Cellular IoT connectivity has become an essential part of many industries and is important for applications such as connected cars, smart meters, wearables, asset trackers and more. With strong integration of the technology within industries and national infrastructure, telecom operators or M2M service providers (M2MSP) are often required to ensure traceability of SIMs through robust Know Your Customer (KYC) processes. In the context of telecommunication services, KYC regulations are rules that telecom operators or IoT service providers must follow to verify the identity of the customer before provisioning a SIM. Maintaining an accurate and up-to-date record of ownership and usage can help prevent misuse of cellular connections and ensure accountability. The KYC regulatory requirements related to SIMs in IoT devices can vary a lot across countries. Some countries may see it as an important area to consider for a security-focused IoT approach while others may not as crimes related to IoT communications are currently few compared to regular phone SIMs.
This report focuses on KYC rules and guidelines related specifically to IoT (or M2M) SIMs and eSIMs. As there are very few countries that have KYC rules explicitly related to IoT SIMs, we have also sought to interpret the existing phone SIM rules (both for physical SIMs and eSIM) and check if they also apply to IoT SIMs. The findings of this report are based on responses received from in-country regulators in response to our enquiries, and also information available on regulator websites and government documents (or similar) found through secondary research. The purpose of this document is to help companies understand the KYC regulatory landscape and support compliance for IoT connectivity service providers.
