GSMA eSIM/eUICC Compliance Program Services

eUICCs (eSIMs) enable “over the air” provisioning for the initial and subsequent subscription with telecommunications operators, eliminating the need to physically replace the SIM card.

GSMA Compliance Program

The GSMA compliance program defines a 3-step testing and certification process for an eUICC to enter the Remote SIM provisioning (RSP) ecosystem, applicable to IoT, Consumer Device and M2M solutions.

Note that IoT compliance is still under development.

Applus+ Services to Achieve GSMA Compliance

Applus+ Laboratories is recognized by various schemes to support clients in meeting the GSMA Compliance program requirements. Specifically, we can address the needs for ‘security assurance by design' and ‘functional and interoperable’ steps.

Step 1: eUICC security assurance

For IC/Hardware Platform Vendors

Applus+ is an ITSEF facility accredited by the Spanish Certification Body (CCN) to conduct Common Criteria Security evaluation. Note that GSMA mandates that all the IC/hardware platforms be certified following Common Criteria scheme.

For eUICC software developers

There are two alternative evaluation approaches to meet compliance requirements:

GSMA eUICC eSA evaluation:An independent security evaluation scheme for evaluating embedded UICC (eUICC) against the provisions of protection profile of PP-0089 and PP-0100 (or related SGP.05 and SGP.25), based on Common Criteria methodology and optimized for GSMA-compliant eUICCs. The eSA scheme is operated by Trust CB under GSMA ownership. You can find an eSA step-by-step guide in GSMA web page.
Common Criteria Evaluation for eUICC: The GSMA accepts official Common Criteria Certificates as proof of compliance for eSIM. Evaluations must follow the eUICC consumer device PP-0089 or eUICC M2M PP-0100, or their related SGP.05 and SGP.25 (which incorporates IoT) protection profile versions. The new versions of these protection profiles will include the IoT.

Step 3: Functional and Interoperability testing

Applus+ is accredited to conduct functional and interoperability testing for GlobalPlatform Certification, the final step for eUICC compliance with GSMA requirements based on SGP.11 for M2M and SGP.23 for consumer. We offer official Type Approval and debug sessions.

SGP.33 for IoT is still under release for accreditation.

GET A QUOTE

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

Cookie settings panel

Essential cookies

They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.

Always active
Analytics cookies

They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.