29.8k unique visitors in the last 3 days

Why Permanent Roaming Is an Unreliable Solution for IoT and M2M

EU regulators should turn to eSIM and the Open Gateway framework to address key challenges concerning the reliability and security of permanently roaming IoT/M2M devices.

In today’s world of digital transformation, our daily lives, manufacturing processes, and personal activities increasingly rely on the internet of things (IoT) and machine-to-machine (M2M) applications. From devices in logistics to personal networks and remote sensors, these applications often depend on mobile connectivity technologies such as Bluetooth, Wi-Fi, public and private cellular networks (2G, 3G, 4G, 5G) and low-power wide-area (LPWA) networks. Among these connectivity options, permanent roaming has become a popular choice for many IoT/M2M use cases.

IoT/M2M devices are often embedded in products used in logistics, surveillance, and personal networks. There are also permanently installed IoT/M2M devices that need to be widely spread across different geographic regions. Often, these devices are manufactured in one country, assembled in another, and deployed in a third. Rather than managing separate local SIM cards for each deployment, permanent roaming simplifies production, assembly, and deployment by allowing devices to roam across different mobile networks globally.

This article was motivated by a recent publication from the Body of European Regulators for Electronic Communications (BEREC). Their BoR (24) 165 report on M2M and permanent roaming provides important regulatory guidance and promotes the development of the EU Single Market for IoT. However, it overlooks key challenges related to the reliability, security, and the limits when innovating permanent roaming solutions for IoT/M2M applications.

This article explores these challenges and presents alternatives, such as eSIM technology and the Open Gateway framework, that could better support the growing demand for reliable and scalable IoT/M2M solutions. In addition, these alternative solutions offer additional IoT/M2M service innovation opportunities that are not possible with permanent roaming.

Why We Cannot Rely on Permanent Roaming

Initially, permanent roaming presented a simple and effective way to connect IoT/M2M devices globally, leveraging mobile network procedures designed for voice and SMS services. Roaming became a popular way of working because it simplified deployment schemes and some national regulations were more generous than others in supporting IoT/M2M devices in their mobile numbering schemes.

However, as the number of connected devices and the complexity of their use cases have increased, the limitations of permanent roaming have become more apparent. These limitations often get overlooked or put aside due to cost savings and simplicity, but they pose significant risks, especially for mission-critical applications.

There are three main drawbacks to permanent roaming.

1. Availability

Roaming involves a chain of connections between the visited and home networks, often involving multiple network providers. As a result, the uptime of roaming services can be unpredictable. While disruptions may not significantly impact applications that are not time-sensitive, they become a serious concern for applications requiring continuous or instant connectivity. Examples of the latter include remote monitoring systems and personal safety devices. A lost connection could lead to data gaps, delays, false alarms, or even total service outages.

2. Singularity

Roaming services are structured differently from many other telecom services due to their operational complexities and the vast scope of the global roaming ecosystem, which involves end-to-end roaming relationships between approximately 800 mobile network operators worldwide. While roaming connections actually enable highly profitable services, they are often viewed as a cost. Additionally, roaming requires specialists with specific, niche knowledge.

These factors create the perfect conditions for a vulnerable system, with many of the roaming connections between the home and visited networks managed through a Roaming Hub provider. These providers play an important role in the global roaming ecosystem, as they allow mobile operators to easily offer their end users global coverage without having to bear all the operational hassles associated with roaming.

Singularity becomes an issue because the technical standards for the roaming relationships operated via a Roaming Hub, defined by the GSM Assocation (GSMA), only support a model where these are controlled by a single Roaming Hub provider, leaving no room for redundancy and backup roaming connections.

3. Security

Roaming connections are particularly attractive targets for hackers due to the sensitive information they transmit, including the location of users and other private data. Vulnerabilities in signaling protocols like SS7 and Diameter have been exploited in the past, leading to significant security breaches. This presents a critical issue for IoT/M2M services that deal with personal, financial, or sensitive data.

These issues make permanent roaming an unreliable solution, especially for mission-critical IoT/M2M applications that require continuous, secure, and resilient connectivity. For example, consider a lost roaming connection for several hours in the case of electronic anklets used to monitor convicts during their house arrest. This would imply that the individuals are out of sight of the legal authorities for the duration of the outage!

Emerging Solutions: eSIM and Open Gateway

As the limitations of permanent roaming become more apparent, newer solutions are emerging that offer better reliability, security, and scalability for IoT/M2M applications. These solutions include eSIM technology and the Open Gateway framework.

A. eSIM Technology

eSIM (Embedded SIM) is an innovative solution that addresses many of the logistical challenges associated with traditional SIM cards. Unlike physical SIM cards, eSIMs are rewritable and can be configured remotely, making them ideal for IoT/M2M use cases.

For static use cases — such as smart metering, surveillance (including the above mentioned example of electronic anklets), and national logistics — eSIMs enable direct connections to the home network, eliminating the need for roaming altogether. This reduces the risk of downtime and ensures that devices remain reliably connected to the network. Moreover, eSIMs simplify device deployment, as they can be remotely provisioned and updated, reducing operational costs and time-to-market.

B. Open Gateway Framework

The Open Gateway framework, driven by the GSMA, is an exciting new development in telecom. With this Network as a Service (NaaS) framework, the telecom network capabilities are exposed through Application Programming Interfaces (APIs). This allows third-party service providers to integrate seamlessly with mobile networks. The framework simplifies the complexity of roaming and network management, as the API abstracts away the details of underlying network technologies.

With Open Gateway, mobile operators can offer a wide range of network services, like Quality of Service, bandwidth differentiation, and low-latency IoT/M2M services, without the need for traditional roaming agreements. The framework also facilitates cross-generation connectivity (e.g. 2G, 3G, 4G, 5G) and supports integration with other access technologies like Wi-Fi and private cellular networks. Combining this flexibility with the web-based API and the potential for advanced 5G programmable innovation makes the Open Gateway framework an ideal solution for emerging IoT/M2M applications that require high performance, low latency (like 5G RAN edge computing) and continuous availability.

C. Real-World Use Cases
  • Automotive: Car manufacturers are increasingly using eSIMs to enable connected car services, reducing the reliance on roaming and providing seamless global connectivity for vehicles.
  • Logistics: Companies in the supply chain and logistics industries are leveraging eSIMs to track shipments across borders without the hassle of managing multiple SIM cards.
  • Healthcare: In healthcare, eSIMs are being used in wearable medical devices to ensure reliable, uninterrupted service, and the Open Gateway framework is enabling healthcare providers to deliver real-time patient monitoring with low-latency connectivity.

Conclusion

The BEREC report is a welcome development that provides more clarity and a regulatory framework for IoT/M2M products relying on permanent roaming. While it will likely boost the market for low-end IoT/M2M applications where reliability and security are not as critical, it is clear that alternatives such as eSIM and Open Gateway offer more reliable, secure, innovative and scalable solutions for mission-critical and data-sensitive services.

As the IoT landscape continues to evolve, the use of permanent roaming is likely to diminish, driven by the process simplifications provided by eSIM and the new opportunities enabled by the Open Gateway framework. Both technologies are well-positioned to transform the way IoT/M2M services are delivered, making them more resilient, cost-effective, and future-proof.

Finally, BEREC is encouraged to incorporate these considerations regarding the shortcomings of permanent roaming in a future update of the report. Additionally, the scope should be expanded to include eSIM and Open Gateway, thus ensuring a comprehensive regulatory perspective for the fast-growing market for IoT/M2M applications and its vital importance in today’s world of digital transformation.

Pieter Veenstra
Pieter Veenstra
After a distinguished career in leading roles within the telecom industry, Pieter now serves as an independent expert in routing and security. He is an advisory member of CPaaSAA, a partner of i3forum, and a guest lecturer for MSc courses at the Technical University of Delft. Throughout his career, Pieter has contributed significantly to the field, publishing articles, and chairing various working groups in ETSI and GSMA. His contributions include serving as the Chair of the GSMA Roaming and Interconnection Fraud and Security working group and editor for detailed technical specifications such as the GSMA PRD FS.40 - 5G Security Guide. He also currently contributes his insights to the i3Forum Technology working group and the One Consortium Restore Trust initiative with GIRAF. His goal it to help the community converge on practical and effective solutions for CLI data protection. See Pieter's LinkedIn profile here.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email