SGP.32 and eIM: new control over IoT eSIM connectivity

IoT connectivity is shifting from a technical prerequisite to a strategic component of the IoT architecture. Organizations are deploying increasingly large numbers of devices, often internationally and with lifecycles of ten years or more. In this context, it is no longer sufficient to simply be able to switch eSIM profiles remotely. There is a growing need for structural control over how connectivity is deployed, managed, and adapted throughout the entire lifecycle of a device.

With the introduction of SGP.32, the industry is responding to this development. This GSMA standard describes a new architecture for remote SIM provisioning in IoT environments. At the core of this innovation is the introduction of the eUICC IoT Manager, or eIM. Together with the IoT Profile Assistant and SM-DP+, the eIM forms the foundation of the SGP.32 architecture.

Why eSIM in IoT requires a different approach

Although eSIM technology has been used in consumer electronics for years, the IoT reality differs significantly. IoT devices typically operate autonomously, are difficult to access physically, and often function across national borders. This requires a fundamentally different approach to provisioning and management than in consumer scenarios, where user interaction and short lifecycles are central.

Earlier eSIM standards enabled remote provisioning but were either strongly operator-driven or primarily designed for consumer use. In both cases, control in IoT deployments remained limited. Organizations had little influence over when profiles were switched, how roaming was managed, and how connectivity aligned with their own IT and IoT platforms.

SGP.32 was developed to bridge this gap, under the governance of the GSMA.

What makes SGP.32 fundamentally different

SGP.32 does not stand out because of a single new technical feature, but because of how responsibilities within the eSIM ecosystem are redefined:

• The standard introduces a clear separation between device interaction, orchestration, and profile storage
• Provisioning is decoupled from direct operator control
• Decision-making about profile switching moves to a central management layer
• Connectivity can be structurally integrated into existing IoT and IT architectures

This fundamental redistribution creates a scalable and governable model for IoT connectivity.

The role of the IPA within the SGP.32 architecture

At the start of every provisioning flow is the IoT Profile Assistant. This component resides on the device side and enables communication with the eUICC without user interaction. This is essential for IoT scenarios in which devices operate autonomously for long periods and often have limited resources.

The IPA acts as the technical entry point for provisioning and forms the link between the device and the central orchestration layer. Without the IPA, remote provisioning in an IoT context is practically unfeasible, but the component itself does not play a governing role within the architecture.

The role of SM-DP+ within SGP.32

The SM-DP+ remains responsible for preparing, securing, and storing eSIM profiles. This role existed prior to SGP.32 and remains technically essential. What changes is the position of the SM-DP+ within the overall architecture.

Within SGP.32, the SM-DP+ no longer acts as a controlling party toward the device. Profiles are made available only when requested by the orchestration layer. As a result, the SM-DP+ becomes an execution component focused on security and reliability, while decision-making takes place elsewhere.

eIM as the central orchestration layer

The eIM forms the heart of the SGP.32 architecture. This component connects the device side, represented by the IPA, with the profile infrastructure and backend systems such as IoT platforms and provisioning tools. The eIM determines when a profile may be downloaded, activated, or switched, and under what conditions this occurs.

By making this role explicit, provisioning becomes a managed process rather than an implicit one, and a controllable part of the IoT architecture.

Why eIM makes the strategic difference

The introduction of eIM has implications that go beyond technology alone:

• Organizations gain explicit control over when and why a device switches networks
• Operator dependency is reduced because control no longer resides with a single party
• Local regulations can be technically enforced rather than managed organizationally
• Connectivity becomes an architectural choice instead of a contractual limitation

As a result, connectivity shifts from an operational necessity to a strategic control mechanism within IoT deployments.

Architecture and governance in alignment

SGP.32 forces organizations to think about governance. Questions regarding ownership, authorization, and responsibility can no longer remain implicit. Who decides when a profile is switched? Who owns the profile throughout the device lifecycle? And how are these decisions recorded and audited?

The eIM plays a central role in answering these questions but can only function effectively in conjunction with the IPA and SM-DP+. Only when these three components are correctly positioned does a consistent and scalable architecture emerge.

Implementation considerations

Although SGP.32 is designed with scalability and security in mind, implementation requires realistic choices:

• Not all mobile network operators support SGP.32 at the same pace
• Compliance with local legislation always remains the organization’s responsibility
• Without integration with existing IoT and IT systems, the added value remains limited
• New cost structures around profile management and platform integration require upfront insight

Careful preparation prevents implementation complexity from overshadowing the benefits of eIM.

When SGP.32 with eIM delivers the most value

SGP.32 with eIM is particularly relevant for organizations that deploy IoT at scale, roll out devices internationally, and manage long device lifecycles. In such scenarios, flexibility in network selection is essential, and physical access to devices is often limited or costly. This is precisely where eIM provides the control needed to keep connectivity manageable.

Conclusion

SGP.32 introduces a new way of organizing IoT eSIM connectivity. The strength of the standard lies in the collaboration between IPA, eIM, and SM-DP+. Within this architecture, the eIM acts as the strategic center where policy, orchestration, and integration converge.

For organizations that deploy IoT structurally, SGP.32 with eIM provides the building blocks for scalable and future-proof connectivity—provided it is applied consciously and as an integral part of the overall architecture.

For more information about the SGP.32 standard at Thingsdata, please contact us by phone at +31-85-0443500 or via email at info@thingsdata.com.