for devices with sufficient processing power, allowing more control over eSIM operations.
• IPA in the eUICC (IPAe): Ideal for low-power devices, offloading eSIM management to the eUICC provider and reducing integration efforts for device manufacturers.

To maximize flexibility, work with an eSIM supplier that supports on-demand profile generation, allowing the eSIM profile to be adapted just before deployment.

3. Ensure Interoperability Between eIM and IPA

SGP.32 allows manufacturers to choose the communication protocols between the eSIM IoT Remote Manager (eIM) and the IPA, leading to potential compatibility issues. To avoid vendor lock-in:

• Use a modular eIM architecture capable of communicating with different IPA implementations (IPAd or IPAe).
• Test interoperability between different vendors to ensure smooth profile provisioning across multiple device types.

4. Deploy in the Cloud for Scalability and Security

IoT deployments often involve large-scale device fleets with fluctuating network demands. Using a cloud-based eSIM management solution improves:

• Scalability: Handling surges in activity, such as large asset-tracking deployments.
• Security: Cloud deployments offer DDoS protection, redundancy, disaster recovery, and strong encryption to protect eSIM transactions.

Additionally, SAS (Security Accreditation Scheme) certification for eIMs adds another layer of trust, ensuring only authorized profile management requests are processed.

5. Prepare for Future-Proof Security and iSIM Adoption

IoT devices can remain operational for decades, making future-proof security a priority:

• Choose an eSIM supplier that supports post-quantum cryptography (PQC) to mitigate future quantum threats that could compromise traditional encryption.
• For ultra-low-power IoT devices, consider iSIM (integrated SIM), which integrates eSIM functionality directly into the chipset. SGP.31/32-certified iSIMs provide seamless connectivity management while minimizing power consumption and space usage.

Implementing SGP.32 with floLIVE

floLIVE is at the forefront of supporting the new GSMA SGP.32 standard, ensuring seamless integration with the evolving IoT eSIM ecosystem. As a provider of a fully owned and developed global connectivity platform, floLIVE leverages its cloud-native core network and Connectivity Management Platform (CMP) to enable flexible and scalable eSIM deployments aligned with SGP.32 requirements. 

By utilizing remote SIM provisioning (RSP) capabilities that are fully compatible with existing SM-DP+ infrastructure, floLIVE simplifies IoT connectivity for enterprises and service providers. The company’s multi-IMSI and eSIM orchestration technology enhances SGP.32’s benefits by enabling dynamic profile switching across networks, ensuring optimal performance, compliance, and cost efficiency. 

With localized connectivity, low-latency global routing, and advanced security mechanisms, floLIVE empowers businesses to fully capitalize on the next-generation IoT eSIM standard, streamlining large-scale deployments while maintaining interoperability with consumer (SGP.22) and M2M (SGP.31) eSIM frameworks.

Learn more about floLIVE