Exhibiting and presenting at events like DigiGov 2025 offers limited opportunities to explore the wider exhibition. Nevertheless, the event highlighted several critical themes for UK government departments navigating digital transformation, particularly in the context of legacy systems and artificial intelligence (AI).

Below, I share three key observations, grounded in a strategic perspective.

1. Legacy Systems: A Strategic Priority from DigiGov 2025

Legacy technology emerged as a central theme at DigiGov 2025.

Major players such as AWS, Government Digital Service and others hosted customer panels on the Gov ICT stage, addressing Legacy challenges. The focus on legacy systems underscores a growing recognition among public sector organisations that dismantling outdated systems and data silos is essential to unlocking AI-driven innovation. Modernisation is no longer optional; it is a prerequisite for leveraging emerging technologies effectively and securely.

Our joint talk with Archive360 on Legacy Technology and Data Governance drew a capacity audience, with attendees standing at the edges of the theatre to hear our comprehensive approach to modernisation, covering key points including:

• Legacy Tech and AI Innovation are intrinsically linked. You need accessible, clean, connected data to feed AI innovation. Which means addressing your legacy and collapsing your data silos.

• You need to assess Legacy Risk in Security, Supportability, Dependencies, Availability and Business impact. But condense this into a simple unified risk score to communicate it effectively.

• A good assessment of your legacy estate will let you optimise your budget, targeting legacy spend based upon business risk, not technology obsolescence.

• Implementing a Strategic Archiving and Data Governance platform enables retirement of old applications and data, while enabling AI alongside long-term retention and compliance.

2. AI for Security, but no Security for AI?

While numerous vendors showcased AI-augmented security services, such as Security Information and Event Management (SIEM) and Security Operations Centres (SOC), there was a notable absence of content addressing secure AI implementation. Delegates at the show were obviously looking for this guidance as I had several questions on the subject at the Through Technology / Archive360 stand, despite the fact we weren't exhibiting our AI Governance & Assurance work.

Organisations looking for this guidance should look to.....

The NCSC AI Cyber Security Code of Practice

The GDS AI Playbook

The NIST AI Risk Management Framework

... and potentially ISO42001 for both impact assessment and general management standards.

Given the UK’s light-touch approach to AI regulation, industry must take greater responsibility for promoting best practices and I think there is a greater need to signpost these examples of good practice. Without robust governance, AI adoption risks becoming technology-led, sidelining critical considerations around data quality, security, and compliance. This could lead to significant challenges in the future, including data breaches or unreliable AI outputs. Government departments must prioritise secure-by-design principles and align with recognised standards to ensure safe and sustainable AI deployment.

3. Digitalisation is good for citizens, Personalisation is better

KPMG were show-casing an interesting report on Citizen Experience. It highlights that Digital public services are improving the citizen experience in the UK, but also that this can be further improved. Some of the basics, like not having to submit data multiple times are improving, but the key themes of the report "Recognise me, Remember me, Respect me" can all be further improved by unlocking data silos and improving data sharing.

4. Design for Security and Supportability

The standout moment from the event (apart from my own talk on stage of course) was a comment that resonated deeply:

“If you’re not thinking about supportability, security and service when you build a new system, you risk creating legacy in real time.” 

While not verbatim, this insight captures a critical challenge in the current phase of AI experimentation. As departments explore AI’s potential, there is a risk of developing systems that, while innovative, lack maturity or robust support structures. To prevent tomorrow’s legacy issues, new systems must be built with clean, accurate, and minimised data, underpinned by interconnected and well-governed architectures. Supportability, scalability, and data integrity must be embedded from the outset to ensure AI solutions remain fit for purpose as they become business-critical.

Conclusion

DigiGov 2025 highlighted the urgency of addressing legacy systems and the need for a strategic approach to AI adoption. UK government departments must balance innovation with robust governance, ensuring that AI implementations are secure, compliant, and sustainable. By prioritising modernisation, aligning with best practice frameworks, and designing for long-term supportability, the public sector can harness AI’s potential while mitigating risks. These principles will be vital as we navigate the evolving landscape of digital government.