Comprehensive technical knowledge base covering 12 GSMA eSIM specifications. 84+ articles on Remote SIM Provisioning — SGP.02, SGP.22, SGP.32, SGP.41, SGP.29, SGP.23, SGP.25, SGP.26 and more.
🏠 eUICC.tech > SGP.22 v3.x Unified RSP > Remote Profile Management: RPM Initiation, Download, and Execution
💡 Why this matters: In SGP.22 v2.x, profile lifecycle management (enable, disable, delete, update metadata) is entirely local: the end user must manually trigger every operation through the device UI. There’s no way for an operator to remotely manage a profile they own. Remote Profile Management (RPM) changes this: an operator can issue lifecycle commands through the SM-DP+, which packages them into an RPM Package, delivers them to the eUICC, and reports the results back. This unlocks fleet management, operator-initiated profile switches, remote metadata updates, and contact with the Profile Content Management Platform: all without touching the device.
Key takeaways:
- RPM is a v3.x-only feature (
#SupportedForRpmV3.X.Y#), initiated by the Operator via the ES2+ interface- The Operator sends an rpmScript to a Managing SM-DP+, which creates an RPM Package containing one or more RPM Commands
- RPM Commands: Enable, Disable, Delete, ListProfileInfo, UpdateMetadata, Contact PCMP
- RPM has three phases: Initiation (Operator → SM-DP+), Download (LPA pulls RPM Package from SM-DP+), and Execution (eUICC processes commands and returns results)
- Each RPM Command requires Confirmation Request enforced by the LPA: the end user must approve
- RPM Packages can be chained using
rpmPendingfor multi-round operations- The
continueOnFailureflag allows graceful handling of individual command failures within a package
In v2.x, if an operator wants to disable a profile (e.g., because the subscriber stopped paying), they must:
RPM gives operators a direct, standardised path to manage profiles remotely:
| Concept | Description |
|---|---|
| Managing SM-DP+ | An SM-DP+ authorised to perform RPM on a specific Profile. A Profile MAY have multiple Managing SM-DP+s |
| RPM Package | An ASN.1-encoded sequence of RPM Commands, generated by the SM-DP+ and delivered to the eUICC |
| RPM Command | A single lifecycle operation: Enable, Disable, Delete, ListProfileInfo, UpdateMetadata, or Contact PCMP |
| rpmScript | The Operator’s request to the SM-DP+, specifying which RPM Commands to execute against which Profiles |
| RPM Command Result | The eUICC’s response for each executed command, packaged into the Load RPM Package Result |
RpmPackage ::= SEQUENCE OF RpmCommand
RpmCommand ::= SEQUENCE {
continueOnFailure NULL OPTIONAL,
rpmCommandDetails CHOICE {
enable SEQUENCE { iccid Iccid },
disable SEQUENCE { iccid Iccid },
delete SEQUENCE { iccid Iccid },
listProfileInfo ListProfileInfo,
updateMetadata SEQUENCE { iccid Iccid, updateMetadataRequest UpdateMetadataRequest },
contactPcmp SEQUENCE { iccid Iccid, dpiRpm UTF8String OPTIONAL }
}
}
The RPM Package is limited to 1057 bytes maximum (value part). If more commands are needed, the SM-DP+ can chain multiple RPM Packages using rpmPending.
The Operator initiates RPM by calling ES2+.RpmOrder on a Managing SM-DP+:
ES2+.RpmOrder with:
eid : the target eUICCrpmScript : the RPM Commands to executeMatchingIDThe Operator can then deliver the MatchingID to the end user (via SMS, email, app notification, or the Push Service) to trigger the download.
The LPA retrieves the RPM Package through one of four paths:
Once the LPA connects to the SM-DP+:
smdpSigned3 containing {TransactionID, RpmPackage, [rpmPending]}The LPA is required to check each RPM Command against PPRs before asking for user consent. If a PPR forbids the operation (e.g., a profile has “disable not allowed”), the LPA rejects the corresponding command.
The LPA delivers the RPM Package to the eUICC via ES10b.LoadRpmPackage:
continueOnFailure is present → the eUICC continues to the next commandcontinueOnFailure is absent → the eUICC stops processing and returns the errorinterruption in the result)LoadRpmPackageResult) containing:
RpmCommandResult for each executed commandinterruption flag if execution was interruptedSpecial constraints apply to command sequencing within an RPM Package:
commandsWithRefreshExceededcommandAfterContactPcmpUnlike v2.x profile download (where the end user initiates the download), RPM is operator-initiated. However, the specification still requires end user consent and confirmation:
The end user can reject: in which case the LPA cancels the session and the RPM Package is never executed.
After RPM execution, the Operator receives the Load RPM Package Result. Based on the outcome:
noLprConfiguration, re-send with UpdateMetadata to set the PCMP address first)ES2+.HandleNotification calls to the Operator for RPM-related events| Aspect | v2.x Local Profile Management | v3.x Remote Profile Management |
|---|---|---|
| Initiated by | End User (via LUI) | Operator (via ES2+.RpmOrder) |
| Discovery | Not needed (user initiates) | MatchingID, SM-DS Event, or Default SM-DP+ |
| Commands available | Enable, Disable, Delete (local) | Enable, Disable, Delete, ListProfileInfo, UpdateMetadata, Contact PCMP |
| User consent | Acquired locally by LUI | Acquired by LPA during RPM Download |
| Package format | N/A (individual ES10c calls) | RPM Package (ASN.1 sequence of commands) |
| Error handling | Per-command, immediate feedback | Per-command with continueOnFailure option |
| Chaining | Not applicable | rpmPending for multiple packages |
| Atomicity | Per ES10c call | Per RPM Command within a package |
rpmPending enables multi-package chainingcontinueOnFailure allows graceful error handling within a packageBased on GSMA SGP.22 v3.1 (01 December 2023), Section 2.10: Remote Profile Management, Section 3.7: Remote Profile Management, and Section 5.3.6: ES2+.RpmOrder
| ← Previous: Version Interoperability: How v2.x and v3.x Coexist | Section Index | Next: Device Change and Profile Recovery: Moving eSIMs Between Devices → |