OTA Steering of Roaming does not disappear in 5G SA : it becomes a fully integrated, SIM-level execution layer within the core architecture.
In 5G SA, Steering of Roaming is no longer just a policy decision in the core. With SP-AF as a standardized OTA network function, those decisions are transformed into secured OTA commands applied directly on the USIM.
This is the real shift: steering moves from temporary signaling to persistent SIM-level behavior through fully standardized core network functions.
The article below explores this architecture in more detail, including SP-AF, NAS delivery, and SIM-level enforcement.
The Future of OTA in 5G SA: How SP-AF Enables Steering of Roaming Through Standardized SIM Control
As 5G Standalone (5G SA) moves into broader commercial adoption, OTA is reinforcing and consolidating its role within the mobile ecosystem. Already transformed from batch-mode SIM administration into an on-demand, API-driven and event-based system, OTA is now more tightly integrated into the 5G Core (5GC), where network policy decisions are securely translated into actions applied on the USIM.
This is especially relevant for Steering of Roaming (SoR), a mechanism widely used in mobile networks and now evolving into a more dynamic, 5G-native control model aimed at influencing network selection to optimize coverage, quality of service, and commercial outcomes based on operator-defined policies.
In 5G SA, roaming decisions are driven by the SoR-AF function, which determines preferred PLMNs and access technology priorities, including new NG-RAN access type. However, these decisions still need to be enforced on the device and, more specifically, on the SIM. OTA bridges the gap between network intelligence and the SIM by updating standards-defined USIM data, including PLMN-related files, and triggering procedures such as SIM Refresh to activate existing steering capabilities within the USIM.
This evolution is formalized through the Secured Packet Application Function (SP-AF). Within the 5GC, SP-AF provides the secure execution layer between network logic and SIM-level enforcement. It is used when UE parameters must be protected and delivered securely, with the USIM as the final consumer, positioning SP-AF as the standardized link between 5G Core decision-making and SIM-level execution.
In practical terms, SP-AF generates the secured OTA payload that can be applied to the SIM. A consumer network function such as SoR-AF requests a secured packet for a subscriber identified by SUPI (the 5G equivalent of IMSI), including steering data such as PLMN and access technology information. The returned payload is OTA-ready, typically APDU-based and aligned with secured packet mechanisms used for USIM updates. The steering container carries the PLMN and access technology combinations to be updated, while the secured packet contains the commands required to apply those changes within the SIM.
From an architectural perspective, OTA delivery in 5G SA follows a control-plane path through the 5G Core. Once the steering decision is made, the SoR-AF interacts with the UDM, which forwards the information to the AMF over the N8 interface (with UDM and AMF roles comparable to HLR/HSS and MME in previous generations). The AMF then delivers it to the UE using NAS signaling procedures. The information is transported as a transparent container, meaning intermediate network functions do not interpret its content but ensure secure delivery to the device.
Once received by the UE, the device extracts the steering container and processes its content. If SIM-related updates are included, the UE forwards the secured packet to the USIM using standardized APDU mechanisms such as the ENVELOPE command. The USIM validates the integrity and authenticity of the message using its internal security context and applies the update locally, for example by modifying PLMN priority lists. This ensures that steering policies are enforced persistently at SIM level, beyond the lifetime of a signaling session.
One of the key architectural shifts in 5G SA is that this process operates within a service-based, API-driven environment. Network functions interact through standardized interfaces, enabling a more modular and interoperable architecture. OTA therefore transitions from a standalone operational tool to an integrated component of the control plane.
Another important aspect to consider is NRF-based registration and discovery. For SoR-AF to communicate with SP-AF, both functions must be registered and discoverable via the NRF (Network Function Repository), enabling dynamic interaction and avoiding static configurations, similar in principle to DNS-based service resolution.
From an OTA supplier’s perspective, this is where the real value lies. OTA continues to manage SIM-resident parameters securely and reliably. What changes is the level of integration. OTA is no longer positioned at the edge of the network, but within its core control logic, tightly coupled with policy, signaling, and service interaction.
The future of OTA in 5G SA remains fully relevant as a secure and essential component of future communication architectures, acting as a 5G-native execution layer that ensures continuity and enables new use cases by leveraging the SIM capabilities.