Recognising the importance of interoperability and security for products supporting eSIM based remote SIM provisioning, GSMA has developed a compliance framework for eSIM devices, eUICCs, and subscription management products SM-DP+ and SM-DS.
Published by the GSMA as SGP.24, the eSIM compliance process describes common compliance requirements for:
- Functional interoperability
- eUICC security
- eUICC production site security
- Subscription Management site security
To ensure industry best practice for functional interoperability test & certification, GSMA has partnered with industry bodies and companies with globally recognised certification expertise for functional interoperability testing.
- GCF, PTCRB and Global Platform have adopted the SGP.22 eSIM specification and associated SGP.23 tests for functional interoperability and have incorporated them into their certification programmes for devices and eUICCs.
- There is currently no industry based test & certification programme for SM-DP+ and SM-DS. Instead, vendor test plans can reference the tests described in the SGP.23 test specification.
Security best practice is assured by referencing Common Criteria test & certification requirements for eUICC platforms and the GSMA’s respected Security Accreditation Scheme (SAS). GSMA SAS accredits, via audit, the operational systems, processes and controls of eUICC production sites (SAS-UP) and subscription management hosting sites (SAS-SM) that handle subscription data.
For further information on the GSMA eSIM compliance process, please contact RSPCompliance@gsma.comBack