What are the Risks of Industry-Wide e-SIM Adoption?
Arguably the biggest obstacle to e-SIM delivering on the IoT opportunities outlined above is resistance amongst existing stakeholders. This certainly seems to be the view from within industry itself - according to one poll carried out by Arm, this was the top concern amongst respondents, cited by 68% of them.
There has long been a concern that mobile operators will be reluctant to get on board with e-SIM because of the way, as already discussed, it disrupts their established business models. It’s understandable that any business would question the benefits of embracing a technology that made it easier to lose customers to competitors.
But for mobile operators, an added cause to think twice is that neither the business case for embracing e-SIM nor the market demand have been proven beyond all doubt. With the number of OEMs adopting e-SIM still only progressing at a trickle, it’s a case of who jumps first. If operators and OEMs both stand back waiting for the other to make the first move, there’s a danger the opportunity could be missed.
Despite seeming to have most to gain from e-SIM in the IoT space, Arm found almost a quarter of OEMs (23%) were still not aware of the technology, and amongst those that were, more than a third (39%) felt there was little awareness about the technology in their sector. Moreover, only 57% said they felt e-SIM will definitely overtake removable SIM. That figure is more like 80% in other sectors.
According to Suresh Kumar, senior chief engineer at Samsung Electronics, the risks of operators and OEMs not coming together and collaborating on e-SIM are just as high as the potential for both to drag their heels on adoption. He points out how dependent the IoT opportunity is on operator buy-in, as ultimately they deliver the essential ingredient of network access.
But he also sees the possibility of OEMs trying to by-pass a collaborative approach by setting up their own MVNOs and offering network services directly to customers as leading down the wrong path. He points out that previous experiments in this direction have led to OEM-MVNOs developing their own proprietary e-SIM provisioning solutions, tying end users to their own network even more than a removable SIM would. 40% of respondents to Arm’s survey still see network lock-in as a key risk of e-SIM.
This raises the issues of interoperability and certification of e-SIM solutions. The truth is, although the idea of remote provisioning to simplify the connection authentication process has been around a while, that does not automatically lead to the kind of flexibility where any device can connect seamlessly to any network in any location.
For that to occur, the technology has to be fully standardised - a massive task when you consider all the SIM chipset makers, all the mobile operators, all the device OEMs serving dozens of different industry verticals that have a stake in IoT, not to mention all the local market conditions and regulations.
The global mobile operator trade body GSMA has taken it upon itself to tackle the issue of interoperability through its e-SIM remote provisioning standard. The aim is to replace the many proprietary provisioning protocols that have been developed to manage network services remotely for high density device deployments. The message from the GSMA is clear - without this standardisation, industry will keep running into issues of devices that do not work on chosen networks, requiring short-term work arounds, slowing down deployment and ultimately holding back the opportunity that IoT promises.
Interoperability is a key reason why collaboration between operators, OEMs and system integrators is so strongly advocated on e-SIM. For example, it is imperative that operators and OEMs are singing from the same hymn sheet in terms of creating SIM profiles and eUICC components that are compatible with one another. If a particular operator’s SIM profile cannot be downloaded to a particular device’s eUICC, you have an interoperability issue.
System integrators and IoT service providers have a key role here, as it is their platforms which promise to provide the single point of management for large-scale device deployments across multiple networks.
But still, all is not straightforward. For example, some IoT service providers have developed provisioning solutions based on a multi-IMSI approach, which is subtly different to e-SIM remote provisioning. E-SIM works on the principle of downloading full network profiles and network keys, which requires consent from the network operator to activate, while multi-IMSI involves storing and switching between subscriber identity numbers. Again, having these two systems working in parallel can lead to interoperability issues.
Another aspect of the GSMA’s attempts to standardise remote provisioning is certification and security. The GSMA’s Security Accreditation Scheme (SAS) monitors and certifies the security standards of both e-SIM component manufacturers and management platform providers. The rationale is to protect the interests of both operators and end users. A lot of sensitive data, not least user identification credentials and carrier profiles, gets passed back and forth between connected end points and the network, so any security weaknesses in the eUICC or management platform would expose the whole system to data theft, malicious disruption or fraudulent use.
All in all, the efforts at standardising e-SIM provisioning across the global IoT ecosystem is essential if OEMs, mobile operators, service providers and, of course, the vertical markets embracing IoT are to get the full benefits of the opportunity. Interoperability and certification reduce complexity and duplication and lift embedded SIM solutions out of their proprietary cul-de-sacs, promoting greater reliability, flexibility and scalability. OEMs can reduce development costs and time to market, knowing that their products will be able to connect effectively and securely in any destination, on any network. Operators can embrace the huge expansion in potential connections and the rapid on-boarding of devices safe in the knowledge that, through certification, the new connection will not be introducing any security loopholes that expose their network of their customers.
