eSIM used to be about convenience. Now it’s about compliance — and that changes everything. GSMA eSIM certification

Five years ago, hardly anyone outside the telecom industry ever said the word “certification” in the same breath as eSIM. The narrative focused on ease of travel, dual SIM flexibility, smartphone freedom, and cool connected gadgets.

But in 2025, reading through the GSMA eSIM Compliance Report 2025, one thing becomes abundantly clear: eSIM certification is no longer a box to tick — it’s becoming the new competitive high ground for every serious player in the connectivity ecosystem.

Manufacturers, operators, eSIM providers, IoT platform builders, and even cloud infrastructure companies are now competing on the quality, speed, security, and trustworthiness of their certification routes.

And the reason is simple:
Where there is trust, there is adoption. Where there is adoption, there is revenue.
In today’s eSIM economy, certification is what builds that trust.

It starts with one number: the entire ecosystem now depends on digital PKI trust

At the core of GSMA’s compliance process is something invisible but foundational: the eSIM digital certificate (PKI).

Once an eUICC (the chip inside an eSIM-capable device) passes the compliance process, it receives this certificate. That certificate is what allows devices to authenticate with:

• SM-DP+ servers
• SM-DS servers
• Remote SIM provisioning systems
• Mobile network operator infrastructure

Without this certificate, profiles can’t be securely downloaded. IoT devices can’t be onboarded at scale. Consumer devices can’t activate networks. Nothing works.

The compliance process exists to ensure:

“Any certified eSIM product can securely interact with any certified backend platform.”
— GSMA eSIM Compliance Report 2025

This makes certification the central glue. And because that glue now touches billions of devices across dozens of industries, the stakes are dramatically higher.

A growing battlefield: why certification is suddenly where companies compete

Let’s break down the forces pushing certification from “optional technicality” to “strategic weapon.”

1. The device explosion has transformed certification into a volume business

GSMA data shows consumer eSIM devices skyrocketed from:

• 4 devices in 2017, to
• 66 devices in 2025

And that’s only the certified set.

When eSIM was new, a handful of vendors dominated the space. Today:

• Smartphone OEMs
• IoT module manufacturers
• Automotive vendors
• Wearable companies
• PC manufacturers
• Industrial hardware producers

…are all shipping eSIM-capable devices.

That means more competition, more fragmentation, more supply chain complexity — and a huge need for certification as the common compatibility layer.

2. Security threats are rising, and certification is becoming the defence layer

The report spells out multiple layers of software and hardware security standards:

• PP-0100 / SGP.25
• PP-0035
• PP-0084
• Common Criteria
• eSA Scheme
• EUCC

Older devices often skipped these entirely. GSMA notes that many early products had no declared compliance at all — something now prohibited.

In 2025, skipping certification isn’t just risky — it’s unacceptable. Governments, operators, and OEMs are tightening requirements. Vendors who can’t certify at scale get pushed out of the supply chain. GSMA eSIM certification

3. The rise of IoT makes certification the new “passport” for global deployment

IoT is taking over the connectivity world, and IoT devices are:

• mass-deployed
• mission-critical
• remotely managed
• globally distributed
• often security-constrained

The new IoT eSIM architecture (SGP.31/32) is designed for exactly this world — and certification is now mandatory.

The earliest data shows:

• 8 IoT eUICCs already certified
• 5 server-based eIM platforms certified

This uptake happened immediately after GSMA opened IoT compliance in 2025 — showing vendors were preparing years in advance.

4. Operators and enterprises demand proof, not promises

Mobile operators have become extremely cautious. Adding a non-certified eSIM product to their infrastructure introduces risk:

• network disruption
• provisioning failures
• profile download errors
• security vulnerabilities

Enterprises are even more risk-sensitive: they deploy thousands of IoT devices globally. A non-compliant chip could derail an entire rollout.

Certification, therefore, becomes a market access requirement.

The big shift: certification itself is being disrupted

One of the best parts of the 2025 GSMA report is the section on security certification. Because it reveals a major transition:

eSA is not only rising — it’s becoming the preferred path.

(And this changes the competitive landscape.)

According to the report, eSA certifications rose sharply:

• 1 certification in 2022
• 5 in 2023
• 13 in 2024
• 17 in 2025

Why? Because it’s:

• faster
• cheaper
• globally recognized
• designed specifically for eUICC
• more agile than Common Criteria

This creates a new competitive dynamic:
vendors with efficient eSA pipelines can bring products to market faster than their peers.

Thales, G+D, Kigen, and IDEMIA openly promote eSA as the future. Smaller vendors like Valid and Workz leverage it to stay competitive with faster releases.

Certification speed has officially become a competitive advantage.

Consumer vs. IoT vs. M2M: different segments, different certifications, different winners

To understand this battleground, we need to look at the segments separately.

Consumer eSIM: certification is now the price of admission

The consumer device market is crowded, fast-moving, and increasingly global. Certification is no longer optional because:

• Device diversity is massive
• OEMs ship devices to dozens of regions
• Operators want frictionless onboarding
• Security requirements keep rising

GSMA charts show that eUICC products lean heavily toward medium-category chips (CAT2) and strong security:

• 97 hardware CC-certified eUICCs
• 23 eSA-certified consumer products
• 47 products using deprecated interim certifications (now forbidden)

Consumer eSIM players compete on:

• security
• interoperability
• certification speed
• feature support

This is why Apple, Samsung, Google, Lenovo, Oppo, Garmin, and others rely on vendors who can certify quickly and consistently.

IoT eSIM: the new frontier where certification defines market leadership

The IoT compliance ecosystem launched only recently, yet:

• 8 eUICCs
• 5 eIM platforms

…are already certified or in progress — and every single one uses robust security pathways.

This is the battleground where new winners will emerge.

Why?

Because IoT requires:

• zero-touch provisioning
• remote lifecycle management
• fallback reliability
• secure profile swaps
• cloud-native provisioning workflows

The vendors who master certification at scale become the backbone of:

• smart cities
• connected vehicles
• industrial automation
• logistics
• healthcare IoT
• energy meters
• environmental monitoring

We’re watching a new generation of eSIM/iSIM champions form — and certification is the filter that separates capable vendors from obsolete ones.

M2M eSIM: a revealing decline

M2M certifications fell off a cliff:

• 0 new eUICCs in 2024 and 2025
• No new PP-0089-certified products
• SM-DP/SM-SR platforms dropping to 2–3 per year
• No adoption of EUCC or updated security methods

What does this mean?

M2M is no longer the battleground. It’s the retreating front.

Vendors aren’t investing in certification because:

• M2M architecture is too rigid
• Operators are migrating away from it
• IoT architecture (31/32) is the future
• iSIM architectures make M2M obsolete

Certification reflects where investment goes — and the money has moved.

Certification as a differentiator: which players are winning?

Based on industry movement plus GSMA data, here’s the competitive landscape:

The global giants: Thales & G+D

Strengths:

• Comprehensive certification machinery
• Deep Common Criteria experience
• Capabilities across Consumer, IoT, M2M

Challenges:

• Speed
• Cost structure
• Legacy complexity

They remain dominant, but new challengers are faster.

The agile disruptors: Kigen, Workz, Valid

These companies win on:

• speed to certification
• cost-effective provisioning
• modern cloud-based workflows
• heavy use of eSA

They position themselves as flexible alternatives to legacy giants.

The platform players: Truphone/TP Global, Redtea Mobile

They differentiate via:

• multi-tenant SM-DP+
• innovative orchestration tools
• consumer-first activation flows

Their competitive edge is agility in backend certification and the expanding role of SM-DP+ in global connectivity.

Chipset integrators: Qualcomm, MediaTek, Sequans

These firms push certification down to the silicon level, especially with iSIM. Their competitive angle is:

• efficiency
• low power consumption
• simplified supply chains

As iSIM grows, its certification influence will grow with it.

So why is certification the battleground of the next decade?

Here’s the big-picture answer: GSMA eSIM certification

Because eSIM is becoming invisible — and when technology becomes invisible, trust becomes the product.

Consumers don’t think about eSIM tech.
Enterprises don’t want to manage complexity.
Operators don’t want interoperability failures.
Manufacturers don’t want costly recalls.

All of them rely on one thing:
Certified products that always work with certified platforms.

Certification becomes:

• a competitive moat
• a trust signal
• a global passport
• a gateway to operator onboarding
• a prerequisite for enterprise adoption
• a differentiator in RFPs
• a marketing advantage

The battle isn’t about who builds eSIM — it’s about who proves, faster and more reliably, that their eSIM is compliant, secure, interoperable, and future-proof.

This is why companies are:

• investing in in-house certification teams
• automating compliance workflows
• optimizing for eSA
• expanding testing labs
• forming new GSMA working groups

Certification is becoming the new innovation race.

The bigger trend: certification is reshaping the business models behind eSIM

Behind the scenes, certification is changing how companies operate:

• Vendors now build products around certifiable architectures.
• Operators require certification before onboarding eSIM providers.
• IoT integrators choose only certified chipsets.
• Governments are drafting compliance-based procurement frameworks.
• OEMs compete on how fast they can re-certify devices with minor updates.

This is especially visible in the GSMA’s report on certification types:

• 43 new certifications
• 9 maintenance (minor changes)
• 5 major updates
• 1 full recertification

This shows that eSIM isn’t static — vendors must continuously re-certify to stay competitive.

Final thoughts: certification is becoming the infrastructure of trust in global connectivity

The eSIM industry has reached a point where technical capability alone is not enough. The competitive edge now lies in:

• how fast you can certify
• how secure your certification is
• how flexible your certification pathway is
• how well you support new architectures
• how seamlessly you interoperate with global networks

Consumer eSIM growth made certification necessary.
IoT eSIM growth makes certification mission-critical.
M2M decline shows certification determines survival.

The companies that understand this — and build certification into their strategy rather than treating it as a compliance checkbox — will lead the next decade of digital connectivity.

In the end, eSIM success is no longer just about technology.
It’s about trust.
And in 2025, trust is measured in certifications.