The Lock-In Loophole that Could Derail Cellular IoT

Cellular IoT has long been billed as the next frontier for machine‑to‑machine connectivity, with forecasts from the GSMA and Ericsson pointing to billions of devices by 2030. The recent SGP.32 specification promised to unlock that potential by extending eSIM technology—first popularized in smartphones—to rugged, long‑life IoT hardware. By embedding an eUICC that can host multiple eSIM remote managers (eIMs), operators and OEMs were expected to gain unprecedented flexibility in choosing carriers, scaling deployments, and reducing logistics costs.

In practice, the promise is being undercut by a subtle but consequential design choice: the eIM itself is not mandated to be configurable. According to a GSMA report, five of eight available eIMs lock the device to a fixed set of carrier profiles, preventing the addition of new eIMs. For deployments that often span 10‑15 years in hard‑to‑reach locations, this means a device could be tethered to a single vendor’s ecosystem for its entire lifespan. The result is a hidden lock‑in that can force enterprises to recall thousands of units if a better network emerges, eroding the cost‑benefit calculus that made cellular IoT attractive.

The stakes rise further as IoT data fuels AI models and real‑time analytics. A locked‑in connectivity layer restricts the ability to switch to lower‑cost or higher‑performance networks, potentially inflating operational expenses and limiting data quality. Moreover, the concentration of control in a few eIM providers raises competitive concerns and could dampen innovation across the telecom supply chain. Industry leaders, standards bodies, and regulators must address this loophole now—by requiring configurable eIMs or establishing transparent certification criteria—to preserve the openness of the eSIM ecosystem and sustain the rapid growth trajectory envisioned for cellular IoT.