GSMA selected TrustCB as a GSMA eSA certification body.

The GSMA eUICC Security Assurance (eSA) scheme, uses the Common Criteria to provide a dynamic set of procedures for the security evaluation of embedded UICC (eUICC) solutions. The enforcement of secure access to networks and safeguarding of the subscriber’s account are the key principles driving eUICC certification.

The specifications and GSMA eUICC Security Assurance scheme documentation can be found here. In particular, details of the GSMA eSA Scheme principles and methodology created in collaboration with industry stakeholders can be found within SGP.06 and SGP.07.

Applications for certification under the TrustCB GSMA eSA scheme must first be registered with GSMA (more information can be found here). Once confirmation of GSMA eSA Registration is complete, the Developer and Lab should work together to complete the TrustCB eSA Application Form (v1.0). The complete application form, sign by both a Developer and Lab representative are to be submitted to TrustCB, along with the complete copy of [SGP.06] Annex A, the (draft) Security Target and the GSMA eSA registration confirmation.


The TrustCB Shared Procedures are posted on the Policies & Procedures page.