Recognising the importance of interoperability and security for products supporting eSIM based remote SIM provisioning, GSMA has developed a compliance framework for eSIM devices, eUICCs, and subscription management products SM-DP+ and SM-DS.

Published by the GSMA as SGP.24, the eSIM compliance process describes common compliance requirements for:

  • Functional interoperability
  • eUICC security
  • eUICC production site security
  • Subscription Management site security

To ensure industry best practice for functional interoperability test & certification, GSMA has partnered with industry bodies and companies with globally recognised certification expertise for functional interoperability testing.

  • GCF, PTCRB and Global Platform have adopted the SGP.22 eSIM specification and associated SGP.23 tests for functional interoperability and have incorporated them into their certification programmes for devices and eUICCs.
  • There is currently no industry based test & certification programme for SM-DP+ and SM-DS. Instead, vendor test plans can reference the tests described in the SGP.23 test specification.

Security best practice is assured by referencing Common Criteria test & certification requirements for eUICC platforms and the GSMA’s respected Security Accreditation Scheme (SAS).  GSMA SAS accredits, via audit, the operational systems, processes and controls of eUICC production sites (SAS-UP) and subscription management hosting sites (SAS-SM) that handle subscription data.

For further information on the GSMA eSIM compliance process, please contact

Contact GSMA Legal Email Preference Centre Copyright © 2018 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.