eUICC Security Assurance (eSA)

The global security scheme for eUICC software security – building trust into the future of mobile.

What is eSA?

The embedded UICC (eUICC) is an evolution of SIM technology and key to consumer and IoT-driven digital transformation. So robust security is paramount to protect both operator services and customer data.

That’s why we’ve introduced a rigorous security assurance scheme. If you’re a supplier of eUICCs, it lets you demonstrate that your software is secure and compliant with GSMA eSIM specifications. Or if you’re relying on them for your network, service or product, it lets you assess that security – quickly and reliably.

Why is it important for your business? 

Because eSIM connectivity relies on GSMA Specifications, any eSIM must be designed to meet those specifications to ensure interoperability – with any network or service platform it might interact with across the world.

eSA sets out these universal security certificate for all software developers, based on the Common Criteria approach. Yet crucially, it’s more condensed – making it faster and more efficient for your business to gain or check security assurance.

Universally recognised

Security framework that’s agreed by cross-industry mobile industry players and endorsed by the world’s leading mobile connectivity body.

Security robustness

Same security objectives defined for Common Criteria within the GSMA Protection Profiles (SGP.05 for M2M devices and SGP.25 for consumer and IoT devices).

Fast, efficient service

The eSA assurance process is designed for process optimisation and simplicity, supporting streamlined development and deployment.

Drives security improvement

Robust procedures that global vendors and operators can rely on when selecting their eUICC manufacturer or software developer.

Independently valuated

Each supplier product software evaluation is conducted by a GSMA Licensed Laboratory, looking at everything from profile isolation to internal and external communications within the eUICC software solution

Dynamic specifications

The eSIM specifications continually evolves to meet the requirements of the industry, according to measures agreed by a cross-industry group of security experts. 

Meets national security needs

Reflects the security needs of the entire ecosystem, with complete transparency as to which suppliers are .

Practical examples of how it helps your business

Whether you’re a manufacturer, software developer or eSIM service provider, eSA improves confidence in your business – and the future of connectivity as a whole.

eUICC manufacturers and software developers

eUICC manufacturers and software developers

Demonstrating security assurance via eSA is the gateway to the GSMA eSIM ecosystem – and essential due diligence for operators, service providers and device manufacturers investing in eSIM solutions. So it provides many benefits:

• Presence on global accredited supplier list boosts business opportunities – being preferred by your customers’ procurement teams.

• Gives you global assurance – security assurance from the world’s leading mobile connectivity association demonstrates your commitment to security and reduces risks for customers.

• Supports speed to market – streamlined accreditation process and appearance on accredited suppliers list enables rapid deployment.

• One accreditation to meet industry expectations – fewer individual inspections from your different customers.

• Expert guidance – rigorous security review highlights potential security, interoperability and compliance requirements.

Focused Black Male Programmer Working in Monitoring Room, Surrounded by Big Screens Displaying Lines of Programming Language Code. Portrait of Man Creating Software. Abstract Futuristic Coding Concept

Mobile operators

Mobile operators

Every operator who passes a test, gets a pass certificate. 

  • Whether you’re a Mobile Network Operator or a Mobile Virtual Network Operator, you need absolute confidence that data is secure, assets are protected and services work as intended on all relevant eSIM devices.
  • The only way to ensure this is when eSIM entities fully comply with GSMA specifications and requirements. eSA is a key element of this:
  • Have confidence that you’re choosing an eUICC provider that complies with the GSMA’s rigorous global security standard.
  • Be sure of global interoperability.
  • Build protections across the entire eSIM ecosystem – insisting on eSA certification encourages a security by design culture.
  • Give peace of mind to investors and stakeholders – eSA requires deep supplier commitment and detailed accreditation conducted by highly qualified independent licensed laboratories.
  • Cost-free service for mobile operators – avoiding expensive individual security evaluations.
  • Supports speed to market – GSMA’s website provides 24/7 visibility of accredited developers and manufacturers so you can make fast, confident decisions.
Traveler young woman using the mobile phone in a subway station

eSIM device manufacturers

eSIM device manufacturers

Only eSIM devices with certified eUICC software will have the confidence of the eSIM community – particularly operators and eSIM service providers who want confidence that their assets are secure and interoperable.

So, give your devices the edge by ensuring your suppliers are fully compliant with the rigorous GSMA eUICC architecture and requirements:

  • In a market where GSMA compliance is a critical operating and security requirement, eSA certification is the ultimate assurance for the eUICC installed within the eSIM Devices.
  • Ensure security and interoperability of your eSIM Device in any market worldwide.
  • Instantly view accredited suppliers, reducing cost and time-to-market by avoiding expensive, time-consuming individual security evaluations.
  • Rely on a rigorous security standard with detailed evaluation conducted by highly qualified  licensed laboratories.
  • Offers peace of mind to investors and stakeholders with certification from the world’s leading mobile connectivity association
man hands on street holds phone with Sim card replacement on eSim

eSIM service providers

eSIM service providers

Only eUICC and subscription managers that meet the GSMA’s eUICC standards will be able to engage successfully – with the verified authentication exchanges required for global interoperability.

So eSA is essential element of validating eUICC certificates, and successfully managing and deploying subscription services:

  • Required for eUICC compliance – part of the GSMA remote SIM provisioning compliance process.
  • Gives your clients a global assurance of security and interoperability.
  • Enables rapid deployment – with a streamlined accreditation process and appearance on accredited suppliers list.
  • One accreditation to meet industry expectations – fewer individual inspections by your different customers.
Sim card on a table.

Resources

Further information and insights in the form of test results, blogs and best practice tips


Register your interest

Please get in touch if you need more information, would like to book a meeting, have a product demo or want to talk to us about your particular use case.