eSIM is no longer a small technical upgrade hidden inside smartphones. It is becoming part of the control layer of global connectivity.

That changes the conversation.

A few years ago, eSIM was mostly explained as a convenience feature: no plastic SIM card, no tiny tray pin, no airport kiosk, no waiting for a physical card to arrive. That was useful, but it was also a very narrow way to look at the technology.

Today, eSIM sits much closer to bigger questions: who controls mobile activation, how easily users can switch providers, how device makers and operators shape access, how enterprise fleets are managed, and how connected devices move across borders.

That is why telecommunications regulatory bodies still matter. Maybe more than ever.

Their role is not to slow eSIM down. It is to make sure the market does not quietly rebuild old restrictions inside a newer, more digital system.

From SIM card to control layer

The physical SIM card was simple to understand. You bought it, inserted it, and your phone connected to a network. The control points were visible: the operator, the SIM card, the device, and the subscription.

eSIM changes that.

With eSIM, the mobile profile is downloaded remotely. A consumer can activate a travel plan through an app. A business can manage connectivity across hundreds or thousands of workers. A car manufacturer, logistics company, smart meter provider, or device maker can provision connectivity without manually touching each device.

That flexibility is exactly why eSIM is powerful. But it also creates new policy questions.

READ MORE: APIs Are No Longer a Differentiator in eSIM

If mobile profiles are digital, who decides which providers appear on the device? If switching is technically possible, is it also commercially easy? If a phone, app, operating system or platform becomes the main activation point, does the consumer really have more choice, or just a different kind of gatekeeper?

This is where regulation enters the picture.

Regulators are not only looking at eSIM as a telecom feature. They are increasingly looking at the broader market structure around digital connectivity: competition, transparency, consumer protection, privacy, cybersecurity, interoperability and national infrastructure resilience.

Competition is the first big issue

The most obvious regulatory concern is competition.

In theory, eSIM should make switching easier. A user should be able to compare offers, download a profile, activate it quickly and move between providers with less friction than before. For travel, this is already visible. A traveller can land in Japan, Turkey, the United States or the UAE and install a data plan without buying a local SIM card.

But “technically possible” is not the same as “market-friendly.”

A provider can still make switching confusing. A device maker can influence which connectivity options are easiest to find. An operator can make activation simple for its own services and less convenient for alternatives. Platforms can create preferred flows, default options, bundled offers or locked-down experiences.

READ MORE: APIs Are No Longer a Differentiator in eSIM

This is why telecom regulators care about switching. BEREC, the Body of European Regulators for Electronic Communications, describes switching and number portability as important for effective competition, because users need clear, accurate and timely information to feel confident enough to move between providers.

That principle applies directly to eSIM.

If eSIM makes switching easier on paper but harder in practice, the market has a problem. Regulators need to watch not just whether eSIM exists, but whether users can actually use it freely.

The old lock-in problem has not disappeared

One of the biggest myths around eSIM is that it automatically removes lock-in.

It does not.

It changes where lock-in can happen.

With physical SIM cards, lock-in was often visible: locked devices, expensive roaming, long contracts, awkward store visits, unclear cancellation processes. With eSIM, lock-in can become more subtle. It can live in user interfaces, device settings, provisioning flows, commercial agreements, operator rules, QR code limitations, app restrictions or platform partnerships.

This is not theoretical.

In the United States, the Department of Justice investigated the GSMA’s eSIM standard-setting process and later issued a business review letter in 2019 after the GSMA proposed new procedures for developing technical standards. The DOJ said the request followed an investigation into the process for eSIM specifications, with competition concerns around how standards were being shaped.

That case is important because it shows something many people in the travel eSIM world still underplay: eSIM is not only a product category. It is also a standards, access and power issue.

Who writes the rules matters? Who participates in the rule-making process? Who benefits from the technical design matters?

Consumer protection needs a refresh

The consumer side of eSIM regulation also needs to move beyond basic telecom rules.

Travel eSIMs have made connectivity more accessible, but the market is messy. Consumers often see similar claims across dozens of providers: “global coverage,” “instant activation,” “unlimited data,” “best networks,” “no roaming fees.” Some offers are excellent. Others are vague, inconsistent or difficult to compare.

Regulators and consumer protection authorities should pay attention to several areas.

First, pricing transparency. A user should know what they are buying, where the plan works, what happens after a fair usage limit, and whether speed reductions apply.

Second, refund and activation rules. If a user cannot activate the eSIM, if the destination is unsupported, or if the network quality is unusable, the process should not become a maze.

READ MORE: The 6 Moments Where You Could Sell eSIM (But Don’t)

Third, privacy and identity. eSIM activation involves device data, profile data, network access and sometimes customer identity checks. That creates a higher need for clear data handling and security practices.

Fourth, misleading “unlimited” claims. This is becoming one of the most important consumer-facing issues in travel connectivity. Unlimited can mean genuinely unlimited, unlimited with speed limits, unlimited for a time window, unlimited with a fair usage cap, or unlimited only in selected countries. For normal travellers, these differences are not always obvious.

The more eSIM becomes mainstream, the less acceptable that confusion becomes.

Security is not just a technical detail

eSIM is often presented as more secure than physical SIM because it reduces the need for removable plastic cards and supports remote provisioning. That can be true, but it does not mean the ecosystem is risk-free.

The European Union Agency for Cybersecurity, ENISA, has examined eSIM ecosystem security risks and measures, noting the relevance of eSIM to a more flexible and secure connectivity environment while also treating it as a policy and security topic.

That matters because eSIM security is not only about one device.

It includes remote provisioning systems, subscription managers, authentication, profile download flows, device compatibility, operator systems, platform relationships, and lifecycle management. In consumer travel, a failed activation is annoying. In enterprise mobility or IoT, poor eSIM control can affect operations, fleets, logistics, healthcare devices, industrial equipment or public infrastructure.

This is why regulators cannot treat eSIM as a simple replacement for plastic SIM cards. The risk surface is different.

IoT makes regulation more serious

The next major phase of eSIM is not only about travellers. It is about connected things.

Cars, smart meters, logistics trackers, payment terminals, industrial sensors, medical devices, tablets, laptops and enterprise devices all need flexible connectivity. Many of them operate across borders. Many have limited user interfaces. Many are deployed in fleets. Many need to last for years.

This is exactly where newer eSIM standards become important.

GSMA lists SGP.32 as an eSIM IoT technical specification, part of the broader consumer and IoT eSIM specification ecosystem. Kigen describes SGP.32 as a specification designed to make remote provisioning work better for real-world IoT constraints such as limited interfaces, intermittent coverage, power limits and fleets that need minimal physical intervention.

That shift changes the policy conversation.

When eSIM is used by a tourist for five days in Spain, the regulatory stakes are mostly consumer protection, price transparency and fair competition.

When eSIM is used across connected cars, smart energy infrastructure, logistics chains or enterprise fleets, the stakes become larger. Regulators must consider resilience, interoperability, vendor dependence, cybersecurity, lawful access, data protection, and operational continuity.

In other words, eSIM regulation is moving from “can consumers switch mobile plans?” to “who controls connectivity across digital infrastructure?”

That is a much bigger question.

Device makers and platforms are becoming part of the story

Telecom regulation used to focus heavily on mobile operators. That made sense. Operators owned the network, sold the subscription and controlled much of the customer relationship.

With eSIM, the picture is more complicated.

Device makers, operating systems, app stores, travel platforms, banks, super apps, enterprise mobility platforms and eSIM enablers can all sit between the user and the network. Some own the customer interface. Some own the provisioning layer. Some own the commercial bundle. Some own the analytics, billing and lifecycle controls.

This is especially important for consumer eSIM.

A traveller may not care which wholesale network, MVNO, platform or remote SIM provisioning architecture sits behind the plan. They care whether it works. But for the market, the invisible stack matters. It determines margins, reliability, support quality, customer ownership and long-term power.

Regulators will increasingly need to understand these layers. Otherwise, they may regulate the old telecom market while the new one quietly moves elsewhere.

What good eSIM regulation should protect

Good eSIM regulation should not punish innovation. It should protect the conditions that allow innovation to stay open.

That means five things.

It should protect real switching. Users should be able to move between providers without unnecessary technical or commercial barriers.

It should protect interoperability. Devices, networks and platforms should not become closed gardens disguised as convenience.

It should protect transparency. Consumers and businesses should understand coverage, speed limits, activation rules, pricing and cancellation terms.

READ MORE: Provisioning Is Becoming the Boring Part of eSIM

It should protect security. Remote provisioning needs strong standards, reliable authentication and clear accountability across the ecosystem.

It should protect market access. Smaller providers, MVNOs, travel eSIM platforms, enterprise eSIM specialists and IoT connectivity players should not be blocked by standards or device-level control that only favors incumbents.

That is the balance regulators need to strike.

Too much intervention can slow the market. Too little oversight can allow the most powerful players to shape the market in their own image.

The real issue is control

The future of eSIM regulation will not be decided only by telecom operators. It will be shaped by regulators, standards bodies, device makers, mobile platforms, enterprise buyers, IoT players, travel brands and consumers themselves.

That is why the real question is not whether eSIM will grow. It already is.

The real question is who controls the experience as it grows.

If eSIM remains open, transparent and interoperable, it can make mobile connectivity more flexible for travellers, businesses and connected devices. If it becomes another closed layer controlled by a small number of powerful actors, the market could repeat the same problems it was supposed to solve.

Regulators matter because eSIM is no longer just about replacing a plastic SIM card.

It is about competition, trust and control in the next phase of global connectivity.