What is eSIM for Industrial IoT – and How to Use It:
A Practical Guide for Routers, Gateways and Large-Scale IoT Deployments
White Paper – Executive Summary
Brief
Industrial IoT equipment is expected to run for 10–15 years in harsh, distributed environments – while cellular networks, tariffs and security requirements change every few years. Traditional SIM cards were never designed for that reality. They can be fragile, hard to manage at scale, and tightly coupled to a single operator choice made at the moment of installation. For operators of utilities, transportation, elevators, retail, and critical infrastructure, SIM management has quietly become a lifecycle and security problem, not just a logistics task.
Embedded SIM (eSIM) technology changes the equation by moving the subscriber identity into a secure element that can hold multiple operator profiles and be provisioned remotely. When combined with industrial routers and gateways, a standards-based eSIM platform, and a management system such as RCMS, organisations can treat connectivity as software: activating, switching and retiring cellular profiles over the air instead of rolling trucks and swapping cards. This white paper explains what eSIM really means for Industrial IoT and shows how to design, deploy and operate eSIM-ready routers, gateways and edge devices in large-scale fleets.
What you’ll learn
- How eSIM works in Industrial IoT: The building blocks of eSIM, iSIM and remote SIM provisioning – and how they differ from traditional, plastic SIM cards.
- Where eSIM lives in routers and gateways: Practical architectures showing how the eSIM secure element, modem, operating system and management platform interact in real deployments.
- Security and compliance implications: How eSIM strengthens device identity, supports modern security models, and fits into emerging regulations for critical infrastructure.
- Deployment and lifecycle patterns: Proven strategies for greenfield rollouts and phased migrations from plastic SIMs, including bootstrap profiles, multi-carrier setups and long-term fleet management.
- How to choose the right partners and platforms: A checklist for evaluating eSIM-ready industrial routers, eSIM/RSP providers and management tools – so you can design a connectivity strategy that lasts the life of your assets.
Setting the Scene: SIM, eSIM and iSIM in Industrial IoT
Industrial IoT deployments have quietly evolved from “a few remote sites” to fleets of thousands of routers, gateways and edge devices spread across regions and regulatory jurisdictions. Underneath every one of those connections sits a SIM – but not all SIMs are created equal, and the terminology in the market has become dangerously blurred.
For years, any soldered MFF2 SIM package was casually described as an “embedded SIM” or “eSIM,” even when it behaved exactly like a traditional SIM card with a single operator profile and no remote provisioning capability. Modern eSIM, however, is built on eUICC technology – a different class of SIM that can securely store multiple operator profiles and be managed over the air using GSMA Remote SIM Provisioning (RSP) standards. Understanding this distinction is critical for buyers who need their connectivity strategy to last the life of their assets.
At a high level, you can think of the SIM landscape in two dimensions
Technology (what it can do):
- UICC: traditional SIM that holds a single operator profile, configured once and rarely changed.
- eUICC (eSIM): an enhanced SIM that can securely hold and manage multiple operator profiles, supporting remote provisioning and swaps.
- iSIM: the next step, integrating eUICC capabilities directly into the device’s chipset or modem.
Form factor (how it’s packaged):
- Plastic card formats: 2FF (mini), 3FF (micro), 4FF (nano).
- Chip-level packages: MFF2 and similar “embedded” soldered devices on the PCB.
The key point is that “eSIM” is a capability (eUICC), not a shape. You can have:
- A plastic card that is a full eUICC (true eSIM in a removable form factor).
- A soldered MFF2 device that is only a traditional UICC (not an eSIM in the modern sense).
- A chip-level eUICC (eSIM) in MFF2 that combines both embedded packaging and multi-profile capability.
For Industrial IoT decision-makers, this distinction is not academic. It determines whether you are locking your fleet into a single operator for the next decade, or whether you can:
- Download and activate new operator profiles remotely under GSMA SGP.22 or SGP.32.
- Respond to regulatory changes and permanent roaming restrictions by switching to local profiles without visiting sites.
- Optimise tariffs and coverage over time without hardware changes or truck rolls.
Clear Terminology
In the sections that follow, we will use the terms precisely:
- SIM or UICC when we refer to traditional, single-profile SIMs.
- eSIM or eUICC when we refer to multi-profile, remotely provisionable SIMs compliant with GSMA RSP standards.
- iSIM when we refer to eUICC capabilities integrated into the device silicon.
- Form factors (2FF/3FF/4FF/MFF2) only when discussing physical packaging, not capability.
This clear separation between technology and form factor is the foundation for designing robust, future-proof connectivity architectures in Industrial IoT. The rest of this white paper assumes that distinction and builds on it to show how eSIM is implemented in routers, gateways and large-scale IoT deployments.
GSMA Remote SIM Provisioning: How eSIM Profiles Are Delivered
Choosing eUICC-based hardware only pays off if you can change operator profiles without touching the device. That’s what GSMA Remote SIM Provisioning (RSP) delivers: a standardised, secure way to download, activate and retire SIM profiles over the air.
Instead of shipping devices with a fixed SIM that never changes, you can:
- Ship with a simple bootstrap profile just to get online
- Add or swap operator profiles remotely based on country, tariff, or coverage
- Manage thousands of devices centrally through APIs and management platforms such as RCMS
The Core Building Blocks
From an Industrial IoT viewpoint, RSP really comes down to three elements:
- The eUICC in your device
The secure element inside the router or gateway that can store multiple profiles and enforce security rules. - The RSP platform
A cloud service (often from a specialist like Kigen or an MNO/MVNO) that securely hosts operator profiles, authenticates devices, and pushes profile changes to eUICCs. - The mobile network
The operator core that recognises each active profile as a subscriber and provides service.
When a device powers up, the eUICC authenticates with the RSP platform, which is then allowed to download and activate profiles on that specific secure element.
A Typical Industrial Provisioning Flow
In a large-scale router or gateway deployment, RSP usually works like this:
- Manufacture & bootstrap – Devices are built with an eUICC (or iSIM) and a basic bootstrap profile. Device IDs and eUICC IDs are registered in the RSP platform.
- Install & connect – Devices are installed, powered on in the field, and use the bootstrap profile for minimal connectivity.
- Profile assignment – The RSP platform selects the right operator profile (based on project, geography or customer) and securely downloads it to the eUICC.
- Activation & operation – The new profile is activated; the router begins normal service. Additional profiles can be added later for backup or roaming.
- Change & retirement – Over the asset’s life you can switch profiles, add backups or deactivate them entirely when the device is decommissioned – all remotely.
Your router OS and management platform sit on top of this, giving operations teams a single pane of glass for status, commands and audit trails, even when multiple operators and eSIM partners are involved.
What to Look For in an RSP Partner
For industrial fleets, the critical questions are less about spec numbers and more about control and scale. When selecting an eSIM/RSP partner, check that they:
- Support central, M2M-style control (no QR-code consumer workflows)
- Provide API-first integration so platforms like RCMS can trigger changes and read status
- Offer clear multi-operator flexibility on a single eUICC
- Have a security and compliance posture appropriate for critical infrastructure
With the right combination of eUICC hardware and RSP platform, changing a mobile operator becomes a software decision, not a truck roll – which is the fundamental promise of eSIM for Industrial IoT.
RSP Architectures: From SGP.22 to SGP.32
Remote SIM Provisioning has evolved over time. In industrial projects you will still hear different GSMA spec numbers – most often SGP.22 and, increasingly, SGP.32. You don’t need to memorise the standards, but it is worth understanding what they mean for the way your eSIM fleet is managed.
- SGP.22 – “Classic” M2M eSIM & Consumer eSIM
- Designed for machine-to-machine deployments where SIMs are not easily accessible.
- Uses separate back-end roles (often described as SM-DP and SM-SR) to download and manage profiles on the eUICC.
- Profile changes are typically operator-centric: each mobile network operator integrates its own RSP platform, and lifecycle control is tightly tied to those operator systems.
- This is the architecture that underpins many first-generation industrial eSIM deployments, and it is what most current M2M eSIM platforms still run on today.
- SGP.32 – IoT eSIM for the next wave
- A newer architecture designed specifically for large-scale IoT rather than phones or legacy M2M.
- Simplifies the roles in the ecosystem and makes it easier for the IoT service provider or enterprise (rather than only the MNO) to orchestrate profile management.
- Better suited to multi-operator, multi-region fleets, with cleaner APIs and less bilateral integration overhead.
- Aligns more naturally with devices like industrial routers and gateways that talk securely over IP to cloud platforms and management systems.
Put simply:
- SGP.22 works and is widely deployed today, but tends to be more complex and operator-driven.
- SGP.32 is where the industry is heading for scalable, multi-operator IoT eSIM.
Robustel’s SGP.22 eSIM Architecture Today
In today’s deployments, Robustel’s eSIM solution is built on the GSMA SGP.22 “classic M2M” architecture. This is the model most industrial eSIM platforms run on right now, and it’s important to understand how control is shared between the mobile network operator, the RSP platform, and the device itself.
Figure 1 – Robustel SGP.22 eSIM Architecture (Current)
The router (for example, an R1511e) contains an eUICC from Kigen and Robustel’s own LPAd (Local Profile Assistant – device) integrated into RobustOS. The LPAd acts as the secure bridge between the eUICC in the device and the operator’s subscription management platform (SM-DP+ / SM-DS), enabling profile downloads, activations and swaps under SGP.22.
You can describe the moving parts of SGP.22 very simply:
- eUICC (Kigen chip SIM or plastic SIM)
Stores multiple operator profiles securely. It is SGP.22 compliant and sits inside the router. - LPAd inside RobustOS
Robustel’s Local Profile Assistant on the device. It talks securely to the subscription management platform (SM-DP+) and exposes eSIM actions (download, enable, disable, delete) inside RobustOS and, ultimately, RCMS. - SM-DP+ / SM-DS (operator / eSIM partner side)
The operator-controlled environment where profiles are generated, hosted and delivered. Under SGP.22 this layer is largely controlled by the mobile network operator, which is why much of the lifecycle remains operator-centric. - End user / enterprise
Triggers changes indirectly through portals, APIs or support processes, but the operator’s platform ultimately drives the RSP transactions.
Today, Robustel routers already support standards-based eSIM under SGP.22, with our own LPAd integrated into RobustOS. That means you can use Kigen or operator eSIMs in a familiar, operator-driven RSP model, while managing devices and actions from RCMS.
Robustel’s SGP.32 Architecture: IoT eSIM with eIM and IPAd
As the ecosystem moves from classic M2M eSIM to IoT-focused eSIM, Robustel is adopting the GSMA SGP.32 architecture. SGP.32 is designed specifically for large IoT fleets and introduces two ideas that matter for our customers: the eIM (eUICC Interface Module) and a lighter, embedded IPAd (Integrated Profile Assistant – device).
Figure 2 – Robustel SGP.32 IoT eSIM Architecture (Roadmap)
Robustel routers (for example, R1511e) use an SGP.32-compliant Kigen eUICC and Robustel’s own IPAd, integrated with RobustOS. The IPAd works together with an external eIM, which is controlled by the mobile network operator or a trusted third-party eSIM IoT remote manager. This combination enables standards-based profile management without the heavy consumer software stack on the device.
What changes?:
- eUICC (Kigen, SGP.32-compliant)
Still holds multiple operator profiles and secure keys, but also includes internal domains such as ISD-R, ISD-P and MNO-SD to support the new IoT eSIM flows. - IPAd inside RobustOS
A lightweight evolution of the LPAd used in SGP.22. It resides close to the eUICC and handles the on-device side of provisioning for constrained IoT devices, without requiring a full “smartphone-grade” software stack. - eIM (eUICC Interface Module)
A standardised API layer defined by SGP.32, hosted by the operator or a third-party eSIM IoT remote manager. It exposes simple, secure commands that devices like Robustel routers can use to request profile download, activation, deactivation and deletion in a consistent way across multiple networks. - SM-DP+ / SM-DS and Operator systems
Continue to generate and host profiles, but interaction with devices is mediated through the eIM, making the architecture cleaner and more IoT-centric.
Compared with SGP.22, this approach:
- Reduces the complexity on the device by pushing more logic into the eIM and eUICC.
- Makes it easier for a single eSIM IoT manager to orchestrate profiles across many operators.
- Aligns better with how industrial fleets are run: centralised operations (via RCMS and back-end systems) talking to a unified eSIM layer, rather than integrating separately with each operator’s proprietary platform.
Robustel supports SGP.22-based eSIM today with our LPAd, and our roadmap is aligned with SGP.32 using IPAd and eIM, so your eSIM-ready routers and gateways can evolve as the IoT eSIM ecosystem matures.
Read Our Press Release With Kigen
Learn more about Robustel’s collaboration with Kigen to deliver eSIM/eUICC compatability to our routers and gatewaxys
https://kigen.com/resources/news/robustel-industrial-edge-routers-with-kigen-iot-esim-eim
The Business Benefits of eSIM for IoT Deployments
Everything we’ve covered so far – eUICC, RSP, SGP.22/32 – matters for one reason: it changes the economics and risk profile of keeping industrial assets connected. Moving from plastic SIMs to eSIM is not a cosmetic upgrade; it fundamentally shifts how you design, deploy and operate connectivity across thousands of routers and gateways.
Operational Efficiency: Fewer Truck Rolls, Faster Changes
With traditional SIMs, any change of operator, tariff or SIM form factor eventually turns into a site visit. For widely distributed assets, that can dwarf the cost of connectivity itself.
eSIM flips that:
- No physical SIM swaps – profile changes are executed remotely via RCMS and the RSP platform.
- Faster deployment – devices can ship with a generic bootstrap profile and be “assigned” to the right operator once they are installed and powered.
- Central control at fleet scale – operations teams can push changes to hundreds or thousands of devices in one action, instead of managing SIMs site by site.
For organisations with large fleets or hard-to-reach assets, the reduction in truck rolls, travel time and scheduling complexity is often the single biggest ROI driver.
Strategic Flexibility: Connectivity as a Software Decision
Choosing a SIM today is usually choosing an operator for the entire life of the device. If network quality changes, roaming rules tighten, or commercial terms become less favourable, you are constrained by the SIM you originally installed.
eSIM allows you to:
- Decouple hardware from operator choice – design once, deploy globally, and select operator profiles region-by-region in software.
- Respond to regulatory and commercial change – move from roaming to local profiles, or between operators, without touching the device.
- Pilot new connectivity partners on a subset of your fleet without redesigning hardware or logistics.
In practice, this gives procurement and operations teams more leverage: you are no longer negotiating contracts with the threat of a full hardware refresh hanging over the table.
Security and Compliance: Stronger Identity, Better Control
Industrial and critical infrastructure environments are under increasing scrutiny. SIMs are no longer just billing identifiers; they are part of the security boundary.
eSIM strengthens that boundary:
- Tamper-resistant secure element – credentials are stored in a hardened chip (or integrated secure environment for iSIM), not in a removable piece of plastic.
- Controlled lifecycle – profiles can be suspended, revoked or deleted remotely if a device is compromised or decommissioned.
- Alignment with modern standards – eSIM and IoT-focused architectures like SGP.32 support more advanced models (e.g. using the secure element as a root of trust for broader device security).
Combined with router features such as secure boot, signed firmware and RCMS policy control, eSIM becomes one part of a broader defence-in-depth strategy rather than a weak point.
Simpler Global Hardware: Fewer SKUs, Fewer Surprises
Global IoT projects often end up with:
- Multiple hardware variants per region
- Different SIM trays, plastic formats or modem SKUs
- Complex logistics for matching the right device to the right SIM and operator
eSIM lets you move toward:
- A small number of global router/gateway SKUs with eUICC or iSIM on board
- Operator choice determined by profile selection, not hardware variant
- Less stock fragmentation and fewer configuration errors in the field
This is particularly powerful for OEMs, global service providers and enterprises rolling out repeatable solutions across many countries.
Sustainability and Lifecycle Sustainability
Finally, there is a sustainability story not just in terms of plastic usage, but in the overall lifecycle:
- Less plastic and packaging – one embedded eUICC can replace multiple generations of plastic cards over the life of an asset.
- Lower travel and site interventions – fewer truck rolls reduce fuel use and associated emissions.
- Longer usable life for devices – you can keep hardware in service while adapting connectivity to new networks and regulations.
For many utilities, cities and large enterprises, these points feed directly into ESG reporting, Net Zero and “modernisation” narratives.
eSIM turns connectivity from a fixed, hardware-bound decision into a controllable, software-driven asset.
Turning eSIM Strategy into Action with Robustel
The theory of eSIM only matters if you can apply it to the routers and gateways you already deploy today. Robustel’s approach is deliberately pragmatic: we support retrofit eSIM via plastic eUICC cards for existing devices, and embedded eSIM chip options for new designs – all managed through RobustOS and RCMS with Kigen as the eSIM technology partner.
Hardware Choice: Retrofit and Embedded eSIM
Robustel doesn’t force you into a single hardware path – you can start where you are and evolve over time.
- Retrofit eSIM (plastic eUICC cards)
- Use plastic eSIM cards from Kigen in existing Robustel routers with standard SIM slots.
- Looks and installs like a normal SIM, but is a full eUICC/eSIM: multiple profiles, remote provisioning, SGP.22 compliant.
- Ideal for brownfield projects, pilots, and any deployment where the hardware is already fixed.
- Embedded eSIM (MFF2 eUICC chips)
- For new designs, select Robustel models with soldered Kigen eUICC (MFF2).
- Industrial-grade, tamper-resistant, no SIM tray to worry about.
- Provides a clean path toward SGP.32 IoT eSIM and future iSIM support.
Same eSIM technology, two form factors — so you can mix retrofit and new builds without fragmenting your connectivity strategy.
RobustOS: On-Device eSIM Control
All eSIM logic is integrated into RobustOS, so you don’t need custom agents or one-off integrations.
- On SGP.22 today, Robustel’s LPAd (Local Profile Assistant – device) manages eSIM profiles on the router and talks securely to the operator’s SM-DP+ / SM-DS platform.
- On the SGP.32 roadmap, a lighter IPAd (Integrated Profile Assistant – device) works with the eIM layer, optimised for IoT eSIM.
For you, that means:
- Consistent eSIM behaviour across supported models, whether using plastic eSIMs or embedded chips.
- Simple ways to check profile status, trigger changes and handle fallbacks directly on the device, exposed via RobustOS and APIs.
- Confidence that today’s deployments will evolve with the ecosystem as SGP.32 rolls out.
RCMS: Massive Scale and Remote Management
eSIM’s real value appears when you manage hundreds or thousands of routers and gateways. That’s where RCMS (Robustel Cloud Manager Service) comes in.
With RCMS you can:
- Zero-touch rollout – ship devices with a bootstrap profile, have them auto-enrol into RCMS on first power-up, then push the right operator profile and configuration without ever logging into the device locally.
- See your fleet at a glance – which devices are online, which operator/profile they’re using, and where they are deployed.
- Segment and control – group devices by project, geography or customer and apply connectivity policies consistently.
- Trigger remote actions – initiate profile downloads, activations or fallbacks (subject to your eSIM/RSP partner’s capabilities) without rolling a truck.
- Audit and troubleshoot – maintain a history of eSIM-related events for compliance, billing reconciliation and incident analysis.
What Robustel Delivers: eSIM for New and Existing Fleets
Industrial IoT fleets don’t have the luxury of short lifecycles. Once a router is bolted into a cabinet, elevator shaft, substation, or solar farm, it may be there for 10–15 years. During that time, networks, tariffs, regulations and security expectations will all change. Sticking with plastic SIMs turns every one of those changes into a physical intervention and a cost risk.
With eSIM, that shifts. Connectivity becomes a software decision profiles can be activated, switched, or retired remotely as your needs evolve. Robustel turns that principle into a practical, deployable solution: hardware that supports retrofit and embedded eSIM, RobustOS for on-device control, and RCMS for zero-touch deployment and fleet-wide management – backed by Kigen’s eUICC technology and aligned with SGP.22 today and SGP.32 tomorrow.
What to do next with Robustel
If you’re responsible for long-life Industrial IoT connectivity, the quickest path forward is to make this real on one concrete project:
- Talk to Robustel about your current fleet
Identify where you can introduce eSIM first: new projects with embedded eUICC, and existing designs that can move to plastic eSIM cards without mechanical changes. - Standardise on eSIM-ready Robustel hardware
Select 1–2 router or gateway SKUs as your global eSIM baseline and lock them into your next design or refresh cycle. - Define your eSIM operations model with RCMS
Work with Robustel to map how bootstrap profiles, operator selection and profile changes will be managed through RCMS and your chosen RSP partner. - Run a focused pilot
Choose a priority use case (smart grid, renewables, elevators, retail, transport), roll out an eSIM-enabled Robustel fleet, and measure the impact on truck rolls, change lead times and risk. - Scale with confidence
Use the pilot as the template to extend eSIM across other regions and verticals, knowing the same Robustel + Kigen stack will support your move from SGP.22 to SGP.32 as IoT eSIM services mature.
Ready to make connectivity a software decision?
Contact Robustel to arrange an eSIM architecture workshop for your organisation or to discuss eSIM-ready router and gateway options for your next project.