The IT Law Wiki


A legacy system refers to

[t]hose systems in existence and either deployed or under development at the start of a modernization program. All legacy systems will be affected by modernization to a greater or lesser extent. Some systems will become transition systems before they are retired. Other systems will simply be retired as their functions are assumed by modernization systems. Still others will be abandoned when they become obsolete.[1]
systems or applications that have been inherited from languages, platforms, and techniques earlier than current technology. For example, this would include applications programmed in Common Business Oriented Language.[2]
[a] system that uses software for which its vendor no longer corrects vulnerabilities.[3]

The National Association of State Chief Information Officers (NASCIO) has defined legacy systems as follows:

A Legacy System is not solely defined by the age of IT systems (e.g. 20 years) as there are many systems that were designed for continued upgrades, but the term also focuses on elements such as "supportability," "risk" and "agility," including the availability of software and hardware support, and the ability to acquire either internal or outsourced staffing, equipment or technical support for the system in question. The term may also describe the system's inability to adequately support "line-of-business" requirements or meet expectations for use of modern technologies, such as workflow, instant messaging (IM) and user interface.[4]


  1. A Practical Guide to Federal Enterprise Architecture, at 68, App. B, Glossary.
  2. Cloud Computing at the Social Security Administration, at 3 n.16.
  3. Report on Securing and Growing the Digital Economy, at 90.
  4. NASCIO, "Digital States at Risk! Modernizing Legacy Systems" 2 (2008).

See also[]