Understanding our digital systems to improve them
The Government Digital Service (GDS) is creating a single view of central government’s technology and data estate and establishing stronger ownership and direction. This will give teams across government the information and guidance they need to set stronger strategies, drive change and respond to emergencies.
Our goal
We have a comprehensive view of government’s entire technology and data estate including security, risks and vulnerabilities.
What this means for you
Some projects within this initiative do not cover the whole UK. Whether they apply depends on the service and where it is available. The Devolved Governments decide how it will apply in their area.
- Better decision making: if you’re a public sector worker, you’ll have a better understanding of your digital estate, helping you to make more informed decisions about technology strategy, spending and risk.
- Minimise risk and damage: if you’re a public sector worker, you’ll be able to manage risks proactively by identifying vulnerabilities before they can be exploited. If something does go wrong, you can respond more quickly by having a clear understanding of affected systems.
Our progress so far
April 2023: launched an annual scheme to assess cyber resilience
Launched GovAssure, the scheme used to independently verify the cyber resilience of government’s most critical systems, including its Critical National Infrastructure (CNI) and the systems people rely on every day. This requires the teams that own these systems to follow the Cyber Assessment Framework. This helps keep essential public services safe and reliable for you.
July 2025: expanded vulnerability scanning to local authorities
Worked with local authorities and the Ministry of Housing, Communities and Local Government (MHCLG) to identify vulnerabilities in the technologies and systems they use. This helps make sure that the services you rely on, such as paying council tax or applying for housing benefits, are better protected from cyber attacks and that your personal data is kept safe.
What we’re planning to do next
June 2026: gather stronger and more complete data on the use of legacy technology
GDS will publish a new approach for central government organisations to give us a clearer, fuller view of how and where legacy technology is being used today. This will enable us to coordinate work to address the risks of legacy technology use, making the public services you use more reliable and ensuring that your personal data is protected.
July 2026: update asset management standards for government
GDS will introduce stronger standards for maintaining records of digital assets, including legacy technology and CNI. This will provide clear expectations for teams across government and increase the visibility of our digital and data estate. A complete record means the government can manage risks better and respond faster if a critical service fails, helping to keep things running smoothly for you.
September 2026: release improvements to the GovAssure scheme
GDS will introduce automated tools to make it easier for teams to complete Cyber Assessment Framework returns. This will encourage more regular reporting and give government a clearer picture of how resilient critical systems are to cyber attacks. By getting more frequent updates, government can spot and fix weaknesses sooner.
December 2026: foundations in place to strengthen supply chain security
GDS, working with departments and building on future wider strategic supplier agreements, will improve security across government supply chains by mapping them more clearly, setting and enforcing baseline security standards and raising awareness in the Commercial Function. GDS will also review relationships with strategic suppliers to improve resilience, maintain strong standards and ensure good value for money with this work continuing up to 2030. This will help protect government systems from being attacked through a supplier, making your personal data safer and public services more secure.
More information
You can read more about GovAssure on security.gov.uk.
For more information about Legacy Technology, contact:
Technology Management Team
Department for Science, Technology and Innovation
Technology.management@dsit.gov.uk