eSIMs and the Future of Device Management in Uganda

Uganda is not alone in being faced with challenging regulatory questions as digital technology continues to evolve. From eSIMs to smart cities, African regulators are grappling with unprecedented change and often without clear roadmaps. The rapid pace of innovation is putting pressure on existing frameworks and forcing us to reconsider how we govern access, devices, and infrastructure.

In this series of short blog posts themed Reimagining Telecom Regulation: Lessons from Uganda’s Communications Services Advisory (CSA), we summarise the CSA’s findings for a wider African audience.

Why?

Because the questions that Uganda is asking, such as those concerning digital inclusion, fraud prevention, spectrum management and e-waste, are the same ones that regulators across the continent are grappling with. By sharing insights from the CSA process, we aim to stimulate regional discussions about the potential of next-generation regulation in Africa.

Each blog post will focus on one regulatory theme. We begin with a subject at the intersection of infrastructure, innovation, and consumer protection: eSIMs and the future of device management.

What are eSIMs, and why should policymakers be interested in them?

eSIMs (embedded SIMs) are small, programmable chips that are embedded directly into devices, eliminating the need for physical SIM cards. Various manufacturers including Apple and Samsung are developing products that incorporate eSIM technology. With eSIMs, users can switch networks, activate service plans and manage connectivity remotely, often eliminating the need to visit a shop or physically change the SIM card.

This capability is gaining momentum globally and is extending beyond high-end smartphones to include:

• Wearables (smartwatches)
• Connected vehicles with preloaded eSIMs
• Industrial IoT devices in sectors such as health, energy and agriculture.

For regulators like UCC, eSIMs introduce both opportunity and disruption.

• They simplify switching between service providers, which could boost competition.
• They also eliminate the need for a physical SIM distribution network.

However, they also present challenges to existing SIM registration and fraud control systems and processes.

At the start of 2025, the Uganda Communications Commission (UCC) set up a Communications Services Advisory (CSA) to assess emerging regulatory challenges. The aim was to reflect on the situation, learn from international experience, and develop practical policy responses tailored to Uganda’s context.

A team of independent researchers, all affiliated with Knowledge Consulting Ltd. (KCL) contributed to the CSA by conducting structured analyses, stakeholder interviews, and international benchmarking. The result is a wealth of insights that speak not only to Uganda’s future, but also to the wider African regulatory landscape.

Where does Uganda stand?

Like many other African countries, Uganda’s SIM registration framework is based on physical presence and biometric data collection. While this works reasonably well for traditional SIMs, it is ill-suited to the remote provisioning model that defines eSIMs and the growing number of IoT devices that will need to be connected.

The CSA has identified several urgent challenges:

• There is no regulatory framework for remote provisioning or eSIM lifecycle management.
• Unclear ownership rules in IoT scenarios (e.g. who registers the eSIM in a connected car? Is it the car manufacturer, the global connectivity provider, the local connectivity provider or the final consumer?).
• Low consumer awareness, especially outside urban areas.
• There is a lack of enforcement around global standards, such as those set by the GSMA and the ITU.

Consequently, eSIM adoption remains limited and Uganda risks falling behind in preparing for the shift towards embedded connectivity.

Learning from Elsewhere

Uganda is not starting from scratch. Several countries offer models worth studying:

• South Africa, for example, has published operator-specific provisions, particularly with regard to fraud control and switching.
• India has introduced frameworks for IoT/eSIM registration that incorporate identity safeguards.
• Kenya has begun incorporating eSIMs into its SIM registration guidelines.

International bodies such as the GSMA and the ITU have also issued technical templates for provisioning, security and interoperability (SGP.22 and SGP.32).

Taken together, these efforts suggest a progressive regulatory approach in which eSIMs are embraced while protecting consumers, supporting innovation and ensuring national security.

What’s next for Uganda and the region?

The CSA’s recommendations to the UCC reflect a balanced approach.

• Explore updates to SIM registration frameworks in collaboration with relevant stakeholders (e.g. the Ministry of Security and NIRA) to accommodate remote provisioning while ensuring that identity verification remains secure.
• Educate consumers about eSIM functionality and benefits.
• Coordinate with customs and regulators to address imported devices and IoT modules.
• Mandate GSMA-compliant provisioning protocols to ensure interoperability and vendor neutrality.

However, the broader lesson is that eSIMs are not just a telecoms issue. They affect how Africans access services, interact with digital infrastructure and travel across borders with their devices. They also have implications for local employment, as traditional SIM vendors and agents will require new roles within a digital-first ecosystem.

Closing and preview

As Africa strives to connect more people and devices, how we manage connectivity will determine the extent of digital inclusion. Will consumers be locked into certain operators, and will remote areas be left behind? Could imported devices undermine national security or data protection? Will eSIMs and the Future of Device Management be desirable?

These are not questions for the future — they are urgent regulatory decisions.

The CSA was conducted by an independent research team commissioned by UCC. All of the researchers are affiliated with KCL and have expertise in ICT policy, digital inclusion, cybersecurity and regulatory innovation. The team included:

• Dr Florence Kivunike
• Dr Evelyn Kahiigi
• Ali Ndiwalana
• Eng. Dr. F.F. Tusubira

We gratefully acknowledge the support of UCC in enabling the public dissemination of the CSA’s insights.

In our next blog, we’ll examine telecom fraud and device theft, which are fast-evolving threats requiring agile, multi-sector responses. We will explore how Uganda is responding to these threats and what the rest of the continent can learn from this approach.