Deprecation notice: CIS1 Authentication

On 1 October 2025 (delayed from 1 October 2024):  

• we will reduce the support level for the CIS1 Authentication service from platinum to a silver SLA

• from speaking with suppliers, we expect the majority will have migrated to CIS2 Authentication by this time, so we will also reduce infrastructure for CIS1 as part of this including reducing platform redundancy

• support hours will be reduced to 8am to 6pm Monday to Friday and availability targets will also be reduced 

On 1 March 2026, CIS1 Authentication will no longer have an SLA and will be supported on a 'reasonable endeavours' basis.

By 28 February 2027, we will remove CIS1 Authentication from operational service, meaning it can no longer be used. 

We are retiring CIS1 Authentication and migrating to CIS2 Authentication to help NHS organisations take advantage of cheaper, more modern authentication methods including MFA, security keys and biometrics, as well as remove dependencies on HSCN connections.

CIS2 Authentication operates to a platinum service level, meaning it is available and supported 24 hours a day, 365 days a year.

CIS2 Authentication is also based on open standards, making it easier for suppliers to adopt changes compared to CIS1.   

As of December 2024, direct traffic through CIS1 has dropped by 54% as suppliers and NHS systems have moved across to CIS2.  All NHS England applications have all now completed the migration to CIS2 Authentication.

Suppliers and users of CIS1 Authentication services should switch to CIS2 Authentication now.

Suppliers must make their customers aware of a dependency on CIS1 Authentication and agree migration dates where relevant. We have contacted suppliers we are aware of that are impacted directly, throughout the deprecation period.  

If you as an NHS customer are impacted by these changes, the suppliers of your product are contractually obligated to inform you of upcoming changes. Please consult with your supplier or contact [email protected] for further information.

Official NHS communications 

• CIS1 Authentication moves to no SLA on 1 March 2026 (published 26 February 2026)

• Deprecation note update 10 February: deprecated identity agents and smartcard update (published 14 February 2022)
• GP IT Specification Commissioning Support Pack (published 14 February 2022)

Other communications

• Digital Partnering Engagement Pack (published November 2022)
• Community Pharmacy England IT Group Progress Update (published July 2022)
• Digital Services for Integrated Care (DSIC) Roadmap (published 2 December 2021)

Find out more about the benefits of CIS2 Authentication.

You can also see which applications have already migrated to CIS2 Authentication.