When evaluating IoT connectivity providers, the terms MNO and MVNO appear frequently, often without clear explanation of what they mean in practice. The distinction matters more than most product teams initially realise, because the type of provider you select determines what level of control, visibility, and problem resolution you can actually access when something goes wrong in production.
This article explains the structural difference between an MNO and an MVNO, why it affects real IoT deployments, and what to look for when assessing which type of provider is right for your use case.
What an MNO is
A Mobile Network Operator, commonly shortened to MNO, is an organisation that owns and operates its own mobile network infrastructure. This includes the radio access network (the towers and base stations that devices connect to), the core network (the systems that route calls and data, manage authentication, and handle billing), and the spectrum licences that allow the network to operate.
Examples of traditional MNOs include the major national carriers in each country. In the IoT context, an IoT MNO is a network operator that has built its infrastructure specifically around the requirements of connected device deployments: global roaming agreements with other operators, support for IoT-specific radio technologies such as LTE-M and NB-IoT, and connectivity management platforms designed for large device fleets rather than individual consumer handsets.
The key characteristic of an MNO in any context is direct ownership of the core network. When a connectivity issue occurs, the MNO can investigate and resolve it within their own infrastructure rather than escalating to a third-party network provider.
What an MVNO is
A Mobile Virtual Network Operator, or MVNO, is a company that provides mobile connectivity services without owning its own network infrastructure. An MVNO purchases access to network capacity from one or more MNOs at a wholesale rate and resells that capacity to its own customers, typically under its own brand.
MVNOs vary considerably in terms of the level of control and infrastructure they have access to. A full MVNO has its own core network components, including its own HLR (Home Location Register) or HSS (Home Subscriber Server), which means it can manage SIM authentication, routing, and some network policies independently. A light or thin MVNO has less infrastructure of its own and is more directly dependent on the host MNO’s systems for core network functions.
From a customer’s perspective, an MVNO can offer competitive pricing, specialised service packages, and in many cases a very capable management interface. The structural limitation is that for deep network-layer issues, the MVNO’s ability to investigate and resolve depends on its relationship with the host MNO and the level of access that relationship provides.
Why the distinction matters for IoT deployments
For small or straightforward deployments — a few dozen devices operating on a single network in one country — the MNO vs MVNO distinction is relatively minor. Both types of provider can offer connectivity that works, and the practical differences may not surface.
The distinction becomes significant in four specific situations that are common in serious IoT deployments.
Multi-network coverage and roaming
A large IoT deployment operating across multiple countries typically requires SIMs that can access multiple national networks. An MNO with its own core network and a portfolio of bilateral roaming agreements with other operators can provide genuine multi-network access, including the ability to configure non-steered network selection based on actual signal conditions.
An MVNO’s multi-network capability depends on the roaming arrangements its host MNO has in place, and on whether the MVNO has enough infrastructure control to offer non-steered access rather than directing devices toward whichever network is commercially preferred by the host. This is a meaningful architectural difference for deployments that need genuine coverage resilience across borders.
Network-layer visibility and troubleshooting
When a device fleet experiences connectivity issues in production, the questions that operations teams need answered are specific: which network did the device last register on, when did the session drop, was it a network-side issue or a device-side issue, and what is the current status across the affected segment of the fleet.
An MNO can access this information directly from its own core network systems. An MVNO’s access to network-layer data depends on what its host MNO makes available through the wholesale arrangement. A full MVNO with its own core components can often provide a comparable level of visibility. A thin MVNO may have limited access to session-level data and routing information, which extends troubleshooting timelines and reduces the depth of operational insight available.
Security controls at the network layer
Security features such as Private APN, IMEI Lock, IoT SAFE, and data traffic filtering operate at the network layer, which means they need to be implemented and enforced by the core network rather than at the device or application level. An MNO can implement these controls natively within its own infrastructure.
An MVNO can offer these features, but the robustness of implementation depends on the depth of its core network access. A full MVNO with its own HLR/HSS can enforce network-layer security controls with genuine operator-level authority. A light MVNO may be configuring these controls through the host MNO’s systems, which can create dependencies and delays in policy changes.
Commercial and technical flexibility
Pricing models, data pooling arrangements, custom APN provisioning, and the ability to configure network access policies at the SIM or device group level all depend on how much control the provider has over its own core network. An MNO operating its own infrastructure can offer commercial flexibility that reflects genuine control over the underlying network. An MVNO’s flexibility is bounded by what the host MNO’s wholesale arrangements permit.
This matters most in enterprise IoT contracts where deployment-specific commercial structures, custom network policies, and long-term predictability of costs are part of the commercial requirement.
Choosing between connectivity providers?
The IoT SIM Connectivity Buyer Guide 2026 includes a structured evaluation framework covering infrastructure type, coverage, security, and platform capability — with specific questions to use when assessing any provider.
Download the IoT SIM Connectivity Buyer Guide 2026 →
What a true IoT MNO looks like
Not every organisation that describes itself as an IoT MNO owns and operates the network infrastructure the term implies. The characteristics of a genuine IoT MNO are worth understanding clearly before evaluating providers.
A true IoT MNO operates its own core network, with data centres and local packet gateways providing direct network routing rather than relying on a host operator’s infrastructure. It holds spectrum licences or has direct agreements with spectrum holders that give it operator-level authority on the networks it provides access to. Its connectivity management platform integrates directly with its own network core rather than sitting on top of a third-party stack.
The practical implication for IoT deployments is that when you work with a true IoT MNO, the connectivity management platform you interact with and the network your devices connect through are operated by the same organisation. There is no wholesale arrangement in the middle, no host operator whose policies constrain what the provider can offer, and no dependency on a third party for resolving network-layer issues.
How MVNOs fit into the IoT ecosystem
The distinction between MNO and MVNO is not a simple quality hierarchy. MVNOs serve important roles in the IoT connectivity market and in many cases offer competitive, well-engineered services. The relevant question for a deployment is not whether the provider is technically an MNO or MVNO, but what level of infrastructure control they actually have and whether that maps to your operational requirements.
A well-capitalised full MVNO with its own core network components can provide a level of control and visibility that is practically comparable to an MNO for many deployment types. The gaps are most likely to appear in genuinely complex scenarios: multi-country deployments requiring non-steered network selection, deployments with stringent network-layer security requirements, or large fleets where resolution time for connectivity incidents has direct operational cost implications.
An MVNO that is transparent about its infrastructure model and the limits of what it can offer within that model is a more reliable partner than one that elides the distinction. The key is knowing what questions to ask.
Questions to ask any connectivity provider about their infrastructure
To understand where a provider sits on the MNO to MVNO spectrum and what that means for your deployment, the following questions are useful in any provider evaluation:
- Do you operate your own core network, or do you provide connectivity through a host MNO?
- What level of access do you have to session-level data and network registration information for troubleshooting?
- How are security controls such as Private APN, IMEI Lock, and IoT SAFE implemented — at your own core network level, or through a host operator’s systems?
- What is your process for resolving network-layer connectivity issues — can you investigate within your own infrastructure, or do you escalate to a third party?
- Can you offer non-steered network selection, and if so, how is that implemented?
- What does your wholesale arrangement with host operators (if applicable) permit in terms of commercial flexibility, custom APNs, and network access policy configuration?
The answers to these questions will tell you more about the operational reality of the provider relationship than any marketing description of infrastructure type.
Frequently asked questions
Is an IoT MVNO worse than an IoT MNO?
Not necessarily as a blanket statement. The relevant comparison is the level of infrastructure control each provider has and whether that matches the requirements of the specific deployment. A full MVNO with its own core network components can provide strong operational visibility and security control. A light MVNO with minimal infrastructure of its own may have more limited capability in complex scenarios. The question to ask is not what category a provider falls into, but what they can actually do at the network layer.
Can an MVNO offer Multi-IMSI connectivity?
Yes, an MVNO can offer Multi-IMSI SIMs, but the quality and flexibility of that offering depends on the provider’s infrastructure model. Multi-IMSI network selection that is genuinely non-steered, based on actual signal conditions rather than a commercial preference list, requires the provider to have enough core network control to configure and enforce network selection policies. A full MVNO can typically provide this. A light MVNO may be constrained by the host MNO’s steering policies.
What is the practical difference between a reseller and an MVNO?
A reseller purchases connectivity from an MNO or MVNO and resells it, typically with a management interface on top but without any significant core network infrastructure of their own. An MVNO has at least some core network components, giving it more control over SIM management, network policies, and service differentiation. The distinction matters for IoT because a reseller’s ability to resolve network-layer issues, configure custom APNs, or offer genuine non-steered coverage is more constrained than an MVNO’s, which is in turn more constrained than a true MNO’s.
Does OV operate as an MNO?
OV operates as a true IoT MNO, with its own core network infrastructure, data centres, and local packet gateways. OV ONE, its connectivity management platform, integrates directly with OV’s own network core rather than sitting on top of a third-party stack. This gives OV the ability to provide operator-level visibility, enforce security controls natively at the network layer, and resolve connectivity issues within its own infrastructure. OV’s network heritage comes from Manx Telecom’s 135 years of telecommunications experience.
Why does network infrastructure type matter for IoT security?
IoT security features such as IMEI Lock, Private APN, and IoT SAFE operate at the network layer, which means they are enforced by the core network rather than by device firmware or application software. A provider with direct ownership of core network infrastructure can implement and enforce these controls natively. A provider with limited infrastructure access implements them through another operator’s systems, which can create dependencies, policy constraints, and longer implementation timelines. For deployments where network-layer security is a compliance requirement, the provider’s infrastructure model is a material factor.
See what a true IoT MNO looks like in practice
OV operates its own core network across 180+ countries and 600+ networks, with OV ONE providing direct operator-level visibility and control. Request a free IoT SIM trial to test coverage in your own devices, or book a demo to see the platform.
Book a Demo | Request a Free IoT SIM Trial
