Device integration for IPA/LPA of eSIMs into new products.

IPA, LPA and SGP.32: A Practical Guide for IoT eSIM Device Integration for Product Leaders

December 9, 2025

Kigen eSIM enablement suite, including our IPA/LPA, simplifies eSIM device integration. This guide helps product designers understand IPA vs LPA in the SGP.32 eSIM IoT specification, what to look for when choosing the right approach to IPA implementation between IPAe or IPAd, and how it is accelerating innovation across leading product portfolios.

In the world of industrial and mission-critical IoT, device-side integration of eSIM is one of the most challenging yet essential steps for manufacturers to undertake. For sectors such as utilities, transportation, smart cities, industrial automation, and energy monitoring, connectivity is fundamental because it underpins device reliability, service continuity, and maintaining of subscription and security across lifecycle. However, the diversity and constraints of IoT—ranging from limited user interfaces and variable bandwidth to power sensitivity and differing transport protocols—make consistent integration across products far more complex.

Developing portfolio-wide or multi-product connectivity strategies, therefore, requires approaches that draw on abstraction and interoperability to achieve resilience, scalability, and simplified deployment.

Understanding device-side integration requirements under SGP.32 standard

The GSMA’s new IoT eSIM standard, SGP.32, represents a significant evolution from the earlier Consumer (SGP.22) and M2M specifications. We’ve covered the benefits of the SGP.32 and how eIM optimises eSIM operations for resource-constrained devices. However, it is worth repeating that it reuses the existing SM-DP+ infrastructure to simplify deployments and introduce flexibility for constrained IoT devices. The specification builds upon the proven elements of previous versions to streamline adoption for both device manufacturers and operators while introducing new tools designed for large-scale B2B and IoT fleet management use cases.

Two new key components define SGP.32 integration:

eSIM IoT Remote Manager (eIM): A standardized remote provisioning tool that manages the download and lifecycle of profiles across a single IoT device or an entire fleet, without requiring direct user interaction. The eIM can communicate with any SM-DP+ or IoT device, removing the need for multiple custom integrations. You can find out more about Kigen eIM (eSIM IoT Remote Manager)

IoT Profile Assistant (IPA): Replacing the Local Profile Assistant (LPA) from the consumer specification, the IPA performs similar functions for the IoT context—enabling eSIMs to be remotely managed through the existing SM-DP+ and eIM infrastructure.

Kigen eSIM essentials: what's new in eSIM IoT GSMA SGP.32 specification vs eSIM consumer and M2M eUICC

IoT Profile Assistant (IPA) is a crucial software component defined by the GSMA SGP.32 specification for eSIM IoT device integration, acting as an intermediary to manage profile operations remotely. It facilitates communication between the device’s eSIM (eUICC) and a network-side server, the eSIM IoT Remote Manager (eIM).

Functionality IPA provides

The IPA provides multiple distinct functions:

Profile Download,
Discovery Service,
Notification Handling,
Confirming the Profile State Management Operations (PSMO),
eCO, and more.

Function name	Description
Profile Download	Plays a proxy role for efficient download of a Bound Profile Package from SM-DP+ or eIM to IPA and onward transfer into eSIM in segments. Profile download function will depend on network, device and eSIM capabilities.
Discovery service	When required, this is responsible for retrieving pending event records from an SM-DS.
Notification handling	Responsible for forwarding notifications to the eIM and SM-DP+.
PSMO / eCO Conveying	Responsible for conveying the states of profile operations, eIM Configuration operations and related results between eIM and eSIM.

The primary function of the IPA is to enable remote provisioning of eSIM profiles without requiring physical access or user interaction.

Profile Management: The IPA orchestrates the download and installation of new operator profiles from the Subscription Manager-Data Preparation+ (SM-DP+) server, using protocols optimized for constrained IoT environments like CoAP/LwM2M.
Intermediary: It interprets commands from the eIM (e.g., enable, disable, delete profile) and relays them to the eUICC, managing the secure communication flow.
Authentication: The IPA facilitates secure authentication by verifying requests from the eIM using shared secret keys or public keys, enforced by the eUICC, which is vital for maintaining security in IoT deployments.

Integration Implementation Options: IPAe vs. IPAd

Kigen IPAd and IPAe for IoT eSIMs - definitions

The IPA can either be a stand-alone component on the eUICC (IPAe), or a component of a higher-level functional software in the IoT Device (e.g. device management client) – residing on the device as IPAd. Both configurations are fully interoperable with eIM and SM-DP+, allowing device manufacturers to select an implementation that best aligns with their product design constraints and capabilities.

Device manufacturers (OEMs) have two options for integrating the IPA into their hardware, based on the device’s capabilities and design requirements:

IPAd (IPA in the Device): The IPA software is hosted on the application layer of the device’s operating system (e.g., Android, Linux).
- Pros: Offers greater flexibility and customization potential, allowing closer integration with device-specific features.
- Cons: Requires more development and certification work from the device maker and needs a device with sufficient processing power.
IPAe (IPA in the eUICC): The IPA logic is embedded directly within the secure eUICC chip itself, independent of the device’s main operating system.
- Pros: Simplifies integration significantly for OEMs, requires minimal or no firmware changes, and is ideal for low-power or resource-constrained devices.
- Cons: Less flexibility for customization as the functionality is tied to the eUICC provider’s implementation.

Choosing the right placement (IPAe or IPAd) is a key decision during the design and manufacturing process for SGP.32-compliant IoT devices, and numerous vendors offer solutions supporting both approaches.

The role of the IPAd in device integration

For developers, implementing the IPAd enables:

On-device integration of the IPA logic — enabling direct testing and validation of SM-DP+ interactions.
Network integration and functional testing, including APDU commands, profile state transitions, fallback, and handling edge cases.
Additional controls on integrating advanced functionality, or have the modem provide LPA functionality, or implement advanced authentication during in-factory profile provisioning.

An IPAd supports comprehensive development testing across command and response sequences, enabling simulation of enable, disable, and delete operations before deployment. It allows IoT device manufacturers to validate end-to-end profile management during development, ensuring predictable behavior in the field.

Why existing tools don’t meet IoT needs

Few open-source or commercial toolsets fully address the needs of constrained IoT environments. Consumer-grade eSIM management tools are often too resource-intensive, assuming access to large memory, stable connectivity, and user interfaces. In contrast, IoT environments demand:

Low computing and memory overhead
Minimal radio usage
Zero or very limited user interaction
High scalability and resilience

A dedicated approach to IoT eSIM enablement ensures that developers can integrate connectivity management into devices with limited resources—without sacrificing interoperability, reliability, or security.

Selecting the right IPAd for IoT device integration

When developing devices that run additional system logic or complex applications, sourcing an IPAd that meets key technical criteria is critical:

Robust management of eSIM profiles (enable, disable, delete), leveraging all eSIM OS features
Download eSIM profiles from the SM-DP+ and test interoperability
Retrieve notifications from the eUICC and send them to the SM-DP+ with platform-independent libraries for transport and network layers
Availability of example programs or templates for custom use cases

Underlying these principles is the GSMA’s use of Application Protocol Data Units (APDU) and Transport Protocol Data Units (TPDU), which define standardized command and response exchanges. These mechanisms, originally defined under GSM 11.11, remain the backbone of secure SIM–device communication in modern eSIM implementations.

Kigen’s eSIM enablement suite: simplifying SGP.32 integration

Kigen eIM and LPA eSIM enablement suite for devices

Kigen’s eSIM enablement suite was built to address the specific challenges of IoT device integration for the era of SGP.32. Kigen’s approach is deliberately broader for the IPAd, and delivered via our “standards-plus” Kigen Software Development Kit for Embedded C (C-SDK):

Reference implementation first: A production-grade IPAd/LPA reference, with profile lifecycle operations (download, enable, disable, delete, list, notifications, EID), exercised against eIM and SM-DP+ with defined unit, regression, and integration tests.
Portable C-SDK and middleware: A platform-independent, lean C-library with transport/network abstraction and ASN.1 parsing that runs across Linux, POSIX, and established RTOS—so teams can reuse one integration across multiple products and chipsets.
Security built in: Optional IoT SAFE support for dynamic certificate management, enabling secure identity and credential rotation without bolting on separate crypto stacks.
Provisioning simplified: IFPP provisioning simplification to streamline secure multi-profile loading and factory handover at scale, rather than relying on ad-hoc tooling.
Interfaces developers can trust: Stable APDU/AT interfaces or APIs, sample programs, and test suites that make behaviour deterministic and repeatable across a portfolio.

The result is a portable, tested, and standards-compliant environment that accelerates IoT product development while maintaining interoperability with GSMA-compliant infrastructure. This pays dividends both during device bring-up as well as through the product lifecycle.

Kigen IPA-LPA eSIM enablement across product lifecycle

How OEMs are using Kigen’s enablement tools

Robustel, a leader in industrial edge and 5G routers, faced the challenge of integrating multi-network eSIM capabilities across its product range within a one-month development cycle. Using Kigen’s eSIM OS, eIM, and C-SDK enablement suite, Robustel’s engineering teams overcame integration challenges rapidly and brought several eSIM-enabled products to market simultaneously.

In their announcement, Robustel shared:

“The suite of Kigen eSIM products and enablement tools—especially the Kigen C-SDK—allowed us to overcome device and eSIM integration challenges in record time. For the ease and reliability of the system, we are excited to build on this hallmark into our product line, ensuring we deliver solutions that directly solve customer connectivity problems.”
James Mack, CMO of Robustel

Further, over the past several months, NuvoLinQ’s engineering and integration teams achieved what many considered unattainable: full SGP.32 readiness for legacy hardware. Through targeted firmware collaboration with Kigen’s SGP.32 certified eIM solution, Kigen eSIM with dynamic Rescue and Recovery, device-level testing, and continuous validation, the company has proven that SGP.32 compatibility is achievable without hardware modification.

Why this matters for IoT manufacturers

For product managers and embedded teams building SGP.32-compliant devices at scale, a reference-driven, standards-plus toolkit delivers flexibility and versatility: one integration reused across product lines, predictable interoperability with eIM/SM-DP+, faster bring-up, and factory provisioning. The result is shorter development cycles, lower integration risk, and a consistent path to deploy the benefits of new IoT eSIMs across an entire IoT portfolio.

This was exactly the focus of our latest #FutureofSIM webinars hosted by Kigen. Hear directly from how NuvoLinQ and Robustel learnt about device integration challenges and bringing eSIMs to their portfolios with minimal changes and the opportunities it presents in simplifying device failures or issues in the field – available on our watch now list!

How to choose IPAd/IPAe – Real field expert insights

See Robustel and NuvoLinQ experts relay real field-experience of the challenges and choices for ensuring your AI and IoT devices have maximum uptime

Watch now »

OEMs success guide to IoT eSIM products: What to know about SGP.32?

Read our insights-packed guide to the essential changes for IoT eSIM products as defined by the new GSMA standard SGP.32, and how it applies to you.

Download now »

As we continue to champion the evolution of eSIM technology, we invite industry professionals to explore the possibilities enabled by Kigen’s cutting-edge eSIM solutions. Kigen eSIM enablement tools and C-SDK are available today with SGP.32-compliant eIM and eSIM OS.

Reach out to a Kigen expert to start your device integration journey for IoT eSIMs.

Let’s Talk

We can show you how to build eSIM products faster that scale.

Get in touch

Kigen leadership in eSIM enablement

Counterpoint Research and Technology’s flagship CORE ranking recognizes Kigen as leader in eSIM enablement for leading edge focus on IoT eSIMs.

Kigen eIM awarded IoT Solution of the Year!

The world’s first SAS-SM certified eIM for SGP.32, gained further industry recognition with the IoT Solution of the Year award!

See in full »

MFF4 eSIMs eUICCs - exclusively available from Kigen

IoT eSIMs for compact product design

Designing connected experiences with eSIM in compact devices? OEMs can now benefit from MFF4 form factor eSIMs – only from Kigen.

The Future of eSIM Hardware »