GO UP
esim background
automotive eSIM

Why Your Car’s eSIM Is More Complex Than Your Phone’s

On a phone, eSIM is basically a convenience feature. You scan a QR code, tap “Add cellular plan,” and you are online. If it goes wrong, you get annoyed, you restart the device, you message support, you may switch providers. The stakes are mostly personal. automotive eSIM

In a car, the eSIM sits inside a machine that is expected to behave like infrastructure. It has to work in the background, across borders, in weird coverage pockets, in extreme temperatures, for years. It may support emergency calling, telematics, security services, remote diagnostics, fleet features, or over-the-air software updates. Suddenly, the eSIM is not just about onboarding. It is about lifecycle control, compliance, and risk. That is the core reason the “car eSIM” story is more complex than the “phone eSIM” story.

And yes, it is still an eSIM. But the architecture around it is a whole different sport.

Two eSIM worlds: consumer convenience vs machine lifecycle

Most people meet eSIM through the consumer standard experience, the GSMA Remote SIM Provisioning architecture designed for consumer devices like smartphones (commonly referenced as SGP.22 in the spec family).

Cars were one of the industries that pushed early, hard requirements for embedded SIM and remote provisioning in machine environments. That is why a lot of automotive deployments historically align with the “M2M eSIM” model described in GSMA’s embedded SIM and M2M remote provisioning specs (often associated with the SGP.02 architecture family).

Then there is the newer chapter: GSMA’s IoT-focused eSIM architecture (SGP.32 as part of the IoT eSIM specification set) designed to make remote provisioning more practical at scale for devices with limited UI, intermittent connectivity, and long field life.

So if your mental model is “eSIM = digital activation,” you are thinking in phone terms. Cars force you to think in system terms.

A car is not one device. It is a moving network of devices.

Your phone is a single endpoint with a screen, a user, and a fairly predictable upgrade cycle.

A car is an ecosystem on wheels. The eSIM usually lives in a telematics control unit (TCU) or network access device module that talks to other vehicle systems. That connectivity is not just for “internet in the cabin.” It can be tied to vehicle services and safety-related functions, depending on the market and the OEM’s design.

That changes how you design connectivity:

  • You need consistent service continuity, not just “best effort data”
  • You need fleet-level management, not one-person account management
  • You need strict change control, because a random profile switch can have real downstream effects

On phones, you can treat connectivity as a personal choice. In cars, connectivity becomes part of the product’s operating envelope.

Ubigi SIM hotspot routerThe standards story is why “switching networks” is harder than it sounds

On phones, remote provisioning is user-driven. The device can present UI flows, guide the user, and rely on the user to trigger downloads and manage profiles. That is a “pull” style experience that fits consumer eSIM design.

In classic M2M eSIM deployments, remote provisioning has historically leaned on a more complex server-side setup, including components like Subscription Manager Data Preparation (SM-DP) and Subscription Manager Secure Routing (SM-SR). The integration and operational overhead can be significant, especially if you want flexibility across multiple operators and regions.

That is one reason the industry has been so focused on newer IoT eSIM approaches: the goal is to make remote provisioning and lifecycle management more scalable and less painful for IoT and automotive-style realities.

If you have ever wondered why a car cannot just “let you pick a carrier like your iPhone,” this is a big part of the answer. The provisioning model was built for machines first, and machines come with different constraints.

Cars live longer than mobile networks do

Your phone’s lifecycle is what, 3 to 6 years for many people?

A connected vehicle platform can be expected to live 10 to 15 years, sometimes more, especially in fleet and commercial contexts. That is long enough to outlast radio generations, operator roadmaps, and even entire networks.

This is where complexity becomes unavoidable:

  • 2G and 3G shutdowns have already forced real-world remediation programs for connected products and vehicle telematics
  • module compatibility, VoLTE/IMS requirements, and profile provisioning can become operational issues, not theoretical ones

On a phone, network sunsets are mostly solved by buying a new phone. On a car, “just upgrade” is not a casual sentence. It becomes recalls, dealer visits, retrofits, OTA strategy, and a lot of money.

So the eSIM is not only about onboarding. It is about survivability.

Compliance turns connectivity into a regulated design space

Now add regulation.

In the EU, new types of cars and vans have been required to support 112-based eCall since 31 March 2018, with type-approval requirements defined at EU level.

Then add cybersecurity and software integrity expectations that apply to connected vehicles. UNECE WP.29 UN Regulation No. 155 sets cybersecurity and cybersecurity management system expectations for vehicle type approval in contracting markets, and it is often discussed alongside software update governance (R156).

And in parallel, ISO/SAE 21434 defines cybersecurity engineering expectations across the lifecycle of road vehicle electrical and electronic systems.

Put simply: a car’s connectivity is not just a service feature. It is increasingly part of the compliance posture.

That affects eSIM decisions directly:

  • Who is allowed to push changes
  • How credentials are managed
  • What auditability exists
  • How OTA updates are secured and governed

On a phone, you can recover from chaos with user action. In a car, you have to design out chaos.

The security model has more attack surface and more consequences

Connected cars expand the stakes of provisioning security. If an attacker can influence provisioning flows, route traffic, or compromise connectivity components, the consequences can move beyond “my data got slow.” There is active research evaluating M2M remote SIM provisioning protocols and their security properties, including analyses that highlight potential weaknesses and threat models.

This is why automotive eSIM programs tend to involve more stakeholders, more certification expectations, and more conservative operational practices than consumer eSIM programs.

It is also why the industry keeps circling back to “control layers” as the real differentiator. Not just coverage. Control.

So who actually “owns” the car’s eSIM experience?

On your phone, you do. You are the user, the decision maker, the account holder.

In cars, ownership is blurred:

  • The OEM designs the connectivity architecture
  • A connectivity provider or platform may manage profiles and orchestration
  • Mobile network operators provide the underlying access
  • The driver is often a user, but not the administrator
  • Fleets may be the real customer, with policy and oversight requirements

This is why automotive connectivity partnerships look like politics and plumbing at the same time. It is also why “local roaming rules,” “permanent roaming concerns,” and wholesale commercial models matter much more in automotive than in consumer travel eSIM.

Where SGP.32 and the IoT eSIM direction fit in

The industry’s push toward IoT eSIM architectures is not just standards theatre. It is an attempt to match reality: limited UI, long field life, remote management needs, and operational scale.

If you zoom out, automotive is one of the clearest use cases where IoT eSIM thinking makes immediate sense:

  • You want remote provisioning that works reliably with minimal human interaction
  • You want interoperability and vendor choice over a decade-plus lifecycle
  • You want operational simplicity that does not require bespoke integrations with everyone forever

That is the trajectory. Less “activation flow.” More “lifecycle operating system.”

Where is this heading automotive eSIM

Cars are quietly becoming long-lived IoT fleets with regulatory obligations, cybersecurity governance, and connectivity expectations that look closer to critical infrastructure than consumer telecom.

That is why the market is splitting into two approaches, and you can already see the difference in how players position themselves.

One approach is still phone-inspired: sell connectivity as a plan, focus on onboarding, keep the story consumer-simple. This works for infotainment-heavy experiences and lighter use cases, but it starts to wobble when you need decade-long continuity, auditability, and policy control.

The other approach is infrastructure-inspired: treat the eSIM as a controllable asset inside a managed connectivity layer, aligned with IoT eSIM standards and automotive governance requirements. That is where SGP.02’s legacy complexity meets SGP.32’s push for scalable IoT provisioning, and where cybersecurity and type approval realities shape what is even acceptable.

The trend is pretty clear: as vehicles become more software-defined and more regulated, “who can control connectivity, prove it, and sustain it for 10 to 15 years” will matter more than who has the prettiest activation story.

Your phone’s eSIM is a convenience layer.

Your car’s eSIM is a control layer in disguise.

1
eSIM

Driven by wanderlust and a passion for tech, Sandra is the creative force behind Alertify. Love for exploration and discovery is what sparked the idea for Alertify, a product that likely combines Sandra’s technological expertise with the desire to simplify or enhance travel experiences in some way.

RELATED POSTS

By

By

By