Recommendation 14

In 2023, the previous Committee reported that Defra had one of the most significant legacy IT challenges across government, with a proliferation of outdated applications.33 Data and intelligence gaps still affect the work of the regulators, with their ability to access and use data constrained by outdated IT systems. For example, a lack of inspection and environmental data affects the Environment Agency’s ability to detect significant harm, and Natural England uses generic and out-of-date information when it makes decisions.34 Defra told us it had made progress with replacing its 300 high- risk legacy applications. Defra has improved 200 systems and closed down some high-risk data centres. Defra expects that the remaining 100 high-risk applications will take another 18 months to replace.35 Defra received £300 27 Q 75 28 Q 44 29 Q 68 30 C&AG’s Report, para 3.14 and Figure 4 31 Q 3 32 C&AG’s Report, para 2.5 33 Committee of Public Accounts, Tackling Defra’s ageing digital services, Fifty-First Report of Session 2022–23, HC 737, 18 April 2023 34 C&AG’s Report, para 2.5 35 Q 71 12 million in the 2025 Spending Review to invest between 2026–27 and 2028–29 on its ongoing digital transformation efforts, and Defra stated that it will invest £800 million a year over the Spending Review 2025 (SR25) period, including cybersecurity upgrades and an IT transformation programme.36