Deprecation notice: CIS1 Authentication

On 1 October 2025 (delayed from 1 October 2024):  

• we will reduce the support level for the CIS1 Authentication service from Platinum to a Silver SLA

• from speaking with suppliers, we expect the majority will have migrated to CIS2 Authentication by this time, so we will also reduce infrastructure for CIS1 as part of this including reducing platform redundancy

• support hours will be reduced to 8am to 6pm Monday to Friday and availability targets will also be reduced 

On 1 March 2026:  

• CIS1 will no longer have an SLA and will be supported on a 'reasonable endeavours' basis

• costs will be reduced as much as possible by scaling down infrastructure and support to a bare bones service with little or no redundancy

By 28 February 2027, we will remove CIS1 Authentication from operational service, meaning it can no longer be used. 

We are retiring CIS1 Authentication and migrating to CIS2 Authentication to help NHS organisations take advantage of cheaper, more modern authentication methods including MFA, security keys and biometrics, as well as remove dependencies on HSCN connections.

CIS2 Authentication is also based on open standards, making it easier for suppliers to adopt changes compared to CIS1.   

As of December 2024, direct traffic through CIS1 has dropped by 54% as suppliers and NHS systems have moved across to CIS2.  All NHS England applications have all now completed the migration to CIS2 Authentication.

Progress has also been made by suppliers, but given there is still substantial use of CIS1 Authentication we are responding to concerns from customers who are worried about previously published timelines. As a result we have delayed timelines to reduce SLA to Silver and turn off CIS1 Authentication.

Suppliers and users of CIS1 Authentication services should switch to CIS2 Authentication now.

Suppliers must make their customers aware of a dependency on CIS1 Authentication and agree migration dates where relevant. We have contacted suppliers we are aware of that are impacted directly, throughout the deprecation period.  

If you as an NHS customer are impacted by these changes, the suppliers of your product are contractually obligated to inform you of upcoming changes. Please consult with your supplier or contact [email protected] for further information.

Official NHS communications 

• Care Identity Service news - revised retirement date for CIS1 Authentication (published 3 January 2025)
• Care Identity Service news - updated guidance to CIS1 deprecation (published 21 February 2023)
• Deprecation note update 10 February: deprecated identity agents and smartcard update (published 14 February 2022)
• GP IT Specification Commissioning Support Pack (published 14 February 2022)

Other communications

• Digital Partnering Engagement Pack (published November 2022)
• Community Pharmacy England IT Group Progress Update (published July 2022)
• Digital Services for Integrated Care (DSIC) Roadmap (published 2 December 2021)

Find out more about the benefits of CIS2 Authentication.

You can also see which applications have already migrated to CIS2 Authentication.