In summary:
- Legacy transformation in the public sector succeeds through integration, isolation and incremental change, not wholesale replacement.
- Risk-based prioritisation helps organisations modernise complex estates while maintaining live service continuity.
- Strong data and system foundations are essential to unlock effective AI adoption in real-world environments.
There's an assumption that tends to go unexamined in most technology transformation conversations and it goes something like this: the goal is to get rid of the old stuff and replace it with something better.
It sounds logical. In practice, it's often the most expensive way to fail.
The flaw in the default approach
I've worked on modernisation programmes across complex public sector estates, and the pattern I see most consistently isn't organisations that lack ambition or don’t know what they want to achieve. It's organisations that have confused ambition with the right approach. The instinct to replace, to draw a line under the past and start again, is understandable. Legacy systems are frustrating to work with, costly to maintain and genuinely limiting. But in live public service environments, wholesale replacement is rarely viable. The systems being replaced are usually the ones that millions of people depend on, often continuously. There is no quiet period, no opportunity to take the service offline while something better is built. It’s like rebuilding a ship whilst at sea.
What effective modernisation looks like
The approach that actually works looks quite different. It starts not with replacement but with understanding – a clear-eyed assessment of the estate, prioritised not by age or aesthetics but by risk. Which systems represent the greatest operational fragility? Where is cyber exposure most acute? What is genuinely end-of-life, and what just looks old but continues to perform reliably? What isn’t part of the formal estate, but the organisation has become operationally dependent on? That distinction matters, because treating every legacy system as equally urgent is a reliable way to spread effort thinly and achieve little.
From that foundation, the logic of modernisation shifts. Rather than replacing legacy, the more practical path is to integrate, isolate and increment. What do I mean by this?
- Integrate – build the connective tissue, APIs, middleware, integration layers, that allows newer capabilities to work alongside existing systems rather than waiting for those systems to be gone.
- Isolate – identify the components that carry the most risk and wrap them in a way that contains the blast radius if something fails, buying time for a more considered transition.
- Increment – change in stages, validating at each step, preserving continuity while steadily reducing the technical debt that makes everything harder.
This isn't a counsel of caution. It's a recognition that in complex service environments, the risk isn't only in the legacy – it's in how you approach changing it.
Defra's modernisation programme offers a useful illustration of what this looks like at scale. Working across over 2000 applications, a genuinely sprawling estate that includes arm's-length bodies with their own systems and constraints, the task wasn't to replace everything, or even to replace most things. It was to understand the estate clearly enough to sequence change intelligently – maintaining continuity in live services while creating the conditions for meaningful modernisation over time.
Why this is harder than it sounds
There are things that make this harder than it sounds and it's worth naming them honestly. Legacy doesn't persist only because of technical debt. It persists because of procurement constraints and long-running contracts that make change legally and commercially complicated. It persists because of data. Decades of information stored in formats that were never designed to be portable, that can't simply be migrated without significant work to clean, reconcile and restructure it. And it persists because of skills. The people who understand these systems most deeply are often approaching the end of their careers and that knowledge isn't always documented anywhere it can be found.
These aren't reasons to delay. They're reasons to be precise about what you're taking on before you start.
The reason this matters beyond the immediate challenge of managing technical debt is that the conversation in most public sector organisations has now shifted irrevocably towards AI. And AI, in a live service environment, is only as good as the foundations it sits on. The data it needs to learn from, the systems it needs to integrate with, the workflows it needs to fit inside – all of those things are shaped by the legacy estate. Getting the foundations right isn't a precondition for modernisation. It's a precondition for AI that actually delivers in the real world.
That's the conversation I'll turn to next.
In the meantime, if you haven’t read the first blog in the series, The 97% problem – why legacy is holding public services back sets out why this challenge matters so much in the first place. And if this article has explored how to modernise through legacy, not around it, stay tuned for the next blog, where I’ll look at why getting these foundations right matters even more in an AI-shaped future.