Although SIM vendors are working to develop more scalable systems, it seems that the legacy companies use the same processes for generating eSIMs, and the profiles that lie at the heart of secure network authentication, as they use for physical SIM cards. It’s largely manual, cumbersome and time-consuming, which is the antithesis of what creating a digital product should entail.

In many ways, SIM generation today parallels the early days of wired communications with the telegraph. Text had to be handed or dictated to specially trained operators who keyed the codes into the telegraph machine for transmission to another machine, where the codes were transcribed into readable text

Similarly, carriers today have to submit requirements for profile development and transmit files with IMSIs and other authentication information, in various formats, to the SIM vendors. Using these, the vendors generate SIM cards or eSIMs. Because of the way the SIM vendors work with their customers, real automation is a challenge.

Their business model and process requirements leave the SIM vendors with limited ability to serve customers that have lower-volume needs. Many IoT companies require only 50 or 100 or 1,000 endpoints. They can’t use generic SIMs, because IoT makers need to incorporate functionality that differentiates their products from those of their competitors.

Such differentiation highlights a third issue: the need for mass customization. The SIM profiles of cellular IoT devices must reflect each company’s or product line’s individual capabilities, both to authenticate the devices correctly to the right network and to ensure that the carrier or network operator is being billed accordingly. Even the most popular cellular IoT applications — deploying 100,000 smart streetlights, for example — can’t come close to the eSIM volume requirements of Tier 1 and other large carriers. As a result, it might take many months for cellular IoT devices to gain access to the eSIMs they need, as they wait in line for the SIM vendors to fulfill their orders. Then, when the eSIMs finally arrive months later, IoT companies probably also have to pay a premium for them.

Such delays are especially concerning in light of the anticipated scale required for the deployment of new highly differentiated 5G and cellular IoT devices; it’s estimated that global cellular IoT connections will exceed 6 billion by 2030. If nothing in the SIM world changes, these large-scale but highly individualized deployments could soon severely tax the system and create bottlenecks in IoT companies’ ability to get their products to market.

Escaping the eSIM Crunch

The solution to the eSIM bottleneck for cellular IoT devices can be found by asking some pointed questions of the status quo. Why is the generation of eSIMs, a digital product, still using manual processes and flat-file transfers? Why is all this not automated? Given that eSIMs are digital entities, why should anyone be paying more than five to ten cents to obtain an eSIM? Why are eSIMs not available essentially on demand, created at the same time a device is deployed?

Most discussions of eSIMs tend to focus on smartphone subscriptions or, more specifically, smartphone network connections for travelers. Currently, the issues around eSIMs might be most obvious in this arena. But the underlying problems with the current eSIM generation process apply equally to the IoT market. The growth and success of IoT, which has already had so many fits and starts, is destined to be further constrained by the inability to get eSIMs when they’re needed. If this issue is not rapidly addressed, the full promise of private 5G cannot be realized.

Another less-discussed problem is that producing eSIMs, like physical SIM cards, entails multiple steps, in multiple geographic locations, from order to delivery. The major SIM vendors have headquarters in Europe, and parts of their SIM generation process happen in other parts of the world, largely in low-labor-cost areas such as India, Asia, Brazil, and Mexico. As a result, network operators’ credentials and security keys must traverse several national borders before the eSIMs are delivered. So unless a company is located in one of the countries where the eSIMs are generated, it is fair to say that 100 percent of their credentials will be generated abroad. This lack of sovereignty over SIMs, which are cybersecurity tokens, can be a significant issue for government, military, and some industrial IoT projects, in particular.

The solution to all the current problems with eSIMs lies in completely rethinking the entire SIM creation process, automating it and putting eSIM development, management, and orchestration capabilities into the hands of every network operator, enterprise or IoT platform provider that needs them, regardless of the size of the network, its volume or its business model.

In the IoT realm, I foresee a near-term future where an energy company can deploy a few hundred utility meters, a rural network operator can support local residents’ smart home cellular connections, and Tier 1 carriers can build profitable IoT businesses, all equipped with eSIMs that they’ve generated themselves, on demand, for a few pennies each.