The landscape of connected devices is rapidly evolving, with IoT deployments demanding robust, scalable, and secure connectivity. The GSMA has responded to these needs with distinct eSIM standards for different device types: eSIM for M2M devices (2014); eSIM for Consumer devices (2016); and eSIM for IoT devices (2023, SGP.32)
While all leverage Remote SIM Provisioning (RSP), the management processes and security requirements differ. The latest, GSMA SGP.32 eSIM IoT, is tailored for the unique demands of IoT: bulk provisioning, minimal user interaction, and robust remote management.
Giesecke+Devrient (G+D) sought to be the first to certify an IoT eUICC product under the new GSMA SGP.32 standard, which brings together the best of M2M and consumer eSIM approaches for IoT. Achieving this required not only technical innovation but also independent, rigorous security evaluation in line with the GSMA eUICC Security Assurance (eSA) scheme, which is based on the internationally recognized Common Criteria methodology.
As an experienced GSMA Licensed Laboratory, Applus+ Laboratories was chosen to evaluate G+D’s IoT eUICC. Our cybersecurity team conducted a comprehensive assessment under the eSA scheme, which included vulnerability analysis, penetration testing, and compliance verification—ensuring the product met the demanding requirements of SGP.32 for IoT use cases.
G+D’s IoT eUICC is now the first product worldwide to be certified under GSMA eSA for the IoT SGP.32 standard. This milestone not only demonstrates G+D’s technological leadership but also highlights the adaptability and expertise of Applus+ Laboratories in supporting the latest industry standards.
"Our achievement of the world’s first GSMA eSA certification for our IoT eUICC product demonstrates our commitment to delivering secure and high-quality solutions to our customers. The expertise and professionalism of Applus+ Laboratories were instrumental in this achievement. Their rigorous evaluation process and clear communication ensured a smooth and efficient certification journey.”
— Jan Eichholz, Head of MS Security, Giesecke+Devrient
“We are proud to have supported G+D in this pioneering achievement. While Applus+ Laboratories has evaluated many eUICC products under the GSMA schemes, this is the first certification for an IoT eUICC under SGP.32. It demonstrates not only the maturity of the eSA framework, but also our commitment to helping clients lead in emerging markets.”
— Jose Ruiz, Cybersecurity BU Director, Applus+ Laboratories
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.
Based on your behavior on the website (where you click, how long you browse, etc.) we establish parameters and a profile for you to display ads that correspond to your interests. See the cookies we store in our Cookies Policy.