Saïd Gharout, VP for Standardisation at Kigen and Chair of the GMSA Working Group on eSim Standards, explains how the SGP.32 standard came about and why it represents a transformative step in enabling secure, scalable, and interoperable connectivity for the next generation of IoT devices.
Could you briefly introduce yourself and the organisation, Kigen?
Kigen is the forerunner in eSIM and iSIM security-enabled IoT solutions built for scale, championing the needs of device makers. An Arm-founded company, Kigen flexibly empowers OEMs with security on leading IoT chipsets and modules and with the world’s leading IoT, public and private LPWAN (low power wide area network) connectivity providers. We offer GSMA-certified Remote SIM Provisioning servers, eIM and In-factory profile provisioning services, placing us among the top 5 global SIM vendors.
What are the most promising aspects of the SGP.32 standard for the IoT industry?
SGP.32 benefits devices like NB-IoT (narrowband-IoT) and LTE-M (long term evolution for machines) with limited power by using lightweight protocols like CoAP, UDP, and DTLS, which conserve battery and improve connectivity for IoT in utilities, logistics, and healthcare. These are also the drivers of scaled IoT.
SGP.32 shifts profile provisioning from mobile network operators to SIM vendors or device manufacturers. This enables enterprises to choose their initial connectivity provider without prior negotiations and to switch providers in an interoperable manner. With support for generic SKUs, manufacturers can reduce product variation, streamline logistics and simplify global IoT deployments.
The introduction of the eIM (eSIM IoT Remote Manager) strengthens interoperability and lifecycle management. With stronger security, and dynamic profile management, it ensures reliability by inheriting M2M features such as emergency calls and fallback in case of connectivity loss.
The greater play we see is in the sum of the parts – the cumulative advantage is a more cost-effective ability for device makers and OEMs to manage the scaled fleets and lay the foundation of flexibility in where the profile is provisioning: ie, the point at which a device gets equipped securely with its desired network connectivity.
Why were previous standards (SGP.02 and SGP.22) insufficient for IoT devices?
Previous standards were not created with the specific needs of IoT in mind. The M2M eSIM standard (SGP.02) depends heavily on SMS messaging for profile management. While this approach works in traditional mobile networks, it imposes significant limitations on IoT, especially for NB-IoT and LTE-M devices, which often lack SMS capability and operate under strict memory and power restrictions.
The consumer eSIM standard (SGP.22) was designed for smartphones and other high-capacity devices, not the low-power, constrained devices typical in industrial, utility, and logistics sectors. In addition, in M2M you need pre-negotiation between the different actors/elements to allow for example to an SM-DP to connect to the SM-SR controlling the eUICC. Last but not least, the SM-SR change is painful and costly, which lead some actors to refuse the business due to the complexity of this process.
There are three main drawbacks to the M2M specifications:
1. Mandating SMS or HTTPS to deliver the profile from the SM-DP (subscription manager data preparation address) to the eUICC is challenging for memory-restricted or battery-constrained LPWAN (low-power wide area network) devices.
2. Complex integration between SM-SR (subscription manager secure routing) and SM-DP.
3. SM-SR lock. In some scenarios, we do not know which SM-SR will be used at deployment. This complicates support for global deployments in countries that may require a swap to meet local regulations. The SM-SR switch is also complex where you need to transfer all the keysets from old SM-SR to the new one.
How has Kigen contributed to SGP.32?
Kigen has been at the forefront of shaping the SGP.32 standard. I chair the GSMA eSIM Working Group, which is responsible for defining and maintaining all technical specifications around the the SGP.31 and SGP.32 eUICC specifications for IoT Remote SIM Provisioning (RSP) standard. This leadership role allowed us to provide neutral and open specifications, and placed Kigen at the heart of the collaborative industry effort on how eSIM could be tailored to meet the unique needs of IoT at scale.
A core part of Kigen’s contribution was bringing customer and ecosystem feedback into the specification process, ensuring that SGP.32 is not just secure, but also pragmatic, interoperable, and aligned with real-world IoT deployment challenges.
What were the challenges related to ensuring SGP.32 could support scaling?
The development of SGP.32 had to address two fundamental challenges to ensure it could scale across the diversity of the IoT ecosystem: First, it had to address a greater variety of IoT device types, particularly widely in memory, processing power, and connectivity constraints. Secondly, it needed to eliminate vendor-lock in for SM-SR with the introduction of the eIM.
How did you address these challenges?
To address both of these, GP.32 was designed to enable secure profile distribution to even the most resource-constrained devices, moving beyond SMS-based delivery. By adopting a greater range of secure protocols such as TCP/IP for higher bandwidth IoT (e.g. automotive), and UDP for network-constrained IoT found in trackers or smart meters, the specification ensures that devices on low-power, large-scale networks can still be managed reliably and securely. This architectural shift was critical to extending eSIM technology to billions of connected “things” that fall outside the traditional mobile device category.
The second aspect was addressed with the introduction of a new functional entity, the eIM, or eSIM IoT Manager. The eIM is central to orchestrating profile delivery and lifecycle management at scale. The guiding principle has been to ensure that the eIM is a standardised, interoperable component that can be onboarded to an eUICC or IoT device at any point of time, not just ahead of eUICC manufacturing. Furthermore, its interoperability makes changing straightforward – for example, to onboard a new eIM or replace the current one. Addressing this required careful balancing between security, scalability, and openness, so that the eIM strengthens the IoT ecosystem.
What led Kigen to release its own eIM solution?
As IoT expands into critical applications like smart meters, automotive, and smart city infrastructure, manufacturers need a simpler, more interoperable way to manage connectivity. Our eIM solution is a secure firewall that interoperates with SM-DP+ platforms over the public internet while ensuring seamless integration across devices and networks.
How do manufacturers benefit from this?
Manufacturers benefit in a number of ways. These include:
- Bring Your Own Carrier (BYOC): The freedom to select the right-fit connectivity for each SKU (stock keeping unit), driving efficiency.
- Scalable Security: A trusted, SAS-SM–certified foundation to grow securely from concept to millions of devices.
- Pre-Integrated Solutions: Out-of-the-box compatibility with leading IoT modules, reducing development time and certification effort
How is Kigen’s eIM interoperable in its design?
Kigen’s eIM is built on a certified, secure framework that enables mobile network operators, mobile virtual network operators, and OEMs to rely on trusted infrastructure, eliminating the bottlenecks that have traditionally slowed and complicated IoT scaling.
To simplify OEM development, Kigen has validated interoperability across leading SM-DP+ platforms and conducted extensive testing with modules, now available under the ‘Secure with Kigen’ programme from all leading IoT module vendors. This broad compatibility reduces integration effort and ensures reliable operation across network technologies such as LTE-M, NB-IoT, and LTE Cat-1 bis, allowing projects to seamlessly adopt IoT eSIMs as specifications evolve.
Kigen eIM supports IoT Profile Assistant options via eUICC (IPAe) and provides enablement tools supporting device integration for IPAd with Kigen C-SDK. Focusing on IPAe simplifies integration, connecting the eUICC with eIM, reducing device complexity, shortening certification cycles (GCF/PTCRB), and speeding time-to-market. Kigen’s eIM bridges standards, enabling co-management of devices across legacy SGP.02 and new standards.
Furthermore, Kigen eIM is hosted in our GSMA SAS-accredited centres in Dublin, achieving SGP.32 compliance security assurances. It extends beyond the TCP and UDP protocol support introduced in the standard, enabling secure profile delivery and integration with LwM2M messaging protocols, such as CoAP – optimizing performance and providing end-to-end security for rapid proliferation of IoT.
- Constrained Application Protocol (CoAP) replaces Hyper Text Transfer Protocol (HTTP) – to optimize the size of data packets and reduce power requirements.
- Datagram Transport Layer Security (DTLS) replaces Transport Layer Security (TLS) – to provide end to end security.
How close are we to commercial deployment?
Kigen’s eIM solution is already commercially available, making it the first GSMA-accredited IoT eSIM Manager aligned with the new SGP.32 standard, hosted in Kigen’s secure sites. Kigen introduced SGP.32 ready features with the launch of the Kigen eIM with more than one hundred customer engagements.
Some examples that illustrate the momentum with publicly available products are leading IoT edge products from Particle, POS leader NuvoLinQ, the largest wholesale public power provider across Texas and Colorado, LCRA and smart meter and grid intelligence giant Itron. Further, the interoperability of Kigen eIM has also been integrated into Simteric’s multi-CMP Single Pane of Glass platform.
Is there anything that needs to be done to encourage greater adoption of the SGP.32 standard across the ecosystem?
To promote wider adoption of SGP.32, the industry should prioritise clearer migration pathways, easier implementation and collaboration across the ecosystem. While new applications like asset trackers and smart meters are already adopting SGP.32.
SGP.32 establishes a trusted framework for interoperability between MNOs, OEMs, and certified servers. Encouraging collaboration across these groups will accelerate uptake, creating a scalable, digital-first approach to provisioning. Simplifying the migration and providing developer-friendly tools will help reduce implementation timelines.
The ecosystem is moving rapidly toward SGP.32 adoption is available to anyone who wants to adopt it through ‘Secure with Kigen’.
Author Biography: Dr Saïd Gharout is the chair of eSIM WG2 at GSMA in charge of all the Technical Specifications and the chair of the TCA IoT Remote SIM Provisioning working group. He is also head of standardisation at Kigen. He is a member of the Industry Specification Approval Group at GSMA. He has been involved in developing many standards related to IoT, eSIM and iSIM, and security in various organizations (GSMA, ETSI, GlobalPlatform, TCA).
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
