Giesecke+Devrient Secures First GSMA-Certified IoT eSIM with Applus+ Laboratories

30/06/2025

    The landscape of connected devices is rapidly evolving, with IoT deployments demanding robust, scalable, and secure connectivity. The GSMA has responded to these needs with distinct eSIM standards for different device types: eSIM for M2M devices (2014); eSIM for Consumer devices (2016); and eSIM for IoT devices (2023, SGP.32) 

    While all leverage Remote SIM Provisioning (RSP), the management processes and security requirements differ. The latest, GSMA SGP.32 eSIM IoT, is tailored for the unique demands of IoT: bulk provisioning, minimal user interaction, and robust remote management.

    The Challenge 

    Giesecke+Devrient (G+D) sought to be the first to certify an IoT eUICC product under the new GSMA SGP.32 standard, which brings together the best of M2M and consumer eSIM approaches for IoT. Achieving this required not only technical innovation but also independent, rigorous security evaluation in line with the GSMA eUICC Security Assurance (eSA) scheme, which is based on the internationally recognized Common Criteria methodology. 

    Our Role

    As an experienced GSMA Licensed Laboratory, Applus+ Laboratories was chosen to evaluate G+D’s IoT eUICC. Our cybersecurity team conducted a comprehensive assessment under the eSA scheme, which included vulnerability analysis, penetration testing, and compliance verification—ensuring the product met the demanding requirements of SGP.32 for IoT use cases. 

    The Outcome 

    G+D’s IoT eUICC is now the first product worldwide to be certified under GSMA eSA for the IoT SGP.32 standard. This milestone not only demonstrates G+D’s technological leadership but also highlights the adaptability and expertise of Applus+ Laboratories in supporting the latest industry standards. 

    What Makes SGP.32 and IoT eUICC Special? 

    • Optimized for IoT: SGP.32 enables remote management and bulk provisioning for fleets of IoT devices, even those with limited user interfaces. 
    • Enhanced Security: The eSA evaluation ensures that the eUICC meets stringent security requirements, protecting against unauthorized access and profile manipulation. 
    • Future-Proofing: This new standard is designed to support the next generation of connected devices, from smart meters to industrial sensors. 

    Client Testimonial 

    "Our achievement of the world’s first GSMA eSA certification for our IoT eUICC product demonstrates our commitment to delivering secure and high-quality solutions to our customers. The expertise and professionalism of Applus+ Laboratories were instrumental in this achievement. Their rigorous evaluation process and clear communication ensured a smooth and efficient certification journey.” 

    — Jan Eichholz, Head of MS Security, Giesecke+Devrient  

    Our Perspective 

    “We are proud to have supported G+D in this pioneering achievement. While Applus+ Laboratories has evaluated many eUICC products under the GSMA schemes, this is the first certification for an IoT eUICC under SGP.32. It demonstrates not only the maturity of the eSA framework, but also our commitment to helping clients lead in emerging markets.” 

    — Jose Ruiz, Cybersecurity BU Director, Applus+ Laboratories 

    Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

    Cookie settings panel