Skip to main content

Simple. Flexible. Secure. How connectivity providers are re-thinking their product designs for the coming IoT boom

Estimated reading time: 5 minutes


The eSIM for IoT is about to get its biggest upgrade to date. The new SGP.32 specification will make it easier than ever to connect and manage millions of ‘things’. How are suppliers responding? By releasing a range of new services…

GSMA’s flagship event Mobile World Congress held in Barcelona every year, stopped being a show about consumer devices many years ago. These days, it’s all about connectivity – and smartphones are just one of many products on display. In the past, we’ve seen trucks, farm equipment and drones on the show floor. At MWC 2024, SK Telecom even previewed prototype flying taxis.

This is great news for mobile network operators (MNOs) as it hugely expands their addressable market for cellular subscriptions. Indeed, GSMA Intelligence forecasts Internet of Things connections to reach more than 38 billion by 2030.

But achieving this target will be a challenge. The same research report says the enterprise segment will account for more than 60 percent of these connections. These organisations – drawn from sectors such as automotive, utilities, energy, track & trace, healthcare and more – do not have historical expertise in cellular connectivity. 

More likely, they use wi-fi to connect their devices – or rely on specialist intermediaries to manage their cellular connections. To grow the market, the mobile industry needs to make it easy for IoT enterprise customers to build, run and protect their cellular-connected inventory. 

The answer lies with the embedded SIM

With eSIM, the Subscriber Identification Module is embedded in a secure element, which can store multiple subscription profiles. OEMs solder eSIMs into their devices so IoT enterprises can provision them with the proper subscription at anytime, wherever the device is. It is much more convenient and flexible than manually inserting thousands/millions of physical cards into machines/sensors.

The mobile industry launched the first eSIMs for M2M more than a decade ago. But take-up was limited thanks to the limitations of the early technical spec, which lacked simplicity and compelled enterprises to pre-load their network agreements. 


A big boost for eSIM technology 

Now, a change is coming. In 2023, the GSMA published the SGP.32 eSIM IoT Technical Specification. It will simplify integration, ensure seamless switching between providers, and accelerate time to market. The spec was designed to target remotely deployed devices, and those without keypads or screens.  It should go live in 2025.

For specialists providers, SGP.32 is big news. By simplifying eSIM set-up and management, SGP.32 should expand the reach of the IoT to new companies and verticals.

Analysts think it will.

A study from Juniper Research forecasts that the global number of IoT eSIM connections will hit 1.3 billion by 2028, from just 165 million in 2024.

To make the most of the new opportunity presented by SGP.32, providers need to revise their customer-facing strategies. They need to put the emphasis on simplicity. 

Thales is one of the companies adapting its approach. Its MCS (Mobile Connectivity Solutions) Business Line, has created a new strategy to talk less about technical details and more about the pain points its can solve.

Gregory Laloy, IoT Product Line Director for Thales MCS, summarises the new thinking as follows. He says:


“SGP.32 opens up a huge opportunity for us. Even if historically, we have worked on IoT deployments with Mobile Network Operators (MNOs ), today we are also engaging directly with a much bigger customer base across a range of industries. These companies want control and freedom in terms of set-up and enablement. We have to approach this market in a new way – removing complexity and simplifying their journeys.” 


Keep it simple. Think: build, run, protect

To clarify this thinking, it is easiest to break down the IoT journey into three stages. 

1. Build

This is the device design and engineering stage. It applies to the Original Equipment Manufacturers (OEMs) that make the ‘things’ (machines and sensors) used by enterprises. They must configure their devices to function reliably after they leave the factory – and consider how they will connect to the network and stay secure from cyber threats.

2. Run

This is the logistical phase. It addresses the question: how can enterprises keep track of (potentially) millions of devices when they are deployed in remote areas, and maybe move around across different regions? It looks at roaming, overcoming coverage constraints, and reducing the need for human intervention with SIMs.

Dramatic improvements are impact the ‘run’ stage. New eSIM services are supporting out-of-the-box connections to preferred network providers, plus the ability to change subscriptions over the air.

3. Protect

This is the security phase. The expanding IoT is vulnerable in two key ways. First, an explosion of new device deployments widens the attack surface for potential cyber criminals. Second, the new customer base comprises enterprises with little experience of cellular network security.

The best defence is to build in security from the production line to the field. Every device must be assigned a unique identity, and the encryption of data flows from edge to cloud. All security solutions must be fluid to respond to changing threats. 

Laloy says: “Thales has such a deep history in security. It’s in our DNA. So, we are committed to giving our new customers 360 degree protection for their devices via the eSIM or any other Root of Trust component, the provision of keys, the provision of certificates and so on, keeping in mind to manage the security lifecycle of the device.”


New products for a new IoT customer base

Thales has developed a number of services to complement the above three-stage journey. The first is Instant Connect. It addresses the ‘run’ issue of how to connect a device from first boot without human intervention. To date, most IoT devices have preloaded a mobile subscription in the eSIM. This is time-consuming and inflexible since it demands that the enterprise orders the subscription at the factory stage. Users also had to connect via Wi-Fi or Bluetooth.

Instant Connect removes all this friction. It enables the device to activate immediately out-of-the-box, leaving the enterprise to simply launch the download of the chosen MNO subscription over the air when they deploy (rather than at the factory stage).  The service is already having a transformative impact for enterprises in shipping, aviation and more.

Another new solution is eSIM as a service. It focuses specifically on the challenge facing enterprises that are building their own private mobile networks (PMN). 

Obviously a PMN offers a range of advantages to a company in terms of reliability, network speed and security. But it presents a challenge when it comes to ordering, activating and managing eSIMs. eSIM as a Service simplifies the process via a web portal. Here, a private network provider can order small numbers of ready-to-use eSIM cards and personalise them later with an eSIM profile corresponding to the destination private network. 

It does appear that the eSIM-enabled IoT is poised for significant growth. But the evolution of this market never stands still. Indeed, yet another disruptive innovation is on the horizon: the integrated SIM.

This is a SIM that integrates directly into the device's processor alongside other functions such as GPU, CPU, and modem. Obviously, this removes the need to insert or solder a SIM into place.

Trials are under way. They include a proof of concept for iSIM leveraging Vodafone’s network capabilities and a Qualcomm Snapdragon Processing Unit running the Thales iSIM operating system. 

Laloy says: “The iSIM is integrated directly into the modem’s SoC (System on Chip) which frees up room in the device and further reduces complexity and cost. We are working hard with key players to develop the iSIM concept. And we believe it will be a good trend for the IoT.”

Related content

Sporting events and private mobile networks – the perfect match?