Over the course of the last twelve months numerous of our enterprise adopter clients have approached us about the latest SGP.32 standard, in the belief that it is the solution to all their problems for adding multi-country connectivity to their IoT products. There is no doubting that it is a great technology and it overcomes many of the problems of the previous standards, but it isn’t a magic wand, and there are a number of things that they need to consider when adopting the technology. In this blog post I draw on the findings from our recent Position Paper ‘Key considerations for Enterprises looking to adopt SGP.32’ (sponsored by Eseye) to examine the topic of SGP.32.
To understand the background to SGP.32 we need to delve a little into recent history related to the SIM card. Historically, devices were authenticated onto mobile networks using removable plastic SIM cards, which are gradually being replaced by ‘Machine Form Factor’ (MFF, now MFF2) eSIMs, i.e. chips to be soldered to the circuit board of the device. As a result of this change in the physical form factor, it was necessary to develop the capability to change the SIM profile through a mechanism other than physically swapping out SIM cards.
That mechanism is Remote SIM Provisioning (RSP), i.e. remote over-the-air switching of profiles on the SIM card without needing to access it physically. In order to ensure interoperability of that profile switching, the GSM Association, the trade body for the mobile industry, developed a set of standards.
The SGP.02 (or "M2M") standard was introduced in 2014. This was followed in 2016 by SGP.22 ("Consumer").
The SGP.02 M2M format is a 'push' model whereby changes of eSIM profiles are taken from the SM-DP (Subscription Manager - Data Preparation), the profile store, and pushed to the SIM by the SM-SR (Subscription Manager - Secure Routing) element that controls the provision of the profile onto the SIM. The challenge with SGP.02 is that it requires cooperation between the subscription management infrastructure of the donor and the recipient networks in order to handle the hand-over.
In contrast, the Consumer SGP.22 form uses a 'pull' approach with the profile pulled directly from the SM-DP by the user, with the role of the SM-SR split between the SM-DP (or in this approach the 'SM-DP+') and the device itself, in the form of a Local Profile Assistant (LPA). In this scenario the ownership of the device is enough to manage the process. This approach, however, requires the device to have a more sophisticated UI and a camera (to photograph QR codes), as well as manual intervention to activate the process. This is fine for smartphones, but most IoT devices do not have any of those characteristics.
Technical specifications of a third variant, SGP.32 (“IoT”), were unveiled by the GSMA in May 2023. It is really an adaptation of the Consumer SM-DP+ approach, allowing a customer to switch its IoT connections (theoretically) to any connectivity provider it chooses without recourse to the operator upon whose SM-SR it currently resides. It has four main relevant features:
As an evolution on the previous SGP.02 ("M2M") and SGP.22 ("Consumer") standards, SGP.32 certainly represents several steps forward, resolving many of the technical limitations on supporting constrained devices and offering a simplified mechanism for handling switch-over of connections between operators.
Many enterprises have identified SGP.32 as a potentially highly useful technology. Some have identified that it will provide them with a completely seamless carrier-agnostic connectivity opportunity, allowing them to switch between operators at will. In comparison with SGP.02, SGP.32 certainly hands more control to enterprises for managing their IoT connectivity. However, it's unlikely to be the radical shift that some might envisage.
Much of the motivation behind the development of SGP.32 is to put more control into the hands of enterprise users to manage SIM profiles in the way that consumers individually do in SGP.22. The question is whether most enterprises will want to, or be able to, perform all of the functions. The truth is that most companies will not want to operate an SM-DP+ and eSIM functionality themselves, particularly in terms of managing all the back-end integration, settings and processes. Neither will they want to handle negotiating commercial contracts with multiple connectivity providers. In almost all cases - exceptions would be very large enterprise customers, such as automotive - most would not want to.
So, by definition, for the vast majority of IoT adopters, SGP.32 will need to be provided as a managed service.
Most enterprises will want SGP.32 to be provided by a third party, either an EUM or some other connectivity provider as a managed service. OEMs and enterprises will benefit from the increased flexibility of SGP.32 but the vast majority will favour doing so via a third party which handles the heavy lifting of negotiating contracts and managing connectivity. And, notably, will likely be in a better position to negotiate favourable rates.
We should also consider that perhaps SGP.32 might not be the optimum option for some enterprises. Alternatives such as multi-IMSI, roaming, and other RSP approaches might be more applicable. Enterprises want a device connected in as interoperable and futureproofed way as possible. It's not about selecting a specific technology. For some companies developing an internal SGP.32 capability may be the correct answer, but it won't be for most. The optimum approach is typically to select a provider that can provide it as part of a possible portfolio of offerings.
There’s also a timing issue to be considered. Because the technology itself is not available for deployment until 2025, potential users will want to make use of an alternative (such as SGP.02) until such time as SGP.32 is available and will need to rely on a connectivity provider to provide a seamless migration.
It is apparent that the functionality of SGP.32 will need to be provided within a protected environment handling orchestration of the whole SIM lifecycle management.
The blog post above is a short summary of some of the key messages from our recent Position Paper on the topic of SGP.32 and remote SIM provisioning. This report, sponsored by Eseye, starts with a brief background on eSIM and remote SIM provisioning, with a particular focus on how SGP.32 is an improvement on previous standards, and an examination of the key features of an SGP.32 solution. The main focus of the report is on addressing some of the myths and misunderstandings associated with the technology. It provides a much-needed reality check on the limitations and availability of SGP.32 and considers how SGP.32 fits into a portfolio of managed connectivity.
The report is free to download here: ‘Key considerations for Enterprises looking to adopt SGP.32’.
Transforma Insights has published a range of reports looking at the eSIM and remote SIM provisioning landscape, including the following report available to subscribers to our Advisory Service: ‘What does SGP.32 ‘IoT’ remote SIM provisioning really mean for how cellular IoT connectivity is delivered?’ (login required).
