Overview
Most people use eSIM without giving the underlying technology a second thought — buy a plan, scan a code, connect. But understanding how it actually works helps explain why it's more reliable, more flexible, and in some ways more secure than the plastic SIM it's replacing.
The Embedded Hardware
An eSIM is a small chip soldered directly onto your device's circuit board — it's not removable, and that's intentional. The chip itself is a tamper-resistant secure element, meaning its internal cryptographic keys cannot be extracted by normal means. The hardware is compliant with GSMA specifications, which means any eSIM-compatible device can work with any eSIM-compatible carrier, as long as the carrier supports remote SIM provisioning.
Remote SIM Provisioning: How Profiles Get Onto Your Device
When you buy an eSIM plan, the carrier generates a profile — essentially a digital version of a SIM card — and packages it as a QR code or a push notification. When you scan that QR code, your device connects to the carrier's Subscription Manager Data Preparation (SM-DP+) server over a TLS-encrypted connection, downloads the profile, and installs it into the secure element. The profile contains all the cryptographic credentials your device needs to authenticate with the carrier's network: the IMSI (your subscriber identity), authentication keys, and network configuration.
Multiple Profiles and How Switching Works
The eSIM chip can store multiple profiles simultaneously, though typically only one can be active at a time (some newer devices support multiple active profiles). Switching between profiles is done through your phone's settings interface — no physical action required. This is fundamentally different from a physical SIM swap, which requires the card to be present. In practice, this means you can store a UK primary profile and a travel profile side by side, activating whichever is appropriate without needing to physically handle anything.
How Your Device Authenticates to the Network
Once a profile is active, your device authenticates to the carrier's network using a challenge-response protocol — the network sends a challenge, your device's secure element computes a response using the stored authentication key, and if it matches, you're connected. This is the same mechanism used by physical SIMs. The key difference is that the authentication key never leaves the secure element — it's used in-place to compute responses, never transmitted. This is why eSIM profiles can't be trivially cloned: you'd need to extract the key from a chip specifically designed to resist that.
Why GSMA Standards Matter
The GSMA (the industry body for mobile networks) defines the standards that make eSIM interoperable across devices and carriers. Without these standards, each carrier would implement their own incompatible system, and you'd be locked into buying eSIM plans from whichever carrier your device manufacturer partnered with. The current standards — eUICC (embedded Universal Integrated Circuit Card) and the Remote SIM Provisioning specification — ensure that any compliant device can use any compliant carrier's eSIM plan. This interoperability is what makes the travel eSIM market possible.
