Giesecke+Devrient (G+D) has become the first to achieve GSMA eSIM compliance and certification for an IoT eUICC product.

The German company’s products have been certified as part of the GSMA’s eUICC Security Assurance (eSA) scheme and achieve GSMA eSIM compliance, supporting industry efforts to ensure eSIM enabled services are secure and interoperable.

In January, the GSMA introduced an industry-wide technical specification, called SGP.32 v1.2, together with test, compliance and security specifications to ensure eSIM IoT technologies, used within IoT products, are secure and interoperable when interacting with communications networks and service platforms around the world.

The GSMA has now included certification of this specification as part of its GSMA eUICC Security Assurance scheme (www.gsma.com/solutions-and-impact/industry-services/assurance-services/euicc-security-assurance-esa) and eSIM Compliance programme, ensuring eSIM IoT products comply with stringent security and interoperability requirements, alongside already established consumer and M2M eSIM product certification.

G+D has become the first company to have its embedded universal integrated circuit card (eUICC) for IoT, or eSIM IoT products, assured through the eSA scheme and compliance programme, achieving certification in less than two months from the specification release.

“By unifying behind GSMA specifications and our compliance and assurance schemes, industry can help safeguard the eSIM ecosystem and accelerate innovation in IoT and mobile connectivity,” said Gloria Trujillo, eSIM group director at the GSMA. “Giesecke+Devrient’s achievement sets the way for the industry to build security and interoperability into new eSIM IoT services, which will be key when it comes to achieving consumer and IoT-driven digital transformation.”

Philipp Schulte, CEO of Giesecke+Devrient mobile security, added: “Robust security is paramount when it comes to protecting both customer data and operator services, so we’re delighted to be the first to achieve this milestone through the GSMA security assurance and compliance schemes. The GSMA’s specification and compliance scheme marks a significant milestone for the IoT industry, setting new standards in trust, security and interoperability. The fact that our certification was achieved in less than two months demonstrates the efficiency of the GSMA’s process and G+D’s dedication to enabling a secure internet of things.”

Market insight firm GSMA Intelligence forecasts there could be six billion IoT cellular connections globally by 2030, with eSIM taking more than 40% of that market share. The automotive industry is leading the way in these IoT deployments but, going forward, smart cities, health, agriculture and supply chain are also expected to drive demand.

However, GSMA Intelligence also outlines three challenges that enterprises are facing when it comes to deploying IoT that mobile operators and equipment makers need to address. These are cost of implementation, potential security vulnerabilities and integration with other technologies. GSMA Intelligence believes enhanced eSIM specifications for IoT, such as SGP.32, can help the market address these problems by ensuring adoption of a single approach when it comes to global standards and specifications.

The eSIM IoT SGP.32 v1.2 specification, together with test specifications, GSMA eSA security assurance and eSIM compliance schemes, ensures a secure and interoperable standardised approach ensuring ease of loading, activation and management of eSIM network subscriptions for IoT applications.

G+D (www.gi-de.com) is a security-tech company headquartered in Munich, Germany. Founded in 1852, it has more than 14,000 employees. In 2024, the company generated a turnover of €3.1bn. The company is represented by 118 subsidiaries and joint ventures in 41 countries.