PrepaidHow eSIM Works: The Technical Guide for Travelers
- Technical deep dive
- eUICC explained
- Security covered
- Updated June 2026
Daniel Mercer
Lead eSIM Analyst
Previously at Analysys Mason covering APAC mobile markets (2016-2021)
How we testWe earn a commission when you purchase through links on this page. It does not change our rankings or the price you pay.
Published June 2026 · Updated June 2026
Step 1
What happens when you scan a QR code.
The QR code contains a URL that points to a carrier's SM-DP+ server (Subscription Manager - Data Preparation). SM-DP+ is the industry term for the server that holds your eSIM profile until your phone downloads it.
When you scan the QR code, your phone reads the URL and connects to the SM-DP+ server over your current internet connection (WiFi or cellular data). The server authenticates your phone's eUICC chip using a cryptographic handshake, verifies the profile is assigned to your device, and transfers the profile data.
The profile download is typically 50-200 KB in size. It takes 5-30 seconds on a normal WiFi connection. The file is encrypted during transfer and decrypted only inside the eUICC chip on your phone. No intermediate server or app can read the profile contents during transfer.
After the download completes, your phone prompts you to activate the profile. Activation tells the eUICC chip to register with the carrier network using the credentials in the profile. The carrier authenticates the profile, assigns a temporary network identity, and your phone connects to the nearest cell tower.
Step 2
eSIM profiles and carrier provisioning.
An eSIM profile is a digital file that contains everything a physical SIM card stores: the IMSI (International Mobile Subscriber Identity), the authentication key (Ki), the operator name, network access credentials, and carrier-specific configuration data.
On a physical SIM, this data is printed onto the chip at the factory and cannot be changed. On an eSIM, the same data is written to the eUICC chip remotely during the QR code download. The functional result is identical: your phone has the credentials it needs to connect to a specific carrier's network.
Travel eSIM providers like Airalo, Holafly, Saily, and Nomad do not operate their own cell towers. They purchase wholesale data from local carriers in each country and provision eSIM profiles that authenticate against those carrier networks. When you use an Airalo plan in Japan, your phone connects to NTT Docomo's towers using credentials that Airalo provisioned through their wholesale agreement.
This is similar to how MVNOs (Mobile Virtual Network Operators) work. The difference is that eSIM provisioning happens digitally in seconds rather than requiring a physical SIM card to be manufactured and shipped.
Setup Requirement
Why eSIM needs WiFi for setup.
Downloading an eSIM profile requires an internet connection because the profile file must be transferred from the SM-DP+ server to your phone. This is a one-time download. After installation, the eSIM connects directly to cell towers using radio signals and does not need WiFi or any other internet connection.
You can use any internet connection for the download: home WiFi, hotel WiFi, airport WiFi, or even your existing cellular data from a physical SIM card. The download is small (50-200 KB) and works on slow connections. Public WiFi that requires a captive portal login sometimes blocks the SM-DP+ connection. If the download fails on public WiFi, try a personal hotspot or a different network.
This is why experienced travelers install their eSIM profiles before leaving home. Your home WiFi is reliable and fast. There is no risk of a download failure at a crowded airport or a hotel with unreliable internet.
Download (one-time)
Needs WiFi or data. 50-200 KB profile transfer from SM-DP+ server.
Activation
Phone registers with carrier. Takes 10-60 seconds after download.
Connected
eSIM uses cell towers directly. No WiFi needed for normal use.
Dual SIM
How dual SIM manages two connections.
Modern phones support dual SIM, which means two cellular connections can be active simultaneously. One connection handles voice calls and SMS (typically your home SIM). The other handles data (typically your travel eSIM). The phone's operating system routes traffic to the correct connection automatically.
On iPhone, you configure this in Settings, then Cellular. You assign one line as the default for calls and another for data. When you arrive in a foreign country, your travel eSIM handles all data traffic while your home SIM stays available for incoming calls and texts from your regular number.
On Android, the configuration is in Settings, then SIM Manager or Network and Internet. The same principle applies: one SIM for calls, another for data. Samsung, Google Pixel, and OnePlus all use slightly different menu names but the same underlying dual SIM technology.
The phone does not use data from both connections simultaneously. It routes all data traffic through whichever line you designate as the data line. This prevents accidental roaming charges on your home SIM while abroad.
Security
eSIM security and encryption.
eSIM security operates at three layers: hardware, transport, and profile. Each layer protects against different attack vectors.
Hardware security
The eUICC chip is a tamper-resistant secure element. It stores cryptographic keys in hardware that cannot be read by software, extracted by physical probing, or cloned. The chip meets Common Criteria EAL4+ certification standards, the same level required for banking smart cards and government ID documents.
Transport security
Profile downloads use TLS 1.2 or higher encryption between your phone and the SM-DP+ server. The profile data is additionally encrypted with keys that only the eUICC chip can decrypt. Even if the TLS connection were compromised, the inner encryption layer protects the profile contents.
Profile security
Each profile is cryptographically bound to a specific eUICC chip. A profile downloaded to your phone cannot be copied to another device. Deleting a profile removes the cryptographic keys from the eUICC, making the profile unrecoverable from the chip itself. Only the SM-DP+ server can issue a new copy.
For a deeper dive into eSIM security considerations for travelers, read our eSIM security and privacy guide.
Report an error in this sectionHardware
eUICC explained simply.
eUICC stands for embedded Universal Integrated Circuit Card. It is the physical chip inside your phone that makes eSIM possible. On older phones, the SIM card slot holds a removable chip. On eSIM-capable phones, the eUICC is a chip soldered directly to the motherboard.
The eUICC differs from a traditional SIM chip in one critical way: it can be reprogrammed remotely. A traditional SIM chip is programmed once at the factory with a single carrier's credentials. An eUICC can download, store, and switch between multiple carrier profiles after the phone is manufactured.
Think of it as a hard drive for SIM profiles. A traditional SIM is a read-only disc with one carrier burned onto it. An eUICC is a rewritable drive that can hold 8 or more carrier profiles and activate whichever one you need at any moment.
The GSMA (the mobile industry trade body) defines the standards for eUICC operation. All major phone manufacturers (Apple, Samsung, Google, OnePlus) use GSMA-certified eUICC chips. This means a QR code from any eSIM provider works on any compatible phone, regardless of manufacturer.
eUICC vs traditional SIM
| Feature | Physical SIM | eUICC (eSIM) |
|---|---|---|
| Removable | Yes | No (soldered) |
| Profiles | 1 per card | 8+ per chip |
| Reprogrammable | No | Yes (remote) |
| Setup time | Insert card | Scan QR code |
| Security level | EAL4+ | EAL4+ |
| Can be cloned | Difficult but possible | Not feasible |
FAQ
How eSIM works: common questions.
Does eSIM use the internet to work?
Only during setup. Downloading the eSIM profile requires a WiFi or data connection because the profile file is transferred from the carrier's server to your phone. After installation, the eSIM connects directly to cell towers using radio signals, just like a physical SIM card. No internet connection is needed for the cellular connection itself.
Is eSIM less secure than a physical SIM?
No. eSIM is more secure than a physical SIM. The profile is stored in tamper-resistant hardware (the eUICC chip) that cannot be removed or cloned. A physical SIM can be ejected and inserted into another device. An eSIM profile is cryptographically bound to the eUICC and cannot be transferred without carrier authorization.
Can someone hack my eSIM?
eSIM profiles are protected by hardware-level encryption in the eUICC chip. Remote hacking of an eSIM profile would require breaking the chip's cryptographic protections, which is not practically feasible with current technology. The main risk vector is social engineering (convincing a carrier to transfer your number), not technical compromise of the eSIM itself.
What happens to the eSIM if my phone dies?
The eSIM profile is stored in non-volatile memory on the eUICC chip. It survives power loss, factory resets, and software updates. If your phone's battery dies, the profile remains intact. When you charge and restart, the eSIM reconnects to the carrier network automatically.
Can I move an eSIM between phones?
Some carriers support eSIM transfer between devices. Apple's eSIM Quick Transfer lets you move profiles between iPhones running iOS 16 or later. For travel eSIMs, most providers allow you to delete the profile from one phone and re-download it onto another using the same QR code or app credentials.
How many eSIM profiles can my phone hold?
Most modern phones store 8 or more eSIM profiles. iPhone 15 and later support up to 8 active eSIMs simultaneously. Older iPhones support 2 active profiles. Samsung Galaxy S24 and later support multiple active profiles. The eUICC chip has limited storage, but 8 profiles is the current practical maximum on consumer devices.
Ready to try it? Get your first eSIM.
200+ countries. 5-minute setup. Activates before you land.