How IoT SIM Cards Really Work
An IoT SIM card does far more than provide mobile data. Behind every connected router, sensor, CCTV camera, EV charger, meter or industrial controller is a chain of cellular identity, authentication, network selection, APN routing, IP addressing and increasingly, eSIM profile management.
When an IoT device connects to a mobile network, the SIM identifies the subscriber, the network checks whether that subscriber is allowed to connect, the APN decides where the data should go, and the mobile core assigns a data session. If any part of that chain is wrong, the device may show signal but still fail to get online.
This guide explains how IoT SIM cards work in plain English, covering IMSI, ICCID, APN, private APNs, roaming SIMs, Multi-IMSI SIMs, eSIM, eUICC and the newer eUICC and SGP.32 world of remote SIM provisioning.
Simple answer: an IoT SIM card gives a device a cellular identity. The IMSI identifies the subscriber, the APN tells the network where to route the data, and the mobile network then creates a secure data session so the device can communicate with the internet, a private network, a VPN platform or an IoT application server.
The Basic IoT SIM Connection Flow
Most people only see the visible part: the router says connected, the device gets an IP address and data begins to move. Underneath that, a more detailed process has taken place.
The simplified flow looks like this:
- The device powers on and activates its cellular modem.
- The SIM provides the subscriber identity, usually through an IMSI.
- The device searches for a permitted mobile network.
- The network authenticates the SIM and checks roaming permission.
- The device requests a data session using a configured APN.
- The mobile core decides how traffic should be routed.
- An IP address is assigned to the device.
- The device can now send and receive data.
What Is An IoT SIM Card?
An IoT SIM card is a SIM designed for machine-to-machine and Internet of Things connectivity. It may look like an ordinary mobile phone SIM, but the service behind it is usually different.
A phone SIM is built for human use: calls, texts, mobile browsing and handset data. An IoT SIM is built for devices that may sit in cupboards, cabinets, substations, vehicles, fields, kiosks or plant rooms for years at a time.
IoT SIMs are commonly used in:
- 4G and 5G routers
- CCTV and security systems
- EV charge points
- Smart meters
- Building management systems
- Remote monitoring equipment
- Industrial automation
- Vending machines and payment terminals
- Agriculture and environmental monitoring
- Asset tracking and telematics
The important point is that an IoT SIM is not just about data allowance. The value often comes from network access, roaming behaviour, private routing, management tools, security controls, static IP options and long-term reliability.
For a wider beginner-friendly overview, see our guide to IoT SIM cards.
What Is An IMSI?
IMSI stands for International Mobile Subscriber Identity. It is one of the key identifiers stored as part of a SIM profile. The IMSI identifies the mobile subscriber to the network.
An IMSI is usually made up of three parts:
| IMSI Part | Meaning | Purpose |
|---|---|---|
| MCC | Mobile Country Code | Identifies the country of the mobile network. |
| MNC | Mobile Network Code | Identifies the mobile network operator. |
| MSIN | Mobile Subscription Identification Number | Identifies the individual subscription. |
A simplified IMSI example might look like this:
In that example, 234 represents the United Kingdom, 15 represents a network operator code, and the remaining digits identify the subscription.
In plain English, the IMSI is the identity the mobile network uses to decide who the SIM belongs to, which network agreements apply and whether the device is allowed to connect.
IMSI vs ICCID vs IMEI
These three terms are often confused, but they do different jobs.
| Term | Identifies | Simple Explanation |
|---|---|---|
| IMSI | The mobile subscriber | Used by the network to authenticate the SIM subscription. |
| ICCID | The SIM card or SIM profile | The serial number of the SIM card or eSIM profile. |
| IMEI | The device modem | Identifies the cellular hardware, such as a router or modem. |
A useful way to remember it:
- IMSI means who the mobile subscriber is.
- ICCID means which SIM or SIM profile it is.
- IMEI means which device is being used.
What Is An APN?
APN stands for Access Point Name. It tells the mobile network which gateway or data network the device wants to use.
This is one of the most important settings in any IoT router or cellular device. If the APN is wrong, the SIM may register on the network but fail to pass data.
The APN can determine:
- Whether the device connects to the public internet or a private network.
- What type of IP address is assigned.
- Whether traffic is routed through a customer VPN.
- Whether authentication is required.
- Which firewall or routing rules apply.
- Which services the device is allowed to access.
A simple example is a normal internet APN. The device asks the mobile network to connect to that APN, and the network routes the traffic to the internet.
A more advanced IoT example might use a private APN. In that case, the SIM connects into a private data environment rather than directly to the public internet.
Public APN vs Private APN
A public APN gives general internet access. A private APN gives controlled routing into a defined private environment.
| Feature | Public APN | Private APN |
|---|---|---|
| Typical Use | General internet access | Managed IoT and M2M connectivity |
| Routing | Routes to the internet | Routes to a private network, VPN or customer environment |
| Security | Depends heavily on device firewall and configuration | Can reduce exposure by avoiding open internet routing |
| Remote Access | May need public IP, port forwarding or cloud relay | Often paired with VPN access |
| Best Fit | Simple outbound-only devices | CCTV, BMS, industrial routers, EV charging and remote monitoring |
For many professional IoT applications, a private APN or VPN-first design is safer than exposing equipment directly to the public internet.
See also: fixed IP SIM cards and roaming IoT SIM cards.
How IP Addresses Work On IoT SIMs
Once the APN request is accepted, the mobile network assigns an IP address to the device. This is where many IoT deployments become confusing.
An IoT SIM may use:
- Dynamic private IP: a private address that changes and is not reachable directly from the internet.
- Static private IP: a fixed private address used inside a managed private network.
- Dynamic public IP: a public address that may change.
- Static public IP: a fixed public address that can be reached from outside, if firewall rules allow it.
- CGNAT: carrier-grade NAT, where many devices share public internet access through the operator network.
For outbound-only sensors, dynamic private IP may be perfectly fine. For remote access to routers, CCTV recorders, PLCs or BMS controllers, you usually need a more carefully designed approach.
That may mean a static private IP with VPN access, a private APN, a managed remote access platform or a secure router VPN configuration.
What Is A Roaming IoT SIM?
A roaming IoT SIM can connect to more than one mobile network, depending on commercial agreements, coverage and network availability.
This is especially useful for IoT because devices are often installed in places where nobody has tested all networks properly. A site may have poor coverage from one operator but good coverage from another. A multi-network roaming SIM gives the device more options.
However, there is a catch.
A roaming SIM does not always choose the strongest signal. Network selection can be affected by preferred network lists, roaming agreements, SIM steering, failed registration attempts, forbidden network lists and the behaviour of the router or modem.
That is why a device may stay attached to a weaker network even when a stronger network appears to be available.
What Is A Multi-IMSI SIM?
A Multi-IMSI SIM contains, or can access, more than one subscriber identity. Instead of relying on a single IMSI, the SIM can use different IMSI profiles to access different network relationships.
This can improve resilience and commercial flexibility, especially for international IoT deployments.
| Single IMSI SIM | Multi-IMSI SIM |
|---|---|
| One subscriber identity | Multiple subscriber identities |
| Simpler setup | More flexible network access |
| May be limited by one roaming footprint | Can support broader roaming arrangements |
| Good for simple national deployments | Useful for larger or international IoT estates |
Multi-IMSI is not magic. It does not guarantee perfect coverage everywhere. It is one tool in the wider IoT connectivity toolkit.
What Is eSIM?
eSIM is often misunderstood.
An eSIM is not a tariff. It is not automatically a roaming service. It is not automatically better coverage. It is a way of storing and managing SIM profiles electronically.
In IoT, eSIM usually refers to a SIM capability based on an eUICC, which allows operator profiles to be downloaded, enabled, disabled or changed remotely.
There are two common ways this appears in the real world:
- Embedded eSIM hardware: often an MFF2 chip soldered into a device.
- Removable eUICC SIM: a plastic SIM card that supports remote profile management.
For IoT, the practical benefit is lifecycle flexibility. A device may be installed for ten years. During that time, networks may change, contracts may change, roaming rules may change and coverage may change. eSIM technology gives operators and service providers more ability to adapt without physically replacing SIM cards.
For more background, see euicc.co.uk.
What Is eUICC?
eUICC stands for embedded Universal Integrated Circuit Card. It is the secure SIM technology that allows remote SIM provisioning.
In simple terms, eUICC is the secure environment that can hold and manage SIM profiles.
A traditional SIM normally contains one operator profile. An eUICC can support remote management of profiles, allowing authorised systems to download, install, enable, disable or delete profiles depending on the use case and standard being used.
This is especially important in IoT because many devices are unattended, sealed, hard to reach or deployed across different countries.
What Is SGP.32?
SGP.32 is the GSMA technical specification for eSIM IoT remote SIM provisioning. It was created to support IoT devices that may be constrained, unattended or lacking a normal user interface.
Consumer eSIM standards were designed mainly around phones, where a person can scan a QR code, approve an installation and interact with the device screen. That model is not ideal for a smart meter, CCTV router, payment terminal or industrial sensor sitting in a locked cabinet.
SGP.32 helps address that gap by defining an IoT-specific architecture for remote provisioning and management of eUICC profiles.
Plain English version: SGP.32 is about making eSIM profile management work properly for IoT devices, especially devices that do not have a screen, keyboard or human user standing next to them.
For a deeper technical guide, see euicc.co.uk and related SGP.32 resources.
How APN, IMSI And eSIM Work Together
It helps to think of these technologies as different layers.
| Layer | Technology | What It Does |
|---|---|---|
| Subscriber identity | IMSI | Identifies the mobile subscriber to the network. |
| SIM profile | ICCID and profile data | Represents the SIM profile stored on the SIM or eUICC. |
| Network access | Roaming agreements and PLMN selection | Controls which mobile networks the device may use. |
| Data routing | APN | Decides where traffic goes once the device is attached. |
| Remote profile management | eUICC and SGP.32 | Allows SIM profiles to be managed remotely. |
The IMSI gets the device recognised. The APN gets the data routed. The eUICC allows the profile itself to be managed over time.
Where VPNs Fit Into IoT SIM Connectivity
Many IoT devices do not need to be reached from the internet. They only need to send data out to a cloud platform. But some applications do need remote access.
Examples include:
- Accessing a CCTV recorder remotely
- Logging into a 4G router web interface
- Connecting to a PLC or HMI
- Viewing a building management controller
- Supporting an EV charger
- Maintaining remote industrial equipment
Historically, some users relied on public fixed IP SIM cards and port forwarding. That can work, but it can also expose equipment if it is not locked down correctly.
A safer approach is often to use a private IP SIM, private APN or outbound VPN connection.
This model avoids leaving sensitive equipment openly reachable from the internet. It also fits modern IoT deployments where security, auditability and access control matter.
Common IoT SIM Problems Explained
Many cellular problems are not caused by poor signal. Signal matters, but it is only one part of the chain.
| Symptom | Possible Cause | What To Check |
|---|---|---|
| Device shows signal but no internet | Wrong APN or failed data session | APN name, username, password, PDP type and SIM activation |
| SIM works in one device but not another | Device configuration or band support issue | Modem bands, firmware, APN and SIM slot settings |
| Roaming SIM stays on weak network | Network steering or selection rules | Manual network scan, forbidden network list and router settings |
| Cannot remotely access router | Private IP, CGNAT or firewall blocking inbound traffic | IP type, VPN options, firewall rules and remote management settings |
| SIM connects abroad but not in the UK | Roaming agreement or profile issue | Permitted countries, IMSI profile and network availability |
Mini Glossary: IoT SIM Terms Explained
| Term | Meaning | Plain English Explanation |
|---|---|---|
| APN | Access Point Name | The gateway setting that tells the mobile network where to route data. |
| IMSI | International Mobile Subscriber Identity | The subscriber identity used by the network to authenticate the SIM. |
| ICCID | Integrated Circuit Card Identifier | The serial number of the SIM card or SIM profile. |
| IMEI | International Mobile Equipment Identity | The identity number of the cellular device or modem. |
| MCC | Mobile Country Code | The part of the IMSI that identifies the country. |
| MNC | Mobile Network Code | The part of the IMSI that identifies the mobile network. |
| MSIN | Mobile Subscription Identification Number | The subscriber-specific part of the IMSI. |
| PLMN | Public Land Mobile Network | A mobile network operated by a network provider. |
| FPLMN | Forbidden PLMN | A network the device has marked as unavailable or not permitted. |
| PDP Context | Packet Data Protocol Context | The mobile data session created between the device and the network. |
| CGNAT | Carrier-Grade NAT | A network setup where many devices share public internet access. |
| eSIM | Embedded SIM | A SIM profile that can be stored and managed digitally. |
| eUICC | Embedded Universal Integrated Circuit Card | The secure SIM technology that supports remote profile management. |
| SGP.32 | GSMA eSIM IoT Technical Specification | The eSIM standard designed for IoT remote SIM provisioning. |
| MFF2 | Machine-to-machine Form Factor 2 | A soldered embedded SIM chip used in many IoT devices. |
| VPN | Virtual Private Network | A secure tunnel used to access remote devices or networks. |
Frequently Asked Questions
What does an IoT SIM card actually do?
An IoT SIM card gives a device a cellular identity and allows it to authenticate with a mobile network. Once authenticated, the device can create a data session using an APN and communicate with the internet, a private network, a VPN or a cloud platform.
What is the difference between an APN and an IMSI?
The IMSI identifies the mobile subscriber. The APN controls where the data session is routed. Put simply, the IMSI answers “who is connecting?” and the APN answers “where should the data go?”
Does an IoT SIM always need a special APN?
No. Some IoT SIMs use a standard internet APN. Others use a private APN for controlled routing, static private IP addressing, VPN access or customer-specific network separation.
Is eSIM the same as Multi-IMSI?
No. Multi-IMSI means the SIM can use more than one subscriber identity. eSIM and eUICC relate to the remote storage and management of SIM profiles. The technologies can overlap, but they are not the same thing.
What is SGP.32 in simple terms?
SGP.32 is the GSMA eSIM IoT specification for remote SIM provisioning. It is designed for IoT devices that may not have screens, keyboards or a person standing next to them to approve SIM changes.
Can an IoT SIM have a fixed IP address?
Yes. Some IoT SIM services offer fixed public IP addresses, fixed private IP addresses or VPN-accessible private IP addressing. The right option depends on whether the device needs inbound access, outbound-only data or secure remote management.
Why does my IoT SIM show signal but no data?
Signal only means the modem can see or attach to a radio network. Data also requires successful authentication, a valid APN, a permitted data session, correct router settings and an active SIM service.
Why does my roaming SIM not choose the strongest network?
Roaming selection is not based purely on signal strength. It can also depend on preferred network lists, roaming agreements, steering, previous failed registration attempts and device behaviour.
Final Thoughts
IoT SIM connectivity is not just about putting a SIM into a router and hoping for the best. The SIM profile, IMSI, APN, IP addressing model, roaming behaviour, device configuration and remote access method all affect how reliable and secure the final deployment will be.
For a simple tracker, a basic data SIM may be enough. For CCTV, industrial control, EV charging, BMS or remote monitoring, the details matter much more.
The strongest IoT connectivity setups are designed around the actual job the device needs to do. That means choosing the right SIM type, the right APN, the right IP model and the right remote access method from the start.
As eSIM, eUICC and SGP.32 mature, IoT SIM management will become more flexible. But the fundamentals will remain the same: the device still needs an identity, a network, a data route and a secure way to communicate.
Get those four things right, and cellular IoT becomes far easier to deploy, manage and support.
Sources
- GSMA
- ETSI
- 3GPP
- ITU E.212
- Onomondo
- Kigen
- floLIVE
- Moabits
- euicc.co.uk
Leave a Reply