GSMA eSIM/eUICC Compliance Program Services

eUICCs (aka eSIM) allow “over the air” provisioning for the first subscription with a telecommunications operator, as well as subsequent subscription changes from one operator to another, without the need to physically change the SIM card.

GSMA Compliance Program

The GSMA compliance program defines a 3-step testing and certification process for an eUICC to enter the RSP (Remote SIM provisioning) ecosystem, applicable to both M2Ms and Consumer Device solutions.

Source: GSMA

Applus+ services to achieve GSMA compliance

Applus+ Laboratories is recognized by different schemes to support clients in their certification needs according to the GSMA Compliance program. Specifically, we can cover the requirements for ‘security assurance by design' and ‘functional and interoperable’ steps.

Step 1: eUICC security assurance by design

For IC/hardware platform vendors

Applus+ is an ITSEF facility accredited by the Spanish Certification Body, CCN, to conduct Common Criteria Security evaluation. GSMA requires all the IC/hardware platform to be certified following Common Criteria scheme.

For eUICC software developers

There are currently three alternative evaluation approaches in order to meet compliance requirements:

GSMA eUICC eSA evaluation

An independent security evaluation scheme for evaluating embedded UICC (eUICC) against the provisions of PP-0089 and PP-0100. The scheme is based on the Common Criteria methodology, optimized for GSMA-compliant eUICCs. GSMA owns the scheme but it is operated by Trust CB.

Common Criteria Evaluation for eUICC

GSMA also accepts official Common Criteria Certificates as a proof of compliance for eSIM. The evaluation must follow the eUICC consumer device or eUICC M2M protection profiles.

GSMA eUICC interim evaluation

GSMA released this methodology as an interim option until the official GSMA eSA was in place. It is a second-party evaluation conducted by a recognized security lab. Both methodologies will coexist until January 2022, when only eSA will be accepted.

Step 3: eUICC functional and interoperable testing

Applus+ is also accredited for conducting functional and interoperability testing for GlobalPlatform Certification, the last step for eUICC compliance with GSMA requirements. In this case, we can offer official Type Approval and debug sessions.

Note: Because Applus+ Laboratories is accredited as a third party laboratory by several evaluation and certification schemes, and in order to guarantee its impartiality, Applus+ engineers are never involved in actual product development or solutions implementation. Our independent evaluations are not accredited and their aim is to provide evaluation results to vendors who are seeking to understand the level of security of their products, despite no certificacion scheme is available yet.

GET A QUOTE

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

Cookie settings panel

Essential cookies

They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.

Always active
Analytics cookies

They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.
Advertising cookies

Based on your behavior on the website (where you click, how long you browse, etc.) we establish parameters and a profile for you to display ads that correspond to your interests. See the cookies we store in our Cookies Policy.