IoT
July 16, 2019

eSIM and IoT: Challenges and Opportunities

There are multiple challenges for eSIM to overcome before it can be widely adopted. Despite all the benefits, there are things to consider before jumping all-in on eSIM.

eUICC solutions (eSIM) can be considered an indicator of the future of SIM technology. It’s already been deployed in a few smart devices (e.g., Samsung Gear 2 watch). The solution complies with GSM Association (GSMA) specifications​ and therefore, it’s approved by all the world’s largest operators. Despite these accolades, there are still many challenges for eSIM to overcome.

Insights mentioned in this article are based on the market info that has been gathered from numerous eUICC manufacturers (eUMs), remote SIM provisioning platform providers, mobile carriers and OEMs.

Mobile Carriers’ Reluctance

As the world is revolutionizing, mobile carriers need to rethink their business models in order to survive the global adoption of IoT. Carriers will need to target OEMs and IoT enablers to sell mobile data by bringing a flavor of the B2B model to their existing B2C model. But, as eSIM does not link the end-user to a specific carrier anymore, the carriers fear losing customers through a simple click of a button and the flexibility to easily change subscriptions (carrier profiles) means an end to expensive roaming for users. So, the question arises, why should mobile carriers actually invest in eSIM architecture when they foresee a higher churn rate and probably zero roaming usage? This has also been the reason why eSIM adoption has been dead slow (though the technology has been available for years), and the only players moving towards eSIM adoption have been Apple, Tesla, and other multinational device manufacturers.

Return on Investment

It doesn’t matter who invests in eSIM architecture; the return on investment is still the scary bit. This is especially true in light of dropping mobile data and roaming prices that are consistently pressuring carriers’ margins. The cost of deploying an eSIM solution is high considering the limited use cases and the fact that “keeping things as-is” is made possible as there have been no serious disruptors on the market. In other words, the current name of the game by carriers is “wait and see.” Carriers are motivated to keep the status quo as long as possible and postpone all serious investments. On the other hand, technology deployers such as GnD, Gemalto, IDEMIA and other eUICC manufacturers have heavily invested to develop a fully certified and interoperable solution.

Changing Geographic Regulations

Even though GSMA is governing and ensuring the standardization of remote SIM provisioning solutions, it still must be noted that the regulations for hosting a subscription management platform and data centers vary from country to country. For instance, in certain countries, regulations state that data centers should be located within the country’s jurisdiction, e.g., China. This again is a huge investment, completely ruling out a hosted model, which is much more flexible.

The Trust in Interoperability

The GSMA has heavily mandated the concerns of interoperability. As eSIM is relatively new to the market, standardizing the whole ecosystem is quite challenging. This standardization needs to be enforced to achieve a truly interoperable solution, one where every eSIM can be managed by any service provider in any device. Without an interoperable solution, it’s practically impossible to bring together all the different stakeholders to work alongside one another, particularly when trust is already limited.

Security

The biggest threat to the world of IoT is security. All the data that would be exchanged from devices to servers and vice versa has to be handled in a secure manner. Even though the IoT industry is mature enough to tackle this issue, new technology still brings new loopholes and gaps in security. For instance, regarding eSIM-equipped devices that end up as waste, there’s a high risk of illegal reuse or reverse engineering a device that was previously associated with a person’s identity. If the user’s credentials are not properly dis-associated by the legitimate owner, both the device and the user credentials could remain available to a hacker.

As an eSIM would be programmed remotely, all the user credentials would basically be shared over the air. This makes the eSIM architecture open to side-channel attacks. In case the hacker is able to penetrate the communication between the eSIM and the platform, they could gain access to actual carrier profiles, which may be used for many fraudulent cases.

Developed Markets vs Underdeveloped Markets

The main idea behind eSIM is to have the flexibility of changing subscriptions (carrier profiles) as needed. Even though carriers from Europe, North America, and Asia are already implementing eSIM technology, we have 60% of mobile users worldwide still using legacy phones or devices that are not eSIM compliant. In such markets, eSIM is still a bit futuristic. This means that while you may have an eSIM-capable device, in some parts of the world, you will not have any mobile carrier supporting it.

Seeing Is believing

As it’s a technological transformation, the trust in the solution will build once there are more and more live deployments and people can see eSIM in real-life applications. Consumer demand would be the biggest game-changer but until that happens, we still rely on creating a need for eSIM rather than OEMs and mobile carriers asking for it.

The idea of this article is definitely not to scare you away from eSIM. It is strongly believed that from 2020 and onwards, we will see a drastic change in the carrier’s mentality, but until then, it’s a waiting game. We feel virtual carriers (MVNOs) and connectivity providers will have a great part to play in this game. Their ability to switch between carriers will help negotiate better rates and improved services for the end-user. This will help carriers to bring innovative ways of keeping and building the trust of their existing customers and creating positive competition.