A solitary gavel rests on a beautifully polished desk that stands in front of cuttingedge AI servers, symbolizing the crucial and important link between law and technology in our modern society

Five elements of a justice information systems modernization strategy

Photographic potrait of Subhankar Sarkar
Subhankar Sarkar

Managing Director, Technology Consulting, Ernst & Young LLP

9 minute read 27 Oct 2025

Explore strategies for modernizing justice information systems to enhance efficiency, collaboration and data integrity across agencies.

In brief
  • A modular strategy lets departments use their preferred case management systems while connecting to an interoperability platform for collaboration.
  • Agencies should maintain operational continuity by enabling legacy systems to coexist with new systems through an interoperability platform.
  • Implementing artificial intelligence (AI) requires careful consideration of legal and operational constraints, emphasizing the need for tailored solutions.

There is top-down pressure to decrease operating costs and improve efficiencies of justice systems, objectives that can be achieved with newer technologies like the cloud and AI, but those systems must first be modernized before these technologies can be leveraged. Justice, by its very nature, is a connected enterprise, with 100s of federal, state and local agencies exchanging data and running cross-agency workflows. This requires modern systems integration and messaging technologies. Legacy technologies cannot deliver efficient cross-agency collaboration; moreover, these technologies often involve a dwindling resource pool and expensive infrastructure support contracts that can be hard to exit. Critical software and hardware infrastructure may be nearing obsolescence or already obsolete, raising the risk of operational disruptions and security breaches. Perhaps most importantly, systems modernization is required to protect against reputational risk and meet accountability requirements. Justice agencies are subject to scrutiny by the media and the public and must answer to their federal and state overseers. There is little tolerance for broken down systems that allow people and cases to fall through the cracks.

One thing that becomes clear very quickly as we work on justice systems modernization projects is that a “factory” approach is simply not possible. The variance in operating models and technology landscapes is such that each instance of the problem must be individually considered — agency by agency, department by department. Given that there can be no single justice systems modernization methodology, this paper presents five broad strategic elements that can reduce risks and accelerate outcomes, once these have been tailored to the agency’s circumstances.

How EY can help

1. Modularity

A reflexive response to justice systems modernization challenges can be to offload them to a single vendor, commercial off-the-shelf (COTS) product or cloud software as a service (SaaS), e.g., push all departments into a single case management package or low code platform. This approach does not work particularly well in the justice domain, given that different departments — law enforcement, courts, prosecutors, public defenders, probation — are largely autonomous, with independent leadership and clear functional and technical preferences. Even as the enterprise seeks to modernize, these departments seek out their own case management systems and enabling technologies. Interoperability, not homogeneity, is the desired end state of justice systems modernization.

 

Rather than throw everything into one case management system, we recommend a modular approach — similar to Medicaid modernization, where the Centers for Medicare & Medicaid Services (CMS) makes it one of the conditions of a federal funding match. In a modular approach, each department runs its case management system of choice and connects to an interoperability platform that serves the cross-cutting functions of data integration, entity resolution, API orchestration and interagency workflows. This best-of-breed approach maximizes departmental efficiencies, minimizes single-vendor dependence and reduces risk.

2. Legacy coexistence

The key challenge in most modernization projects is operational continuity and avoidance of business disruption — sustained access to critical business processes and data even as the agency goes through the modernization journey. A particular challenge is the continuity of interagency interfaces that cannot be allowed to break as an agency modernizes its systems. The usual response is phased modernization — bite off smaller chunks of the problem — but that is more easily said than done given the monolithic structure of legacy justice systems. There are many internalized dependencies that are difficult to unravel and often there is no separation between business rules and application code.

We recommend that agencies leverage the interoperability platform to enable legacy systems coexistence during the modernization journey. The interoperability platform not only connects the new modules together but also connects them to legacy components, thereby allowing the agency to modernize at its own pace. A viable approach is to establish the platform as the API orchestrator across new and old systems early in the process and then gradually replace old systems at the back. The API orchestrator can also be used to distribute workloads selectively to new and old systems, thus enabling the “strangler pattern.” Workloads can be moved off the legacy system in a phased way — first adult caseloads and then juvenile, say, or vice versa — such that eventually the old system is strangled and the new system takes over.

When planning for legacy system coexistence, it’s important to identify the bodies of algorithmic complexity early in the process and bring the appropriate architectural approach to bear. Usually, algorithmic complexity — complex business rules across widespread data points — is more difficult to handle than architectural complexity. Architecture either works or “fails fast,” whereas it may take many years to detect the incorrect implementation of a business rule — maybe because the business scenario is infrequent or the defect is buried too deep.

Legacy components containing complex business rules can be refactored to provide an externalized service interface, and façade APIs on the interoperability platform can then be used to encapsulate these components. If the modern infrastructure supports the legacy component’s runtime, a viable approach is to containerize the component and run it adjacent to the interoperability platform. While we discourage brute force use of code conversion tools, as that often ends up producing the same monolithic target state the agency wants to move away from, surgical application of such tools can be useful. A viable approach is to use AI-aided tools to extract business rules from application code into a decision model and notation (DMN) that can then be executed by a rules engine. While these approaches entail architectural complexity, it helps avoid elongated testing cycles and failures down the line.

3. In-place data access

A specific aspect of the operational continuity problem is the continuity of access to data. Unlike financial or manufacturing systems, criminal justice systems must preserve access to data even if it’s from 50 years ago. Such access encompasses generations of data representation formats and access protocols. Mandated data separations, such as between adult and juvenile data, need to be maintained throughout. Conventional data conversion methods fall short when handling this kind of complexity. Converting decades worth of records, many of which are interdependent, incomplete or stored in outdated formats, is the most common failure point in justice systems modernization.

There is a paradox here: The older data, greater the effort to transform and cleanse, but lesser the likelihood that the data will be used within a new transaction. As such, much of the data conversion cost — at least in theory — is a waste. We recommend that the agency leverage the interoperability platform to minimize the data conversion footprint and avoid this paradox. The platform’s entity resolution capability can be used to locate records in connected legacy systems, and platform APIs can encapsulate legacy-read services to offer a unified view data across new and old systems. Only in the rare event that an old record needs to be edited and incorporated into a new transaction should it be converted into the new database. While the architectural complexity here is significant, the approach can be very effective if implemented correctly.

4. Run anywhere platform

An essential enabler of phased modernization is an infrastructure and application development platform that’s able to run anywhere (on-premise or on various public clouds), provides many runtimes and can host not just the interoperability components but also refactored legacy components and plug-in code. This is best realized as a container orchestration platform, following open (e.g., Kubernetes) standards. Advanced container orchestration technology serves as a layer of abstraction between the application layer and the underlying infrastructure. Applications work the same even as the system is shifted from the data center to the cloud (or moved between clouds).

The “run anywhere” property is key because it allows the agency to modernize within their data center as a private cloud and then move to a public cloud once they achieve overall cloud readiness and Criminal Justice Information Services (CJIS) Authority to Operate (ATO). Given the strategic nature of the interoperability platform, we recommend that agencies avoid hard binding it to a single cloud. The interoperability platform should be built on a container orchestration platform that is highly portable and should not be dependent on services available only with a specific cloud vendor. The container orchestration platform also supports multiple runtimes (e.g., Java, .NET, Python, C++, C#, Ruby, PHP), which allows it to host refactored legacy components within its CJIS hardened security perimeter.

5. AI policy awareness

One may be tempted to think of AI as a panacea — for example, agentic AI as a means to leapfrog the hard work of reengineering operating models, applications and data. Such leapfrogging attempts usually run into early barriers. To start with, most mainstream AI services are available on public cloud but the agency must first get a CJIS ATO before it can use these services. Legacy systems harbor many vulnerabilities which must be remedied before highly sensitive justice data can be hosted in the cloud. Once the agency has access to the AI services, it faces an even greater challenge: the AI must meet a high standard for fidelity, repeatability and explainability; what is acceptable in the commercial space may not be acceptable or even legal in the justice domain. Technologies, such as large language models (LLMs) that are inherently probabilistic and lack deterministic binding to or empirical understanding of the problem space, are ill-suited for many justice use cases.

Justice agencies are still in the formative stage when it comes to AI policies. The shifting policy landscape does not allow for a “factory” approach towards AI implementation in justice. While this may be initially discouraging to implementors looking for “scale,” there is significant innovation potential in tailoring an AI approach that respects the stringent boundaries and operating circumstances of a justice agency. Typically, it’s easier to obtain approval for “design-time” use cases — good examples are AI-generated API adapters for legacy interface continuity and AI-aided comparisons of new and old system outputs during parallel operations. Use of AI for actual caseload processing runs into more policy barriers — unless accompanied by an elaborate system of compensating controls and guardrails.

Summary

Modernizing justice information systems is an emerging imperative for agency leaders and Chief Information Officers (CIOs) as they strive to increase efficiency, optimize costs and enhance public safety outcomes. The challenges are many — multiple generations of legacy technologies, seemingly insurmountable technical debt, a fragmented and siloed data landscape and zero tolerance for operational disruptions. This paper describes an approach to navigate these challenges and certain key elements that should be part of an agency’s modernization strategy.

About this article

Photographic potrait of Subhankar Sarkar
Subhankar Sarkar
Managing Director, Technology Consulting, Ernst & Young LLP
Engineer, tinkerer, muser. Loves solving classical math problems. Recent convert from racquetball to tennis; still obsessed with getting more top spin into that forehand!
Related topics
Government and Public Sector

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.