SGP.32 explained: Next-gen eSIM for enterprise IoT

The hardest part of IoT at scale isn’t the sensor! It’s reliable, repeatable connectivity. Devices with tiny memory and batteries, inconsistent operator behaviour across markets, and clunky provisioning often keep projects stuck in pilot.

The GSMA’s eSIM standards have evolved to fix these problems. SGP.02 introduced remote provisioning for M2M but relied on SMS and heavy operator integrations, a poor fit for NB-IoT and LTE-M. SGP.21/22, meanwhile, were built for consumer devices and aren’t suited to headless IoT.

The real IoT evolution is SGP.02 to SGP.31/32. These new specs use server-driven CoAP/DTLS protocols, allow direct SM-DP+ profile downloads, remove SMS dependency, and let enterprises switch eIMs without operator consent. 

That makes them ideal for constrained devices like smart meters, sensors, and connected appliances.

Legacy standards like SGP.02 weren’t designed for IoT scale but originally built for M2M modules, leading to high integration costs and rigid workflows. 

Modern deployments need something lightweight and flexible, which is why SGP.31/32 and BICS’s IoT eSIM Hub matter.

In this article, we explore the implementation of eSIM evolution to ensure enterprise IoT success.  

Early IoT projects depended on SGP.02 (M2M). While it enabled remote provisioning, it required heavy operator integrations and often relied on SMS for activation, a limitation for NB-IoT and LTE-M devices that don’t support SMS. 

These constraints made large-scale, constrained IoT deployments inefficient and hard to manage.

Consumer eSIM standards (SGP.21/22) were developed in parallel for smartphones and wearables, using pull-based provisioning and user interaction. They remain poorly suited to headless IoT endpoints.

This gap is what SGP.31/32 fills, offering a push-based model with lightweight protocols, flexible eIM management, and support for resource-constrained IoT devices. And that’s where BICS’s global network delivers a major advantage.

SGP.22’s reliance on HTTPS and SMS for communication creates significant overhead and prevents efficient remote SIM provisioning at scale.  

These protocols are heavy, energy-consuming, and require more memory and compute power than most constrained IoT devices can handle.

In addition to technical incompatibility, SGP.22 implementations typically involve:

• Complex SM-DP+ (Subscription Manager- Data Preparation+) or SM-SR (Subscription Manager-Secure Routing) integrations, requiring tight coupling with network operators
• Difficulties scaling across regions due to operator-specific configurations
• Limited flexibility in switching providers post-deployment

This results in higher integration costs, longer deployment timelines, and reduced interoperability, which are precisely the challenges IoT project teams are trying to avoid.

By contrast, SGP.31 and SGP.32 were developed specifically to overcome these limitations. They introduce:

• Lightweight protocols like CoAP (Constrained Application Protocol) and DTLS(Datagram Transport Layer Security)
• A new architectural model using eIM (eSIM IoT Remote Manager) and IPA (IoT Profile assistant), decoupling device logic from operator infrastructure
• OTA provisioning that works with minimal device resources

The result is a model that is optimised for scale, security, and real-world deployment, even on the most constrained hardware.

Here are the additional technical advantages of SGP.32:

• Server-initiated provisioning: Unlike earlier consumer models that rely on user-initiated profile downloads (pull mechanism), SGP.32 uses a server-driven push approach. This enables operators to remotely change and update eSIM profiles directly via the SM-DP+, without requiring integration between different platforms. With SGP.32, there is also a much larger availability of profiles,  supporting both consumer and IoT profiles, which makes it far easier to scale across diverse device types.
• Compatibility with existing SM-DP+ infrastructure: SGP.32 reuses the SM-DP+ infrastructure from SGP.22, allowing enterprises to adopt the new standard without overhauling their provisioning back-end, simplifying migration, and reducing costs.
• No reliance on SMS activation: By eliminating binary SMS for activation, SGP.32 avoids latency, complexity, and SMS delivery issues. This is especially important for IoT deployments in regions with limited SMS reliability or added costs.
• Efficient profile download format: The profile templates used in SGP.32 are optimised for low-data usage, which is a major advantage for LPWAN-connected devices and other constrained IoT applications with limited bandwidth.
• True scalability for IoT fleets: SGP.32 simplifies bulk provisioning and ongoing management of large-scale IoT deployments, enabling businesses to activate and maintain device fleets without the logistical overhead of physical SIM cards. Crucially, SGP.32 is suited for network-constrained IoT (NB-IoT / LTE-M) endpoints such as electricity and water meters, allowing faster, more reliable, and secure provisioning even in low-bandwidth or intermittent-connectivity environments.
• BYO carrier flexibility:  enterprises can switch connections to any provider without operator consent. In practice, this means customers can move eIMs from/to BICS or external providers (insurance-model flexibility). This flexibility is underpinned by BICS’s roaming and connectivity services, which extend seamless access across networks worldwide.

In essence, SGP.31/32 enables efficient management of eSIM profiles across global IoT deployments, and is purpose-built for IoT devices,  from battery-powered sensors to smart meters and connected appliances.

For global deployments spanning energy meters, logistics sensors, and smart city infrastructure, SGP.32 eliminates manual activation steps, removes reliance on SMS, and ensures profiles can be pushed remotely,  all while consuming minimal power and memory.

BICS’s eSIM Hub brings these standards to life at scale:

• It acts as a global SM-DP+ and eIM server, centralising eSIM profile storage, preparation, and lifecycle management across networks and devices.
• Integrates seamlessly with constrained devices via IPAe and eIM,
• Supports rapid onboarding without device rework,
• And ensures enterprise control through automation, fallback routing, and remote diagnostics.

This makes it an ideal orchestration platform for any business deploying connected devices in the field, from remote oil sensors to global smart meters.

GSMA SGP.32 is the new eSIM standard specifically designed to provide a unified framework for remotely provisioning and managing eSIM profiles across all types of devices. 

It particularly focuses on addressing the needs of the rapidly expanding IoT eSIM market. 

It unifies previous consumer and M2M specifications, streamlining eSIM connectivity management for both personal gadgets and vast IoT fleets.

SGP.32 and its architecture specification, SGP.31, are purpose-built for resource-constrained massive IoT devices and deployments. 

The core value proposition of SGP.32 lies in its use of lightweight protocols, enhanced scalability, and simplified integration.

In some hybrid deployments, fallback mechanisms like A2P SMS messaging are used alongside IP-based provisioning to maintain continuity.

To understand why SGP.32 is a breakthrough for IoT; it’s helpful to contrast it with legacy eSIM standards like SGP.02, which were designed for M2M use cases:

Earlier eSIM models often created integration friction,  especially in M2M and IoT use cases, because of tightly coupled components like SM-DP/SR and reliance on device-initiated requests.

SGP.31/32 introduces a modular, decoupled architecture designed specifically for low-power, headless, or UI-less IoT devices. It defines new roles such as:

• IPA (IoT Profile Assistant): A lightweight logic layer responsible for interpreting eSIM profile operations. It exists in two parts- IPAd (on the device) and IPAe (on the server), enabling localised logic, profile rule enforcement, and seamless communication with SM-DP+.
• eIM (eSIM IoT Remote Manager): A server-side orchestrator that can remotely trigger provisioning, initiate dynamic profile switching, or update connectivity settings, even if the device isn’t continuously online. It removes the need for user interaction or SMS activation.
• SM-DP+ (Subscription Manager – Data Preparation+): The secure provisioning backend that prepares, stores, and delivers operator profiles to IoT devices as needed. This is reused from the SGP.22 standard, but made more efficient through SGP.32.

Together, these components simplify communication flows, reduce provisioning complexity, and enable true push-based profile management. 

Devices no longer need to initiate requests or maintain persistent data sessions. This makes the architecture ideal for constrained environments like smart meters, sensors, or LPWAN deployments.

At the heart of successful SGP.31/32 deployments lies a platform that can bring the standard’s potential to life, and that’s exactly what BICS’s eSIM Hub is built for. 

Unlike generic SIM management tools, BICS’s eSIM Hub is purpose-built for modern IoT operations. It fully supports the SGP.31/32 architecture and combines:

• SM-DP+ provisioning for secure profile downloads
• IPAe logic for interpreting operator configurations and enforcing provisioning rules
• eIM orchestration for initiating profile switches, updates, and fallback provisioning automatically

This makes it a single point of control for provisioning, switching, and lifecycle management across globally distributed IoT fleets.

Leveraging the native support for CoAP/DTLS protocols, profile templating, and cloud-based orchestration, BICS allows scalable deployment even in fragmented or constrained environments like LPWAN( Low Power Wide Area Network), NB-IoT (Narrowband Internet of Things), or industrial networks.

As a result, you witness faster provisioning, lower data usage, improved uptime, and complete remote control, all aligned with GSMA’s SGP.31/32 standards.

BICS eSIM Hub fully supports the modular architecture of SGP.31 / SGP.32, including SM-DP+, IPAe integration, and seamless remote SIM provisioning through SGP.32 protocols. It also includes: 

• eIM (eSIM IoT Remote Manager): It orchestrates provisioning and enables remote, dynamic management of profiles across device fleets.
• IPA (IoT Profile Assistant): It interprets operator profiles and supports smarter profile management for diverse IoT use cases.
• Native integration with SM-DP+: It ensures secure profile download, proper management, and wider profile availability (consumer + IoT), and simplified lifecycle operations.
• No SMS dependency: provisioning flows are optimised for NB-IoT and LTE-M devices, which often lack SMS support.
• Constrained IoT protocol support: It leverages lightweight CoAP/DTLS protocols designed specifically for resource-limited sensors, meters, and appliances.

This alignment ensures fast, scalable deployments even for constrained devices across fragmented geographies.

What sets BICS apart is the scope and reliability of its global network:

• Partnerships with over 200+ mobile operators worldwide
• Interoperability is tested across thousands of device types
• Real-time monitoring, fallback routing, and remote profile switching are built in

Whether you’re deploying agricultural sensors in remote fields or connected vehicles across multiple countries, BICS ensures uninterrupted, optimised connectivity.

The eSIM Hub can also extend provisioning into systems like your enterprise control tower or device monitoring infrastructure.

Thales, a global leader in digital security and embedded systems, sought to simplify IoT connectivity for its customers, deploying industrial and enterprise devices worldwide. 

With increasing demand for remote provisioning, secure connectivity, and support for constrained IoT environments, Thales partnered with BICS to integrate its GSMA-compliant eSIM technology with global mobile access.

Thales’s customers needed:

• Global coverage for industrial IoT devices, such as connected meters and sensors
• Remote provisioning of eSIM profiles across fragmented networks
• A future-proof model compatible with upcoming standards like SGP.31/32
• Scalability and security for millions of devices across various verticals

Traditional connectivity models based on physical SIMs or limited operator agreements lacked the flexibility, reach, and operational efficiency required for such complex deployments.

Thales embedded its Cinterion® IoT modules with eSIM technology, and partnered with BICS eSIM Hub to:

• Enable remote SIM provisioning over-the-air using SGP-compliant standards
• Access a truly global network of 200+ operators through BICS
• Real-time monitoring, fallback routing, and remote profile switching 
• Use lightweight, modular provisioning protocols ideal for constrained devices.

Here’s the result and impact: 

• Seamless deployment of connected devices across over 70 countries
• Improved provisioning efficiency through automated OTA profile management
• Enhanced security and compliance via GSMA-certified infrastructure
• Future-ready architecture supporting upcoming SGP.31/32 implementations

This successful collaboration demonstrated how a hardware provider, plus a global connectivity orchestrator, can unlock scalable IoT success with minimal operational friction.

“Removing the obstacles for eSIM management with IoT devices will lead to far broader adoption of eSIMs in the industry and will finally allow eSIMs to deliver on their long‑awaited promise of greater flexibility for IoT connectivity.” – Luc Vidal‑Madjar, VP Connect – Mobility & Network, BICS

IoT devices often run on tight energy budgets and limited hardware, and most traditional provisioning models weren’t designed with this in mind. 

BICS, in combination with the lightweight architecture of SGP.32, removes this bottleneck.

There are reasons why traditional eSIM standards struggled. Earlier eSIM models like SGP.02 relied on HTTPS and SMS for profile management, which demanded:

• High memory allocation
• Persistent connectivity
• Long processing cycles that drained batteries

That made them impractical for headless or battery-operated devices.

SGP.32’s use of lightweight CoAP and DTLS dramatically reduces processing requirements. It delivers more efficient remote SIM provisioning and enables even constrained devices to leverage cloud-based telephony signals.

 BICS’s platform further optimises this by:

• Minimising over-the-air message size
• Reducing retry cycles
• Enabling efficient wake-sleep provisioning modes for low-power devices

Devices experience significantly reduced CPU and memory usage thanks to SGP.32’s lightweight protocol stack, enabling even the smallest IoT sensors to be fully provisioned and updated remotely.

One of the major pain points for IoT architects is integrating new provisioning workflows into existing infrastructure. BICS eliminates this friction through a plug-and-play integration framework.

BICS’s eSIM Hub is designed to work seamlessly with:

• Leading IoT platforms like AWS IoT, Azure IoT Hub, and Google Cloud IoT
• Device management tools, MDMs (Mobile Device Management Systems), and analytics layers
• Custom enterprise backends through open APIs (Application Programming Interface) and SDKs (Software Development Kit)

Whether you’re retrofitting connectivity into existing assets or launching greenfield projects, integration is minimal and non-invasive.

Once integrated, here’s what enterprises gain:

• A single pane of glass for profile provisioning, switching, and diagnostics
• Cross-regional connectivity management without multiple vendor dashboards
• Full lifecycle control from provisioning to deactivation within existing workflows.

As IoT ecosystems scale, so do the risks! 

Data privacy regulations, security breaches, and network vulnerabilities pose significant challenges, mainly when devices are distributed across borders.

• Devices handle operational data, location info, and sometimes personal user data.
• Critical infrastructure requires continuous uptime and secure provisioning.

Here are the security advantages of SGP.32:

• End-to-end encryption with DTLS
• Secure element-based provisioning
• Device-bound certificate-based authentication
• Compliance with GSMA eSIM specifications
• Secure elements for profile storage

How does BICS help in this? 

• GSMA-certified eSIM platform
• Full compliance with SOC 2, GDPR, and local telecom regulations
• Seamless integration with secure firmware-over-the-air (FOTA) workflows
• Real-time monitoring and failover for mission-critical systems

These capabilities are particularly critical in regulated environments such as healthcare, utilities, industrial automation, and public infrastructure, where uptime, failover, and compliance must be ensured.

BICS ensures that global IoT networks meet rigorous standards for privacy, security, and data protection,  even in highly regulated sectors.

Switching to remote SIM provisioning with BICS eSIM Hub based on GSMA’s SGP.31/32 standards is more than a technological evolution.

 It’s a strategic business decision that delivers measurable financial and operational returns. 

For enterprises deploying IoT devices across geographies and verticals, the traditional SIM model has long been a source of hidden costs, inefficiencies, and missed scale opportunities.

Here’s how adopting BICS’s SGP.32-compliant eSIM Hub transforms your ROI outlook:

Traditional SIM management involves a host of recurring costs: physical SIM production, shipping and handling, on-site installation, device reconfiguration, and often, vendor lock-in penalties. 

These operational frictions don’t just impact speed but also eat into margins at scale.

With SGP.32 and BICS:

• You eliminate SIM procurement and logistics, no more global shipping or customs delays
• Remote provisioning slashes integration and onboarding costs
• Global coverage reduces the need for multiple regional contracts and SIM types.
• Roaming charges are minimised through dynamic provider switching.

The early adopters of BICS’s SGP.32‑compliant eSIM Hub report significant reductions in connectivity management costs compared to traditional SIM-based models.

Beyond financial costs, legacy provisioning slows down time-to-market and introduces error-prone manual steps:

• Technicians often need to manually swap SIMs or provision devices, adding weeks to deployment cycles
• Global rollouts are staggered due to customs, inconsistent telco partnerships, or region-specific SKUs
• Post-deployment changes like switching operators or updating profiles typically require physical access to the device.

With BICS’s eSIM Hub and push-based SGP.32 provisioning:

• Devices are pre-configured and deployed in bulk, even before operator profiles are assigned
• Provisioning is triggered remotely at any time, including post-deployment
• BICS’s orchestration reduces provisioning errors and accelerates provisioning workflows

Beyond reducing costs and accelerating provisioning, SGP.31/32 standards, when deployed through platforms like BICS’s eSIM Hub,  offer four key enterprise advantages:

• Global reach: With support for over 200 mobile network operators and no need for region-specific SIMs, enterprises can deploy IoT devices seamlessly across borders.
• Deployment flexibility: Devices can be shipped pre-configured or activated post-deployment, giving businesses the freedom to adapt provisioning to real-world logistics.
• Affordability at scale: Remote provisioning eliminates recurring SIM lifecycle costs, making large-scale IoT deployments far more economically viable.
• Security & compliance: SGP.32 includes end-to-end encryption, secure element provisioning, and GSMA alignment, while BICS adds enterprise-grade failover, monitoring, and regulatory compliance support.

The integration of remote provisioning with call routing software, interactive voice response (IVR), and cloud PBX systems allows organisations to link device connectivity with voice and service workflows. 

When paired with real-time analytics and automatic call distribution (ACD) systems, enterprises can optimise both service delivery and connected device performance, unlocking significant cost and efficiency advantages.

Adopting a next-gen eSIM provisioning platform like BICS’s eSIM Hub doesn’t have to be overwhelming. 

BICS offers a structured, low-friction implementation roadmap designed for enterprises deploying IoT at scale, regardless of geographic footprint, device diversity, or technical complexity.

The goal is to accelerate time-to-value while minimising operational disruption, whether you’re migrating from legacy SIM infrastructure or setting up your first IoT fleet.

This initial phase focuses on understanding your current connectivity environment and aligning it with the capabilities of the SGP.31/32 standards.

• Infrastructure mapping: BICS helps you evaluate existing SIM provisioning workflows, device fleet architecture, and M2M connectivity needs.
• Device profiling: Identify device types, operating constraints (e.g., power, memory), and regional compliance requirements.
• Use case alignment: Define target regions, connectivity models (e.g., single IMSI vs. multi-IMSI), and fallback scenarios.

By the end of this phase, you will have a clear migration and integration strategy customised to your business and technical environment.

With the plan in place, BICS assists your team in launching a focused, low-risk pilot deployment.

• Targeted rollout: Begin provisioning and managing a select group of IoT devices in real-world conditions.
• Testing core capabilities: Validate key functionality, including remote SIM profile installation, switching between operators, OTA updates, and fallback/failover capabilities.
• Security validation: Test encryption, certificate handling, and secure element provisioning to ensure compliance and operational safety.

This phase gives your technical team confidence in both the platform and the provisioning lifecycle before scaling.

Following a successful pilot, BICS supports the full-scale rollout across your entire IoT device fleet.

• Scalable provisioning: Deploy thousands of devices globally through centralised orchestration, supported by BICS’s global IoT connectivity backbone and operator partnerships for seamless provisioning and regional reach.
• Platform integration: Use BICS’s open APIs or pre-built connectors to integrate the eSIM Hub with your IoT device management platform or cloud service such as AWS, Azure IoT, etc.
• Team enablement: BICS provides documentation, workshops, and onboarding for your engineering and operations teams to ensure a smooth handover.

Unlike vendors who disappear after rollout, BICS provides ongoing enterprise-grade support to ensure long-term success:

• 24/7 global technical support with dedicated account managers
• Automatic standards updates aligned with GSMA and regulatory changes
• Continuous monitoring of network reliability, provisioning health, and device behaviour

You’ll also benefit from BICS’s collaboration with Thales and 200+ operator partners, ensuring seamless global connectivity and interoperability throughout your IoT lifecycle.

The world of IoT has evolved, and so must the connectivity infrastructure that powers it. SGP.22 brought eSIM into the mainstream, but it was never intended to support resource-constrained devices, decentralised deployments, or global connectivity orchestration.

That’s exactly what SGP.31 and SGP.32 deliver and what BICS’s eSIM Hub enables in practice.

With its:

• Award-winning platform built for SGP.31/32 compliance
• Global operator partnerships and proven deployment track record
• Enterprise-grade security, seamless integration, and expert technical support

BICS helps enterprises move beyond pilot programs and into full-scale IoT transformation, with reduced costs, simplified logistics, and faster time to market.

By combining SGP.31/32-enabled provisioning with enterprise-grade security, global connectivity, and seamless infrastructure integration, and enterprise-grade security, BICS provides a unified foundation for scalable IoT transformation. 

It enables forward-thinking businesses to bridge the gap between operations, connectivity, and customer service infrastructure securely and at scale.

• What is the main difference between SGP.02, SGP.32 and SGP.22? 

SGP.02 was built for M2M devices and relied on SMS and tight operator integrations. SGP.21/22 were designed for consumer devices like smartphones and wearables. SGP.31/32 is the IoT-focused evolution, using lightweight CoAP/DTLS protocols, offering wider profile availability and removing the need for SMS.

• How long does it take to migrate from SGP.22 to SGP.31/32 implementation? 

Migration is not backward compatible and requires new SIM cards. The usual approach is to keep existing SGP.02 devices where they work well, while adopting SGP.31/32 for new IoT deployments.

• Can the BICS eSIM hub integrate with our current IoT device management platform? 

Absolutely. The platform supports open APIs and works with Azure IoT, AWS IoT Core, Cumulocity, and more.

• What are the resource requirements for SGP.32 on constrained IoT devices?

Devices need significantly fewer resources than SGP.22. SGP.32 works on low-power, low-memory devices using CoAP and LwM2M protocols.

• How does BICS ensure global connectivity reliability for large-scale IoT deployments? 

BICS partners with 200+ mobile operators worldwide, offering profile redundancy, regional fallback, and 24/7 uptime monitoring.

• What compliance certifications does BICS maintain for regulated IoT industries? 

BICS maintains GSMA certification, SOC 2, ISO 27001, and aligns with GDPR and other major regulations.

• Can we switch connectivity providers remotely without hardware changes? 

Yes. With SGP.32 and BICS’s SM-DP+ solution, you can remotely switch operators without touching the device.

• What level of technical support does BICS provide during implementation? 

BICS offers dedicated technical account managers, 24/7 global support, and hands-on guidance from initial assessment to full-scale rollout. Their team ensures seamless integration, profile provisioning, and long-term success through tailored onboarding and ongoing lifecycle assistance.

• How does BICS handle emergency connectivity and failover for critical IoT applications? 

BICS’s eSIM Hub includes built-in automated failover, fallback routing, and real-time monitoring. This ensures continuous connectivity and uptime for mission-critical IoT systems, even during outages or provider disruptions.

• What security measures protect IoT devices during remote provisioning? 

SGP.31/32 includes end-to-end encryption, hardware-level secure elements, and certificate-based authentication to secure every stage of remote provisioning. BICS augments this with carrier-grade firewalls, access controls, and continuous threat monitoring.