Skip to main content

Before AI, fix the foundations in UK public sector tech

News Published on 27 March 2025

Government digital teams are under pressure to adopt AI, improve service delivery, and enhance cybersecurity - yet many are held back by ageing IT systems that weren’t built for the modern digital world. 

In my previous article, I highlighted recent UK Government reports warning that legacy systems are a growing challenge, affecting efficiency, security, service delivery, and budgets.

While AI dominates the headlines as a potential productivity game-changer, outdated infrastructure remains a significant roadblock. Legacy software creates data silos, security risks, and compatibility issues - all of which hinder AI adoption and digital transformation. 

Many legacy systems may still appear to function well, which can make it difficult to justify investment when budgets and resources are already stretched. How do you convince senior leaders to fund modernisation when other priorities - such as frontline services - compete for the same resources?  How do you secure leadership buy-in for an issue that, while high on risk registers, is complex, often expensive and not always visible? 

Old desktop computers in office

One answer is an incremental approach rather than a 'rip-and-replace' strategy.

From our experience working with public sector organisations, the key benefits of an iterative modernisation strategy include:

  • Minimising risk - Incremental changes allow for controlled testing and validation  
  • Reducing operational disruption - Business functions remain operational during transitions  
  • Delivering value earlier - Each iteration delivers measurable ROI and it’s easier to control costs 
  • Building stakeholder confidence - Replacing a key line of business system can be a major change for staff so staged, iterative changes can ease adoption and minimise resistance to change

Frameworks for modernisation

Navigating the modernisation options can be daunting, but there are structured frameworks to help: 

UK Legacy IT Risk Assessment Framework 

The UK Government’s Legacy IT Risk Assessment Framework is a tool designed to evaluate risks posed by ageing technology systems across public sector organisations. Introduced in 2023 and expanded in 2025, it employs a qualitative risk-based methodology to prioritise modernisation efforts.

The framework assesses systems across two dimensions: Likelihood and Impact. Systems receive scores from 1 (very low) to 6 (certain) for Likelihood and 1 (very low) to 5 (very high) for Impact. An aggregated score of more than 16  classifies a system as "red-rated", indicating critical risk requiring immediate remediation.   

The framework is a useful starting point to surface legacy software and its risks.  

However, not all government organisations have the time or IT skills and resources to undertake the assessment objectively. With the focus largely on technical risks, it doesn’t incorporate a cost-benefit analysis of modernisation. 

Healthcare NHS worker in an IT setting

Gartner’s Seven Options to Modernise Legacy Systems 

Gartner outlines a range of modernisation strategies, ranked by ease of implementation, from encapsulating legacy systems with APIs to full system replacement. These approaches provide a structured way to evaluate modernisation pathways based on an organisation's specific needs and constraints:

Approach Description Best for
Retain / Encapsulate Extend legacy features by wrapping data/functions in APIs Systems with valuable functionality but outdated architecture
Rehost Move to new infrastructure with minimal code changes Quick cloud migration with low risk
Replatform Migrate to a new runtime platform with minor code adjustments Systems needing scalability without major architectural changes
Refactor Optimise and restructure existing code Systems with technical debt but solid architecture
Re-architect Shift to a new architecture (e.g. microservices) Systems requiring scalability and flexibility for future growth
Rebuild Redesign and rewrite the application from scratch Systems with outdated codebases and significant limitations
Replace Eliminate the legacy system and adopt a new solution Systems with no salvageable components or high modernisation costs

If you want to dive deeper into each of these approaches together with our advice and practical examples,  please read our in-depth whitepaper. 

So how do you decide which approach is the best fit for you? The first step is to carry out a comprehensive assessment across three key dimensions: 

  1. Organisational fit – does the system align with your current and future strategic goals e.g. AI integration.  Does is support agility, scalability and innovation?  
  2. Technical audit – what are the system dependencies, code quality and integration points? 
  3. Risk and cost analysis – using frameworks like the UK Legacy IT Risk Assessment Framework to categorise systems by security vulnerabilities, compliance gaps and operational risks. Conduct a cost-benefit analysis for various modernisation approaches.  

Beyond technical risks, successful modernisation also depends on organisational readiness. Resistance to change, procurement complexities, and siloed decision-making can slow progress. Building cross-departmental buy-in and ensuring governance alignment are just as crucial as choosing the right technology. 

Additionally, consider whether you have the skills in-house to deliver modernisation or if external expertise is required from existing or new suppliers.  

Steps to prepare for modernisation

To maximise the impact of modernisation efforts,  government organisations should: 

  • Prioritise systems with high business value – Focus on the biggest impact areas 
  • Get your governance in place - Acknowledge the competing requirements and support a balanced approach with a framework for decisions and prioritisation 
  • Equip your teams with skills and time - Ensure your teams have the capacity, skills and support to contribute to both modernisation and business as usual 
  • Ensure cross departmental buy-in - Resistance to change, procurement complexities, and siloed decision-making can slow progress, so spend time building cross-departmental buy-in and alignment
  • Align with digital transformation roadmaps – Ensure modernisation supports broader initiatives like cloud adoption and AI readiness
  • Choose the right partner  - Strong partnerships are a catalyst for modernisation, providing ecosystem of skills and resources to build strong, collaborative and blended teams – to build capability, develop digital skills and provide resilience 
  • Plan for seamless data migration – Maintain data integrity throughout the process
  • Implement robust testing – Minimise risks and ensure smooth transitions 
  • Start small – Use a proof-of-concept approach to validate modernisation approaches 
  • Adopt API-first principles – Follow the Technology Code of Practice and GDS API standards to future-proof IT investments

With public sector teams focusing on delivering vital services, tackling legacy IT can feel overwhelming.  

The key is to break modernisation into manageable stages: starting with assessment, then planning, and finally prioritising what to update first. We’re just putting the final touches to a Digital Foundations Framework to help public sector teams navigate this process, offering a structured way to modernise legacy systems without causing operational headaches. 

By taking an incremental approach, organisations can reduce risk, see benefits sooner, and lay the groundwork for long-term digital success. Modernisation doesn’t have to mean replacing everything at once. Instead, a well-planned strategy - backed by the right expertise - can ensure systems evolve in a way that meets both immediate needs and future ambitions. 

IT executives planning replacement technology in large office

Topics

  • Legacy System Modernisation
  • Public Sector

Related People

A photo of Joanne Pontee