eSIM orchestration for IoT: how it works and why it matters

When you manage a handful of IoT devices, picking a carrier and downloading an eSIM profile is straightforward. When you manage 50,000 devices across 22 countries, each one needing the right carrier, the right profile, and compliance with local regulations, that manual approach falls apart fast. Devices go offline during carrier outages. Roaming fees pile up. Compliance gaps open without warning. And every fix needs a human in the loop.

eSIM orchestration is the intelligence layer that turns eSIM hardware into a self-managing connectivity system. It automates which network a device connects to, when it switches, and under what rules, across an entire fleet. This article breaks down what eSIM orchestration is, how the architecture works, where it delivers the most value, and what to look for when evaluating a platform.

TL;DR

• eSIM orchestration is the automated, policy-driven management of eSIM profiles across a global IoT fleet. It controls carrier selection, switching, failover, and compliance enforcement without manual intervention.
• SGP.32, the GSMA specification designed for IoT devices, is now published and stable, removing the technical barriers to fleet-scale orchestration.
• The market is accelerating. The eSIM orchestration market reached 1.9 billion USD in 2025 and is projected to hit 18.4 billion USD by 2035 (Market.us).
• Hologram's Conductor delivers policy-based profile switching, automated failover, and fleet-wide recovery from a single control surface.

What is eSIM orchestration?

eSIM orchestration is the software control layer that manages which network an IoT device connects to, when it switches, and under what rules, across an entire fleet of devices. It sits above basic eSIM provisioning and turns static connectivity into a dynamic, policy-driven system.

To understand what orchestration does, start with the hardware that makes it possible. Every eSIM-capable IoT device contains an embedded universal integrated circuit card (eUICC), a secure element that can store multiple carrier profiles and switch between them remotely. The eUICC is the foundation. Orchestration is the brain.

The distinction between provisioning and orchestration matters. eSIM provisioning is a single action: downloading a carrier profile onto a device. Orchestration is ongoing intelligence. It decides which profile to activate, when to switch to a different carrier, and why. Provisioning answers "can this device connect?" Orchestration answers "is this device on the best network right now, and what happens if that network degrades?"

Orchestration handles three core functions across the fleet:

1. Profile management controls which carrier profile is active on each device and manages the library of available profiles per device or device group.
2. Policy enforcement applies rules that govern switching behavior: geography-based carrier selection, signal-quality thresholds, cost optimization logic, and compliance requirements.
3. Lifecycle control spans the full device journey from initial provisioning at the factory through field deployment, operational management, and eventual retirement with secure profile deactivation.

Hologram has operationalized this at scale. Conductor, Hologram's SIM orchestration tool, gives IoT teams policy-based control over profile switching, network routing, and automated provisioning across global fleets, built on tens of millions of eSIM operations completed in production.

Why eSIM orchestration is becoming essential now

Three forces are converging to make eSIM orchestration a requirement, not a future consideration.

SGP.32 removes the technical barriers

The GSMA's SGP.32 specificationis published and stable as of July 2025. Unlike its predecessor SGP.22, built for consumer smartphones with touchscreens and user interaction, the GSMA designed SGP.32 specifically for network-constrained, headless IoT devices. It enables true over-the-air profile management without needing any consumer interaction, the missing piece for fleet-scale automation.

Rudolf Engelsman, VP Products and Marketing IoT at KPN, called SGP.32 "the next leap in IoT connectivity" that "takes away certain barriers," enabling "easier, scalable deployments" and "interoperability between devices, networks, and management platforms."

With SGP.32 stable, the standard is no longer a roadmap item. It is infrastructure that orchestration platforms can build on today. Hologram already ships Hyper SIMs in both SGP.02 and SGP.32 variants, positioning teams to adopt orchestration without waiting for the standard to mature.

Permanent roaming bans are forcing localization

Countries including Brazil, India, Turkey, and Nigeria have implemented or are enforcing permanent roaming restrictions. These regulations prohibit devices from operating indefinitely on a visiting carrier's network. Devices must use local carrier profiles.

For global fleets, this creates an operational problem that cannot be solved with a single global SIM. Each device needs the right local profile activated based on its physical location, and that profile needs to change if the device moves to a new jurisdiction. eSIM orchestration automates this localization process, switching to compliant local profiles based on device geography and enforcing regulatory rules without manual intervention.

Fleet scale demands automation

The numbers make the case. Cellular IoT connections are projected to more than double from 3.9 billion in 2023 to 8 billion by 2030, according to IoT Analytics . GSMA Intelligence reports that eSIM awareness has doubled from 25% to 50% in just two years. Pablo Iacopino, Head of Research at GSMA Intelligence, put it directly at the GSMA eSIM Summit : "2025 and beyond is what I call scale. The technology is available, now is the right time to scale."

The eSIM orchestration market reflects this momentum. Valued at 1.9 billion USD in 2025, it is projected to reach 18.4 billion USD by 2035 at a 25.60% compound annual growth rate (Market.us ). Counterpoint Research's 2026 Global IoT eSIM Orchestration CORE Report has already begun formally ranking vendors in the space, confirming that orchestration has moved from concept to competitive category.

At fleet scale, managing carrier relationships, profile assignments, failover logic, and compliance rules manually is not just inefficient. It is operationally impossible.

How eSIM orchestration works

Understanding the architecture clarifies why orchestration is a distinct capability, not just a feature of existing connectivity management platforms.

The orchestration stack

An eSIM orchestration platform operates across five layers:

1. Device layer: The eUICC hardware on each IoT device, storing multiple carrier profiles and executing profile switches locally.
2. Network layer: The carrier connections themselves, spanning cellular networks across regions, technologies (LTE, LTE-M, NB-IoT, 5G), and operator agreements.
3. eSIM management layer: The SM-DP+ (Subscription Manager Data Preparation) infrastructure that handles secure profile packaging and delivery to devices over the air.
4. Orchestration engine: The policy and rules layer that makes decisions. This is where the intelligence lives. The orchestration engine evaluates conditions, applies rules, and triggers actions across the fleet.
5. Enterprise systems layer: APIs, dashboards, billing integrations, and audit tools that connect orchestration to the rest of the business.

The critical distinction is between the eSIM management layer and the orchestration engine. Traditional architectures silo eSIM management within each carrier's own platform. A device on Carrier A uses Carrier A's management tools. A device on Carrier B uses a completely different system. The orchestration engine sits above these silos, creating a single control surface across all carriers and all devices.

Policy-based switching and failover

The orchestration engine runs on policies: rules that define when and why a device should change its active carrier profile. These policies can trigger on multiple conditions:

• Signal quality: Switch to a backup carrier when signal strength drops below a defined threshold.
• Latency: Reroute traffic when network latency exceeds acceptable limits for the application.
• Cost: Select the most cost-effective carrier for a given device in a given region at a given time.
• Geography: Activate a compliant local profile when a device crosses a national border.
• Carrier status: Detect a carrier outage and automatically fail over to an alternate network.

Automated failover is where orchestration proves its value most clearly. When a carrier degrades or goes down, the orchestration engine detects the change, evaluates the available backup profiles, and triggers a switch, all without a human opening a ticket. For a single device, that is convenient. For a fleet of thousands affected by the same carrier outage, it is essential.

Conductor maps directly to this architecture. It delivers policy-based profile switching, rules-based failover, API-triggered profile changes, and bulk recovery across the entire fleet from a single control surface. When a carrier outage hits thousands of devices simultaneously, Conductor orchestrates a coordinated switch, not a device-by-device scramble.

Lifecycle management from factory to field

Orchestration spans the full device lifecycle, not just operational connectivity:

• Manufacturing: Pre-load bootstrap profiles during production so devices arrive ready to connect.
• Deployment: Auto-select the optimal local carrier when a device powers on in its target market, with no manual configuration required.
• Operations: Continuous monitoring, policy-based switching, compliance enforcement, and performance optimization throughout the device's active life.
• Retirement: Secure profile deactivation with a full audit trail when you decommission a device.

This lifecycle approach eliminates the fragmented workflows that plague traditional SIM management, where provisioning, activation, monitoring, and deactivation often involve separate tools, separate teams, and separate carrier portals.

Where eSIM orchestration makes the biggest impact

Global fleets with multi-region compliance

A logistics company deploying 50,000 GPS trackers across North America, Europe, and Asia-Pacific faces a compounding compliance challenge. Each region has different carrier requirements, different roaming regulations, and different cost structures. Without orchestration, managing carrier selection per device per geography means spreadsheets, manual profile assignments, and constant risk of non-compliance.

eSIM orchestration automates carrier selection based on device location, enforces regulatory rules per jurisdiction, and maintains a single view of the entire fleet's connectivity status. Hologram's network spans 190+ countries and 550+ carriers, giving the orchestration layer the carrier breadth needed to make multi-region compliance operational rather than aspirational.

Mission-critical deployments that cannot tolerate downtime

Healthcare monitoring systems, industrial control equipment, and utility infrastructure share a common need: connectivity cannot lapse. When a remote patient monitor loses its connection, or an industrial sensor goes dark during a production run, the consequences extend beyond lost data.

Automated failover through eSIM orchestration prevents these gaps. The orchestration engine detects carrier degradation and switches to a backup network before the application experiences an interruption. Hologram backs this with a contractual 99.95% uptime SLA through Outage Protection, built on 100% historical platform uptime and multi-carrier redundancy across the fleet.

Cost optimization across carriers

Orchestration introduces least-cost routing at the connectivity layer. Instead of locking every device to a single carrier contract, the orchestration engine selects the most cost-effective carrier per device, per region, dynamically.

Three cost levers come into play:

• Roaming elimination: Switching to local carrier profiles removes permanent roaming fees entirely.
• Dynamic carrier selection: Choosing the lowest-cost carrier for each device's actual usage pattern and location.
• Truck roll reduction: Remote profile management and over-the-air switching eliminate the need to physically access devices for SIM swaps, a cost that multiplies quickly across field-deployed fleets.

How to evaluate an eSIM orchestration platform

Not all orchestration platforms are built the same. When evaluating options, focus on seven capabilities that separate production-grade orchestration from marketing-grade claims.

Standards alignment. Does the platform support SGP.32 natively, or does it rely on proprietary protocols that lock you into a single vendor's ecosystem? Standards-based orchestration protects your investment as the market matures.

Carrier breadth. How many carriers and countries does the orchestration layer actually cover? A platform that orchestrates across three carriers in one region is not the same as one that orchestrates across hundreds of carriers in 190+ countries.

Policy granularity. Can you define switching rules at the individual device level, the device group level, and the fleet level? Granular policy control is the difference between a blunt tool and a precision instrument.

Failover architecture. Is failover automated, and how fast is recovery? Ask for specifics: detection time, switching latency, and fleet-wide recovery capability when a carrier outage affects thousands of devices simultaneously.

API-first design. Can you integrate orchestration into your existing device management stack through APIs and webhooks? Or does the platform force you into a closed dashboard with no programmatic access?

Visibility and audit. Does the platform give you fleet-wide observability, real-time status across every device, every profile, every switch event? For regulated industries, compliance audit trails are not optional.

Vendor independence. Does the orchestration layer work across carrier relationships, or does it subtly lock you into a single provider's network agreements? True orchestration means true carrier flexibility.

eSIM orchestration is moving from industry concept to operational infrastructure. SGP.32 is stable. The market is growing at 25.60% annually. Permanent roaming regulations are tightening. The companies that build orchestration into their connectivity architecture now will carry a structural advantage as fleet deployments scale through the rest of the decade. Hologram's Conductoris entering broader availability in summer 2026, with full API support and policy-based orchestration built on Hyper SIMs in both SGP.02 and SGP.32 variants. The window to build this capability into your stack is open.

Talk with an IoT expert