← Back to all blogs

Louise Cermak | 13 July 2026

Legacy Software Modernisation v Replacement. How to Make the Right Call

Legacy System Upgrades

Legacy software modernisation v replacement. The short answer

Do not replace legacy software simply because it is old. Modernise when the system still delivers business value but needs to be safer, faster, easier to change or easier to integrate. Replace when the system blocks the future operating model and preserving it would perpetuate the constraint.

The real question is not whether the technology is dated, but whether the system still supports the business at acceptable risk.

If the answer is yes, modernisation may be the best first move. If the answer is no, replacement may be justified.

If the answer is unclear, consider wrapping, migrating, retiring or proving a Minimum Viable Replacement before committing to a larger programme.

This article focuses on the strategic decision. For the financial perspective, see Catapult’s guide on calculating the financial cost of legacy systems.

In practice, the choice is rarely a simple modernise-or-replace decision.

The practical rule is simple:

If the system… The likely route is…
Still contains valuable business logic but is hard to change Modernise
Is stable but difficult to integrate Wrap or modernise
Has infrastructure, hosting or data-platform risk Migrate
Blocks the future operating model Replace
Has unclear future value Prove a Minimum Viable Replacement
No longer supports a meaningful business need Retire

What modernisation and replacement actually mean

Legacy software modernisation is the process of improving, migrating, wrapping or replacing older systems so they can better support current business needs. Google Cloud defines it as updating or replacing software, architecture and infrastructure so they align more closely with business objectives.

That definition matters because modernisation is not a single activity. It can include:

  • Refactoring or re-platforming parts of the system
  • Improving performance, security or access control
  • Adding APIs or integration layers
  • Cleaning up data flows
  • Moving selected workloads
  • Implementing CI/CD pipelines and modern delivery practices
  • Rebuilding only the components that create the most constraint.

Replacement means the existing system is no longer the long-term platform of record. That does not always mean a full custom rebuild. Replacement can mean adopting a SaaS or COTS product, building a new platform, using phased legacy displacement, or proving a Minimum Viable Replacement before committing to wider change, and planning the data migration needed to support the new environment.

Book a No-Obligation Advisory Session

Data migration should not be treated as a technical afterthought. Information needs to remain Findable, Accessible, Interoperable and Reusable (FAIR) so that the replacement platform does not inherit the same data constraints as the system it replaces.

Cloud migration is often confused with modernisation. Moving a legacy system to cloud infrastructure may reduce hosting or resilience risk, but it does not automatically remove architecture, process, data or integration debt. Many cloud migrations simply relocate existing systems without addressing the underlying constraints. Rehosting can be quick, but it often delivers the fewest long-term benefits.

The same system may require more than one intervention. For example, an organisation may modernise some components, migrate infrastructure and retire obsolete functionality as part of the same programme.

The difference is this:

Route What it means Best used when
Modernise Improve the existing system or parts of it The system still has value but limits change
Replace Move away from the old system as the long-term platform The system blocks the future operating model
Migrate Move workloads, data or infrastructure The main risk sits in platform, hosting or data movement
Wrap Add an interface or API layer around the system The core system cannot safely change but still needs to connect
Retire Decommission the system The system has low value and unnecessary cost or risk
Minimum Viable Replacement Build a focused functional alternative The replacement case needs proving before full commitment

Why old software is not always the real problem

A legacy system can be old, stable and valuable. It may contain business rules refined over many years and support processes the organisation still depends on. Replacing it without understanding that value can remove useful operational knowledge as well as technical debt.

Martin Fowler’s work on legacy displacement makes this point clearly – a system being built on old technology is not, by itself, a sufficient reason for replacement. The better test is the business impact it creates, such as escalating run costs, lack of support or loss of knowledge.

The problem starts when legacy software creates constraints such as:

  • Repeated outages or resilience concerns
  • Dependence on scarce skills
  • Slow release cycles
  • Poor integration with newer systems
  • Inaccessible or low-quality data
  • Unsupported or unpatched platforms
  • Growing security, compliance or audit concerns
  • Manual workarounds around the system
  • Inability to support new customer, regulatory or operational needs

Increasingly, organisations also discover that legacy systems can limit AI initiatives because data cannot be easily accessed, trusted or integrated into modern platforms.

This is why ‘stable’ does not always mean ‘healthy’. A system can run every day and still be strategically unfit if it blocks change, drains delivery capacity or forces teams into manual workarounds.

The UK Government’s State of Digital Government Review found that legacy technology accounted for an estimated 28% of central government systems in 2024. More significantly, most organisations did not have comprehensive legacy asset registers or a quantified view of the risk those systems created.

The lesson for CTOs is not that every old system needs replacing. It is that legacy decisions should be driven by evidence, risk and business impact rather than age alone.

The decision framework. Value, health, risk and future fit

The wrong move is choosing the intervention before diagnosing the constraint.

A CTO should not start with ‘modernise or replace?’ Start by understanding the system, the risk it creates and the role it plays in the business. The following questions provide a structured way to do that:

Decision area Question to ask What it reveals
Business criticality What process does this system support? Whether failure would damage operations, customers or revenue
Technical health Can the system be safely changed and supported? Whether modernisation is realistic
Security and compliance exposure Is the system supported, patched and governable? Whether risk has become unacceptable
Data quality and accessibility Can data be trusted, accessed and reused? Whether analytics, reporting and AI are blocked
Integration dependency What systems rely on it? Whether change creates wider service risk
Process and user fit Does the system match how the business now works? Whether technology or operating model is the real issue
Future operating model fit Can it support where the organisation is going? Whether replacement is justified

NIST guidance emphasises that risk assessments should provide leaders with the information needed to make informed decisions. Similarly, GAO recommends that organisations identify legacy systems, assess the risks they create and plan appropriate modernisation or replacement activity.

That principle applies beyond government. Before committing budget, organisations need an inventory of their systems, a clear view of the risks they create and a structured way to evaluate the available options.

Not every legacy system deserves the same level of investment. Some should be modernised, some replaced and some retired. The objective is not to maximise spending on legacy technology but to prioritise investment where it creates the greatest business value and risk reduction.

Catapult’ CX’s Modernisation Readiness Review is designed for this stage of the decision. It gives leadership teams a structured way to assess their systems, understand the risks and constraints they create and evaluate modernisation, migration, replacement and retirement options based on business outcomes rather than technology preferences.

Business value

The first question is whether the system still creates meaningful business value. A legacy system may be difficult to maintain yet still support critical revenue-generating processes, regulatory requirements, customer operations or unique business capabilities.

Ask:

  • What business process depends on this system?
  • What would break if it disappeared?
  • What business rules are embedded within it?
  • Does it support revenue, compliance or competitive advantage?
  • Which capabilities remain valuable?
  • Which exist only because nobody has challenged them?

Fowler’s legacy displacement guidance highlights that legacy systems often shape wider business processes, including off-system workarounds and shadow IT such as Access databases and versioned Excel spreadsheets.

A system with high business value and manageable technical risk is usually a strong candidate for modernisation rather than replacement.

Technical health

Technical health determines whether the system can be improved safely. Assess code maintainability, documentation, test coverage, release processes, performance, monitoring, dependency risk, skills availability, vendor support and security posture.

The objective is to understand how difficult the system is to change. Some legacy systems are old but well understood, well documented and relatively safe to evolve. Others become fragile over time, where even small changes create disproportionate risk.

Particular attention should be paid to unsupported platforms, end-of-life technologies, scarce skills, vendor dependencies and security exposure. These factors often increase the cost and risk of maintaining the system, regardless of its business value.

If the system can be changed safely, modernisation may be viable. If even small changes create unacceptable risk, wrapping, phased replacement or a Minimum Viable Replacement may be safer.

The question is not whether the technology is modern. It is whether the system can be operated, changed and governed at acceptable risk. 

Book a No-Obligation Advisory Session

Process and future fit

Not every legacy constraint originates in technology. Many arise from processes that have evolved over time and no longer reflect how the business needs to operate.

If users depend on spreadsheets, manual handoffs, shadow databases or workarounds, replacing the platform may not solve the problem. It may simply move the same inefficiencies into a newer system.

Future fit matters. Does the system support how the organisation operates today and where it needs to go next? Does it force outdated approvals, duplicate effort or unnecessary manual intervention? Does it limit automation, self-service, scalability or customer experience?

Modernising technology is not always enough. If the underlying process needs redesigning, preserving it in a newer platform may simply recreate the same constraint.

If the system no longer supports the way the business needs to operate, replacement may be justified. Not because the technology is old, but because the organisation has outgrown it.

When legacy software should be modernised

Modernisation is appropriate when the system remains valuable but the way it is built, hosted, integrated or operated is creating avoidable risk, cost or complexity.

Modernisation is typically the right choice when:

  • The core business logic remains valuable
  • The system supports a critical business process
  • Replacement would introduce disproportionate disruption
  • Integration, performance, release, support or security issues are the primary constraints
  • The underlying business process remains largely fit for purpose
  • The organisation needs incremental progress rather than a large cutover event

Modernisation can take many forms, including exposing APIs, improving deployment pipelines, migrating part of the estate, refactoring key components, improving observability, strengthening security controls or replacing a specific high-risk module.

The most successful modernisation programmes focus on removing constraints rather than replacing technology for its own sake. Fowler’s legacy displacement approach advocates breaking change into manageable parts and finding the right seams in the business and technical architecture, rather than pursuing feature parity or a big-bang replacement.

For systems that continue to deliver business value, Catapult CX’s legacy system modernisation work focuses on reducing risk through targeted proofs of concept, Minimum Viable Replacements and modern architectures designed to integrate with, evolve or selectively replace legacy components.

Modernisation is often the lowest-risk option when the objective is to improve resilience, security, performance or integration without changing the underlying business capability.

A useful example is Catapult CX’s Global Network Provider case study, where a mission-critical platform was stabilised rather than replaced. The published case study reports 243 trading hours recovered per week, message failures reduced from 12% to 0.3% and a release outage window reduced from 21 days to 30 minutes.

The lesson is not that modernisation is always the right answer. It is that targeted modernisation can often remove the constraint without the cost, disruption and delivery risk of full replacement.

When legacy software should be replaced

Replacement becomes the right choice when the system is no longer capable of supporting the business at an acceptable level of risk, performance or flexibility.

Replace when:

  • The system no longer supports the business model
  • The underlying process needs to change
  • The platform is unsupported, insecure or increasingly difficult to maintain
  • The architecture limits customer experience, resilience or scalability
  • Data cannot be accessed, trusted or reused without excessive effort
  • Modernisation would preserve constraints that the organisation needs to remove
  • The cost and risk of keeping the system outweigh the value it provides

IBM notes that full replacement may be necessary where legacy systems have become too outdated to evolve effectively. While replacement can provide a fresh start, it also introduces disruption, delivery risk and organisational change.

Replacement should be driven by a clear business objective rather than frustration with existing technology. In many cases, the real driver is the need for new capabilities, better customer experiences, greater automation, regulatory compliance or a fundamentally different way of operating.

Replacement also does not have to mean a multi-year rebuild. A Minimum Viable Replacement can provide a safer route where organisations need to prove value before committing to a larger programme. Catapult CX defines a Minimum Viable Replacement as ‘a focused, functional alternative to your legacy platform, designed to meet real user and business needs.’

The UK Ship Register case study is a useful example of replacement being justified because the process itself had become the constraint. The Maritime and Coastguard Agency needed to digitise the UK Ship Register and replace manual processes with a self-service digital experience. The published case study reports an 89% reduction in data and certification errors, a 625% increase in monthly transactions and a 45% reduction in cost per transaction.

The lesson is simple. Replace when preserving the existing system would prevent the business from achieving its future objectives.

When to wrap, migrate, retire or use a Minimum Viable Replacement

The choice is rarely binary. Many legacy decisions sit between modernisation and replacement.

Option Best when Avoid when Main risk
Wrap The system cannot safely change but needs to connect The wrapper becomes permanent avoidance Adding another legacy layer
Migrate Hosting, infrastructure or platform risk is the issue Architecture and process debt are the real constraint Moving the problem without fixing it
Retire The system has low business value Users still depend on hidden workflows Breaking undocumented processes
Minimum Viable Replacement Full replacement needs proving The organisation treats it as a shortcut without discovery Building too little to test the real risk

Wrapping can be effective when the core system is too risky to change directly but still needs to integrate with newer services, channels or reporting tools.

Migration is appropriate when hosting, infrastructure, platform age or compliance requirements are the primary concern. Catapult CX’s Migrations service supports infrastructure, application and database migrations across cloud, on-premises and hybrid environments, with dependency mapping and transition planning.

Retirement is often the simplest answer when a system no longer provides meaningful business value. The challenge is identifying hidden users, dependencies and processes before decommissioning begins.

A Minimum Viable Replacement can help organisations prove the replacement case before committing to a larger programme. The objective is not to build the final solution, but to test assumptions, reduce uncertainty and validate the business case.

The common mistake is treating these options as end states rather than transition strategies.

  • Wrappers need decommissioning plans.
  • Migrations should not preserve avoidable technical debt.
  • Minimum Viable Replacements should lead to a clear decision.

Without an exit strategy, today’s workaround can easily become tomorrow’s legacy estate.

The biggest mistake. Replacing the system without replacing the constraint

The biggest mistake is replacing the platform while preserving the constraint.

A new system will not fix unclear ownership, poor data quality, weak governance, ineffective processes or organisational behaviours that have never been challenged. It will simply give those problems a newer interface.

Fowler describes a ‘legacy replacement treadmill’ where organisations repeatedly attempt replacement, run large transformation programmes and still fail to decommission the old estate. The result is that expected benefits around cost reduction, simplification and risk reduction never fully materialise.

The UK Government’s digital blueprint points to root causes beyond technology, including leadership, organisational structure, measurement, talent and funding. It argues for moving away from boom-and-bust transformation programmes towards persistent, multidisciplinary teams with long-term ownership.

That matters because legacy modernisation is not just a technology decision. It is also a business change, process, data and governance challenge.

Before replacing a system, organisations should ask whether the real constraint sits within the technology itself or within the way the business operates around it. If processes remain fragmented, ownership unclear and governance weak, a replacement programme may simply recreate the same problems on a newer platform.

This is where operational digitalisation often becomes relevant. In many organisations, the biggest constraint is not the software itself but the manual processes, disconnected workflows and organisational complexity that have grown around it.

Four ways to avoid the replacement treadmill

  • Define success before budget is committed. Agree the business outcomes the programme must achieve, such as lower run costs, faster release frequency, improved resilience or better data access.
  • Build decommissioning into governance. The old system needs a named exit path, not a vague assumption that it will disappear later.
  • Redesign the process before rebuilding the system. Understand the root cause of the constraint so the new platform does not simply recreate the same problem.
  • Use persistent product ownership, not project-mode handover. Legacy change needs ownership through delivery and live running, not a team that disappears at launch.

Replacing the platform without changing the constraint gives the organisation a newer version of the same problem.

How to make the call before committing budget

Before committing to modernisation or replacement, build a structured decision route.

This sequence provides a helpful plan:

  1. Create the system inventory
    Identify the system, users, integrations, data flows, suppliers, dependencies and downstream services.
  2. Clarify business value
    Define what the system does that still matters. Separate valuable business capabilities from obsolete processes.
  3. Assess technical health
    Review supportability, maintainability, resilience, security, release confidence, vendor dependencies and skills risk.
  4. Identify process debt
    Understand the processes, dependencies and operational behaviours that have developed around the system.
  5. Test future fit
    Assess whether the system can support future business objectives, customer expectations, regulatory requirements and growth plans.
  6. Choose the intervention
    Decide whether to modernise, wrap, migrate, replace, retire or prove a Minimum Viable Replacement.
  7. Define the decommissioning path
    If any part of the legacy estate is being displaced, define how it will be retired and removed.

The output should not be another strategy document. It should be a clear decision and route map.

A rule of thumb rule for CTOs

Use this rule of thumb as a starting point for your decisions:

  • If the system still delivers valuable business capability and can be changed safely, modernise.
  • If the system cannot safely change but still needs to connect, wrap.
  • If the primary issue is infrastructure, hosting or platform risk, migrate.
  • If the system prevents the business from achieving its future objectives, replace.
  • If the replacement case is not yet proven, use a Minimum Viable Replacement.
  • If the system no longer delivers meaningful value, retire it.

The wrong question is; Should we get rid of this old system?

The better question is; What should we preserve, what risk must we remove and what future capability is the current system blocking?

If that answer is unclear, assess before you commit significant budget, time or delivery capacity.

Catapult CX’s Modernisation Readiness Review is designed to help leadership teams make that decision. It provides an objective assessment of business value, technical health, risk, future fit and strategic options, helping organisations determine the most appropriate route without assuming replacement is the default answer.

Where implementation is required, Catapult CX’s legacy system modernisation services can then support the chosen approach, whether that involves modernisation, migration, replacement or retirement.

Book a No-Obligation Advisory Session

FAQs about legacy software modernisation v replacement

What is legacy software modernisation?

Legacy software modernisation is the process of improving existing systems so they continue to support business needs. It can include refactoring, re-platforming, migration, integration improvements, security enhancements, data improvements or selective replacement of high-risk components.

What is the difference between modernisation and replacement?

Modernisation improves or evolves the existing system. Replacement moves away from the existing system as the long-term platform of record. Replacement may involve SaaS, COTS, a custom platform, phased displacement or a Minimum Viable Replacement.

When should legacy software be modernised?

Modernise when the system still carries business value but creates avoidable constraints around performance, integration, supportability, security, data access or release speed.

When should legacy software be replaced?

Replace when the system can no longer support future business objectives at an acceptable level of risk, performance or flexibility and modernisation would preserve constraints the organisation needs to remove.

Is cloud migration the same as modernisation?

No. Cloud migration may move a system to a different hosting or infrastructure environment, but it does not automatically fix architecture, data, integration or process debt.

What is a Minimum Viable Replacement?

A Minimum Viable Replacement (MVR) is a focused functional alternative to a legacy system designed to test assumptions, validate the business case and reduce delivery risk before committing to a larger replacement programme.

Should every legacy system be replaced?

No. Some legacy systems are stable, valuable and business-critical. They should only be replaced when the cost, risk or strategic constraint of keeping them outweighs the value they still provide.

What is the difference between modernisation, migration and replacement?

Modernisation improves or evolves an existing system. Migration moves applications, infrastructure or data to a new environment. Replacement moves away from the existing system as the long-term platform of record. A modernisation programme may include migration, but the two are not the same.

How do CTOs decide whether to modernise or replace?

CTOs should assess business value, technical health, security exposure, data quality, integration dependency, process fit and future business requirements before selecting the most appropriate intervention.

What are the risks of replacing legacy software?

Replacement can create disruption, data migration risk, user adoption problems, parallel running costs and failure to decommission the old system.

When should a legacy system be retired?

Retire a legacy system when it no longer supports a meaningful business need and creates unnecessary cost, risk or complexity. Before retirement, confirm that users, integrations, reports and hidden workflows no longer depend on it.

How do you know if a legacy system is still worth keeping?

Assess the system’s business value, technical health, security exposure, process fit and future suitability. Systems that still support critical business capabilities may be candidates for modernisation rather than replacement.

How long does legacy software modernisation take?

It depends on the scope and objectives. Some modernisation programmes focus on a single high-risk component and take weeks, while larger programmes may run for months or years. The goal should be to prioritise risk reduction and business value rather than modernising everything at once.