eSIM

Kigen SIM & eSIM: A Deep Dive for IoT Developers

8th October 2025 · 9 min read
Kigen SIM and eSIM for IoT device connectivity and management.

Summary: This article covers Kigen’s role in IoT SIM and eSIM infrastructure — explaining the difference between physical SIM, eSIM (eUICC), and iSIM, how remote SIM provisioning works for high-volume IoT manufacturing, and why Kigen (an Arm subsidiary) is becoming a key name for UK IoT developers building connected products at scale.

Kigen eSIM

If you build connected products for a living—meters, trackers, kiosks, EV chargers, wearables—Kigen is a name you’ll increasingly bump into. They sit in the unglamorous but mission-critical layer where identity, security, and connectivity meet: the SIM. Not just the old plastic card, but the whole spectrum: eSIM (eUICC), iSIM, remote provisioning, and in-factory profile workflows for high-volume manufacturing.

This is a straight-talking profile for IoT developers, device OEMs, and platform folks who want enough depth to make architectural choices—without the brochure gloss. We’ll cover what Kigen actually ships, where they’re strong, where you should be sceptical, and how to decide if their stack belongs in your next design.

TL;DR for Busy Engineers

  • Kigen builds SIM operating systems (eUICC/iSIM), remote SIM provisioning (RSP) tooling, and factory provisioning workflows.
  • eIM (their eSIM IoT Manager) is aligned with SGP.32, the IoT-focused eSIM spec—useful for low-power and unattended devices.
  • IPA (IoT Profile Assistant) lives either on the eSIM (IPAe) or device-side (IPAd) to orchestrate profile lifecycle with minimal friction.
  • IFPP (In-Factory Profile Provisioning) lets you burn in the right operator profiles late in manufacturing—even in offline factories—so you can ship a single global SKU.
  • 2025 saw industry-wide scrutiny of eSIM security. Kigen shipped mitigations aligned to updated testing profiles. If you deploy at scale, you should track their advisories and verify your certification/test flows.
  • If you need global scale, power efficiency, and fewer SKUs, Kigen’s combo of eSIM/iSIM + eIM + IFPP is compelling—but plan for standards churn, integration effort, and vendor dependency.

Why You Should Care (Even If “a SIM Is Just a SIM”)

In consumer phones, the SIM is plumbing. In IoT, it’s often the root of trust and the operational throttle:

  • Your device may never see a human again after install. You still need to activate, switch networks, update profiles, and decommission remotely.
  • You can’t burn battery doing heavyweight downloads. You need lean transactions optimised for NB-IoT/LTE-M/idle devices.
  • You can’t juggle 20 SKUs for 20 regions. You want one hardware build and late binding of the “who’s my carrier?” decision.

Kigen’s pitch is essentially: we give you the secure OS, the profile-lifecycle brain, and the factory/field workflows so you can ship once and light up connectivity wherever the device lands.

Product Stack in Plain English

1) SIM Operating Systems (eSIM and iSIM)

eSIM / eUICC OS: a compact, multi-application SIM OS that supports profile download/switch/delete per GSMA specs. The selling point is footprint, power behaviour, and integration maturity across common modules and chipsets.

iSIM: same idea, but the SIM moves into the SoC’s secure domain (iTRE/secure enclave) rather than on a separate chip. Benefits: smaller BOM, tighter power budget, sealed security boundary. Good for wearables, sensors, and anything space-constrained.

Engineer’s take: eSIM is table stakes now for serious IoT. iSIM is where the density/power wins get real—but watch your silicon roadmap and toolchain; iSIM ties you to specific chip vendors and security IP.

2) eIM (eSIM IoT Manager) for SGP.32

eIM is Kigen’s server-side fleet manager for SGP.32. Think of it as the orchestration layer that tells tiny devices how and when to grab, switch, or park profiles without bricking themselves or draining the battery.

SGP.32 exists because the earlier consumer/legacy specs were too heavy for sleepy, low-power IoT. eIM implements the leaner state machines and transactions those devices need.

Engineer’s take: if your devices live on NB-IoT/LTE-M with long sleep cycles and tiny energy budgets, SGP.32 + a mature eIM is more than “nice to have”. It’s the difference between predictable field ops and “why did we wake 10,000 meters at 2am?”.

3) IPA (IoT Profile Assistant): On-SIM or On-Device

IPAe lives inside the eUICC; IPAd runs on the host (Linux/RTOS). Both talk to eIM and the operator’s SM-DP+ to handle profile lifecycle steps.

Engineer’s take: IPAd is attractive if you want “brains” in your agent (e.g. context-aware profile switching, your own backoff timers, dual-SIM coordination). Just remember: the certification burden shifts toward you.

4) IFPP (In-Factory Profile Provisioning)

Instead of shipping with a generic bootstrap and doing heavy OTA later, IFPP lets you inject the right operator profiles in the factory—even offline/air-gapped—close to ship time.

That means one global SKU, minimal plastic SIM logistics, cleaner first-boot, and fewer field surprises.

Engineer’s take: two big wins—(1) less battery burned in the field on first activation, and (2) fewer “wrong profile for region” headaches. The catch is operational: you’ll integrate IFPP steps into your MES and create a controlled identity/personalisation station.

Where Kigen Is Strong

  • SGP.32 early mover: Kigen invested early in the IoT-focused eSIM spec—eIM and IPA are tuned for it.
  • Factory-to-field story: SIM OS + eIM + IFPP makes a coherent pipeline from silicon to outbound logistics to lifetime ops.
  • iSIM maturity: if your roadmap includes iSIM-capable silicon, Kigen has an established OS and collateral to get you moving.
  • Ecosystem traction: partnerships with module vendors and IoT platforms (Nordic, Particle, etc.) lower friction for deployment.
  • Security baseline: the SIM OS is designed for GSMA certification and trusted manufacturing, reducing risk for regulated industries.

Where You Should Kick the Tyres

  • Competition and incumbents: giants like G+D, Thales, and IDEMIA dominate; Kigen must prove reliability and support parity.
  • Spec evolution risk: SGP.32 is still bedding in—expect quirks and interoperability gaps.
  • Security vigilance: mid-2025 vulnerabilities proved SIM stacks aren’t immune. Always patch and audit.
  • Integration cost: IFPP and IPAd require factory integration, secure key handling, and firmware plumbing.
  • Vendor lock-in: embedding a third-party OS plus backend reliance equals switching friction—negotiate migration paths.

How Kigen Fits into the IoT Connectivity Landscape

Functionality / RoleLegacy SIM / pSIMAlternative eSIM OfferingsKigen’s Sweet Spot
Physical SIM slotBulky, manual, region-lockedN/A
Embedded SIM / eUICC / SIM OSVendor-specificG+D, Thales, IDEMIACompact, secure, integrated stack
Remote provisioningLimitedOperator proprietaryFull RSP stack + orchestration
Multi-network switchingManual, fixedPartialAutomated via eIM + IPA
Factory provisioningManual SIM insertionFew solutionsIFPP late binding
Ecosystem partnershipsLowVariesStrong with module + platform vendors
Future spec supportLegacyEmergingEarly SGP.32 adoption

Use Cases and Industry Examples

  • Nordic Semiconductor collaboration: demonstration of Remote SIM provisioning on nRF9151 SiP using Kigen eIM for massive IoT.
  • Particle partnership: simplifies eSIM workflow for developers deploying global fleets with dynamic profile switching.
  • Manufacturing pilots in Asia: offline IFPP trials for high-volume OEMs to reduce SKU complexity and logistics cost.

Security Checklist for 2025 Deployments

  • Eliminate test artefacts and GSMA test profiles from production builds.
  • Version-pin SIM OS, test profiles, and eIM/IPA agents per batch.
  • Harden IFPP workstations like a PKI: locked rooms, dual control, audit trails.
  • Design OTA flows with retry, backoff, and power-aware scheduling.
  • Implement revocation for stolen or RMA’d devices.
  • Run independent penetration tests annually.
  • Maintain a written incident plan for SIM OS or provisioning vulnerabilities.

Costs You’ll Actually Incur

  • Integration: API wiring, IFPP MES hooks, and IPAd development.
  • Certification: lab time for SGP.32 and operator acceptance.
  • Operational tooling: dashboards, retries, monitoring.
  • People: at least one engineer to own provisioning pipelines.
  • Change management: regression testing after every spec update.

When to Say “Yes” — and When to Pause

Say yes if:

  • You manage large fleets of low-power or global devices needing SGP.32 efficiency.
  • You need one global SKU with late-stage operator selection.
  • You’re moving to iSIM for cost and power benefits.

Pause if:

  • Your fleet is small and single-region.
  • Your team lacks resources for factory integration or certification cycles.

90-Day Pilot Playbook

  1. Weeks 0–2 – Scoping: choose 2–3 device SKUs, define IPA model, set up test networks.
  2. Weeks 3–6 – Integration: wire eIM APIs, build minimal IPAd agent, create sandbox IFPP station.
  3. Weeks 7–10 – Field trials: 100–300 devices across countries, stress test profile swaps.
  4. Weeks 11–13 – Security & certification: confirm no test artefacts, lock versions, sign off rollout.

The Bottom Line

Kigen’s value isn’t one feature—it’s fit and finish across the chain: a lean SIM OS, an IoT-aware eSIM manager, and a realistic factory story. For global NB-IoT/LTE-M deployments—or where iSIM is on your roadmap—this stack cuts friction, reduces power draw, and scales cleanly.

You’ll still need to handle the groundwork—factory security, API integration, and testing—but the result is dependable, low-touch connectivity. In IoT, “operationally boring” is the ultimate compliment.

FAQ

Does Kigen work with my existing CMP or MVNO?

Usually, yes. eIM interacts with any compliant SM-DP+ interface, so integration depends more on your connectivity provider’s APIs than Kigen itself.

Do I need IFPP, or can I just bootstrap OTA?

IFPP isn’t mandatory but pays off at scale. OTA bootstrap is fine for small batches; factory provisioning saves time, cost, and battery life when volume rises.

Is iSIM production-ready?

Yes for several chipsets (e.g. nRF91, Qualcomm MDM9205). Validate support and security enclave toolchains with your silicon vendor.

What about 2025’s eSIM security incident?

Kigen released mitigations aligned with updated GSMA test profiles. Verify your OS build includes them and ensure test settings are stripped before shipping.

How hard is SGP.32 migration?

Moderate: new agent, new certification loop, but you’ll gain lower power use and more reliable remote ops long-term.

SEO Metadata

  • Meta title: Kigen eSIM & iSIM: A Deep Dive for IoT Developers
  • Meta description: Kigen eSIM and iSIM explained for IoT developers: SGP.32 eIM, IPA, and In-Factory Profile Provisioning (IFPP) for secure, efficient connectivity.
  • Primary keyword: Kigen eSIM
  • Secondary keywords: Kigen SIM, Kigen iSIM, SGP.32, IoT Profile Assistant, In-Factory Profile Provisioning

Featured Image Suggestion

A production line or circuit board with a glowing secure enclave overlay, purple background and orange accent arrows symbolising profile download flow.

Sources (names only)

  • Kigen – Product pages (eSIM, iSIM, eIM, IFPP)
  • Kigen – SGP.32 white papers and glossary
  • Nordic Semiconductor – nRF91 Series press releases
  • Particle – Kigen collaboration announcement
  • GSMA – TS.48 Generic Test Profile updates
  • Tech industry coverage of 2025 eSIM vulnerability