The Strategic Architecture of Modern Government
The contemporary framework for transformation is anchored by the "Transforming for a Digital Future" roadmap — a cross-government vision anchored to 2025 and built on genuine collaboration at Permanent Secretary level. This is a meaningful departure from the era of siloed departmental initiatives that too often failed to deliver joined-up services. The Central Digital and Data Office (CDDO) now provides the centralised engine for this change, focused on six core missions that address public expectations, civil service capability, and operational efficiency in equal measure.
For CTOs and Programme Directors working within this system, understanding the architecture isn't optional. The roadmap defines expectations, sets approval thresholds, and shapes how spend controls are applied. Miss it, and your programme will struggle. Navigate it well, and it becomes a genuine accelerant.
The Six Missions: What They Mean in Practice
Transformed Public Services
50 of the top 75 services to reach a "great" performance standard by 2025. User research isn't a nice-to-have — it's a pass/fail gate.
GOV.UK One Login
Single, secure identity verification across all departments. Over 2.2 million users already enrolled. The "Tell Us Once" principle is becoming infrastructure.
Better Data
Resolving 50% of high-priority data issues and launching a national Data Marketplace. Without clean data, AI is a fantasy.
Efficient & Secure Technology
Remediating "red-rated" legacy IT and adopting a cloud-first architectural approach. This is where most programmes live and die.
Digital Skills at Scale
Reducing digital vacancy rates below 10% and introducing 2,500 new entrants to the profession via targeted apprenticeships.
Unlocking Transformation
Reforming funding models to support agile delivery and removing the structural friction that stalls good programmes in the approval cycle.
The government's own projections estimate over £1 billion in savings from eliminating paper-based processes, and an additional £101 million per year by replacing expensive external contractors with in-house digital talent. These numbers aren't theoretical — they're the benchmark against which every programme is now measured.
The Technological Vanguard: What CTOs Must Track
Distinguishing between transient hype and foundational innovation is perhaps the single most important skill a public sector CTO needs today. McKinsey's Technology Trends Outlook and Gartner's strategic technology research both point to a consistent set of priorities — not all of which are new, but all of which are now urgent.
From Generative to Agentic AI
The most significant shift underway is the move from generative AI — which produces content based on prompts — to agentic AI: systems that autonomously plan and take actions toward user-defined goals. Gartner predicts that by 2028, at least 15% of day-to-day work decisions in enterprise environments will be made autonomously through agentic AI, up from effectively zero in 2024.
In a government context, this represents the potential for an "Infrastructure of Action" — autonomous agents that handle transactional state work at scale, freeing civil servants to focus on higher-judgement tasks: complex cases, policy nuance, human empathy. It also introduces governance requirements that most departments haven't yet anticipated.
"Technology is the easy part. Transformation is the hard part. Real change requires a sophisticated orchestration of policy directives, procurement frameworks, cultural shifts, and technical debt remediation."
The Quantum Threat You Can't Ignore
One of the most underappreciated risks in current public sector digital strategy is quantum computing's potential to render existing encryption obsolete by 2029. Many departments hold citizen data encrypted under standards that will not survive a quantum-capable adversary. Post-quantum cryptography is not a theoretical exercise — the National Cyber Security Centre (NCSC) and NIST have already published transition timelines, and departments with long data-retention obligations need to begin migration planning now.
| Technology Trend | Specific Innovation | Strategic Impact for Public Sector |
|---|---|---|
| Artificial Intelligence | Agentic AI | Autonomous goal-seeking in administrative systems — case processing, scheduling, compliance checking |
| Computing Frontiers | Post-Quantum Cryptography | Future-proofing sensitive citizen data against quantum decryption threats — urgent for health and justice |
| AI Governance | AI TRiSM Platforms | Managing legal, ethical and operational performance of AI — by 2028, 30% higher trust scores for adopters |
| Information Integrity | Disinformation Security | Protecting state-citizen communications from AI-generated misinformation and impersonation attacks |
| Infrastructure | Hybrid Computing | Combining cloud, on-premise and edge to solve complex problems across distributed estates |
Navigating the Legacy IT Challenge
A primary challenge facing every public sector CTO is the weight of legacy IT — outdated systems that are inefficient, difficult to maintain, and increasingly incompatible with modern security standards. The UK government estimates nearly £1 billion is spent annually on maintaining obsolete systems — funds that could otherwise be redirected towards genuine transformation.
This isn't an abstract risk. When legacy systems fail in healthcare, it affects patient safety. When they fail in local government, benefits are delayed. When they fail in justice, cases are lost. The stakes are materially different from commercial IT failures.
The CDDO Legacy IT Risk Assessment Framework
The CDDO's qualitative, risk-based approach to legacy evaluation gives departments a standardised mechanism to gauge technical health and prioritise remediation. Understanding this framework matters: it shapes how spend controls are applied and what the Cabinet Office will and will not fund.
| Risk Indicator | Warning Signs |
|---|---|
| Software Status | Out-of-support software or expired vendor contracts |
| Skills Shortages | Too few people with the knowledge required to maintain the system — often COBOL, Fortran, or early Java estates |
| Performance Issues | Known security vulnerabilities, recent incidents, unplanned downtime |
| Strategic Alignment | Inability to meet current or future business needs — especially around data sharing and API integration |
| Hardware Health | On-premise hardware reaching end-of-life with no cloud migration path planned |
The most dangerous legacy systems are those where the original developers have long since left. Monolithic architectures with undocumented business logic — what practitioners call "the black box" — require specialist remediation strategies before any migration attempt. Moving fast here without proper discovery almost always results in data loss or service failure. Slow, structured decomposition into microservices consistently outperforms "lift and shift" approaches.
The Procurement Revolution: GDS, TCoP and G-Cloud
Nothing slows public sector digital programmes quite like procurement done badly. And nothing unlocks them quite like procurement done well. The transformation of the UK's approach — from large, monolithic IT contracts to the agile, standards-driven frameworks now in place — is one of the genuine success stories of the GDS era.
The Technology Code of Practice: 12 Criteria That Shape Every Decision
The TCoP is used as a standard in the Cabinet Office spend control process. It isn't a checklist to tick — it's the lens through which every technology investment is evaluated. CTOs who treat it as bureaucratic overhead consistently struggle. Those who internalize it as a design framework consistently deliver.
-
Define user needs
Understand the problems technology is meant to solve — not the solutions procurement has already decided upon. User research must precede architecture.
-
Make things accessible and inclusive
WCAG 2.1 AA compliance is a legal requirement, not a stretch goal. Accessibility testing must be embedded throughout — not bolted on at the end.
-
Be open and use open source
Open source isn't just a cost-saving — it's a transparency mechanism. Closed proprietary systems that lock in a single vendor contradict the spirit of TCoP and increasingly fail spend controls.
-
Use cloud first
The default position for new services is public cloud. Departments must justify departures from this — not justify adoption. The burden of proof has shifted.
-
Make better use of data
Improving processes through data effectiveness underpins every other mission. Without data quality, AI is noise. Without data governance, it's a liability.
-
Make your technology sustainable
Energy-efficient computing and technology lifecycle management are now Permanent Secretary-level commitments. Sustainability indices are published per department. This is a governance issue, not an IT one.
G-Cloud: The Framework That Changed the Market
The G-Cloud framework has done more to democratise public sector technology procurement than any other single initiative. By moving away from bespoke monolithic contracts towards a standardised marketplace for cloud services, it has fundamentally changed the commercial landscape — and the quality of delivery.
| Benefit | Impact on Public Sector Organisations |
|---|---|
| Speed | Procurement cycles shortened from months to weeks or days — critical for agile delivery |
| Cost Efficiency | Competitive, transparent pricing with reduced administrative overhead and legal burden |
| Innovation Access | Direct access to cutting-edge technologies and specialised SME expertise — 42% of spend now to SMEs |
| Risk Mitigation | Pre-approval guarantees suppliers meet security and privacy standards — DSPN and Cyber Essentials aligned |
| Flexibility | Standardised contract terms and easy access to improved services without complex re-procurement |
The Human Element: Skills, Culture and Inclusive Transformation
Technology is only as effective as the people who operate and lead it. The public sector faces a significant digital skills gap — with 58% of councils reporting deficiencies in digital capabilities. But the challenge runs deeper than recruitment. It requires a cultural shift: from IT as a support function to technology as a core organisational capability.
The HEART™ Framework for Inclusive Change
One of the most effective approaches we've seen applied to public sector transformation is the HEART™ model — Human, Equitable, Adaptive, Real-time, and Tech-enabled. It reframes the question from "what technology do we deploy?" to "how do we ensure the people this technology affects are genuinely better off?"
The Digital Inclusion Programme at Bradford Council demonstrates this in practice. By integrating digital access into health, housing and employment services — treating digital exclusion as a barrier to equity — the programme closed the digital divide not through awareness campaigns, but through structural change. Cross-sector collaboration, device access, and skills development delivered together, not in silos.
From Project-Led to Product-Led: The Mindset Shift That Changes Everything
One of the most impactful — and underappreciated — lessons from public sector delivery is the difference between project-led and product-led development. Too many programmes are still structured around the former: fixed scope, fixed budget, fixed timeline. The result is software that is delivered "on time and on budget" and is immediately out of date.
| Feature | Project-Led Development | Product-Led Development |
|---|---|---|
| Primary Focus | Tasks and completion dates | Outcomes and continuous value |
| Budgeting | Fixed and stringent — change requests are costly | Flexible and feedback-driven — investment follows evidence |
| Success Metric | "On-time and on-budget" — delivery theatre | User outcomes and mission impact — genuine value |
| Agility | Limited by fixed scope; change is expensive | High — short iterations, rapid user feedback loops |
| Alignment | Procurement-driven; specs written before discovery | User-research-driven; specs emerge from learning |
Product-led delivery allows engineers and programme directors to take a meaningful role in shaping roadmaps — not just executing against them. It creates conditions for genuine mission impact, not just delivery compliance. The GDS service assessment process is increasingly designed to reward this approach and penalise its absence.
Data Sovereignty and Interoperability: The Foundation Layer
The ability to share data across departmental boundaries is foundational to delivering joined-up public services — and it remains one of the most persistent failure points in UK government digital programmes. Legal uncertainty, privacy concerns, and weak cross-departmental incentives for collaboration have historically conspired to keep data siloed. The landscape is changing, but slowly.
The Data (Use and Access) Act and the emerging National Data Library represent the government's attempt to unlock this value systematically. For programme directors, the practical implication is this: invest in data foundations before AI. An agentic AI system built on poor-quality, inconsistent data will amplify those problems, not solve them.
GOV.UK One Login and the "Tell Us Once" Architecture
GOV.UK One Login is more than an identity solution — it is an architectural foundation for interoperability. With over 2.2 million users already verified, it enables citizens to update their information once and have it propagate across relevant departments automatically. This reduces administrative burden, eliminates costly data inconsistencies, and builds the trust infrastructure on which future AI services will depend.
"Interoperability requires a high degree of transparency in how data is collected, stored and used. Strong authentication is not just a technical requirement — it is the social contract that makes digital government possible."
Critical Priorities for CTOs and Programme Directors: 2025–2026
The journey to digital maturity in the public sector is complex, but the patterns of success are becoming clearer. Based on sustained delivery across healthcare, local government, justice, and central government, these are the priorities that consistently separate programmes that deliver from those that stall.
-
Mission Impact Over Technical Metrics
52% of government CIOs expect budgets to surge in 2026, driven by the need to demonstrate AI and modernisation impact. Gartner is explicit: success is no longer measured by IT project completion, but by tangible improvements in user experience and cost savings delivered to the public. Reframe your reporting accordingly — and do it before the next business case is written.
-
Fix the Data Foundations Before Scaling AI
Realising the potential of AI requires building solid data foundations first. Before any department can successfully deploy agentic AI, it must address the high-priority data quality issues that currently hinder decision-making. Innovation is unlocked when risk aversion is reduced through robust assurance frameworks — not through pilot fatigue.
-
Treat Sustainability as a Governance Issue, Not IT
As computing demands surge, the sustainability of the technology lifecycle has become a core Permanent Secretary-level requirement. Departments are now required to publish sustainability indices. Energy-efficient computing and responsible data centre management belong in the programme board agenda, not just the architecture review.
-
Embrace Hybrid and Multi-Cloud Without Losing Control
The modern digital estate is rarely a single system. CTOs must navigate hybrid and multi-cloud environments while ensuring genuine resilience — not just theoretical failover. The risk of vendor lock-in is real and accumulating. Integration design and hosting strategy deserve the same attention as new feature delivery.
-
Cybersecurity Is No Longer a Technical Concern — It's a Board Issue
85% of government CIOs identify cybersecurity as their top investment priority. The shift to cloud, the proliferation of APIs, and the emergence of agentic AI all expand the attack surface in ways that legacy security frameworks were not designed to handle. NCSC Cyber Essentials is a floor, not a ceiling.
| Strategy Area | CTO / Director Priority for 2025–2026 |
|---|---|
| Leadership | Shift from "order taker" to "trusted strategic partner" — especially at Permanent Secretary and board level |
| Risk Management | Cybersecurity is the number one investment priority for 85% of government CIOs |
| Productivity | AI and automation to deliver more with less amid rising demand — 51% of CIOs expect productivity gains by 2026 |
| Inclusion | Ensuring no citizen is excluded from accessing digital services — a legal and ethical requirement, not a choice |
| Infrastructure | Remediating red-rated legacy systems to reduce technical debt and unblock future capability |
Sectoral Transformation: What Works, and Where
The macro-trends of digital transformation manifest differently across the varied domains of the UK public sector. Understanding what "good" looks like in each domain is essential for any programme director moving between sectors — and for consultants advising clients who may not have this cross-sector perspective.
Healthcare
The digital hospital with an operational Command Centre model has proven the most effective vehicle for NHS transformation — high uptime, integrated data, and genuine workflow change.
Local Government
Digital inclusion programmes targeting vulnerable communities outperform technology-first initiatives. Closing the digital divide requires device access, connectivity, and skills — not awareness campaigns.
Justice & Home Office
The HMCTS DLRM programme — calculating risk scores for every IT system to prioritise decommissioning — is the benchmark for large-scale legacy remediation. Systematic, not ad hoc.
Central Government
GOV.UK One Login and the Tell Us Once architecture are creating the identity infrastructure on which the next decade of government digital services will be built.
Healthcare: The Command Centre Model
In healthcare, transformation is focused on process simplification and the automation of manual tasks to enhance patient care. Fully digital hospitals using an operational Command Centre model have demonstrated that it is possible to maintain high service uptime and transform hospital operations in a sector historically resistant to digital change. Securely managed patient data enables trusts to match staffing with demand in real time — a capability that previously required expensive manual coordination.
Local Government: The Smart City and Digital Inclusion
Local councils are the most visible front line of citizen engagement. IoT integration — sensors monitoring traffic, air quality, energy usage — is enabling genuinely smarter urban planning. But the most impactful programmes we've seen consistently combine technology deployment with proactive digital inclusion: ensuring residents who lack skills, devices, or connectivity aren't excluded from services that have moved online. The Bradford Council Digital Inclusion Programme is a genuine model for others.
Justice: Systematic Legacy Risk Mitigation
Central government departments like HMCTS have pioneered a scoring-based approach to legacy risk that every large department should study. By calculating a risk score for every IT system — not just the ones IT leadership are aware of — the DLRM programme created the visibility required to prioritise and fund remediation systematically. Without that visibility, spend controls are impossible to apply rationally.
AI Governance and Disinformation Security
As the public sector moves from AI pilots to production deployments, the governance question is no longer optional. Gartner projects that by 2028, organisations using AI governance platforms will achieve customer trust scores 30% higher than their peers, and regulatory compliance scores 25% higher. In a government context, where the consequences of AI failure are borne by citizens — not shareholders — this gap matters profoundly.
What Robust AI Governance Looks Like in Practice
The Trust, Risk and Security Management (TRiSM) framework is the operational vehicle for AI governance in complex organisations. It enables management of legal, ethical and operational performance of AI systems — not just technical performance. For public sector leaders, this means establishing clear guardrails for autonomously acting software before deployment, not after an incident.
Disinformation Security: The Underestimated Threat
Advanced AI tools are being increasingly leveraged to spread disinformation — targeting public institutions with fabricated content that erodes the state-citizen relationship. By 2028, it is expected that 50% of organisations will require dedicated disinformation security services. For government communications teams and digital service owners, this is not a future concern. It is a present one.
Most UK public sector AI deployments to date have been pilots — limited scope, limited accountability, limited governance. As these move into production, the governance frameworks needed to manage agentic AI at scale do not yet exist in most departments. Building them is urgent work — and it requires legal, operational and technical expertise working in genuine collaboration.
The Economic Imperative: Why This Is Non-Negotiable
Digital transformation is not only an operational efficiency question — it is a driver of national economic recovery. The UK government estimates the annual gross value of the tech sector will rise by £41.5 billion by 2025, creating an additional 678,000 jobs. For public sector organisations, this growth provides a larger talent pool and a more competitive vendor ecosystem.
| Area of Impact | Source of Saving or Productivity Gain | Projected Value |
|---|---|---|
| Contractor Costs | Transitioning to in-house digital talent and competitive remuneration | £101 million per year |
| Paper Processes | Eliminating manual, paper-based workflows across government | Over £1 billion in savings |
| Legacy IT | Remediation of red-rated systems and reduced annual maintenance spend | Reducing a £1bn annual maintenance bill |
| Employee Productivity | AI tools and agentic systems for routine and administrative tasks | 51% of CIOs expect gains by 2026 |
| Tech Sector Growth | Economic contribution of the digital economy to national productivity | £41.5 billion increase by 2025 |
Conclusion: Orchestrating Real Change
The lessons from years on the ground in public sector digital transformation point to a single, overriding truth: technology is the easy part. Real transformation requires a sophisticated orchestration of policy compliance, procurement strategy, cultural change, legacy remediation, and data governance — executed simultaneously, under fiscal pressure, with the public watching.
For every CTO and Programme Director, the mandate is shifting from innovation to delivery. The foundational work of building data marketplaces, identity solutions, and secure cloud infrastructure is the prerequisite for the Agentic Government of the future. By grounding every programme in mission impact — not just delivery compliance — the UK public sector can build on the genuine progress of the GDS era and deliver on its promise to citizens.
The convergence of AI, post-quantum security, and inclusive design represents the next frontier of public service. Navigating it successfully will require leaders who are as comfortable with a risk assessment framework as they are with a user research session — and who have the operational experience to close the gap between strategy and reality.
Delivering a public sector programme?
Our senior consultants have worked across healthcare, local government, justice and central government. Book a free 30-minute discovery call to discuss your programme's challenges — whether it's procurement strategy, legacy remediation, AI governance or delivery assurance.
Book a Free Discovery CallSources & References
- 1UK Government. Transforming for a Digital Future: 2022 to 2025 Roadmap for Digital and Data. gov.uk
- 2Public Sector Executive. Public Sector Digital Transformation 2025. publicsectorexecutive.com
- 3BookingLive. UK Public Sector Digital Transformation Predictions: 2024 & 2025. bookinglive.com
- 4McKinsey & Company. Technology Trends Outlook 2025. mckinsey.com
- 5Gartner. Top 10 Strategic Technology Trends for 2025. talkspirit.com summary
- 6UK Government / CDDO. Guidance on the Legacy IT Risk Assessment Framework. gov.uk
- 7UK Government. The Technology Code of Practice. gov.uk
- 8Pinsent Masons. UK G-Cloud is a model other countries should follow. pinsentmasons.com
- 9Crown Commercial Service. G-Cloud 13 Spend Statistics. gov.uk
- 10Global Government Forum. Innovation in Government – Innovation 2027. globalgovernmentforum.com
- 11ITPro. Government CIOs Prepare for Big Funding Boosts as AI Takes Hold. itpro.com
- 12UK Government. State of Digital Government Review — January 2025. gov.uk
- 13Cabinet Office Digital Handbook. Legacy Systems Guidance. cabinetoffice.gov.uk
- 14Deloitte US. How Should Banks Respond to the Current Disruption in Software Engineering? deloitte.com