What to Ask Your eSIM Provider: 10 Questions That Expose the Truth

Why You Need to Ask These Questions

The eSIM and SGP.32 market is maturing fast, and the marketing language is moving faster than the actual implementations. A provider who says they are “SGP.32 ready” may mean they have a roadmap, a pilot programme, a single certified device, or a genuine production-ready platform. The difference matters when you have 5,000 devices in the field and a profile download fails at 2am.

These ten questions are designed to cut through the positioning and get to the operational reality.

Question 1: Is Your eIM Hosted in a GSMA SAS-SM Accredited Environment?

SAS-SM (Security Accreditation Scheme for Subscription Management) is the GSMA certification that governs the security of eSIM management infrastructure. If your provider cannot confirm SAS-SM accreditation, their eIM security posture is unverified.

Why it matters: An unaccredited eIM means there is no independent verification that your profile management operations are cryptographically secured to GSMA standards. For regulated industries like utilities or healthcare, this is a compliance issue as well as a security one.

Question 2: Do You Support eIM Portability Under SGP.32 v1.2?

eIM portability is the ability to move your device fleet from one eIM platform to another without replacing hardware or losing connectivity. It is the anti-lock-in provision in SGP.32 and one of the most commercially significant features of the standard.

Why it matters: If your provider says no, they are building a commercial dependency into the relationship. Switching providers in the future will require a hardware refresh rather than an API migration. That is precisely the lock-in that SGP.32 was designed to eliminate.

Question 3: What Is Your Fallback If the Bootstrap Profile Fails?

Bootstrap failure is one of the most common operational problems in eSIM deployments. If a device cannot reach the SM-DP+ server on first power-up, it may become permanently unable to self-provision without physical intervention.

Why it matters: A bricked device in a remote location means a site visit. At £150-£200 per visit, a 1% bootstrap failure rate on a fleet of 1,000 devices costs £1,500 to £2,000 in unplanned operational costs. Your provider should have automatic retry logic, fallback network options, and a remote recovery mechanism.

Question 4: Can You Provide a Private APN With Fixed IPs Over SGP.32?

A Private APN creates a dedicated, isolated network path between your devices and your systems – traffic does not traverse the public internet. Fixed IPs allow you to implement device-level firewall rules and monitor traffic by device identity.

Why it matters: For industrial, utility, and security applications, a shared APN with dynamic IPs is a security compromise. If your provider cannot offer private APN with fixed IP addressing over an SGP.32 operational profile, your network architecture is fundamentally less secure than it could be.

Question 5: What Is Your Bootstrap Validity Period and What Happens When It Expires?

Bootstrap profiles are time-limited – typically one year from the manufacturing date of the eUICC chip. A device that sits in a warehouse for twelve months before deployment may arrive with an expired bootstrap.

Why it matters: If your provider cannot tell you the bootstrap validity period, they have not thought through the full deployment lifecycle. Ask specifically what happens to a device that powers on after the bootstrap has expired – does it become a permanently offline brick, or is there a recovery mechanism?

Question 6: How Many Operator Profiles Can You Deliver and From Which Networks?

The commercial value of SGP.32 depends heavily on multi-operator flexibility. A provider who can only deliver profiles from one or two networks is limiting your ability to optimise coverage and cost over the device lifetime.

Why it matters: For global deployments, you need a provider with agreements across the major operators in every country you deploy in. Ask for a specific country-by-country carrier list, not a vague “we cover 180 countries” claim.

Question 7: Do You Support Asynchronous Profile Management?

Asynchronous management means the eIM can queue a profile change command and the device executes it the next time it connects – even if that is days later when it wakes from deep sleep.

Why it matters: For NB-IoT and LTE-M devices with low duty cycles, synchronous management (which requires the device to be awake and connected to receive commands) is impractical. If your provider requires the device to be online to receive a profile push, they are not genuinely supporting constrained IoT devices.

Question 8: What Is Your SLA for Profile Download Completion?

Profile downloads are not instantaneous. They involve authentication, profile preparation, delivery, and installation. The time this takes varies significantly between providers.

Why it matters: If you are deploying at scale, a profile download that takes 20 minutes rather than 2 minutes means your devices are consuming bootstrap data for longer, your deployment is slower, and the window for failure is larger.

Question 9: Can Your Platform Handle Bulk Fleet Operations?

Managing 10 devices and managing 10,000 devices are not the same operation. A platform designed for individual device management will have API limits, rate throttling, and UI bottlenecks that make bulk operations impractical.

Why it matters: Ask specifically about batch profile switching, bulk status queries, and API rate limits. If the answer involves manual steps or a spreadsheet import, the platform is not genuinely built for fleet-scale operations.

Question 10: What Does Your Pricing Look Like Over a 10-Year Device Lifetime?

The eSIM model should save money over a 10-year device lifetime compared to physical SIM management. But some providers have pricing structures that eliminate this advantage through per-operation fees, platform subscriptions, or minimum commitments that compound over time.

Why it matters: Model the total cost across the full device lifetime, not just the initial data plan. Include profile download costs, eIM platform fees, and any charges for operator switching. The number that matters is total cost of ownership, not monthly data rate.

For guidance on asking the equivalent questions of your hardware provider, see What to Ask Your Hardware Provider. For a cost comparison of eSIM vs physical SIM over device lifetime, see SGP.32 TCO: The Real Cost of Physical SIM Management.