Definition
The GSMA (GSM Association) is the global trade body representing over 750 mobile network operators and 400 associated companies across the mobile ecosystem. It does not define air interface standards – that is 3GPP’s role – but publishes the commercial frameworks, eSIM specifications, and deployment guidelines that determine how those standards reach working products in the market.
For anyone working in IoT, M2M, 5G RedCap, eRedCap, or cellular connectivity, the GSMA is the body whose specifications govern SIM provisioning, eSIM architecture, device certification, roaming agreements, and operator interoperability. Understanding what GSMA does – and where it fits relative to 3GPP, operators, and device manufacturers – is foundational to understanding how cellular IoT actually works.
This page covers the GSMA’s structure and role, its relationship to 3GPP and the RedCap/eRedCap standards, the eSIM specification family (SGP.01 through SGP.42), and what the current and forthcoming GSMA frameworks mean for IoT device designers and operators.
What the GSMA Does
Founded in 1987 as the GSM Association to manage the early rollout of GSM mobile networks across Europe, the GSMA has evolved into the primary industry body governing commercial and technical interoperability across the global cellular ecosystem. Its members include essentially every major mobile network operator worldwide, plus chipset vendors, equipment manufacturers, software providers, and IoT platform companies.
The GSMA operates across three broad areas:
- Technical specifications – The GSMA publishes Permanent Reference Documents (PRDs) covering eSIM architecture (SGP series), IoT connectivity guidelines, network APIs, fraud and security frameworks, and device management standards. These are not regulatory mandates but industry standards that operators and device makers adopt to ensure interoperability.
- Industry programmes – The GSMA runs programmes including Mobile IoT Initiative (positioning NB-IoT, LTE-M, RedCap and eRedCap), Connected Living (IoT device interoperability), Network API initiative, and GSMA Open Gateway. These translate 3GPP standards into commercial deployment frameworks.
- Industry events and advocacy – MWC (Mobile World Congress) is the GSMA’s flagship annual event. The GSMA also engages with regulators globally on spectrum policy, roaming frameworks, and technology neutrality.
GSMA vs 3GPP: 3GPP (3rd Generation Partnership Project) is the technical standards body that defines cellular radio access and core network specifications – NB-IoT, LTE, 5G NR, RedCap (Release 17), eRedCap (Release 18). The GSMA takes those 3GPP standards and publishes the commercial and operational frameworks that make them deployable across competing networks and device ecosystems. A useful shorthand: 3GPP defines how the technology works, GSMA defines how the industry uses it.
GSMA, 3GPP and the IoT Standards Ecosystem
The GSMA’s Mobile IoT Initiative is the programme most directly relevant to RedCap and eRedCap. It positions the licensed IoT standards family – NB-IoT, LTE-M, RedCap (Release 17) and eRedCap (Release 18) – within a coherent deployment framework, providing operators and device makers with guidance on certification, roaming, and commercial rollout. Where 3GPP defines the technical parameters of eRedCap (5 MHz bandwidth, 1T1R antenna, HD-FDD support), the GSMA’s Mobile IoT Initiative determines how those devices are certified, how they roam internationally, and how operators position them commercially.
The GSMA eSIM Specification Family
The most commercially significant body of GSMA technical work for IoT device designers is the SGP (Subscription Management) specification series – the eSIM architecture and remote provisioning standards that govern how SIM profiles are managed across billions of connected devices.
| Specification | Name | Scope | Status |
|---|---|---|---|
| SGP.01 / SGP.02 | M2M eSIM (legacy) | Original machine-to-machine eSIM architecture. Operator-initiated provisioning. Still deployed across legacy M2M estates. | Live |
| SGP.21 | Consumer eSIM Architecture | Architecture specification for consumer eSIM RSP. Defines SM-DP+, SM-DS, eUICC roles for smartphones, tablets, wearables. | Live |
| SGP.22 | Consumer eSIM Technical Spec | Operational specification for consumer eSIM. Governs profile download, management, carrier switching on consumer devices. The foundation of Apple SIM, Google eSIM. | Live – widely deployed |
| SGP.23 | Consumer eSIM Test Spec | Compliance testing for SGP.22 implementations. | Live |
| SGP.31 | IoT eSIM Architecture | Architecture requirements for eSIM in IoT and network-constrained devices. Foundation for SGP.32. | Published 2023 |
| SGP.32 | IoT eSIM Technical Spec (eIM) | The key IoT eSIM specification. Defines remote provisioning for headless, network-constrained devices. Introduces the eSIM IoT Manager (eIM) replacing M2M SM-SR. Directly applicable to eRedCap devices. | v1.1 published 2025 – certification active |
| SGP.33 | IoT eSIM Test Spec | Compliance testing for SGP.32 implementations. | In progress |
| SGP.41 / SGP.42 | iSIM In-Factory Provisioning | Extends SGP.32 to support profile injection during device manufacturing (IFPP). Eliminates in-field provisioning for iSIM devices. | Published 2024 |
SGP.32 and eRedCap: SGP.32 is the eSIM specification built for the IoT device tier that eRedCap targets – headless, network-constrained, long-life devices where physical SIM replacement is operationally expensive. An eRedCap smart meter or asset tracker running SGP.32 can have its SIM profile remotely managed, switched between operators, or updated without anyone visiting the device. ABI Research forecast 140 million IoT eSIM-enabled devices shipping in 2025, scaling through 2026-2027 as SGP.32 certification programmes mature.
SGP.32 – What Changes for IoT
The pre-SGP.32 IoT eSIM world was fragmented. The M2M standard (SGP.02) required operator-to-operator technical integrations to switch profiles – operationally complex and commercially restrictive. Consumer eSIM (SGP.22) was designed for interactive devices with displays and user interfaces, making it unsuitable for headless IoT devices that may go years between human interaction.
SGP.32 introduces the eSIM IoT Manager (eIM) – a new entity in the eSIM architecture that manages profile lifecycle on IoT devices without requiring operator-to-operator integration or device-side user interfaces. Key capabilities:
- Remote profile download, enable, disable and delete without physical access or operator technical integration.
- Automated profile lifecycle management – the eIM decides which device uses which carrier profile and when, enabling fleet-wide connectivity management from a single platform.
- Multi-profile support – devices can carry multiple operator profiles, improving network resilience and enabling cost optimisation across geographies.
- Permanent roaming resolution – allows remote activation of locally-compliant profiles, addressing the regulatory constraints that prevent permanent international roaming on a single profile.
- In-Factory Profile Provisioning (IFPP) via SGP.41/42 – profiles injected at manufacturing, eliminating power-intensive in-field provisioning for iSIM devices.
Commercially, SGP.32 breaks the dependency between device design and operator choice. An IoT device designed today can be manufactured with an SGP.32-compliant eUICC and connected to any SGP.32-compliant operator globally, with profile switching handled remotely throughout the device’s operational life. For eRedCap devices designed to operate for 10-15 years across potentially multiple operators and geographies, this is the enabling framework.
GSMA Mobile IoT Initiative – RedCap and eRedCap
The GSMA Mobile IoT Initiative provides the commercial and deployment framework for licensed LPWAN and low-complexity cellular standards. It covers:
- NB-IoT (3GPP Release 13) – ultra-low data rate, extended coverage, deep penetration. Smart meters, environmental sensors, basic asset tracking.
- LTE-M (3GPP Release 13) – low data rate with voice support, mobility handling. Wearables, healthcare monitors, connected vehicles.
- RedCap (3GPP Release 17) – mid-tier 5G NR, up to 150 Mbps, wearables and industrial sensors.
- eRedCap (3GPP Release 18) – simplified 5G NR, ~10 Mbps, single antenna, the LTE Cat-1 replacement for mass IoT.
The GSMA Mobile IoT Initiative does not define these standards – 3GPP does. What the GSMA provides is the operator certification framework, the roaming guidelines, the interoperability test programmes, and the market positioning that make devices certified to these standards deployable across competing networks globally. A device certified through the GSMA’s programmes for NB-IoT or RedCap can be deployed on any compliant network without bilateral operator agreements – which is what makes global IoT deployments at scale commercially viable.
GSMA Connected Living and Device Certification
The GSMA Connected Living programme governs IoT device interoperability and certification. It includes:
- IoT Device Classification – a framework categorising IoT devices by data rate, battery life, mobility and coverage requirements, mapping to appropriate cellular standards.
- IoT Security Guidelines – published in partnership with GSMA Intelligence, covering device hardening, data protection, access control and update mechanisms. The EU Cyber Resilience Act (CRA) aligns significantly with these guidelines.
- Network Efficiency Guidelines – specifications for IoT device behaviour on cellular networks, covering signalling overhead, connection management, and battery optimisation.
GSMA and the Future of IoT Connectivity
Three GSMA workstreams are most relevant to the eRedCap and IoT connectivity trajectory through 2026-2030:
- SGP.32 scale-up – certification programmes are active as of 2025. ABI Research expects SGP.32 IoT eSIM profile downloads to scale sharply through H2 2026 and into 2027 as eIM platforms and compliant eUICC components reach commercial availability. This directly enables the eRedCap device estate that is forming around the same timeline.
- GSMA Open Gateway – a network API framework exposing 5G Core capabilities (including network slicing, quality on demand, and device status) to enterprise application developers. eRedCap devices on 5G SA networks can access these APIs directly, enabling application-layer awareness of network conditions and QoS.
- EU Cyber Resilience Act alignment – the CRA introduces security update obligations for IoT devices (five-year minimum support period from 2027). GSMA IoT Security Guidelines provide the technical baseline. eRedCap devices designed to meet CRA requirements will need to incorporate over-the-air update capability – for which SGP.32 provides the SIM provisioning layer.
Primary GSMA Resources
The following GSMA resources are directly relevant to IoT, eSIM and the RedCap/eRedCap ecosystem:
SGP.32 v1.1 ↗
IoT eSIM Technical Specification. The definitive reference for eIM architecture and remote IoT SIM provisioning.
GSMA ProgrammeMobile IoT Initiative ↗
NB-IoT, LTE-M, RedCap and eRedCap positioning within the GSMA licensed IoT standards family.
GSMA HubGSMA eSIM Hub ↗
All GSMA eSIM specifications including SGP.22, SGP.32, SGP.41/42 and associated test specs.
3GPP3GPP Release 18 ↗
The eRedCap (eNR RedCap) specification. Works alongside GSMA frameworks for commercial deployment.
Related: What is eRedCap? – 3GPP Release 18 full technical guide | euicc.co.uk – eUICC and SGP.32 deep-dive reference | 5gredcap.co.uk – Release 17 RedCap UK deployment