Why this paper matters now?
The move from removable SIMs to embedded and integrated SIM technologies is changing how organisations design, provision and manage connected devices.
For consumer devices, eSIM is now established. For IoT, the picture is more complex. Many devices have no screen, no user interface and limited power budgets. They may be deployed for ten years or more, across multiple countries, operators and regulatory environments.
That is why the GSMA’s newer IoT-focused specifications are important. SGP.32 v1.2 is now the current GSMA IoT Remote SIM Provisioning technical baseline, while SGP.41 defines the architecture and requirements for In-Factory Profile Provisioning. SGP.42, the associated IFPP technical specification, has not yet been released by the GSMA and remains under development.
This white paper helps technical and business stakeholders understand what these developments mean in practice.
Inside the Whitepaper
Understand the difference between the embedded SIM form factor, remotely manageable eUICC capability, and integrated eUICC functionality inside a System-on-Chip.
Compare Consumer RSP, legacy M2M RSP and modern IoT RSP, including how SGP.31 and SGP.32 apply to UI-less and constrained IoT devices.
Explore the eIM and IPA model, key interfaces, protocol options, lifecycle features and why SGP.32 was developed for constrained and headless IoT deployments.
Learn how SGP.41 and IFPP can support pre-provisioned devices, reduce first-boot OTA overhead and complement SGP.32 lifecycle management in the field.
Understand the distinction between TEE-based industry approaches and GSMA integrated eUICC evaluation using Integrated TRE architectures under SGP.08 and SGP.18.
See how SGP.24 applies to Consumer eSIM, why there is not yet an equivalent formal IoT RSP compliance declaration framework, and which supporting specifications matter for product teams.
Use the provisioning-path and compliance maps to assess which standards and architectures apply to different device classes and deployment models.
Covering the April 2026 GSMA standards baseline
The paper explains the role of key GSMA specifications, including:
Consumer Remote SIM Provisioning
IoT Remote SIM Provisioning
In-Factory Profile Provisioning (SGP.41 published; SGP.42 not yet released)
Consumer eSIM compliance process
eUICC protection profile for Consumer and IoT
IoT eUICC test specification
Integrated eUICC security evaluation methodologies
EID definition and assignment
GSMA eUICC PKI Certificate Policy
The guide also includes visual architecture diagrams covering SIM hardware evolution, GSMA standards dependencies, RSP architecture models, integrated eUICC security, compliance layers and IFPP-to-SGP.32 lifecycle handoff.
Who should read it?
This white paper is designed for:
- IoT product leaders planning new connected-device roadmaps
- Technical architects evaluating eSIM, eUICC or iSIM options
- Connectivity and platform teams assessing SGP.32 readiness
- Compliance, security and procurement teams reviewing GSMA requirements
- Enterprises deploying long-life, remote or international IoT estates
- Manufacturers considering factory provisioning or integrated eUICC designs
Not every deployment needs the same connectivity architecture
The paper avoids a one-size-fits-all view of embedded SIM adoption.
For most estates, existing SIM estates remain reliable, supported and fit for purpose. For new long-life connected products, however, decision-makers should understand whether Consumer RSP, IoT RSP, IFPP or integrated eUICC architectures are relevant to their future roadmap.
The key question is not simply “Do we need eSIM?” but:
Which provisioning model best fits the device, deployment workflow, operator environment and lifecycle requirement?
Download the white paper
Get the full technical guide:
The Current State and Future Direction of eSIM, eUICC and iSIM: A Technical Guide for Decision-Makers
