In a packed GovICT theatre at DigiGov Expo 2025, Graham Ashworth from Archive360 and Peter Hanney from Through Technology tackled one of government's most persistent challenges: what to do with decades of legacy systems and the valuable data trapped within them. The session, following neatly from a previous panel on managing legacy data, promised practical insights rather than theoretical ideals.
Peter Hanney opened by establishing a fundamental truth: government is not a startup. Nearly every organisation in the room would be wrestling with legacy systems, applications built years ago, focused on single use cases with rigid data models, possibly scattered across old supplier data centres and built on obsolete technology. However, the challenge, he argued, has evolved beyond the traditional concerns of security risk and skills availability.
"If you want to implement strategic data governance and if you want that clean accessible data that AI will feed off, then you need to address the legacy technology problem," Hanney stated, framing the issue not just as technical debt but as a barrier to innovation.
The opportunity cost of leaving data locked in these old systems is now significant. Organisations cannot pursue data-driven innovation or deliver the efficiency optimisations that government desperately needs whilst their information remains siloed. Moreover, many legacy systems fail to manage proper retention and disposition, meaning departments may be inadvertently violating GDPR by keeping everything indefinitely rather than deleting data when required.
Using HMCTS (Her Majesty's Courts and Tribunals Service) as a real-world example, Hanney illustrated the problem of data silos with striking clarity. Consider a citizen's lifetime interaction with court services: they might be a witness, victim, juror, solicitor, judge, or tribunal participant. Their name could appear in a different field across 20 separate systems, making something as straightforward as responding to a subject access request an administrative nightmare requiring coordination across multiple teams and platforms.
This fragmentation extends beyond practical inconvenience. Legacy systems typically feature single-use data models designed in isolation, never anticipating future analytics or cross-system data integration. They lack the enriched metadata necessary for modern use cases, metadata being the crucial information about your data that determines its trustworthiness and provenance.
Hanney shared a compelling example from the Home Office, which discovered approximately 20 different fields for passport numbers across their systems. Only one came from the authoritative source. Others originated from officers' handwritten notes transcribed at the end of long shifts with no data validation, hardly the foundation for reliable AI training data.
His solution? Implement a data confidence value score. "When you're combining your systems, have a data confidence value score that you add," he advised. "So then you can set a threshold in your organisation that only things with this data confidence and above will then be fed into AI." Without this, organisations risk polluting their models and generating the hallucinations that undermine AI systems.
Graham Ashworth acknowledged the elephant in the room: if legacy systems aren't broken and users are familiar with them, why invest in change? His grey hairs, he joked, came both from dealing with legacy technology and from successfully helping organisations transition away from it.
The answer lies in recognising that legacy technology business cases are actually innovation business cases. Money spent keeping old lights on could fund transformation. The two speakers emphasised that this is precisely the right moment for such initiatives, as most organisations are already undergoing digital transformation journeys.
"Don't have the digital team doing AI and the ops team keeping the lights on," Hanney urged. "Get the two talking." The unified approach recognises that innovation will struggle whilst data remains siloed and inaccessible, creating a powerful argument for integrated planning.
Ashworth added that security breaches often provide the impetus for action. Some clients only address legacy debt after their customer data has been compromised, highlighting that older systems cannot be hardened to modern security standards in the same way as contemporary platforms.
Through Technology has developed a systematic approach beginning with assessment. Organisations must evaluate the risks associated with legacy systems, not just security, but availability risks as the technology ages. Can you still source spare parts without resorting to eBay? Do you have single points of failure in staff who alone understand critical systems?
The firm created a unified legacy risk score, similar to Microsoft's secure score, combining various risk factors into a single quantitative measure. This enables prioritisation and optimisation of limited budgets, ensuring spending targets the highest-risk systems rather than simply replacing anything that's dropped out of vendor support.
Once assessed and prioritised, legacy systems typically follow one of five paths: retire, rehost (the "lift and shift" to cloud), re-platform (architectural changes), replace, or retain for systems with finite lifespans and manageable risks.
The critical innovation in the HMCTS implementation was separating aged data from live systems and moving it to a strategic data governance archive hosted in the customer's Azure environment. This approach maintains security assurance whilst enabling centralised management of compliance, retention, and disposition.
Ashworth demonstrated the architecture: on the left, data collection handling everything from unstructured emails to highly structured ERP data; in the middle, cost-effective storage in Azure blob with appropriate redundancy and immutability; on the right, access for various consumers including eDiscovery tools, analytics platforms, and AI systems.
Crucially, the system preserves data in its native format with immutability to evidence chain of custody; essential for court services. The archive can serve data to AI platforms as needed and tier it down to cheaper storage whilst maintaining searchability, significantly reducing ongoing costs.
Both speakers emphasised that this journey requires talking to users to understand how they access and search for data, ensuring archives work for their actual needs rather than just technical requirements. The goal is to keep data without legacy technology, improve compliance, retire old applications, enhance data models to unlock new optimisations, and keep everything secure, accessible, and AI-ready.
As the session concluded, Hanney highlighted the practical outcome of their work with HMCTS: "We've closed data centres recently, we got the last piece of tin out the door, switched off the lights, which has been quite the herculean effort." This tangible achievement, actually shutting down legacy infrastructure whilst preserving data access, demonstrated that the approach delivers real results, not just aspirational plans.