As mobile operators continue rolling out their 5G Standalone (SA) networks — either through mature commercial deployments or finalizing pilot phases — they are entering a crucial next step: enabling international roaming across 5G SA networks. This evolution allows outbound roamers to access the same 5G services abroad as they do at home, and it likewise welcomes inbound roamers from foreign networks.
While the end-user experience between LTE and 5G SA roaming may appear seamless on the surface, the underlying inter-network behavior is radically different. This shift is driven by the adoption of Zero Trust Architecture (ZTA) and Security by Design principles in the 5G System (5GS). Major security advancements include:
- Added procedures for Network Authentication Confirmation to both protect against network spoofing and prevent fraud;
- Introduction of the Subscription Concealed Identifier (SUCI) for stronger subscriber privacy and protection against false base stations; and
- Encrypted transport layers and the introduction of the Security Edge Protection Proxy (SEPP) and Inter-PLMN User Plane Security (IPUPS) network border elements to secure inter-operator roaming interconnections.
These measures reflect both improved security practices and a response to tightened data privacy regulations such as GDPR.
The Role of the GSMA in 5G SA Roaming
To implement roaming for 5GS, mobile operators rely on guidelines developed by the GSMA, the global industry association responsible for roaming contracts, technical harmonization, and operational best practices.
One key document is GSMA NG.113, which provides comprehensive guidance for deploying 5G SA roaming services, including the set of recommended end-to-end 5G SA roaming scenarios together with detailed architectural designs.
The GSMA also extends beyond formal standards bodies like 3GPP and IETF by offering practical frameworks such as the Roaming Agreement EXchange (RAEX) repository for consistent operator data exchange, which underpins trusted roaming operations across hundreds of networks.
Why PRINS Falls Short for 5G SA Roaming
Even after stepping down at the end of 2023 as GSMA Chair of the 5GMRR Task Force, I continue to receive inquiries about the status of PRINS (Protocol for N32 Interconnect Security) and the challenges it poses for inter-operator roaming. Why is standardisation of PRINS still not completed in 3GPP (now postponed to Release 20 for 5G advanced)? And does an investment in PRINS still make sense, given the availability of the simpler hop-by-hop TLS alternative?
The 5GMRR Task Force — comprising business owners, operational teams, and security experts — was established specifically to address early concerns raised by IPX providers about the feasibility of implementing PRINS within real-world roaming models. The core issue: PRINS breaks from the operational and legal structure of the traditional roaming ecosystem elaborated and improved over the years for 2G to 4G.
Meanwhile, experts familiar with roaming found a pragmatic solution in GSMA 5GMRR with the alternative hop-by-hop TLS model. This is a compromise that improves signal security while maintaining compatibility with existing 2G-4G roaming structures. This decision aligned with the long-standing model of shared responsibility, enforced by bilateral contracts, traceable operations, and support for virtually all security enhancements defined for 5G SA roaming.
Yet, despite this consensus, discussions around PRINS persist. Recent 3GPP Release 20 (5G Advanced) activity includes new requests from the GSMA to revise PRINS. Surprisingly, these are not minor technical refinements but foundational design questions, confirming that the original PRINS architecture may be fundamentally misaligned with roaming requirements.
To use an analogy: you cannot expect a train with square wheels to carry passengers smoothly. PRINS, though well-intentioned, started with the wrong assumptions.
What Makes PRINS Incompatible with Roaming Intermediaries?
PRINS introduces end-to-end encryption of control plane signaling. This renders the role of IPX providers and roaming intermediaries effectively invisible. While this might sound like improved security and privacy protection, the consequences are severe:
- No ability to monitor or intervene at intermediary points;
- The breakdown of the security perimeter model, exposing mobile operators directly to all partners; and
- The loss of value-added services (VAS) provided by intermediaries, such as traffic filtering, analytics, and fraud detection.
PRINS ignores the trust architecture that underpins global roaming — one built on well-defined data flows, liability chains, and transparency, not pure point-to-point encryption.
What’s the Alternative? A Balanced Security Model
Security in a global roaming ecosystem must address three core pillars:
- End-user data protection and privacy;
- Reliable and trusted network infrastructure; and
- Traceability for accountability and fraud mitigation.
Historically, the focus from 2G to 4G was primarily on the reliability of infrastructure reliability (#2). Later additions addressed emerging risks using methods such as SS7/Diameter firewalls and topology hiding. However, these additions were typically ways to retrofit security to designs which had ignored security. In 5G SA, security becomes native through with encrypted user and control plane data, stronger network authentication, and improved entity verification.
Traceability (#3) is well-served through GSMA’s RAEX and IR.80 specifications, which standardize routing data across intermediaries. In 5G SA, authentication enhancements further strengthen this aspect.
However, end-user privacy (#1) is not fully addressed in a roaming context, despite the improvements introduced with SUCI and TLS.
Toward a Better Privacy Model for 6G
Rather than overhauling the entire ecosystem with PRINS, the industry should focus on addressing the few privacy gaps that remain. This can be achieved by extending the concealment model used by SUCI to other roaming elements.
1. Concealing End-User Identity
Can intermediaries operate effectively without knowing a subscriber’s permanent identity? If so, SUCI could remain in place throughout the transaction, protecting the user while maintaining service integrity.
2. Location Privacy
Is it necessary for intermediaries to access precise subscriber location? Could obfuscated or masked data be sufficient, with optional access granted under agreed use cases (e.g. for lawful interception or fraud investigations)?
3. Protecting Authentication Vectors
If end-user authentication vectors are not essential for intermediaries, could a concealed version, based on keys shared only between the home and visited networks, offer an elegant workaround?
By resolving these open questions with lightweight, interoperable concealment techniques, we could secure privacy without dismantling the current model of roaming operations.
Conclusion: A Pragmatic Path Forward
Rather than revisiting the complex and disruptive path PRINS offers, mobile operators and standardization bodies should look toward targeted privacy refinements for the next generation of networks.
A smarter approach for 6G would:
- Retain existing trust and operational frameworks;
- Use SUCI-like mechanisms to protect sensitive data;
- Be backward-compatible with 5G deployments; and
- Support for all roaming models.
Such a model would secure the ecosystem without fragmenting it, ensuring privacy, resilience, and global operability as we evolve toward 6G. And the model equally applies to Hosted SEPP and Group SEPP that today suffer from the same security weaknesses as roaming intermediaries like Roaming Hubs.
Author’s note: The views expressed here build on my involvement as Chair of the GSMA 5GMRR Task Force and reflect ongoing industry discussions. My aim is to help the community converge on practical, scalable solutions for global roaming security.



