Guide to eSIM Compliance
To safeguard the integrity of the GSMA eSIM ecosystem, it is essential that manufacturers and service providers are able to ensure:
- Compliance with eSIM requirements and technical specification
- Product site security
- Product site implementation
- Functional testing
- Platform security
These checks apply to providers of:
- Mobile devices and user equipment
- SM-DP+ and SM-DS servers
The eSIM Compliance Process (SGP.24) defines a common framework for each product type, within which a product’s compliance declaration can be achieved. SGP.24 provides a description of the process that must be followed to declare a product, platform, or service compliant with the requirements and technical specifications defined in SGP.21 and SGP.22. Upon successful validation of a declaration, the product vendor will be issued a certificate, if required, for the type of product declared.
How to Apply
Before you apply for eSIM compliance, please ensure your site has been SAS certified and the certificate has been uploaded on the SAS accredited sites list in order to validate your submission.
Fill A.1 form with generic company and product information. Please note that you should only submit one organisation form per product.
You will find Forms A.2, A.3 and A.4 here
Email completed forms to RSPCompliance@gsma.com
Contact the GSMA Certificate Issuer using the details provided to you, to request the issuance of a certificate.
The links to the information requested for each can be found hereafter:
You will find the Form A.1 forms here.
You will find the Forms A.2, A.3 or A.4 forms here.
Email all the completed forms to: RSPCompliance@gsma.com.
Contact the GSMA Certificate Issuer using the details provided to you (steps that are also described in https://www.gsma.com/iot/embedded-sim/gsma-root-certificate-issuer-remote-sim-provisioning/) to request issuance of a certificate. The GSMA will maintain a list of compliance eSIM product vendors that will be available to GSMA members.
eSIM compliance process
The first version of the eSIM Compliance Process document is based on self-declaration where the following areas are covered:
|Compliance Type||Functional test||Compliance program||Site
|Certificate from GSMA CI|
|Compliance v1.0||Vendor’s own tests||NO||SAS-UP and SAS-SM forM2M (eUICC and SM-DP+ only)||YES (eUICC and SM-DP+ only)|
|Compliance v1.1||Vendor’s own tests (including as reference E2E testing and SGP.23 testing)||NO||SAS-UP and SAS-SM for RSP (eUICC and SM-DP+ only)||YES (eUICC and SM-DP+ only)|
Future versions will add the following areas:
- Test specification associated compliance programmes by selected organisations
- Platform security – protection profile (eUICC only)
- Improvements to existing declaration forms
Transition between versions:
The permitted period for products to declare compliance against a specific SGP.24 version is up to 110 calendar days after the publication of the subsequent version.
For further information, or to register an interest in participating in the eSIM Compliance Process, please contact the GSMA at ESIMCompliance@gsma.com.
- 24 V1.1 eSIM Compliance Process and self-declaration forms
- 21 Architecture Specification v2.2
- 22 Technical Specification v2.2