1. Treat legacy system age as a critical operational risk



Across government and regulated sectors, core systems approaching or exceeding 40 years of age remain in active service. Mainframes from the 1960s, ERPs nearing the end of vendor support, and production code written decades ago still underpin critical national and commercial functions.



While these platforms often remain reliable in terms of transaction volume, they are increasingly brittle to change. Each year, they become harder to secure, more expensive to maintain, and more exposed to talent attrition. Small policy or service changes can carry disproportionate risk, and recovery from incidents becomes more complex.



For senior decision makers, the implication is clear. Legacy systems are no longer just technical debt. They represent a growing operational, financial, and reputational risk that must be actively managed.









2. Protect institutional knowledge before it becomes a single point of failure



The most significant legacy risk is often not the technology itself, but the shrinking number of people who understand it.



In many organizations, knowledge of how critical systems behave in production exists only in the experience of a small number of long-tenured staff. Over time, undocumented business rules, workarounds, and dependencies accumulate. As those individuals retire or move on, that knowledge disappears with them.



This creates a dual risk. Modernization becomes harder because no one fully understands the existing system, while day-to-day operations become more fragile as fewer people can diagnose or resolve issues.



Without deliberate effort to capture and transfer institutional knowledge, organizations risk reaching a point where both change and stability are compromised.







3. Close the gap between recognizing talent risk and acting on it



There is broad awareness across government and regulated industries that workforce capability is a constraint on modernization. Far fewer organizations have acted on this risk in a sustained, structural way.



Short-term measures such as contractor reliance, isolated upskilling initiatives, or flexible work arrangements can provide temporary relief, but they do not address the underlying issue. Modernization requires deliberate investment in career pathways, capability development, and team structures that enable knowledge sharing rather than siloing.



For executives, workforce strategy must be treated as a core pillar of modernization, not an adjacent HR concern. Without it, improvements to systems, security, and service outcomes will remain fragile.







4. Turn AI ambition into delivery through structured execution



AI now features prominently in strategies across government and regulated sectors, but progress remains uneven. Many organizations are experimenting with use cases, yet struggle to move beyond pilots into production.



A useful way to frame AI adoption is through layers of impact:

Layer 1: AI that supports and accelerates delivery teams

Layer 2: AI that reduces inefficiency in operational workflows such as triage, verification, or compliance processing

Layer 3: AI that transforms citizen- or customer-facing services at scale



Most organizations are constrained in the middle layer, where fragmented data, uneven AI literacy, and risk concerns limit progress.



Rather than large, high-risk programs, leaders are increasingly finding value in incremental delivery. Short, structured cycles that demonstrate tangible value or measurable risk reduction help build confidence, capability, and organizational alignment over time.



In practice, this shift toward incremental, risk-managed AI delivery is supported by advances in agentic platforms that help teams move from experimentation into production more reliably. Thoughtworks’ AI/works™ platform is designed to support this model by embedding governance, delivery patterns, and safety considerations directly into how AI-enabled systems are built and operated. It reflects the same execution discipline outlined here: enabling teams to deliver value early, manage risk continuously, and scale AI responsibly in complex, regulated environments.







5. Start modernization with procurement changes leaders control today



Procurement remains one of the most powerful, and underutilized, levers available to leaders in government and regulated organizations.



Traditional procurement models were designed for large, fixed-scope projects and capital purchases, not for iterative delivery or learning-led change. This often reinforces big-bang programs that are expensive, slow to adapt, and difficult to course-correct.



An alternative approach is to fund modernization in small, production-ready slices under existing executive delegation. This reduces upfront commitment, shortens feedback loops, and allows organizations to demonstrate progress before scaling investment.



Importantly, this shift can often be achieved within existing policy and regulatory frameworks. It does not require wholesale reform to begin reducing risk and increasing momentum.