What Are the Differences between SIM, eSIM and iSIM?

Estimated reading time: 9 minutes

The physical SIM card has been part of cellular connectivity for decades. It plays a leading role in many consumer mobile devices and Internet of Things (IoT) deployments. However, the SIM market is evolving rapidly, and newer options eliminate the need for a removable SIM.

The embedded SIM (eSIM) is soldered to a device’s printed circuit board (PCB). It provides a way to send SIM profiles to devices over the air using remote SIM provisioning.

The latest iteration in the SIM market is the integrated SIM (iSIM). It streamlines the eSIM’s functionality by porting it into a system-on-a-chip (SOC) architecture. This capability means the SIM does not require dedicated hardware.

Counterpoint Technology Market Research expects that by 2030, around 70% of cellular devices will use an eSIM. Furthermore, the report shows iSIM dominating as the preferred SIM form factor across all cellular categories.

Traditional SIM

The traditional SIM is a removable card that comes in various sizes. It was first developed for the consumer mobile phone market and inherited by the machine-to-machine (M2M) industry.

Traditional SIMs evolved into new form factors to fit smaller devices. They are straightforward and convenient for consumer applications and some IoT use cases. However, they can present reliability and security risks for large-scale device deployments.

When SIMs are easy to access, they’re also subject to stealing or tampering. IoT managers must monitor SIM cards in their devices. Otherwise, someone could remove them and place the SIMs in other devices.

Traditional SIMs are convenient for an organization that needs to change device profiles when switching mobile carriers. All that one must do is remove the old SIM and plug in the new one. However, removing and replacing SIM cards on multiple devices in large-scale IoT deployments can be costly or impossible.

SIM Security Accreditations

There are two primary forms of security accreditation for eSIMs and SIMs. The first is the Evaluation Assurance Level (EAL) standard. Created by Common Criteria, it is a security level adopted by the mobile network operator (MNO) community. 

If a chip manufacturer attains EAL4+ certification, the hardware is processed to ensure it is not vulnerable. Carriers ensure that their SIM vendors comply with this standard, which includes the chip’s physical security. It applies to traditional SIM cards and eSIMs.

The GSMA provides a Security Accreditation Scheme (SAS) with two different specifications. It applies to SIMs and eSIMs as well as remote provisioning servers.

GSMA also runs the embedded Universal Integrated Circuit Card (eUICC) eUICC Security Assurance (eSA) scheme designed specifically for eUICC security certification.

What Is an eSIM?

Embedded SIM (eSIM) originally referred only to a SIM soldered in a device. The term now also refers to an eUICC-enabled SIM that can support multiple MNO profiles through remote provisioning. eUICC is a global solution.

eSIM can refer to an embedded SIM or a SIM that can host multiple MNO profiles. In practice, “eSIM” often refers to eUICC capability. That capability extends beyond a soldered form factor.

The connected car industry drove the adoption of eSIM. To address traditional SIM limitations in certain use cases, automotive OEMs developed a tamper-proof SIM with stronger security. Such a SIM would serve their connection needs and protect against extreme environmental conditions, including:

• Temperature
• Vibration
• Dust
• Moisture

Today, the automotive industry has widely adopted the technology, and most connected cars use soldered eSIMs.

The eUICC is defined within the GSMA remote SIM provisioning specifications. It allows remote provisioning of the hardware with connectivity profiles. Including remote SIM provisioning on the service and card sides makes the eSIM versatile. 

The standard allows MNOs to remotely send their SIM profiles to eSIM devices. By removing the need for physical access, eUICC enhances connectivity management for IoT deployments at scale.

The eUICC standard also enables multiple profiles to be loaded. Devices manufactured for global use are switched to the appropriate regional provider profile when deployed or moved. 

GSMA’s eSIM for IoT specifications include SGP.31 and SGP.32. SGP.31 defines the architecture and requirements for remote provisioning in network- or user-interface-constrained IoT devices. SGP.32 defines the technical implementation that enables remote profile download and life cycle operations at scale.

What Is an iSIM?

OEMs must create devices that are data- and energy-efficient and minimize bill of materials (BOM) costs. They can achieve this by leveraging low-tier IoT cellular options such as narrowband IoT (NB-IoT) and LTE-M.

iSIM technology incorporates the SIM operating system into the cellular module hardware. It enables industries to provide coverage with data and energy efficiency.

Every square millimeter makes a difference in size-constrained applications. The iSIM is a space saver in hardware design and can reduce the device footprint. It does not require physical space for an eSIM chip or a removable SIM card.

With iSIM functionality built into the base cellular module, there is no need for separate SIM hardware. This results in savings from eliminating such components as:

• SIM trays
• SIM cards
• eSIM chips

iSIM is now standardized. The GSMA launched an integrated eUICC (ieUICC) technology initiative in 2015. This resulted in a proof of concept (PoC) demonstrated in 2017. Since then, the integrated eUICC has been considered in the existing RSP specifications for devices, including:

• M2M (SGP.01/02)
• Consumer (SGP.21/22)
• IoT (SGP.31/32)

New Production Flow Required for iSIM

The SAS-UP requirements have been adapted for iSIM production. iSIM production involves the SoC manufacturer and the SIM operating system (OS) supplier. The GSMA has defined a two-step personalization process:

1. The SoC manufacturer personalizes the hardware with security credentials (Perso_SC) in a SAS-UP 2:SC accredited site.
2. The UICC credentials are generated and personalized in the secured SoC (Perso_UICC) under the logical control of a SAS-UP 2:UICC certified site.

For iSIM, two-step personalization occurs before the in-factory profile provisioning process. The in-factory provisioning process applies to both eSIM and iSIM.  

The GSMA in-factory provisioning process is still being specified. Although the architecture and requirements document (SGP.41) is ready, the full standard, including the test specifications, is not expected until 2027.

Timeline for Certified iSIM Readiness

Even though most of the standards are defined, large-scale iSIM (ieUICC) adoption will take time. The SoC makers must prove the hardware’s robustness. The vendors must adapt their tools and processes to comply with the GSMA two-step personalization.

eUICC implementations, including iSIM-based eUICCs, must demonstrate functional compliance with GSMA RSP requirements. GSMA IoT test specifications in the SGP.33 series provide test coverage for eSIM IoT technology (SGP.31/32). The GSMA RSP compliance process is defined in SGP.24 and covers both consumer and IoT eSIM specifications. 

Ecosystem adoption is progressing through pilots and early implementations. Broader commercialization depends on interoperability testing and certification readiness across suppliers.

Choosing the Right SIM for Your Deployment

Debating between SIM, eSIM and iSIM? When selecting a SIM type and form factor for your IoT deployment, start by considering cost structure. It reflects the business model behind the device.

For example, in the automotive sector, the final product’s cost might motivate you to invest in expensive chips. Embracing a less expensive platform would mean compromising on resiliency and security.

If your product is a low-tier device, such as a pet tracker, spending an extra dollar or two on hardware per device could eliminate your profit margin. In that case, seeking a low-cost iSIM solution makes sense.

Also, consider whether the use case will require remote provisioning. While eSIMs are best known for this feature, all form factors are candidates for eUICC software that enables OTA profile updates. 

GSMA has designed a large-scale provisioning scheme for the IoT space. MNOs can provision devices in large volumes simultaneously.

The Future of SIM Technology

Despite the huge growth of eSIM and iSIM, traditional SIM cards continue to exist in the IoT market — at least for now. In many countries, prepaid service remains the predominant way to connect, making traditional SIM cards the most practical choice.

For high-end IoT use cases with an inherently higher cost structure that require a high degree of MNO acceptance from the first day, eSIMs are an ideal solution. iSIMs will come into play for low-tier IoT connections where device size and energy efficiency are necessary strengths.

There’s a lot to consider when choosing between SIM, eSIM and iSIM. Depending on the use case, there’s room for every form factor and SIM type for the foreseeable future.

Speak with our experts today to learn more about SIM technology.