eSIM / eUICC / SGP.32
SGP.32 eSIM and IoT SIM Cards: What the New Standard Means for Your Connected Devices
SGP.32 is the GSMA’s IoT-native eSIM standard – the one that finally solves the problem every previous specification failed to crack: how to manage millions of headless, low-power IoT devices without physical SIM swaps, QR codes, or user interaction. This guide explains what it is, how it works, what it means for IoT SIM card buyers right now, and how today’s multi-network SIM infrastructure bridges the gap while hardware catches up.
Quick Answer
SGP.32 is the GSMA specification for remote SIM provisioning on IoT devices. Unlike previous eSIM standards, it does not require a user interface or QR code – the eIM server pushes profile changes directly to the device. It uses CoAP over UDP rather than HTTPS, making it viable on NB-IoT and LTE-M networks with kilobyte data budgets. Certified hardware is reaching the market in 2025-2026. Most IoT deployments today run SGP.02 or SGP.22 – but for new hardware designs targeting constrained networks or global multi-operator scenarios, SGP.32 is the right foundation to build on.
Why IoT Needed Its Own eSIM Standard
The history of eSIM in IoT is largely a history of standards designed for other purposes being pressed into service for a problem they were not built to solve. Understanding why previous standards fell short makes it much easier to understand what SGP.32 actually changes – and why it matters for anyone specifying IoT SIM connectivity today.
2010 – 2013
SGP.02: The M2M Standard Built for Cars
The first GSMA M2M eSIM standard was designed primarily for the automotive industry – connected cars manufactured for global markets, where physical SIM access is difficult and operator switching is needed over a vehicle’s lifetime. SGP.02 worked for that use case. For the broader IoT market – low-cost devices deployed in millions, on constrained networks, managed without dedicated IT infrastructure – it was too complex, too operator-dependent, and too expensive to implement at scale.
2016 – 2018
SGP.22: The Consumer Standard That Locked Out IoT
SGP.22 solved eSIM for smartphones beautifully. The Local Profile Assistant model lets users download and switch profiles using a QR code or an app – elegant for a device in human hands. For an IoT device deployed in a remote utility substation, a field sensor, or a shipping container, it was a dead end. The entire architecture assumed a user was present to initiate every profile change. SGP.22 was not a bad standard – it was the wrong standard for IoT.
2020 – 2022
The Gap: Two Billion Devices, Near-Zero eSIM Adoption
IoT device deployments were scaling rapidly. NB-IoT and LTE-M networks were being built out. Smart meters, environmental sensors, asset trackers, and industrial monitors were being deployed in their millions. Yet eSIM adoption outside automotive remained negligible. Neither SGP.02 nor SGP.22 was viable at scale for constrained devices. Physical SIM logistics – procurement, provisioning, physical insertion, and management – remained the default. This was the gap SGP.32 was designed to close.
May 2023
SGP.32: An IoT-Native Standard Published
The GSMA published SGP.31 (the architecture specification) and SGP.32 (the technical specification) in May 2023. For the first time, there was an eSIM standard built from the ground up for IoT – server-initiated profile management, no user interface required, CoAP transport for constrained networks, and an eIM architecture that separated profile delivery from operator infrastructure. v1.2 is the current specification.
2024 – 2026
Hardware Catches Up – Gradually
Certified SGP.32 modules from Quectel, Thales (Cinterion), and others are reaching commercial availability. Most IoT devices in the field still run SGP.02 or SGP.22 – and many will for years to come. But for new hardware designs, SGP.32 is the foundation the industry is building toward. The transition is real, measurable, and accelerating.
What SGP.32 Actually Changes: The Three Core Shifts
SGP.32 is not just an incremental update to existing eSIM standards. It represents three architectural changes that together make remote IoT SIM management practically viable for the first time – including on the most constrained devices and networks in the IoT landscape.
1. Server-initiated provisioning
Every previous eSIM standard required the device – or a user operating the device – to initiate profile changes. The device pulled new profiles from the server. This model breaks down in IoT: a moisture sensor in a crop field cannot initiate a profile download when the operator changes. A submersible pump in a water treatment works cannot respond to a QR code. SGP.32 inverts this. The eIM (eSIM IoT Manager) pushes profile changes from the server side, allowing operators and connectivity managers to update SIM profiles on thousands of devices simultaneously with no device-side interaction required.
2. eIM replaces SM-SR – and removes operator lock-in
Under SGP.02, the SM-SR (Subscription Manager Secure Routing) created tight coupling between the device and a single operator’s infrastructure. Switching operators in the field required complex SM-SR transfer procedures. SGP.32 replaces the SM-SR with the eIM – the eSIM IoT Manager. The eIM is separate from the operator’s profile preparation infrastructure, sitting as an independent management layer. This creates genuine multi-operator flexibility: the eIM can orchestrate profiles from multiple operators, and the eIM itself can be ported from one provider to another without a physical SIM change. For an enterprise running a mixed IoT fleet across multiple geographies and operators, this is a transformative change.
3. CoAP transport for constrained networks
SGP.22 relied on HTTPS for all profile operations. On an NB-IoT device with a daily data budget measured in kilobytes, an HTTPS session for a profile download was impractical – the overhead alone could exceed the device’s daily allowance. SGP.32 uses CoAP (Constrained Application Protocol) over UDP with DTLS encryption – a protocol designed specifically for low-power IoT networks. Profile operations over CoAP complete with a fraction of the data overhead of HTTPS, making SGP.32 viable on the same NB-IoT and LTE-M networks that smart meters, utility sensors, and agricultural monitors actually run on.
For a deeper technical breakdown of the eIM, IPA, and eUICC architecture – and how the three components interact – the SGP.32 architecture guide at SGP32.co.uk covers the full technical specification in plain language.
SGP.32 vs SGP.02 vs SGP.22: The Comparison That Matters for IoT SIM Buyers
| Feature | SGP.02 (M2M) | SGP.22 (Consumer) | SGP.32 (IoT) |
|---|---|---|---|
| Designed for | Automotive, high-value M2M | Smartphones, tablets | IoT, M2M, constrained devices |
| Profile initiation | Device or operator initiated | User initiated (QR / app) | Server initiated (eIM push) |
| User interface required | โ Not required but complex | โ QR code or app required | โ No UI required |
| Transport protocol | HTTPS | HTTPS | CoAP over UDP / HTTPS |
| NB-IoT / LTE-M viable | โ HTTPS overhead too high | โ HTTPS overhead too high | โ CoAP designed for constrained |
| Operator lock-in | โ SM-SR creates lock-in | ~ Profile switching possible but complex | โ eIM separates from operator |
| Remote fleet management | ~ Possible but complex SM-SR dependency | โ Not practical at IoT scale | โ Core design requirement |
| Asynchronous operation | โ Not supported | โ Not supported | โ Devices can receive commands on next wake |
| Hardware availability | โ Widely available | โ Widely available | ~ Certified modules reaching market 2025-26 |
| Current IoT router support | Selected gateways | Teltonika RUT241, RUTX series, others | Limited – hardware transition underway |
The full technical comparison – including where SGP.22 remains the pragmatic choice for connected gateways and routers today – is covered in depth at euicc.co.uk’s SGP.22 vs SGP.32 guide.
What SGP.32 Means for IoT SIM Buyers Right Now
SGP.32 is the future direction of IoT eSIM. But most organisations deploying IoT connectivity today are not deploying SGP.32 devices – because the hardware ecosystem is still maturing. The practical question for anyone buying IoT SIM cards in 2025-2026 is not “should I use SGP.32” but “how do I plan my connectivity strategy to be SGP.32-ready when the hardware is available?”
Most IoT devices in the field today use physical SIMs or SGP.22
Industrial routers from Teltonika, Milesight, Cradlepoint, and others – the hardware that powers the majority of UK IoT gateway deployments – currently implement SGP.22 where eSIM is supported at all. Physical SIM cards remain the dominant form factor across the IoT estate. This is not a problem to solve urgently. Multi-network physical IoT SIMs – like the unsteered IoT SIM cards available from IoTSIMs – provide excellent connectivity for the vast majority of current deployments, with the flexibility to switch networks automatically based on signal strength, and private APN and fixed IP options for security-critical applications.
SGP.22 with remote management delivers SGP.32-like outcomes on available hardware
Teltonika’s approach to eSIM is instructive here. The RUT241 and RUTX series routers support SGP.22 with up to seven stored eSIM profiles, managed remotely via Teltonika RMS. RMS adds server-initiated profile switching on top of SGP.22 – delivering the core operational benefit of SGP.32 (remote profile management without physical SIM access) on hardware that is commercially available right now. It is not SGP.32 – it does not use the eIM architecture or CoAP transport – but for connected gateway use cases, it delivers comparable operational outcomes. See the Teltonika RUTM55 overview on IoTSIMs for how this plays out on current 5G hardware.
Where the gap remains: The Teltonika SGP.22 approach works well for always-on connected gateways running HTTPS-based provisioning. Where it cannot follow SGP.32 is in deep constrained IoT: NB-IoT sensors with kilobyte daily data budgets, devices sleeping for days or weeks, and ultra-low-power deployments where even an HTTPS session is too expensive. That is precisely the territory SGP.32’s CoAP transport and asynchronous IPA were built for.
Plan for eIM portability from the start
One of SGP.32’s most significant commercial features is eIM portability – the ability to transfer eSIM management from one eIM provider to another without a physical SIM change. For organisations planning new IoT deployments, this means the connectivity management layer can be changed independently of the physical hardware. When evaluating eSIM platform providers today – even for SGP.22 deployments – it is worth understanding their migration path toward SGP.32 and whether their platform architecture supports eIM portability. The eIM portability guide at SGP32.co.uk covers what to look for.
The Key Components: eUICC, eIM, IPA, and SM-DP+
SGP.32 has its own vocabulary. These are the four components you need to understand to make sense of how the standard actually works – and how it differs from what came before.
eUICC – the secure element
The eUICC (embedded Universal Integrated Circuit Card) is the physical chip in the device that stores and manages SIM profiles. In IoT devices, this is typically a solderable MFF2 form factor rather than a removable SIM card – appropriate for industrial environments where vibration, temperature extremes, and physical access constraints make removable SIMs impractical. The eUICC can store multiple profiles and switch between them on instruction from the eIM. For a full explanation of the eUICC itself, see euicc.co.uk’s what-is-eUICC guide.
eIM – the eSIM IoT Manager
The eIM is the management server that sits above the eUICC, replacing the SM-SR from SGP.02. It handles profile orchestration across a device fleet – sending provisioning commands, managing profile lifecycle, and coordinating with operators’ SM-DP+ servers. The eIM is operator-independent: one eIM can orchestrate profiles from multiple operators simultaneously, and the eIM relationship itself is portable across platforms. This is the component that gives SGP.32 its multi-operator flexibility and removes the vendor lock-in that characterised SGP.02.
IPA – the IoT Profile Assistant
The IPA (IoT Profile Assistant) is the on-device software layer that communicates between the eUICC and the eIM. It replaces the LPA (Local Profile Assistant) from SGP.22. Unlike the LPA, the IPA does not require user interaction – it receives commands from the eIM server and executes them locally. The IPA comes in two variants: IPA-e (implemented on a companion device such as a gateway) and IPA-d (implemented directly on the IoT device). The difference between these has significant hardware implications – covered in the IPA-e vs IPA-d guide at SGP32.co.uk.
SM-DP+ – the profile preparation server
The SM-DP+ (Subscription Manager Data Preparation+) is the operator-side secure server that prepares and stores eSIM profiles before delivery. SGP.32 deliberately reuses the SM-DP+ infrastructure already deployed for SGP.22, lowering the adoption barrier for operators. The eIM handles the orchestration layer above the SM-DP+, giving operators existing infrastructure reuse while enabling the new management architecture. This design decision – reusing SM-DP+ rather than replacing it – was a pragmatic choice that has accelerated operator adoption of SGP.32 support.
Where SGP.32 Changes Things: Sector by Sector
SGP.32 delivers different value in different deployment contexts. The underlying mechanism – server-initiated remote profile management without physical SIM access – is the same, but the operational impact varies by sector and by the constraints of the devices involved.
Smart metering and utilities
Smart meters have lifespans of 15 to 20 years. A physical SIM card installed during manufacture may outlive two or three mobile network operators, or at minimum outlive the commercial arrangements that made that operator the right choice at deployment time. SGP.32 allows remote operator switching for the entire device lifetime – and CoAP support makes it viable on the NB-IoT networks that UK smart meter rollouts actually use. SMETS2 meters currently use physical SIMs on the DCC network; the next generation of metering infrastructure is where SGP.32 becomes commercially significant at scale. For multi-network IoT SIMs bridging the gap in current smart metering deployments, see the IoTSIMs solution finder.
Industrial and manufacturing
Industrial devices inside machinery – motors, presses, CNC equipment, process control systems – may be physically inaccessible without production downtime. A SIM card change on a device inside a running production line is not a maintenance task that can be performed casually. SGP.32 eliminates physical SIM management entirely for these deployments, enabling seamless network switching, operator changes, and profile updates without any physical access to the device.
Logistics and asset tracking
Shipping containers, vehicles, and high-value assets cross borders continuously. Permanent roaming – a single global IoT SIM that always roams – carries roaming surcharges and is subject to fair-use restrictions on some networks. SGP.32 allows automatic switching to a local operator profile on arrival in a new country, eliminating permanent roaming costs and restrictions. One hardware SKU, one eIM platform, multiple local operator profiles deployable on demand. For current deployments, multi-network roaming IoT SIM cards provide practical global coverage while SGP.32 hardware matures.
Agriculture and environmental monitoring
Battery-powered sensors in remote locations may run on marginal NB-IoT coverage and wake from deep sleep only periodically – hourly, daily, or even weekly. SGP.32’s asynchronous operation mode is specifically designed for this: devices can receive and queue management commands during their brief active windows, executing profile changes without requiring an always-on connection. No previous eSIM standard supported this mode of operation. It is one of the capabilities that makes SGP.32 genuinely transformative rather than incrementally better for constrained IoT.
eSIM routers and connected gateways
Industrial routers and cellular gateways are the deployment context where eSIM is already commercially available and operationally relevant today – via SGP.22 implementations from Teltonika, Milesight, and others. For router-based deployments, the practical benefits of remote profile management are achievable now, without waiting for SGP.32-certified hardware. The detailed hardware landscape – which routers support which eSIM standards, and what the specification differences mean in practice – is covered comprehensively at euicc.co.uk’s eSIM routers guide.
Need IoT SIM Cards for Your Deployment?
UK multi-network SIMs with fixed IP, private APN, and eSIM support. No minimum order.
eSIM Security: What SGP.32 Changes and What It Does Not
eSIM is often presented as a security improvement over physical SIM cards – and in some respects it is. But it introduces its own attack surface that is worth understanding, particularly for deployments in security-critical environments.
What SGP.32 improves
The eIM architecture separates profile management from the operator infrastructure, reducing the attack surface for SIM hijacking attacks that target operator systems. Profile provisioning over CoAP with DTLS provides end-to-end cryptographic authentication – a provisioning command cannot be injected by an attacker without access to the eIM’s credentials. eUICC chips include hardware security elements with tamper resistance equivalent to or exceeding physical SIM cards.
What remains a risk
The eIM platform itself becomes a high-value target. An attacker who compromises an eIM can potentially push malicious profiles to an entire device fleet. eIM platform security – access controls, audit logging, key management, and incident response capability – is critical. When evaluating eIM platform providers, security credentials matter as much as feature set. The eSIM security guide at SGP32.co.uk covers the attack surface and defensive architecture in detail.
The bootstrap problem also deserves attention: an eSIM device needs an initial connectivity profile to reach the eIM for its first provisioning. How that bootstrap profile is managed – which network, what credentials, and what happens if the bootstrap network is unavailable – is a practical deployment challenge that catches organisations out. See the bootstrap issues guide for a detailed walkthrough.
What to Ask Your IoT SIM and eSIM Provider
The eSIM and IoT SIM market is full of vendors who use “eSIM” as a broad marketing term without being precise about which standard they support, what their management architecture looks like, or what happens when you want to switch providers. These are the questions that cut through the noise.
Which eSIM standard does your platform support – SGP.02, SGP.22, or SGP.32?
These are fundamentally different architectures. A provider supporting SGP.22 cannot deliver the asynchronous, CoAP-based profile management of SGP.32. A provider supporting SGP.32 may have a limited hardware ecosystem to point to. Know which standard your specific devices and use cases require before evaluating platforms.
Who operates the SM-DP+ and eIM – you or a third party?
Profile preparation and eIM orchestration may be handled by the provider directly or outsourced to a third-party platform. This matters for data sovereignty, SLA accountability, and what happens if the provider changes its commercial arrangements or ceases trading. Full buyer guidance – including 30 detailed questions for eSIM providers – is available at sgp32.co.uk’s eSIM provider buyer guide.
Is eIM portability supported – can I switch eIM providers without a physical SIM change?
This is a critical lock-in question. If the answer is no, you are accepting dependency on a single eIM provider for the lifetime of the deployed hardware. Not all providers support eIM portability, and not all are transparent about this when selling.
What is your multi-network SIM approach for deployments that are not yet on SGP.32 hardware?
For the majority of IoT deployments today, multi-network physical SIMs with unsteered roaming remain the most practical connectivity choice. Ask how the provider’s physical SIM offering – network breadth, steering policy, private APN options, fixed IP, management portal – compares to their eSIM offering, and what the migration path looks like when SGP.32 hardware becomes available for your device category.
Further Reading Across the Cluster
- What is SGP.32? – SGP32.co.uk
- SGP.32 vs SGP.02 vs SGP.22 – SGP32.co.uk
- What is eUICC? – euicc.co.uk
- eSIM Platforms Compared – euicc.co.uk
- eSIM Hardware Guide – SGP32.co.uk
- eSIM Routers Guide – euicc.co.uk
- What is 5G RedCap? – IoTSIMs
- What is an FPLMN? – IoTSIMs
- The Future of eSIM and eUICC – SGP32.co.uk
- IoT SIM Cards – IoTSIMs
Frequently Asked Questions
What is SGP.32?
SGP.32 is the GSMA technical specification for remote SIM provisioning on IoT devices. Published in May 2023, it introduces the eIM (eSIM IoT Manager) as a replacement for the SM-SR, uses CoAP over UDP for low-overhead provisioning on constrained networks, and supports server-initiated profile management with no user interface required. It is the first eSIM standard designed specifically for the operational reality of IoT deployments – headless devices, constrained connectivity, and large-scale fleet management.
What is the difference between SGP.32 and SGP.22?
SGP.22 is the consumer eSIM standard used in smartphones. It requires a QR code or app to initiate profile changes – a user must be present. SGP.32 uses server-initiated profile management via the eIM, requires no user interface, and uses CoAP rather than HTTPS for profile operations – making it viable on NB-IoT and LTE-M networks with limited data budgets. SGP.22 remains appropriate for connected gateways and routers where HTTPS provisioning is practical. SGP.32 is the right standard for constrained IoT devices and large-scale headless deployments.
Can I use SGP.32 eSIM with current IoT routers?
Most current IoT routers – including Teltonika’s RUT241 and RUTX series – implement SGP.22, not SGP.32. Certified SGP.32 modules are becoming commercially available in 2025-2026, and new hardware designs are beginning to incorporate them. For existing router deployments, SGP.22 with remote management via RMS provides comparable operational outcomes. Multi-network physical IoT SIM cards remain the most practical choice for the majority of current deployments.
What is an eUICC?
An eUICC (embedded Universal Integrated Circuit Card) is the hardware chip in an IoT device that stores and manages SIM profiles. Unlike a removable SIM card, it is typically soldered directly to the device’s circuit board in an industrial MFF2 form factor, suitable for harsh environments where physical SIM access is impractical. The eUICC can store multiple profiles and switch between them on instruction from a remote management platform.
What is the eIM in SGP.32?
The eIM (eSIM IoT Manager) is the server-side management platform introduced in SGP.32. It replaces the SM-SR from SGP.02, handling profile orchestration across an IoT device fleet. Unlike the SM-SR, the eIM is operator-independent – it can manage profiles from multiple operators simultaneously and can be ported from one provider to another without a physical SIM change. The eIM is what enables SGP.32’s multi-operator flexibility and removes the operator lock-in that limited SGP.02 deployments.
Do I need SGP.32 for my IoT SIM deployment today?
For most IoT deployments today, the answer is not yet – but plan for it. Multi-network physical IoT SIMs provide excellent coverage and flexibility for current deployments. If your devices use NB-IoT or LTE-M, will have lifespans beyond five years, or require genuinely global multi-operator flexibility without permanent roaming, then building SGP.32 readiness into your hardware specification and platform selection now is worthwhile. For current deployments, the IoTSIMs solution finder helps match SIM type to application requirements.
[…] and a sector-by-sector breakdown of where the standard changes things – read the SGP.32 eSIM and IoT SIM Cards guide at IoTSIMs.co.uk. This post focuses on the eIM specifically: what it is, what it replaces, and why it is the […]
[…] of meters, without physical SIM replacement, using a constrained-network-friendly protocol. The SGP.32 eSIM guide at IoTSIMs covers how the standard works and what it means for large-scale cellular IoT deployments including […]