SGP.22 is the GSMA specification that underpins consumer eSIM – the technology in every modern smartphone and smartwatch that allows users to add mobile plans without a physical SIM card. Published alongside the SGP.21 architecture specification, SGP.22 defines the operational procedures and interfaces for consumer Remote SIM Provisioning (RSP).
SGP.22 Architecture
eUICC – The embedded Universal Integrated Circuit Card. The secure hardware element in the device that stores and executes operator profiles. For the eUICC specification and architecture detail, see euicc.co.uk.
LPA (Local Profile Assistant) – Software running on the device that manages profile operations. The LPA interacts with the eUICC and communicates with the SM-DP+ for profile downloads. Requires a user interface – a fundamental constraint for IoT devices.
SM-DP+ (Subscription Manager Data Preparation) – The operator-side profile server. Packages and securely delivers profiles to devices. SGP.32 reuses the SM-DP+ component, which is why operators can serve both consumer and IoT eSIM from the same infrastructure.
SM-DS (Subscription Manager Discovery Server) – A registry that tells devices which SM-DP+ has a pending profile download for them. Part of the SGP.22 architecture reused in parts by SGP.32.
Why SGP.22 Does Not Work for IoT
SGP.22 assumes a user is present to initiate every profile change – scanning a QR code, accepting a consent dialogue, or tapping through a setup flow. IoT devices are headless: no screen, no keyboard, no user standing next to them. SGP.32 replaces the LPA with the IPA (IoT Profile Assistant) and the user-initiated model with eIM-driven push provisioning specifically to address this limitation.
For the IoT eSIM standard, see SGP.32. For the eUICC hardware common to both standards, see euicc.co.uk.