What data is required from OEMs?

The core requirement from OEMs for this pilot is simply to confirm whether a specific IMEI was manufactured. The pilot will not ask OEMs to provide TAC, make, or model information, as GSMA already possesses this data within their existing TAC database. We are also not requesting intended market or country applicability, as devices frequently move across borders.

Will regulators see full OEM datasets?

No. The system is designed for controlled disclosure. Regulators will query using an identifier and receive only the necessary outputs (e.g., approval status, market applicability). Underlying OEM datasets are never exposed.

How is data access controlled?

Access is governed through Policy-Based Access Control (PBAC). OEMs define exactly who can access data, what data is accessible, and under what conditions. OEMs retain the ability to revoke access at any time, and all access queries are immutably logged.

GSMA Device Attestation Pilot Program

Q: What is the purpose of this pilot?

The pilot seeks to validate a production-ready approach for enabling regulators to access OEM-provided device data securely. The focus is on device-level attestation using the IMEI and related identifiers to support regulatory homologation and compliance activities.

Q: What are the expectations of pilot participants?

A successful pilot demands a constant feedback loop. Your feedback will directly influence the broader program rollout across OEMs and regulators worldwide. We ask participants to join a 30-minute weekly feedback session to share positive and negative experiences with sharing and accessing data.

Join the cross-industry initiative to standardize secure device attestation and homologation data sharing.

Navigating the fragmented landscape of global device attestation is becoming increasingly complex, costly, and cumbersome. To solve this, the GSMA is launching a Device Attestation Pilot to validate a trusted, standardized, and secure data-sharing framework. This pilot will demonstrate how OEMs can securely prove to regulators that a device identifier (such as an IMEI) is authentic and correctly associated with a specific manufactured unit.

By joining this pilot, you will help lead the industry in mitigating fragmented regulatory requirements and establishing a consistent global baseline that protects consumers while eliminating the need to expose commercially sensitive datasets.

Please fill out the form to register your interest in participating in the pilot.

Apkudo Device Passport™ Platform Overview

Report of device history and diagnostics summary

GSMA has partnered with Apkudo to provide the underlying data-sharing environment for this pilot. The pilot will be executed via the Apkudo Device Passport Platform, a production-ready infrastructure that supports complex device programs using secure, controlled data spaces. The platform enables Policy-Based Access Control (PBAC), allowing OEMs to retain full ownership of their data while granting purpose-bound, permissioned access to regulators. It will be used to confirm the configurations needed to support attestation across the world, answering regulator queries with controlled responses without replicating or broadly exposing underlying OEM datasets.

The Device Passport defines how device events are submitted, validated, and stored across a multi-party ecosystem, connecting carriers, OEMs, logistics operators, repair vendors, and diagnostics providers through a consistent, schema-validated, and auditable integration framework. Every data point entering the Device Passport is traceable to an actor, a time, a facility, and a program context. This is not simply an API specification; it is a governed data contract framework aligned with International Data Spaces Association (IDSA) principles for trusted, sovereign data exchange between independent parties.

2026 Pilot Timeline

Step 01

May – June

Participant registration and onboarding

Step 02

June – July

Testing and feedback (July)

Step 03

August

Final feedback and recommendations

Get to know all the details about your participation

Click on the questions below to expand the answers. We have provided additional details in the attached FAQ, which covers technical specifications for participation.

What is the purpose of this pilot?

GSMA seeks to address the ongoing challenge of device attestation for regulatory homologation and compliance activities by leveraging new technological capabilities. This pilot validates a production-ready approach for enabling regulators to access OEM-provided device data in a secure, permissioned manner to support homologation and compliance workflows. The focus is on device-level attestation using IMEI and/or related identifiers, without requiring OEMs to expose commercially sensitive data.

What is the core pilot use case?

The core pilot use case is a digital ID check for hardware to confirm if a specific IMEI was manufactured. It will utilize the GSMA TAC database for initial validation before querying the OEM to confirm if a device was manufactured with that specific identifier.

What is the expected pilot scale?

The pilot is intended to test and confirm the ability to access and share data between a small, targeted group. We anticipate involving a minimum of two to three OEMs and 20-30 regulators. The pilot will utilize a limited dataset and will run on a short timeframe of approximately 8 to 10 weeks from the kickoff date through the testing phase.

How many devices are needed to participate in the pilot?

Participation requires only ten (10) real devices. This is an intentional design choice. The pilot is focused on validating the data-sharing framework and workflow, not on volume. Ten devices are sufficient to demonstrate the process end-to-end, and we've deliberately kept the bar low to make pilot onboarding as simple as possible.

Devices can come from existing test inventory, warehouse stock, or devices already in use for internal testing. No new procurement is required.

Only the device identity attributes needed for homologation attestation (such as IMEI/TAC and serial number) will be accessed. No commercially sensitive product, supply chain, or manufacturing data will be requested or exposed.

What are the expectations of pilot participants?

A successful pilot demands a constant feedback loop. We’d like to understand both positive and negative experiences with sharing and accessing data. Your feedback will influence broader program rollout across OEMs and regulators worldwide. A 30-minute weekly feedback session will be scheduled as well as ad hoc communication channels will be established.

Additional technical expectations and requirements are included in the FAQ.

Need more information?

The Power of a Data Spaces Framework

Enabling secure, cross-participant device data exchange without compromising your data ownership.

Contact Us

Paresh Modi
Senior Director, Partnerships
GSMA
‍
+44 (0)7771 730630
‍paresh.modi@gsma.com

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences