eSIM as a root of trust for secure IoT

It has been 35 years since the SIM card was first introduced. In 1991, G+D supplied the first commercial SIM to a telecommunications company in Finland to solve a simple problem: mobile network operators needed a tamper-resistant, flexible module to identify devices on their networks. It was the start of a shift toward the globally connected society we live in today.

Since those early days, the SIM card has evolved beyond basic authentication. Today, it is a multifunctional security element that underpins much of our modern digital lives. Not only does it connect our smartphones and tablets, it also enables our connected cars and smart home devices. On an industrial level, billions of IoT sensors, machines, and autonomous systems worldwide rely on SIM technology for secure connectivity.

The form factor has also changed. Unlike in earlier iterations, when SIM cards were manually inserted into devices, the modern standard is now the eSIM – a chip embedded directly into the device during manufacturing. Throughout those evolutions, one aspect of the SIM’s fundamental role has remained the same: the SIM is the root of trust that enables secure connectivity.

The need for trust in IoT

As IoT deployments accelerate across industries – from smart manufacturing and logistics to smart cities and agriculture – the need for trust has never been greater. Connected devices are generating unprecedented volumes of data, which organizations use to drive operational decisions and power systems that affect millions of people daily. This capability comes with a huge responsibility to keep both the data and the devices that collect it secure. The eSIM provides the basis for that.

The eSIM is designed with security at its core – and it is ideally suited to meet IoT’s unique demands. Its embedded nature – soldered directly onto the device – eliminates the risk of physical theft or tampering compared with removable cards. Its compact size is also perfect for deployment in space-constrained devices, from wearables to industrial sensors. And critically, connectivity profiles can be remotely provisioned and managed, allowing manufacturers to deploy device fleets at scale, without needing to pre-configure network operators at the factory or later in the field.

Why eSIM is the root of trust

As the root of trust for IoT, the eSIM provides the hardware-based security foundation that protects three critical elements:

• Device identity: With an eSIM, every device has a strong, tamper-resistant identity that cannot be forged or duplicated – ensuring that only authorized devices can access networks and exchange data.
• Data integrity: By securing the device at the hardware level, the eSIM provides a trusted environment where data can be encrypted or digitally signed before transmission – ensuring its authenticity and integrity. This is critical in an AI age where data is so crucial to decision-making.
• Secure communication: The eSIM enables end-to-end protection of data between device, network, and cloud by supporting encryption and authentication mechanisms that prevent interception and tampering throughout the data life cycle.

One of eSIM’s biggest advantages is the simplicity it provides. A pressing question IoT manufacturers often face is how to securely provision and store cryptographic keys inside a device.

Attempting to solve this problem themselves, with software built on general-purpose chips not designed with dedicated security elements, is both risky and costly. Such an approach would expose devices to a wide range of attacks and threats. Manufacturers would also need to develop, test, and maintain proprietary security architectures, costing more money and diverting resources from other business areas.

The eSIM is a logical and proven alternative that eliminates all of this risk. Security is built into the hardware in the form of mobile system-on-a-chip (SoC) security technology – a secure operating system running on a smart card controller that combines a hardened microcontroller with purpose-built cryptographic protections. 

Instead of developing custom security solutions from scratch, manufacturers need only embed an eSIM in their devices to reap the rewards of certified hardware security, established global interoperability standards, and mature life cycle management capabilities. This allows OEMs to concentrate engineering resources on developing new applications, services, and revenue streams, safe in the knowledge that the eSIM will provide secure connectivity and protect data.

Trust as an enabler

With the number of cellular-connected devices projected to exceed 5.8 billion by 2030,¹ trust will become a competitive differentiator. Organizations that adopt eSIM technology as their root of trust can safeguard intellectual property and operational data, while also building verifiable security into their IoT solutions. This foundation will also enable new digital services that depend on authenticated device identity.

“eSIM is becoming a fundamental pillar in our globally connected world,” says Sönke Schröder, Director of Global Go-to-Market Strategy and Innovations at G+D. “Without authentication, there is no access. And without secure access, there is no trust.” 

Take connected vehicles as an example. Modern cars generate terabytes of data that enable features such as over-the-air software updates, usage-based insurance, and autonomous driving features – but only when the vehicle’s identity is trustworthy and communication stays secure. Global supply chains face similar challenges. Logistics providers need to be able to verify the location and condition of shipping containers and tracking devices. Authenticated device data helps them maintain that transparency across the supply chain, even in the most remote locations on Earth.

Just as the SIM card was a catalyst for mobile communications over 30 years ago, today it continues to underpin our connected world and act as an enabler for secure and sustainable IoT growth. As devices become more autonomous and data-driven decisions carry even greater consequences, a trusted foundation will become even more vital in the future.

G+D delivered the first commercial SIM in 1991 and has been at the forefront of secure connectivity innovation ever since. As a partner to network operators and device manufacturers worldwide, G+D has deployed eSIM solutions across more than 200 million devices – from smartphones and connected vehicles to industrial IoT systems. The decades-long track record in this field positions G+D to help organizations build the trusted foundations their IoT deployments depend on.

Published: 05/05/2026