El Core Que Llevaba 30 Años Intocable Está Empezando A Moverse

El core that had remained untouched for 30 years is starting to move

Why generative AI is not just another technological trend, but the first real shift in the economic equation of core business modernization.

Over the past three decades, I have seen the same conversation repeated in executive committees of public sector organizations, banks, insurers, telcos, and utilities: “the core needs to be modernized, but it’s not the right time”. And to a large extent, that was true. It wasn’t the right time because the numbers didn’t add up. Generative AI is the first thing in thirty years that forces a reassessment of that statement. This article is not about technology. It is about why a decision that had been shelved for a generation is starting to make economic sense in 2026, what risks lie behind the optimistic narrative, and what a CIO or a public sector Director General should be doing today in response to this shift.

The diagnosis we all know

The large critical systems of the Spanish public administration and major private corporations — core banking, tax management, public accounting, population registers, payroll, telco billing, energy dispatch, insurance settlement — were built between the 1980s and 1990s on host environments. COBOL on z/OS, Natural/Adabas, Oracle Forms/Reports, PL/1, RPG on AS/400. Millions of lines of code that still process the country’s money, taxes, payrolls, and essential services. On top of these systems, a second and third layer have been built. First, early-generation Java EE applications. Then Spring, REST services, microservices, modern front-end technologies (Angular, React), portals, and mobile apps. The result: a hybrid architecture — to put it mildly — where the user experience is contemporary, but the critical business rules still live where they always have. The glue between these layers is an integration ecosystem that no one actually designed as such: MQ, nightly batches, flat files, CICS gateways, 3270 screen scraping, wrapper APIs built at different times by different vendors under different standards. What appears as “integration” in architecture diagrams, in day-to-day operations looks more like a fragile ecosystem sustained by two or three key individuals who, incidentally, are close to retirement.

Why this has not been solved before

It is not a technical problem. It is an economic decision that has been reaffirmed year after year. A full migration program for a legacy core, using the techniques available up to 2023, implied three to five years of execution, a budget typically between twenty and one hundred million euros, and an ROI framed as “mid-term maintenance savings.” No executive committee easily approves a program with those characteristics: no visible new functionality, high regulatory risk (it cannot fail even for a day), critical dependence on undocumented knowledge, and the memory of failed migration programs from the past decade still fresh. The data confirms it. According to IDC, 47% of CIOs cite technical debt as the main cause of cost overruns in cloud and digital infrastructure. Gartner estimates that nearly 40% of critical infrastructure systems today carry a significant technical debt burden. And the operational cost of legacy is not minor: it is estimated that a large enterprise loses around $370 million annually due to inefficiencies derived from legacy systems. The paradox is well known: everyone knows it must be done, almost no one truly tackles it.

What changes with generative AI

Generative AI does not marginally accelerate modernization. It changes the order of magnitude of the problem, and it does so in three very specific dimensions. First, understanding undocumented code. The biggest time sink in any legacy modernization program is not rewriting: it is understanding what the current code does. Documentation is partial or outdated, the original developers are gone, and functional analysts have rotated multiple times. Current language models read these programs, reconstruct their logic, identify hidden dependencies between copybooks, JCLs, and called modules, and generate equivalent functional documentation. The most cited public case — Egypt’s National Social Security Organization, with IBM watsonx Code Assistant for Z — reports a 79% reduction in the time required for a developer to understand a complex COBOL application: from 24 hours to approximately 5. That is the historical bottleneck, and it is disappearing. Second, semantic translation with preservation of business logic. We are not talking about syntactic converters like “literal COBOL to Java” — those have existed for twenty years and produce unreadable, unmaintainable code. We are talking about rewrites that preserve behavior while applying object-oriented structure, modern design principles, and separation of layers. Tools such as AWS Transform (which integrates the BluAge technology acquired by Amazon), IBM watsonx Code Assistant for Z, GitHub Copilot with specialized agents, or third-party platforms such as TSRI or Heirloom are already in production. TSRI documents a migration of the Canadian Revenue Agency (CRA) support system from COBOL/CICS to Java on AWS in six weeks. Three years ago, that same project would have been a two-year program. Third, automated generation of functional parity tests. The regulatory risk of legacy is managed through comparative testing that proves the new system produces exactly the same results as the old one given the same inputs. Generative AI significantly accelerates the production of these test cases, reducing the real — not perceived — risk of migration. Aggregate market figures are consistent with the above. Cognizant reports productivity increases of 70% and cost reductions of 30% in refactoring assisted by generative AI. Gartner predicts that by 2028 generative AI will have reduced application modernization costs by 30% compared to 2025 levels. The global legacy modernization market will grow from around $25 billion in 2025 to a projected $56 billion in 2030. Translated into executive committee language: a program that three years ago cost fifty million and took four years is now credible within a three-year plan with a significantly lower budget. And, above all, it is credible within a single budget cycle.

Where generative AI still falls short (and it’s worth stating it)

It would be intellectually dishonest to stop here, because there is a lot of vendor-driven narrative right now and it is important to separate signal from noise. Generative AI handles syntax very well and increasingly improves at local semantics. It does not understand business context. It does not decide which rules should be removed because the business no longer uses them, which exceptions are historical errors that should be corrected rather than replicated, or which implicit dependencies between batch processes cannot be broken without consequences. That still requires an architect with judgment, supported by the client’s functional knowledge. The concrete risks, documented in recent technical literature, include: hallucination of non-existent APIs, silent reordering of logic with impact on results, omission of mandatory audit hooks under regulations such as GDPR, PCI DSS, or ENS, and loss of ordinal dependencies in batch processes that are not visible in the source code syntax. If the initial legacy architecture is spaghetti, generative AI produces modern spaghetti in Java or Python—functionally equivalent, but equally unmaintainable. The differentiator is not the tool — all major ones will converge toward similar capabilities — but the method: who governs functional parity, who validates edge cases, who makes target architecture decisions, and who assumes operational risk during the transition. That is the real consulting work.

What a CIO should be doing today

Three questions to bring to the next executive committee: First: which of our critical systems remain indefensible in a three-year strategic plan, and which parts of them did we previously consider unaddressable? The portfolio likely needs recalibration. Second: do we have a living functional inventory of our critical code, or do we depend on the knowledge of five specific individuals? If it is the latter, the first action is not migration, but using AI to document and reduce operational risk now, regardless of whether migration happens later. Third: when an AI-assisted modernization proposal is brought to committee, what exactly is being purchased? A tool, a managed service, a results-based pricing model? The answer to this question separates providers who truly understand the problem from those repackaging their previous offering with an AI layer on top.

AXPE’s position

We have spent twenty years working on core systems for public administrations and large accounts in Spain. We know the COBOL no one wants to touch, the Natural/Adabas systems no one knows how to stop, the Oracle Forms still printing payrolls. And we also know the modern Java environments built on top of them. Our position relative to large consultancies is not scale, but focus. We do not sell two-year mapping programs before touching a single line of code. Nor do we sell automatic translation tools as if they were a black box. We combine teams with deep legacy expertise — which is not a commodity and is becoming increasingly scarce — with leading generative AI platforms, under a proprietary method for functional parity and risk governance, and with economic models aligned to outcomes rather than billable hours. For those who have been postponing this decision for years: the window of opportunity to address it without urgency has just opened, and it will not remain open indefinitely. In two or three years, having modernized the core will no longer be a competitive advantage, but a requirement to stay in the game. If you are reviewing your 2026–2028 IT roadmap, we are available to validate assumptions.