eSIM and Privacy Laws: Balancing Convenience with Data Protection


eSIM is a SIM card that is built into the smartphone at the time of manufacture. It is a microchip embedded in the motherboard. The owner of the smartphone registers with the provider, who then performs the programming of the eSIM and provides access to the cellular connection. Using eSIM is easy and convenient. You just need to install the application from the App Store or Play Market on your phone and go through registration. One of the leading applications is, which has become popular all over the world. Owners of Android and iPhone can change carriers, and there is no need to purchase a new SIM card.

What is the convenience of eSIM:

  • eSIM cannot be broken, lost, or incorrectly inserted into the device;
  • No need to look for a paper clip and, in general, somehow disassemble the device in order to change the number;
  • Thanks to eSIM, it is easy to distinguish between your main number, work number, and, for example, another one with advantageous unlimited internet or other options. They are always at hand and quickly switch through the menu.

But like everything new, eSIM will change the system for selling services by operators and the rules for using and registering SIM cards. What will change from a technical and legal point of view?

eSIM Security Improvements

With today’s cyberattacks and their targeting of vulnerabilities in the network, the transition from physical cards can have a negative effect.

On the other hand, doing so makes it impossible to take the SIM card physically out of the device and put it in the SIM card reader. Additionally, the process of digital data storage, deletion, and reading will become more challenging (for instance, the Secure Enclave on iOS devices).

New Potential eSIM Security Issues

While wireless carrier profiling and allowing everyone to access an online service can increase usability and convenience, they also leave open the possibility for hackers.

Privacy concerns may arise if the SIM card is not removed to stop tracking. Up until now, it was possible to take a SIM card out of a phone and stop it from connecting to the network, which made it impossible to track. This potential is effectively eliminated by a connected integrated circuit, which makes it difficult to stop the device from being tracked.

Protecting data and devices from thieves and intruders

The physical SIM card can be removed and destroyed if your smartphone is stolen or lost. A thief can disable user settings (the iPhone is an exception), upgrade, and sell the phone without leaving a trace of the old SIM.

In the case of eSIM, there will be no such chance: such mechanisms have a special initialization order and reliable protection measures. An attacker will not be able to load an alternative profile without a password, attempts to reboot the system will be in vain, and the previous account will be restored, which will help track the location of the stolen item.

Personal identification is a way to protect against scammers

Also, in the process of the sale of an eSIM card, a new remote identification system will appear. After determining the identity of the subscriber using biometric data, the algorithm checks the provided information with the database and verifies its authenticity. This minimizes the likelihood of using illegal SIM cards and makes the mobile communications market safe – it will become more difficult to register a digital SIM card for another person. The system should be integrated with the operator’s BSS complex (Business Support Systems), in particular, with the systems through which the sale of electronic SIM cards occurs.

The complexity of technology implementation and the unavailability of systems

Implementation of the technology requires some preparation: changes in business processes and sales rules, operation of technological equipment, and restructuring of all operator systems. Preparatory work is also necessary for software manufacturers to support remote identification.

However, issuing a law is only part of the blocking factor. The main reason is the unavailability of the remote user identification system, which will be an integral part of the eSIM sales process. The system must comply with the requirements for the security of storing personal data and pass many checks by regulatory authorities before it is put into commercial operation. This fact pushes the priority of launch dates into the background so that subscriber data does not fall into the wrong hands.

Transfer of your confidential data to the operator

The influence of the device manufacturer on the mobile ecosystem is increasing. Third-party Java applets recorded on an eSIM card can carry functionality hidden from the user, including encryption and the transfer of confidential information to the developer (network used, signal strength, location, call logs, messages, etc.).


One way or another, eSIM is a future that we are moving towards very quickly. This technology has a number of advantages, but the privacy system is also not fully understood because some functions can help the user and some may seem negative because, one way or another, the operator will have access to your data.