The UK’s National Crime Agency (NCA) is relying on 260 legacy IT systems.

An inspection of the NCA’s National Data Exploitation Capability (NDEC) by the HM Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) has found that the NCA is still heavily reliant on outdated IT systems.

The NDEC was launched in 2018 as a five-year program, aiming to help the NCA respond to serious and organized crime (SOC) by analyzing and using large data centers.

The report was published earlier this month, but was made available to the Home Secretary in February 2025.

HMICFRS wrote in the report: “A lack of investment in IT infrastructure means the NCA is burdened with technical debt – that is, the increasing cost of replacing outdated systems when fast solutions have been prioritised over long-term solutions,” adding that it had also been slow to adopt cloud-based technology.

At the time of inspection, this included 260 legacy IT systems. According to HIMCFRS, the NCA’s technical debt makes up 80 percent of its IT budget.

The report further noted that the team was “told that there were no plans to allow the NCA to routinely carry out bulk analysis of data held by the Law Enforcement Data Service (LEDS), which is due to replace the Police National Computer in 2026.”

The report makes nine suggestions to the NCA, including that it should ensure its ten-year IT strategy includes a timeline, budget, and priority order for removing, replacing, developing, or merging its legacy IT systems.

The report stated that it was unable to assess a final cost of the NDEC program since its inception, but that the NDEC team claims it reached £92 million ($124.8m).

In response to the publishing of the report, the NCA’s director general, Graeme Biggar, said: “The report notes that the National Data Exploitation Capability (NDEC) has achieved the majority of its original objectives. It also praises the training provided to its officers, as well as their approach to ethical considerations, including data protection.

He added: “We are taking extensive action on areas identified in the report’s recommendations, much of which was well underway at the time of the inspection. This includes an agency-wide technology modernisation programme. We continue to work with Government to ensure that NDEC, and the entire NCA, have the resources to attract and retain a talented workforce, in order to maximise our impact in the fight against serious and organized crime.”

The NCA published a preliminary market engagement notice for its NDEC program to the UK government’s “Find a Tender” service in June 2025. The notice estimated that an upcoming contract would be valued at £52.8 million for the NDEC service between 2026 and 2030. It is not stated if this includes IT systems upgrades, instead described as seeking “market appetite and market feedback for the optimum operational and commercial strategy” for the program.