Understanding
Migrating from EDE to ARC-AMPE
What You Need to Know

CMS released the EDE version of ARC-AMPE for Direct Exchange Entities (DEEs) on July 11th 2025
Compliance is due by June 2026
Navigating Health Insurance Enrollment:
DE and EDE Explained
What is the "Classic" Direct Enrollment (DE) Experience?
Direct Enrollment (DE) is a collaborative service that empowers approved health insurance carriers and third-party web-brokers to enroll individuals in Exchange health plans via their own websites. This process can be completed independently by the consumer or with the guidance of an agent or broker.
In what is known as the "Classic" DE model, the user journey starts on the website of the insurance issuer or online seller. From there, the consumer is securely transferred to HealthCare.gov to determine their eligibility for coverage. After the eligibility application is submitted, the consumer is automatically redirected back to the original site to browse available plans and complete the enrollment process.
What Makes Enhanced Direct Enrollment (EDE) Different?
EDE represents a significant advancement over the Classic DE pathway, offering a fully contained and user-friendly experience. EDE-approved partners can manage every aspect of the consumer's journey on their own websites, from the initial application and plan selection to post-enrollment support throughout the year.
Through EDE, authorized issuers and web-brokers host a version of the HealthCare.gov eligibility application on their own platforms. This is made possible by a secure, back-end integration using a suite of federal application programming interfaces (APIs). This technology facilitates a seamless flow of information for applications, enrollments, and ongoing customer service, all without leaving the partner's website.
Resource: CMS.gov >
The list below provides details of the 20 control families and the number of controls required for the minimum baseline.
The minimum control baseline for ARC-AMPE compliance consists of 308 controls, which have been derived from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 5, “Security and Privacy Controls for Information Systems and Organizations".
Follow the hyperlinks for more details and a guide for migrating from EDE to ARC-AMPE.
Download all files >
Physical and Environmental Protection (9)
Planning (6)
Program Management (5)
Personnel Security (8)
Personally Identifiable Information Processing and Transparency (10)
Risk Assessment (8)
System and Services Acquisition (18)
System and Communications Protection (28)
System and Information Integrity (30)
Supply Chain Risk Management (4)
Contact us to receive ARC-AMPE and EDE updates.
