Comprehensive technical knowledge base covering 12 GSMA eSIM specifications. 84+ articles on Remote SIM Provisioning — SGP.02, SGP.22, SGP.32, SGP.41, SGP.29, SGP.23, SGP.25, SGP.26 and more.
Ever tried to shout instructions through a concrete wall to a machine sealed inside a steel box a thousand miles away? No? Well, someone had to figure it out; and that’s exactly what SGP.02 does, every single day, for millions of devices.
Picture this: you’ve got 10,000 smart meters buried in basements, car telematics units bolted into vehicles driving across three countries, and industrial sensors sealed inside factory equipment that won’t be opened for 15 years. You can’t walk up to any of them. You can’t even see them. But they all need new mobile network keys, and they need them now.
That’s the world SGP.02 was built for. It’s the push-based remote provisioning standard for machines. Not phones. Machines.
In consumer eSIM (the one in your phone, SGP.22), the device does the asking. You scan a QR code, your phone says “gimme the key,” and a server hands it over. It’s pull-based, like going to a shop and buying a key.
SGP.02 flips that on its head.
Here, a remote commander decides everything. The devices don’t ask. They don’t request. They wait. The commander pushes orders down a secure channel whenever it wants: “Device #8721, switch to network B. Now.”
That’s the whole philosophy in one sentence: the network is in charge, not the device.
| Old Way (Consumer) | M2M Way (SGP.02) |
|---|---|
| You scan a QR code | Commander decides, no human needed |
| Phone pulls the key | Commander pushes the key |
| One phone, one user | Thousands of devices, zero users |
| Works with screens | Works headless: no display, no buttons |
| Change plans with a tap | Works sealed for 15+ years |
Two big players run the show:
🦾 The Commander (SM-SR: Subscription Manager Secure Routing) This is the brain. The Commander owns the secret communication channel to every device. It knows where each one lives, what network it’s on, and what state it’s in. When the fleet owner says “switch Device #8721,” the Commander makes it happen. If needed, the Commander can even transfer an entire fleet to a new Commander, like handing over the launch codes.
🔑 The Key Factory (SM-DP: Subscription Manager Data Preparation) When the fleet owner orders new keys, the Key Factory crafts them. Each key is locked to one specific device so it’s useless anywhere else. The keys are encrypted; the Commander can deliver them, but even it can’t read them. Think of the Commander as the armoured courier and the Key Factory as the locksmith who sealed the envelope.
Separating these two roles is what makes SGP.02 so flexible. Want to switch Key Factories? The Commander stays the same. Want a new Commander? The keys don’t need to change. They’re independent.
The Operator, your mobile network company, owns the fleet. They order profiles from the Key Factory and decide when devices switch networks. If the Operator doesn’t want to manage day-to-day operations themselves, they can bring in an M2M Service Provider: a fleet manager who handles the logistics without owning the actual network.
| Feature | Consumer (SGP.22) | M2M (SGP.02) |
|---|---|---|
| How keys arrive | Device pulls via QR | Commander pushes via secure channel |
| Who’s in charge | You, the user | The Operator / Commander |
| Device has a screen? | Yes | Usually no |
| How many devices? | One at a time | Thousands at once |
| Server roles | Single SM-DP+ (combined) | SM-DP + SM-SR (split) |
| First published | 2015 | 2013, the original eSIM |
SGP.02 was the very first eSIM standard: years before anyone thought about putting an eSIM in a phone. It was designed for machines that nobody would ever touch, and over 450 pages of specifications later, it’s still keeping invisible fleets connected across the planet. Not bad for a standard most people have never heard of.
Kid-friendly version of GSMA SGP.02 v4.2, M2M Remote SIM Provisioning