How legacy systems are holding back UK public services

The £45 billion problem

Let's face it – the UK Government has a big technology problem on its hands.

If you've been following the flurry of technology reports released recently, you'll have spotted a common theme running through all of them: our public services are being held back by legacy technology.

What exactly do we mean by "legacy" systems? They're those end-of-life tech dinosaurs that suppliers no longer support and that often exceed acceptable security risk thresholds. While these systems have faithfully served specific needs for decades and continue to run essential public services, they come with some serious baggage.

On the one hand, they're undermining service reliability, creating cybersecurity nightmares, blocking the implementation of exciting new technologies (including AI), and eating up budgets. On the other hand, they're complex, mission-critical applications that have evolved over decades to serve very specific needs. Many users are comfortable with them, despite their clunky interfaces.

These "heritage" systems typically run essential public services, hold vast amounts of historical data, and are deeply integrated with other government systems. Replacing them isn't just expensive – it can be hugely disruptive and risky, with many high-profile replacement projects facing delays and spiralling costs.

This isn't a new challenge for the UK Government, but it certainly feels like we've reached "crunch time." The pressure is mounting for departments to boost productivity (particularly through AI) while also protecting digital services against increasingly sophisticated cyber threats.

So let's dig into some of these reports and see what they reveal about the true scale and impact of this legacy technology challenge.

 

 

The State of Digital Government Review Report

The State of Digital Government Review Report - commissioned by the Department for Science and Technology and produced by Bain & Co. - paints a pretty stark picture of legacy debt and its impact on the Government's digital strategy. The message is clear: the UK government is at a critical turning point in its digital transformation journey, with outdated systems – along with outdated processes and resource shortages – seriously hampering progress.

Here's the reality check: 28% of central government IT systems are now classified as legacy technology – up from 26% in 2023. Looking at specific sectors, the situation varies widely, with NHS trusts reporting rates of 10-50% and police forces between 10-70%. While some departments (like the Ministry of Defence and Home Office) have detailed legacy system registers, a worrying 15% of surveyed organisations can't even quantify their legacy estate. The financial implications? Eye-watering. With one in four government systems outdated, we're looking at £45bn in lost productivity savings.

The security picture isn't any prettier. The report shows that 40% of cyber incidents targeting the public sector exploit vulnerabilities in aging systems. This security headache is made worse by the increasing cost of specialised support, with some departments facing huge increases in maintenance expenses. Take HMRC, for example – their recent £3.8 billion technology contracts included £591 million in non-competitive agreements, while overall consultant fees reach £14.5 billion annually. That's money that could be going toward modernisation efforts.

Perhaps most concerning is how these legacy systems are holding back the government's broader digital transformation plans. Their limited ability to integrate with modern technology creates a major roadblock to innovation, especially in exciting areas like AI. This becomes even more pressing when we consider the government's ambitions outlined in the recent AI Opportunities Action Plan (more on that in a bit).

Read the report in full here: 

A Blueprint for Modern Digital Government

Published alongside this report was A Blueprint for Modern Digital Government, also presented by the Secretary of State for Science, Innovation and Technology. It sets out both the case for change and the vision for modern digital government, putting forward a six-point plan for public sector digital reform:

1. Join up public sector services

2. Harness the power of AI for the public good

3. Strengthen and extend our digital and data public infrastructure

4. Elevate leadership, invest in talent

5. Fund for outcomes, procure for growth and innovation

6. Commit to transparency, drive accountability

The blueprint highlights how the legacy problem persists, despite previous funding to address it. Resources consumed by legacy systems are contributing to the under-digitalisation of some public services against a backdrop of general under-investment in digital (digital expenditure is 30% below benchmarks in industry and other governments). The report calls for the UK Government to explore "tailored funding models for digital products and services, legacy remediation and risk reduction, and staged, agile funding that better enables exploratory work with new technologies."

Government Cyber Resilience Report

Commissioned by the National Audit Office, the Government Cyber Resilience Report was published in February 2025 and examines how the government is struggling to keep pace with emerging cyber threats. The assessment is sobering, especially in light of recent high-profile incidents like the NHS Pathology Services attack (which resulted in over 10,000 postponed acute outpatient appointments) and the British Library attack (which racked up direct costs of £600,000 through March 2024). The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024, with 89 considered 'nationally significant'. And yes, legacy systems feature prominently in these security challenges.

The report identifies at least 228 legacy IT systems in use across government departments as of March 2024. More worrying still is that departments lack comprehensive visibility into the vulnerabilities within these systems, creating significant blind spots in their overall cyber resilience. These outdated systems typically present increased security risks due to discontinued support, lack of security updates, and widely known vulnerabilities.

The risk is amplified by the mission-critical nature of many of these legacy systems. If they're compromised, we could see significant disruption to essential public services, from benefit payments to critical infrastructure operations. The report also emphasises the financial implications – substantial IT resources are being diverted to maintaining these systems rather than investing in more secure, modern alternatives.

The NAO report makes it clear that the persistence of legacy systems not only poses direct security risks but also impedes the overall modernisation and efficiency of government IT infrastructure.

AI Opportunities Action Plan

The Department for Science, Innovation & Technology released its AI Opportunities Action Plan in January 2025, establishing the government's vision for UK leadership in artificial intelligence. The plan sets out an ambitious goal for the UK to transition from an "AI taker" to an "AI maker" on the global stage.

A key component of the plan is the integration of AI capabilities across public services, with departments encouraged to evaluate AI solutions for improving efficiency and service delivery. The government advocates for a structured "Scan, Pilot, Scale" approach to facilitate successful adoption across departments.

While legacy systems aren't explicitly addressed, the plan emphasises data accessibility as a critical foundation for AI implementation. It specifically calls for "unlocking data assets" across government – a significant challenge when valuable information remains isolated in legacy system silos. This underscores a fundamental principle: effective AI implementation requires high-quality, structured, and accessible data, which remains difficult to achieve within the constraints of outdated systems.

Government's Approach to Technology Suppliers

Finally, the National Audit Office published a report on the Government's Approach to Technology Suppliers: Addressing the Challenges. This report examines how the government procures digital and technology services across a vast digital estate, focusing on the varied and complex challenges involved in procurement for digital change. The report advocates for systemic reforms to transform the government's digital procurement processes to better support modernisation efforts, reduce waste, and deliver improved public services.

This latest NAO assessment reinforces the legacy challenges identified in previous reports – acknowledging that while these systems have historically provided essential services, they have become increasingly expensive to maintain and present significant barriers to integration with modern digital solutions.

The Path Forward: Addressing Legacy Technology Challenges

Looking across these reports, it's clear that legacy technology has become a critical challenge for UK public services. As we noted at the beginning, this issue threads through every assessment of government digital capabilities, affecting everything from cybersecurity and operational efficiency to digital transformation and AI adoption. It's also worth noting that these legacy challenges aren't just limited to the public sector. A global survey of over 1,400 senior technology decision-makers by NTT Data in June 2024 found that 80% of organisations agreed that inadequate or outdated technology is holding back organisational progress and innovation efforts.

While the challenges for the UK government are substantial – both financially and operationally – they're not insurmountable. The government's renewed focus on digital transformation creates a timely opportunity to tackle these longstanding issues.

In our next article, we'll explore practical steps that government departments can take to modernise their legacy systems without breaking the bank or disrupting essential services. We'll look at how organisations can make progress today while building toward their long-term digital vision, creating a realistic roadmap for transformation in a complex public sector environment.