{"id":12387,"date":"2018-06-06T16:20:31","date_gmt":"2018-06-06T15:20:31","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/esim\/?page_id=12387"},"modified":"2026-02-09T13:42:46","modified_gmt":"2026-02-09T13:42:46","slug":"compliance","status":"publish","type":"page","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/esim\/compliance\/","title":{"rendered":"eSIM Compliance"},"content":{"rendered":"\n

eSIM Compliance<\/h2>\n\n\n\n

GSMA has created a compliance framework for eSIM devices, eUICCs, and Subscription Management servers to ensure they meet the GSMA Remote SIM Provisioning specifications.<\/p>\n\n\n\n

The eSIM Compliance Process is essential for safeguarding Remote SIM Provisioning digital infrastructures. It not only enhances customer confidence but also drives industry innovation. In the eSIM ecosystems, the GSMA Compliance Process acts as the regulatory framework that ensures every component, from software to hardware, meets rigorous security standards. It is the backbone that supports trust, security, and interoperability across global networks.<\/p>\n\n\n\n

The eSIM Compliance Process outlines the requirements and provides templates for declaring compliance. These requirements focus on security, functionality, and interoperability. Successfully meeting these compliance requirements allows the use of an eSIM Digital Certificate for authentication between eUICCs and Subscription Management servers.<\/p>\n\n\n\n

The database of GSMA eSIM Compliance Products is available within the GSMA Member Gateway Platform for GSMA members.<\/p>\n\n\n\n

RSP Architecture Elements Certification Journey<\/h2>\n\n\n\n

eUICC Compliance Process<\/h3>\n\n\n\n
\n
<\/i><\/div>
eUICC Compliance Process<\/div><\/div>
<\/p>\n\n<\/div><\/div>\n\n\n\n
\"A<\/figure>\n\n\n\n
<\/div>\n\n\n\n

Steps to follow for eUICC Compliance<\/h4>\n\n\n\n

1. IC Chip Security:<\/strong>
Demonstrate that the eUICC has an IC chip with either PP-0084 or PP-0117 Common Criteria certificate or a PP-0084 or PP-0117 eSA certificate. This is a mandatory requirement that you need to fulfill by ensuring the chip has a PP-0084 Common Criteria certificate.<\/p>\n\n\n\n

2. SW Security:<\/strong>
Demonstrate that the eUICC has robust certified software. This is a mandatory requirement that you need to fulfill by demonstrating that the software has either a PP-0100 Common Criteria certificate or a PP-0100 eSA Scheme certificate. You can learn more about the eSA Scheme HERE<\/a>.<\/p>\n\n\n\n

3. Site Compliance:<\/strong>
Ensure that your eUICC manufacturing plant is certified. This is a mandatory requirement that you need to fulfill by going through the GSMA SAS-UP audit process. Book an audit with one of the appointed GSMA auditors. For more information, please check GSMA SAS web page<\/a> or contact [SAS@gsma.com](mailto:SAS@gsma.com). <\/p>\n\n\n\n

4. Functional Compliance:<\/strong>
Demonstrate that the eUICC has successfully passed the functional certification based on SGP.23-1 for Cosumer eUICC and SGP.33-1 for IoT eUICC. This is a mandatory requirement that you need to fulfill by going through the GlobalPlatform functional certification process using one of the test tools certified by GlobalPlatform. You can find more information about the GlobalPlatform functional certification for eUICC HERE<\/a>. <\/p>\n\n\n\n

5. Declaration Forms to GSMA:<\/strong>
Follow the GSMA compliance process document and fill out and sign the eUICC information in SGP.24 Annexes A.1 and A.3 forms and send it to [RSPCompliance@gsma.com](mailto:RSPCompliance@gsma.com).<\/p>\n\n\n\n

6. GSMA Database Visibility:<\/strong>
Indicate the visibility of your product in Annex A.1. Options include:<\/p>\n\n\n\n

\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n
\"SM-XX<\/figure>\n<\/div><\/div>\n\n\n\n
\n
\n
\n

Steps to follow to declare SM-XX Compliance<\/h4>\n\n\n\n

1. Site Compliance:<\/strong>
Ensure that your SM-DP+ and\/or SM-DS implementation and hosting sites are certified. This is a mandatory requirement and must be done following the GSMA SAS-SM standards, methodology, and process. Book an audit with one of the appointed GSMA auditors. For more information, please check the GSMA SAS web page<\/a> .<\/em> or contact [SAS@gsma.com](mailto:SAS@gsma.com).<\/p>\n\n\n\n

2. Functional Compliance:<\/strong>
Demonstrate functional compliance based on SGP.23. This is a mandatory step that can be done using self-testing methods or available test tools on the market. Fill out the declaration forms SGP.24 Annex A.4 for SM-DP+ and\/or Annex A.5 forms for SM-DS.<\/p>\n\n\n\n

3. Declaration Forms to GSMA:<\/strong>
Follow the GSMA compliance process document and fill out and sign the SM-DP+ information in SGP.24 Annexes A.1 and A.4 forms and SGP.24 Annexes A.1 and A.5 forms for SM-DS. Send the completed forms to [RSPCompliance@gsma.com](mailto:RSPCompliance@gsma.com).<\/p>\n\n\n\n

4. GSMA Database Visibility:<\/strong>
Indicate the visibility of your product in Annex A.1. Options include:<\/p>\n\n\n\n