GSMA Root Certificate Issuer (CI) for eSIM Remote SIM Provisioning

Security and trust are an integral part of the GSMA’s eSIM specification for Remote SIM Provisioning connections. The ability to provision operator subscription data securely “over the air” requires secure connections, as well as data confidentiality and integrity, and system availability.  eSIM achieves this using a Public Key Infrastructure (PKI) to authenticate the key system entities in consumer eSIM and M2M:

  • the eUICC
  • the SM-DP+, SM-DP and SM-SR
  • the SM-DS (and alternative SM-DS)

In order to ensure interoperability within the eSIM ecosystem:

  • Digital PKI certificates within eSIM are issued by a GSMA root Certificate Issuer (CI).
  • Digital PKI certificates are only available for issue to eSIM product that has demonstrated and declared compliance to the GSMA specifications
    • Refer to the compliance process in SGP.24 for eSIM (consumer) and SGP.16 (currently in draft) for M2M.
    • For more information on GSMA compliance requirements for eSIM and M2M contact:

The PKI for eSIM (consumer) and M2M product is different, reflecting the different ecosystems.  PKIs from eSIM (consumer) and M2M are not interchangeable.

GSMA root CI

GSMA currently has the following security certification partners acting on its behalf as Root Certificate Issuers for eSIM (consumer) and M2M remote SIM provisioning schemes:

eSIM Root CI M2M Root CI
Specifications:SGP.21 and SGP.22 Specifications:SGP.01 and SGP.02
Contact: Email Contact: Email
Website: Visit Website: Visit
GSMA Root CI Certificate: Download GSMA Root CI Certificate: Download
CRL Distribution Point: Download CRL Distribution Point: N/A

Further Information

For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to

Key Documents

GSMA eUICC PKI Certificate Policy SGP.14  
Remote SIM Provisioning for M2M
Remote SIM Provisioning for Consumer