Kigen details CRA compliance path for IoT eSIM deployments
- Kigen said its eSA-certified eSIM OS and Kigen Pulse are designed to help IoT manufacturers prepare for the EU Cyber Resilience Act.
- The company said the EU Cyber Resilience Act requires vulnerability reporting and documentation from 11 September 2026, with security updates across product lifecycles starting in 2027 and at least 5 years of support.
- Kigen said GSMA SGP.32 alone does not guarantee CRA compliance and that auditable update logs and integration into compliance toolchains are also required.
Kigen said in a blog post that its eSA-certified eSIM OS and Kigen Pulse platform can help IoT manufacturers prepare for the European Union Cyber Resilience Act. Kigen said the regulation will require vulnerability reporting and documentation from 11 September 2026, and security updates for identified vulnerabilities throughout each product's expected lifecycle starting in 2027, with a minimum of 5 years of support.
Kigen said GSMA SGP.32, a standard for remote SIM provisioning and management for IoT devices, provides a connectivity and management foundation but does not by itself make a product CRA-compliant. The company said its latest eSA-certified eSIM OS can seek dynamic security patches from a guardian remote management agent or service, while Kigen Pulse provides traceable and auditable logs for update operations and supports Open API 3.0 integration with SBOM, compliance, and security management toolchains. Kigen also cited KPMG figures that put the average cost of a significant cyber attack for a UK business at £194,729 and the wider cost to the UK economy at £14.7 billion, or 0.5% of GDP.
The post places Kigen's position within wider IoT security and eSIM regulation trends in Europe and the US. Kigen said the EU Cyber Resilience Act aligns with broader requirements around secure-by-design products, while also referencing US NIST and Executive Order 14028. The company also said GSMA eUICC, the embedded universal integrated circuit card used to store eSIM profiles, and the eSA scheme based on Common Criteria provide a security framework for IoT eSIM implementations. Separately, Kigen said Salica Investments has backed the company with £10 million to support growth across the UK, EU, and US.
Related Questions
- What is SGP.32 in IoT eSIM?
- SGP.32 is a GSMA standard for remote SIM provisioning and management for IoT devices. Kigen said it provides a standardized connectivity and management foundation, but does not by itself guarantee Cyber Resilience Act compliance.
- Does SGP.32 make an IoT device CRA-compliant?
- No. Kigen said SGP.32 alone does not automatically create a CRA-compliant software update capability, because manufacturers also need secure update processes, traceable logs, and supporting compliance documentation.
- When does the EU Cyber Resilience Act start applying to connected devices?
- From 11 September 2026, manufacturers must report vulnerabilities and maintain documentation, according to Kigen's summary of the regulation. Kigen said lifecycle security update obligations start in 2027, with a minimum of 5 years of support.
More from Technology
Related Content
More articles and news tagged with: Kigen, European Union, Cyber Resilience Act, CRA, SGP.32, GSMA, eUICC, Kigen Pulse, Open API 3.0, SBOM, KPMG, United Kingdom, US, NIST, Executive Order 14028, Common Criteria, Salica Investments, Hardware Pioneers Max 2026, London
Related Articles
Amazon acquires Globalstar for $11.57B, renews Apple satellite deal. EU clears Orange's MasOrange buyout. KORE-Kigen SGP.32 IoT eSIM. Sateliot raises €100M.
T-Mobile delivers record 7.8M postpaid adds, DT launches €1B AI cloud. US carriers go eSIM-default. Airalo-Valid partnership. MWC 2026 eSIM Summit preview.
Verizon closes Frontier deal, CES 2026 debuts eSIM AR glasses and IoT solutions, T-Mobile leads 5G-Advanced rollout. Weekly eSIM industry intelligence.
eSIM Weekly Dec 22-28, 2025: Christmas week brings Transpovia-Holafly travel partnership, Ooredoo industrial IoT launch. Verified sources + market analysis.
eSIM Weekly Report Dec 15-21, 2025: Roamless raises $12M, travel eSIM revenue drops 13%, SGP.32 buyers guide released. Market forecast: $5.8B by 2030.
IDC: Apple's iPhone Fold to capture 22% of foldable market. eSIM market forecast at $5.8B by 2030. AT&T vs T-Mobile hearing December 16.