How connectivity providers are re-thinking their product designs for the coming IoT boom

With the release of the new GSMA eSIM IoT specification (SGP.32) standards, IoT manufacturing and management are becoming more accessible…

The mobile industry is shifting focus from consumer devices to connectivity, with IoT leading the way. GSMA Intelligence forecasts Internet of Things connections to reach more than 38 billion by 2030, with enterprises driving 60%. Yet, many still rely on Wi-Fi or intermediaries for cellular. To scale, the industry must simplify connectivity. The answer lies with the embedded SIM.

With eSIM, the Subscriber Identification Module is embedded in a secure element, which can store multiple subscription profiles. OEMs solder eSIMs into their devices so IoT enterprises can provision them with the proper subscription at anytime, wherever the device is. It is much more convenient and flexible than manually inserting thousands/millions of physical cards into machines/sensors. The mobile industry launched the first eSIMs for M2M more than a decade ago. But take-up was limited thanks to the limitations of the early technical spec, which lacked simplicity and compelled enterprises to pre-load their network agreements. 

A big boost for eSIM technology 

Now, a change has come. In July 2023, the GSMA published the SGP.32 eSIM IoT Technical Specification. It simplifies integration, ensure seamless switching between providers, and accelerate time to market. The spec was designed to target remotely deployed devices, and those without keypads or screens. In June 2024, GSMA published SGP.32v1.2, the stable version of the eSIM for IoT Technical Specification. The first products will be based on this version as it should go live in 2025. For specialists providers, SGP.32 is big news. By simplifying eSIM set-up and management, SGP.32 should expand the reach of the IoT to new companies and verticals.

Analysts think it will. A study from Juniper Research forecasts that the global number of IoT eSIM connections will hit 1.3 billion by 2028, from just 165 million in 2024.
To make the most of the new opportunity presented by SGP.32, providers need to revise their customer-facing strategies. They need to put the emphasis on simplicity. 
Thales is one of the companies adapting its approach. Its Mobile Connectivity Solutions Business Line, has created the below strategy to talk less about technical details and more about the pain points its can solve.

Keep it simple. Think: build, run, protect

To clarify this thinking, it is easiest to break down the IoT journey into three stages. 

1. Build
   This is the device design and engineering stage. It applies to the Original Equipment Manufacturers (OEMs) that make the ‘things’ (machines and sensors) used by enterprises. They must configure their devices to function reliably after they leave the factory – and consider how they will connect to the network and stay secure from cyber threats.
2. Run
   This is the logistical phase. It addresses the question: how can enterprises keep track of (potentially) millions of devices when they are deployed in remote areas, and maybe move around across different regions? It looks at roaming, overcoming coverage constraints, and reducing the need for human intervention with SIMs.
   Dramatic improvements are impact the ‘run’ stage. New eSIM services are supporting out-of-the-box connections to preferred network providers, plus the ability to change subscriptions over the air.
3. Protect
   This is the security phase. The expanding IoT is vulnerable in two key ways. First, an explosion of new device deployments widens the attack surface for potential cyber criminals. Second, the new customer base comprises enterprises with little experience of cellular network security.
   The best defence is to build in security from the production line to the field. Every device must be assigned a unique identity, and the encryption of data flows from edge to cloud. All security solutions must be fluid to respond to changing threats. 

Gregory Laloy, IoT Product Line Director for Thales MCS says: “Thales has such a deep history in security. It’s in our DNA. So, we are committed to giving our new customers 360 degree protection for their devices via the eSIM or any other Root of Trust component, the provision of keys, the provision of certificates and so on, keeping in mind to manage the security lifecycle of the device.”

New products for a new IoT customer base

Thales has developed a number of services to complement the above three-stage journey. The first is Instant Connect. It addresses the ‘run’ issue of how to connect a device from first boot without human intervention. To date, most IoT devices have preloaded a mobile subscription in the eSIM. This is time-consuming and inflexible since it demands that the enterprise orders the subscription at the factory stage. Users also had to connect via Wi-Fi or Bluetooth.

Instant Connect removes all this friction. It enables the device to activate immediately out-of-the-box, leaving the enterprise to simply launch the download of the chosen MNO subscription over the air when they deploy (rather than at the factory stage).  The service is already having a transformative impact for enterprises in shipping, aviation and more.

Another new solution is eSIM as a service. It focuses specifically on the challenge facing enterprises that are building their own private mobile networks (PMN). 

Obviously a PMN offers a range of advantages to a company in terms of reliability, network speed and security. But it presents a challenge when it comes to ordering, activating and managing eSIMs. eSIM as a Service simplifies the process via a web portal. Here, a private network provider can order small numbers of ready-to-use eSIM cards and personalise them later with an eSIM profile corresponding to the destination private network. 

It does appear that the eSIM-enabled IoT is poised for significant growth. But the evolution of this market never stands still. Indeed, yet another disruptive innovation is on the horizon: the integrated SIM. This is a SIM that integrates directly into the device's processor alongside other functions such as GPU, CPU, and modem. Obviously, this removes the need to insert or solder a SIM into place. Trials are under way. They include a proof of concept for iSIM leveraging Vodafone’s network capabilities and a Qualcomm Snapdragon Processing Unit running the Thales iSIM operating system. Laloy says: “The iSIM is integrated directly into the modem’s SoC (System on Chip) which frees up room in the device and further reduces complexity and cost. We are working hard with key players to develop the iSIM concept. And we believe it will be a good trend for the IoT.”