The GSMA’s eUICC Security Assurance (eSA) Scheme has taken a significant step forward with the release of SGP.06 V2.3 and SGP.07 V2.3 back in May 2025, marking a pivotal expansion in its certification scope. Traditionally focused on software evaluation through the SGP.25 Protection Profile (PP-0100), the scheme now formally includes hardware certification via PP-0084 and PP-0117, enabling a holistic and unified security assurance framework for eUICCs.
Why This Matters
Until recently, eUICC hardware certification relied solely on Common Criteria (CC) evaluations – an internationally recognised benchmark for security assurance. While CC remains a trusted and rigorous option, its evaluation process can be demanding, especially for the dynamic and modular nature of eUICC components. With the latest extension, the GSMA now formally supports the use of its eUICC Security Assurance (eSA) Scheme as an alternative for hardware certification, covering both the Integrated Circuit (IC) and the Runtime Environment of Tamper Resistant Element / Integrated Tamper Resistant Element (TRE/iTRE). The eSA Scheme offers the same high level of security assurance as CC, while introducing process optimisations that reduce evaluation effort. This makes it particularly suitable for fast-evolving eUICC implementations, without compromising on trust, compliance, or interoperability.
What’s New in SGP.06 V2.3 and SGP.07 V2.3?
- SGP.06 V2.3 introduces formal references to PP-0084 and PP-0117, aligning the scheme with the latest hardware protection profiles and clarifying the certification pathways for IC-based and iTRE-based implementations.
- SGP.07 V2.3 updates the methodology to accommodate the evaluation of hardware components, including optimisations for composite certification scenarios where both hardware and software are assessed together.
Implications for Stakeholders
For eUICC manufacturers, this means a clearer and more unified route to certification – whether they are developing software, hardware, or both. For Certification Bodies and Labs, the updated scheme provides a harmonised framework to assess compliance across the full technology stack.
Moreover, the inclusion of hardware profiles like PP-0084 and PP-0117 ensures that the scheme remains aligned with Common Criteria standards, reinforcing trust and interoperability across global markets.
Looking Ahead
The evolution of the eSA Scheme represents more than a technical refinement – it’s a strategic advancement aligned with the growing complexity of eSIM deployments across IoT, Consumer, and M2M sectors. As the industry continues to prioritise secure, scalable, and interoperable solutions, GSMA’s expanded certification framework is set to play a foundational role in enabling trusted innovation and accelerating global adoption.
GSMA eSIM Services: Enabling the eSA Scheme
The GSMA’s eSIM Services play a vital role in enabling and scaling the eUICC Security Assurance (eSA) Scheme. As part of its Assurance Service portfolio, GSMA provides a structured and trusted certification ecosystem that will now support both software and hardware security evaluations for eUICCs.
Through collaboration with accredited certification bodies and licensed laboratories, the GSMA ensures that eUICC products meet rigorous security and interoperability standards. The eSA Scheme, benefits directly from GSMA’s operational infrastructure, including:
- Streamlined certification workflows via GSMA’s centralised registration and evaluation processes.
- Discounted administrative fees for GSMA members applying to the eSA Scheme, reinforcing the value of membership in accelerating secure product deployment.
- Visibility and trust through the GSMA eSA Certified Products Database, which lists certified eSA products.
- Integration with other GSMA assurance services, such as SAS (Security Accreditation Scheme) and eIS (eUICC Identity Scheme), creating a unified framework for eSIM product validation.
By embedding the eSA Scheme within its suite of eSIM Services, GSMA not only simplifies the certification journey but also strengthens the global eSIM ecosystem -ensuring that security, compliance, and interoperability remain at the heart of innovation.