SO-SNPN

Subscription Owner Standalone Non-Public Network

Services →
Introduced in Rel-17

SO-SNPN is a Standalone Non-Public Network where the network operator independently manages and owns the subscriptions, rather than relying on a public mobile network operator.

Category
Services
Introduced
Rel-17
Where
Core Network › 5G Core
Specifications
2 specs
SO-SNPN Description Purpose Related Classification Detected Changes Specifications

Description

A Subscription Owner Standalone Non-Public Network (SO-SNPN) is a specific operational model for a 5G Non-Public Network (NPN) as defined in 3GPP Release 17 and beyond. In this model, the network is a Standalone NPN (SNPN), meaning it operates independently without relying on the network functions of a Public Land Mobile Network (PLMN). The key differentiator of an SO-SNPN is that the entity which operates the SNPN also acts as the 'Subscription Owner'—the authority that issues and manages subscriber identities and credentials. This is in contrast to an SNPN that relies on credentials from a PLMN (conceptually similar to roaming).

Architecturally, an SO-SNPN comprises all the standard 5G core network functions (AMF, SMF, UDM, AUSF, etc.) and radio access, but they are dedicated to the private network. The critical component is the Unified Data Management (UDM) function and the Authentication Server Function (AUSF), which are configured with subscriber data owned and provisioned by the SNPN operator itself. When a User Equipment (UE) attempts to access the SO-SNPN, it uses a subscriber identifier specific to that private network. The primary identifier is a Network Identifier (NID) combined with a PLMN ID that is specifically allocated for SNPN use (not a commercial PLMN ID). The UE authenticates directly with the SO-SNPN's AUSF/UDM using credentials stored in its Universal Integrated Circuit Card (UICC) or soft credential store that were provisioned by the SNPN operator.

How it works involves a dedicated registration and authentication procedure. The UE identifies available SNPNs by their broadcasted NID and SNPN PLMN ID. For an SO-SNPN, the UE must possess a subscription specifically for that network. During initial registration, the UE provides its SUCI (Subscription Concealed Identifier) derived from its SNPN-specific subscription. The SO-SNPN's network functions process this request internally. The AUSF performs authentication with the UDM using the credentials owned by the SNPN operator, establishing security context without any interaction with an external public network's home subscriber system. This model gives the private network operator complete autonomy over subscriber lifecycle management, security policies, and service provisioning within its isolated domain.

Purpose & Motivation

The SO-SNPN concept was created to meet the demand from vertical industries (e.g., factories, ports, utilities, campuses) for truly private and autonomous 5G networks. Prior to Release 17, private network concepts often involved some dependency on public mobile network operators, such as using network slicing on a public PLMN or requiring PLMN-issued credentials for access. This dependency could be undesirable for industries requiring full control over their network infrastructure, data sovereignty, operational independence, and specialized security models.

SO-SNPN solves the problem of complete operational separation. It enables an enterprise or vertical to deploy a 5G network as a fully self-contained system, where it is the sole authority for issuing identities to its employees, devices, and sensors. This is crucial for security-sensitive environments where subscriber data must not leave the premises, for specialized devices that will never need public network access, and for operational models where the enterprise wishes to be entirely independent of telecommunications service providers. It addresses limitations of earlier approaches by providing a standardized, 3GPP-defined method to build a private cellular network with the same level of control as a traditional Wi-Fi or wired enterprise network, but with the superior performance, reliability, and mobility features of 5G NR. This empowers verticals to tailor the network precisely to their unique application and security requirements.

Classification

Part ofSNPN
Related approachesPLMN

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (175 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 14 changes

In Release 15, the SO-SNPN function was newly introduced to enable a Subscription Owner entity, separate from the Credentials Holder, to authenticate and authorize access to a Standalone Non-Public Network (SNPN). This allows for the decoupling of subscription management from network operation, as defined by the SNPN ID (PLMN ID and NID). The function supports an SNPN-enabled UE operating in SNPN access mode to select and access these networks.

  • 5GS Support for MCS Subscription TS 23.501CR0693
  • Wildcard DNN subscription TS 23.501CR0021
  • Network sharing prioritised PLMN handling TS 23.501CR0056
  • Inter-PLMN mobility when N26 is not used TS 23.501CR0070
  • Non-Allowed Area as criterion for Cell Reselection or trigger for PLMN Selection TS 23.501CR0076
  • Subscription Permanent Identifier TS 23.501CR0189

+ 8 more changes

Rel-16 55 changes

In Release 16, the SO-SNPN function introduced the foundational support for Standalone Non-Public Networks (SNPNs), defined by a unique SNPN ID combining a PLMN ID and a Network Identifier (NID). This release specified key deployment scenarios, EPS interworking support, and the management of NIDs for these self-contained networks. It also enabled new access modes, allowing an SNPN-enabled UE to operate in SNPN access mode and introduced mechanisms for access control and network selection using identifiers like the Group ID for Network Selection (GIN).

  • TS 23.501: Introducing Non-public network TS 23.501CR0734
  • Introducing support for Non-Public Networks TS 23.501CR0757
  • Introducing Non-public network TS 23.501CR0734
  • FQDN format of N3IWF in a standalone non-public network TS 23.501CR0841
  • Support of emergency services in public network integrated NPNs TS 23.501CR1073
  • Subscription Information Influence on PDU Session Rate Control TS 23.501CR1251

+ 49 more changes

Rel-17 49 changes

In Release 17, the SO-SNPN function introduced the concept of a separate Credentials Holder entity that owns and manages user subscriptions, enabling authentication and authorization for access to a Standalone Non-Public Network (SNPN) that is operated independently. This release defined new procedures for UE onboarding, network selection using a Group ID for Network Selection (GIN), and support for mobility between SNPNs and between SNPNs and PLMNs. It also standardized support for normal and emergency IMS services over an SNPN using these externally held credentials.

  • Informative guideline on supporting session/service continuity between SNPN and PLMN when using N3IWF TS 23.501CR2563
  • SNPN support AAA Server for primary authentication and authorization TS 23.501CR2611
  • SNPN with separate entity hosting subscription TS 23.501CR2625
  • General introduction of Enhancements to Support SNPN along with credentials owned by an entity separate from the SNPN TS 23.501CR2684
  • Homogeneously support SNPN connectivity for UEs with credentials owned by Credentials Holder TS 23.501CR2799
  • User Plane Remote Provisioning of UEs if PLMN as ON TS 23.501CR2802

+ 43 more changes

Rel-18 41 changes

In Release 18, the SO-SNPN function was enhanced with new capabilities for accessing localized services, including the introduction of a "Group ID for Network Selection (GIN)" to aid in selecting a preferred SNPN that supports a Credentials Holder. The release also provided clarifications and support for SNPN selection specifically for access to localized services and defined network access control procedures for UEs accessing an SNPN that provides such localized services. Furthermore, it added support for controlling a time synchronization service based on subscription, integrating this as a new subscription-based service within the SNPN framework.

  • Support of Non-3GPP access for SNPN TS 23.501CR3714
  • Equivalent SNPN support TS 23.501CR3730
  • Adding time synchronization service based on subscription TS 23.501CR3762
  • Edge Relocation within the same hosting PLMN's EHEs TS 23.501CR3820
  • N5CW device access to SNPN services TS 23.501CR3821
  • KI#4: Support for Centralized NSACF in a PLMN with multi-service areas TS 23.501CR3822

+ 35 more changes

Rel-19 16 changes

In Release 19, the SO-SNPN function was enhanced to support direct subscription of UPF event exposure using the UE's IP address, including via an Intermediate SMF (I-SMF). Furthermore, the release introduced support for UE subscription and policy control for energy efficiency and saving (KI#2), with corresponding updates to UPF data exposure for this direct subscription.

  • Subscription-based routing to a target core network TS 23.501CR5380
  • NF discovery and selection by target PLMN TS 23.501CR5399
  • Enhancement of getting public UE IP address and port number TS 23.501CR5445
  • Supporting direct subscription of UPF event exposure using UE's IP address TS 23.501CR5540
  • KI#2: UE subscription and policy control for energy efficiency and energy saving TS 23.501CR5739
  • Updates to UPF data exposure for KI#2 direct subscription TS 23.501CR5452

+ 10 more changes

Explore further

Broader topics and technologies where SO-SNPN plays a role.

Topics
OAM (Operations & Maintenance)Authentication (5G-AKA, EAP)Roaming & Interconnect5G NR (New Radio)Lawful InterceptNetwork Slicing
Technologies
5G

Defining Specifications

3GPP specifications that define or reference SO-SNPN, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.501 vk00 5G System Architecture Stage 2 Rel-20
TS 29.561 vj30 5G Interworking with External Data Networks Rel-19