SGP.32, regulation, and new dynamics in IoT middleware will trigger a shift in IoT connectivity
Within the IoT connectivity landscape the only constant is change. Transforma Insights has, over the years, tracked and analysed the changing face of IoT networks, middleware, regulations, commercial models and lots more. Last week we announced our IoT ‘Transition Topics’ for 2025. One was ‘eSIM orchestration vs connectivity reseller’, which relates to the way in which the arrival of SGP.32 remote SIM provisioning – as well as changing MNO/MVNO strategies, new approaches to connectivity management platforms, and the increased impact of data sovereignty regulations and geopolitical issues – promises to trigger a new phase in the provision of IoT connectivity and a change in the associated roles.
SGP.32 creates new roles in IoT connectivity
Transforma Insights has tracked the evolution, timing and impact of remote SIM provisioning (RSP) technologies, including SGP.32, in great detail, including in the report ‘What does SGP.32 ‘IoT’ remote SIM provisioning really mean for how cellular IoT connectivity is delivered?’. There is no doubt that the group of RSP technologies, and SGP.32 in particular, presents great opportunities to streamline the process for connecting cellular devices. As often happens with the arrival of new technologies, the advent of SGP.32, heralds new commercial models.
Specifically we expect to see the role of IoT connectivity provider (MNO/MVNO) evolve into three main roles:
This is not the total extent of the roles in the ecosystem. For instance, the operation of the SM-DP+ will probably fall to an eUICC manufacture (EUM) as a highly specialised task. There are also players that sit adjacent, particularly in the middleware domain, that have the opportunity to get involved in the eSO role. More on this later.
Neither, we should note, are these necessarily discrete roles. Many MNOs and MVNOs will also perform the eSO role alongside selling connectivity.
The impact of the arrival of SGP.32 is particularly relevant because it occurs in tandem with several other interrelated trends. These trends affect all forms of SIM management, but particularly drive greater relevance for the arrival of SGP.32. The first is regulatory, the secondary is the changing landscape for connectivity middleware. Each of these is discussed below.
New regulatory dynamics
The rapid increase in regulations related to IoT led Transforma Insights to quote it as the most significant IoT ‘Transition Topic’ in 2024, and we have include two aspects of IoT regulation in the forthcoming 2025 IoT Transition Topics. One of those is ‘Geopolitics and polarisation of markets’ which identifies that in the coming year (and beyond) we will likely see even further strictures related to IoT connectivity, applications and data. The last few years have seen a progression towards greater compliance requirements on sovereignty, vendor selection, and – most pertinent for this discussion – how connectivity needs to be managed.
As an example of the latter, the way that some countries implement the EU NIS2 Directive places additional requirements on how connectivity is managed, specifically that it needs to be hosted within the country. This tracks with rules that we have seen in other markets, such as China and Turkey, and the emerging rules in India. In those cases there are growing requirements to manage connectivity domestically.
Which set us thinking: could we see further and more pronounced clamping down on managing eSIM profiles, IMSIs and overall connectivity management out of country? Will devices need to be managed on a core network within the country? The answer is ‘perhaps’ and that perhaps becomes ever more likely.
With SGP.32, we expect that the prevailing model would be for devices to be managed on a network operator core (rather than through an MVNO’s core) and via that MNO’s connectivity management platform. In an increasingly polarised world, this fits well with the increasing regulatory compliance to localise. Although we note that many eSOs might alternatively want to support connections on their own core, albeit with the associated regulatory issues. As noted below, there is a range of likely approaches.
[For more on the changing IoT regulatory landscape, check out our recent free Position Paper ‘Meeting the increasing regulatory challenge in IoT’, sponsored by floLIVE which examines many of the key regulatory themes, including in devices, permanent roaming, privacy, data sovereignty and security.]
Changing landscape for connectivity middleware
Given the increasing regulatory limitation, we can envisage a market in which connectivity is contracted directly with the MNO, the device is managed on the MNO core, and it is managed on the MNO’s connectivity management platform. And, as it happens, this plays to the changing dynamics of the connectivity middleware landscape.
In the ‘Communications Service Provider (CSP) IoT Peer Benchmarking 2024’ published in July 2024, we identified that the Connectivity Management Platform (CMP) market was changing, with the increasing use of abstraction platforms above the regular SIM management platform to federate between different CMPs.
This fits naturally with the trends outlined above, with enterprises making use of a single pane of glass (SPOG) for connectivity that sits above and integrates with one or more MNO CMPs. It also fits well with MNOs wanting an abstraction platform that allows them to both multi-source CMPs and to integrate with those of other MNOs. This abstraction role is one that naturally sits well with eSIM orchestration. In part because it is an adjacent functionality, and in part because the SGP.32 deployment scenario we envisage will see devices managed on multiple operator network cores and managed through multiple CMPs, something for which the abstraction platform is designed. Of course there is an adjacent issue of the risk of additional customer churn. This balance between customer support and churn risk is a topic we will investigate in the coming year.
Who fits into each category?
With a new emerging set of roles, the question is: who will do what? And, more specifically, who will perform the task of eSIM orchestrator?
There are a set of IoT MVNOs that naturally gravitate to this eSO role. They were never really differentiating based on connectivity resale and have a natural preference for bring-your-own-connectivity (BYOC) models, i.e. where they act as a platform for the management of connectivity but the commercial relationship for that connectivity is between the customer and the MNO. This includes companies like Simplex, SIMPL IoT, Soracom and Teal.
There are also a group of IoT MVNOs that have always been comfortable with BYOC and looking to operate more as a connectivity platform company, including Eseye. We might also categorise the new Vodafone IoT here, with a focus away from selling only Vodafone connectivity and instead acting as a platform for managing connectivity across multiple providers. We could also point to DT IoT’s IoT Hub, which handles SIM management across multiple MNO platforms.
In a report earlier in 2024 ‘What does SGP.32 ‘IoT’ remote SIM provisioning really mean for how cellular IoT connectivity is delivered?’ we speculated about the potential for the emergence of a group of Managed eIM Providers, that would provide eIM/SM-DP+ orchestration as a service, separate from the other functions of IoT connectivity. In that report we suggested that a stand-alone role simply providing eSIM switching as a service was a tiny revenue opportunity. And, furthermore, with the functionality being based on a standard feature, differentiation would be quite tricky. There’s a good analogy here with Device Management, where we see a similar dynamic.
However, we do go on to suggest in that report, that combining the functionality with that of connectivity abstraction, i.e. the ability to manage IoT connections across multiple MNO networks, does have some mileage. This constitutes what might be described as a ‘Connectivity Platform’, separate from the more functional Connectivity Management Platform which is focused on simple SIM management, billing and reporting, on a single MNO’s network (albeit that most are multi-tenanted).
For this reason, we also see a convergence between companies that are former reseller MVNOs focusing instead on their connectivity platforms, and connectivity abstraction platforms such as IoTM and Simetric that can add eSIM orchestration into their propositions.
The remaining question mark is over Connectivity Management Platforms, such as Cisco Control Center or Aeris. In fact eSIM management and some elements of profile orchestration have been features of this type of proposition for a while. For instance, Telia’s ‘Global IoT Connectivity’ offering was based on the eSIM Hub capabilities of Ericsson’s IoT Accelerator. However, it has been limited to a subset of operators that are part of that CMP ecosystem. What is required for this feature to succeed is that it provides a breadth of coverage (in terms of networks/MNOs) comparable to the flexibility of the SGP.32 standard to pick from any connectivity provider. For real value, the CMP would need to layer on the abstraction capabilities as well.
Conclusion: a change but with shades of grey
We should apply several caveats to the discussion above. Firstly that many of these trends are very early; SGP.32 has not yet been deployed, the adoption of connectivity abstraction is nascent, and the regulatory environment is still uncertain.
That said, we can envisage a scenario in which eSIMs are overwhelmingly (localised onto and) hosted on a local operator core network and managed via that MNO’s CMP, but with the eSIM profile management being orchestrated by a specialist eSIM orchestrator via a connectivity abstraction platform which federates across all the MNO CMPs.
However, we should note that diversity will persist, with a continuing role for MVNOs that provide a broader range of services than just eSO. As we highlighted in our Position Paper ‘Key considerations for Enterprises looking to adopt SGP.32’, there is much more to providing IoT connectivity than just switching SIM profiles. There is still a role in negotiating connectivity contracts, helping develop applications, guidance on compliance, ensuring consistency of service, and several other things. Many MVNOs have strong positioning as connectivity resellers, and have significant differentiators in their ability to deliver multi-country/multi-carrier connectivity. In some cases this relates to scale and the ability to negotiate good rates for connectivity, beyond what any enterprise customer could. For this reason there is a strong expectation that MVNOs with a strong proposition will likely continue successfully with their activities for the foreseeable future, incorporating some aspects of the eSO role to support their own operations but managing devices on their own cores and via their own CMPs. IoT connectivity will be overwhelmingly delivered as a managed service and someone has to provide that management layer.
And one final consideration is geographical. There will be differences in approach in the US versus Europe. In Europe the more open roaming environment means that it is relatively easy to ensure support on multiple networks in a market simply through relationships with a few operators. In the US there is much more polarisation and resellers will have a greater requirement for abstraction capability independent of the carriers.
Stay tuned for more coverage of this topic
As noted above, this is a key theme for our research in 2025 and we expect to continue to investigate the opportunity related to SGP.32, eSIM orchestration, connectivity platforms, abstraction layers and more. If you would like to know more about our 2025 Research Agenda, please get in touch.
CPO of 1oT ? We help companies tackle IoT connectivity challenges
1 周Great article, Matt! I completely agree with your points. However, I am a little disappointed that 1oT was not mentioned. I think it's up to us to make our efforts more visible! I share your view that enterprises will focus on orchestration layers and managing different connectivity services through a single platform. If you recall, we discussed this two years ago at MWC in Las Vegas. However, there is a difference between providing the technology stack for these services and actually coordinating the processes to ensure that they are executed within a reasonable timeframe and also benefit the MNOs. I'm curious: Why do you think MNOs want to keep control of the IMSIs at their core? What is the reasoning behind this perspective?