EAAPLEnterprise AI Architecture Pattern Library
EAAPLLibraryAI Integration
Proven
⇄ Compare

EAAPL-INT002 — Legacy System AI Augmentation

EAAPL-INT002 — Legacy System AI Augmentation

Tags: integration banking government medium-complexity Status: Proven | Version: 1.0 | Domain: Integration

1. Executive Summary

The Legacy System AI Augmentation pattern adds AI capabilities to existing enterprise systems without modifying or replacing them. Organisations carrying significant technology debt — core banking platforms, mainframe-based government systems, ERP implementations — cannot modernise these systems on a timescale compatible with competitive AI adoption. This pattern solves that constraint by deploying AI as an additive layer that intercepts inputs and outputs through proxy and adapter mechanisms, enriching results before they reach end users, while preserving the original system's behaviour and contracts.

The critical design principle is that AI augmentation is always additive and never on the critical path for the legacy system's core function. When the AI component fails, the legacy system continues operating normally. This approach eliminates the risk equation that has historically blocked AI adoption in regulated industries: the concern that introducing AI into a stable, regulated system creates new failure modes in production.

For CIOs and CTOs, this pattern delivers AI value realisation from existing technology investments within a 12-week delivery horizon, compared to 2–4 years for system replacement programmes. The ROI case is compelling: AI-augmented legacy systems consistently outperform unaugmented peers on customer outcomes while preserving regulatory compliance and operational stability.

2. Problem Statement

Business Problem

Core business systems in banking, insurance, and government are 15–30 years old. Replacing them carries extreme cost, risk, and regulatory scrutiny. Yet these same systems are the systems of record for the customer interactions where AI value is highest: loan processing, claim assessment, benefit eligibility determination, fraud investigation. The business cannot wait for modernisation to access AI capability.

Technical Problem

Legacy systems expose rigid interfaces: SOAP web services, flat file feeds, CICS transactions, COBOL copybook structures, or vendor-locked APIs with no extensibility. They were not designed to consume AI outputs. Inserting AI requires a translation layer that speaks legacy protocol natively while connecting to modern AI services. The translation must be transparent to both sides.

Symptoms

  • AI initiatives stall at the "how do we integrate with the core system" phase.
  • Development teams discover that changing the core system to consume AI outputs requires months of change control and testing.
  • AI capabilities are built in isolated front-end layers that cannot access the rich transactional history held in the legacy system.
  • Customer-facing staff receive legacy system output without the context (risk flags, sentiment analysis, suggested actions) that AI could add.

Cost of Inaction

  • Competitive: Banks and insurers deploying AI-augmented legacy systems report 20–35% improvement in loan processing throughput and 15–25% reduction in fraud-related losses while competitors wait for modernisation.
  • Operational: Claims assessors and lending officers manually perform classification and summarisation tasks that AI augmentation would automate — typically 15–30 minutes per case.
  • Strategic: Delay compounds. Each year of inaction is a year of training data not collected from live operations, widening the capability gap against AI-native competitors.

3. Context

When to Apply

  • The legacy system cannot be modified but its inputs or outputs can be intercepted at the integration point.
  • AI value is in enriching or contextualising the legacy system's outputs, not in changing the core business logic.
  • The legacy system is the system of record; AI augmentation adds intelligence without becoming a system of record itself.
  • The organisation needs AI value delivery within months, not years.
  • Regulatory requirements demand that the underlying system of record calculation (e.g., credit decision, benefit eligibility) remains within the certified legacy system.

When NOT to Apply

  • The AI capability is intended to replace the legacy system's core logic — this pattern augments, it does not replace.
  • The legacy system has no accessible integration point (no API, no file feed, no database access).
  • Real-time inference latency is incompatible with the legacy system's synchronous response time requirement.
  • The organisation is already committed to a legacy system replacement programme on a short timeline — augmentation investment may not be recoverable.

Prerequisites

  • At minimum, one accessible integration point: an API wrapper, a database read replica, a message queue feed, a file drop location, or a request proxy insertion point.
  • Data lineage documentation sufficient to identify what data the AI augmentation will access from the legacy system.
  • Privacy impact assessment completed for AI access to legacy system's personal data holdings.

Industry Applicability

Industry Applicability Legacy System Type Primary AI Use Case
Banking Very High Core banking (Temenos, Finacle, FIS), mainframe CBS Lending decision enrichment, fraud flag, customer risk narrative
Government Very High Mainframe benefit systems, legacy case management Eligibility explanation, document classification, officer recommendations
Insurance High Claims management systems, policy admin platforms Claims triage, document extraction, risk scoring narrative
Healthcare High Hospital Information Systems, EMR legacy platforms Clinical summary enrichment, coding recommendation, discharge planning
Utilities Medium ERP systems, SCADA integration layers Customer churn risk, field service optimisation
Retail Low POS systems, legacy ERP Demand forecasting enrichment — often easier to replace than augment

4. Architecture Overview

The Legacy System AI Augmentation pattern is composed of four deployment topologies, each appropriate for a different legacy integration scenario. Production implementations typically combine two or more topologies.

Topology 1 — Sidecar AI Proxy. The sidecar is deployed in the network path between the caller and the legacy system. All requests to the legacy system flow through the sidecar proxy. The proxy captures the request, enriches it with AI context (if needed), forwards the original request unmodified to the legacy system, captures the legacy response, enriches the response with AI-generated content, and returns the enriched response to the caller. The legacy system sees no change in request format, volume, or protocol. This topology requires only a DNS or load balancer change to insert the proxy — no legacy system modification. The sidecar is implemented as a high-availability reverse proxy (NGINX, Envoy, or custom service) with the AI enrichment logic as a plugin or sidecar container.

Topology 2 — API Adapter. Where the legacy system exposes SOAP, EDI, flat-file, or proprietary binary protocols, the API adapter translates between the legacy protocol and a modern REST/JSON or gRPC interface. The adapter is a thin translation layer with no business logic: it maps legacy request structures to AI-consumable formats, maps AI results back to legacy response structures, and handles protocol-level concerns (WS-Security for SOAP, character encoding for EBCDIC flat files, fixed-width field parsing for COBOL copybooks). The adapter does not validate business rules — it translates only. This separation keeps the adapter simple, testable, and maintainable as legacy interfaces evolve.

Topology 3 — Response Enrichment Layer. In this topology, the legacy system's response is passed through an enrichment service before delivery to the end user or downstream system. The enrichment service invokes AI models to add: classification tags (document type, risk category, sentiment), summaries (AI-generated narrative from structured legacy data), recommendations (suggested next actions based on legacy data context), and flags (anomaly detection, compliance checks). The enrichment is additive: the original legacy response is preserved in full and the AI additions are delivered in a separate, clearly identified field set. Enrichment failures return the original legacy response with a ai_enrichment_failed: true flag — the end user receives the legacy data without enrichment rather than receiving an error.

Topology 4 — Asynchronous Enrichment via Shadow Feed. For legacy systems that cannot tolerate any additional synchronous latency, the shadow feed topology reads from the legacy system's output channel (database read replica, message queue, file feed) asynchronously, runs AI enrichment, and stores results in a side-car data store. User-facing applications query the side-car store for AI-enriched views of legacy data. Enrichment latency is decoupled from user experience. This topology is most appropriate for batch-oriented workflows (overnight processing, case queue review) where near-real-time enrichment is acceptable.

Audit Architecture for Legacy Augmentation. Legacy systems typically lack the audit infrastructure to record AI involvement in decisions. The augmentation layer must compensate. Every enrichment event is logged with: the legacy system identifier and transaction reference, the AI model used, the AI output, the timestamp, and the user who viewed the enriched result. This audit log is maintained independently of the legacy system and referenced in the AI governance framework. The audit log is the primary evidence for regulatory inquiries about AI-assisted decisions made using legacy system data.

Graceful Degradation Design. The augmentation layer is wired with a feature flag per enrichment capability. When the AI component is unavailable, the flag disables augmentation for that capability and the legacy response is returned unenriched with a logged event. Monitoring detects the degradation mode and pages the on-call engineer. Users see a UI indicator that "enhanced insights are temporarily unavailable" — they do not see an error. This design makes AI augmentation genuinely safe to operate in systems where legacy stability is non-negotiable.

5. Architecture Diagram

ARCHITECTURE DIAGRAM
flowchart TD subgraph Callers["Caller Layer"] A[Users and Downstream Systems] end subgraph Augmentation["AI Augmentation Layer"] B[Sidecar Proxy + API Adapter] C[Response Enrichment Service] D[Feature Flag Controller] end subgraph Legacy["Legacy System - Unmodified"] E[Core System Unmodified] F[Read Replica or File Feed] end subgraph Output["Output and Audit"] G[Enriched Response to Caller] H[(Augmentation Audit Log)] end A --> B B -->|original request| E E -->|original response| B B --> D D -->|enabled| C D -->|degraded| G C --> G C --> H F -->|async shadow feed| C style A fill:#dbeafe,stroke:#3b82f6 style B fill:#f0fdf4,stroke:#22c55e style C fill:#f0fdf4,stroke:#22c55e style D fill:#f3e8ff,stroke:#a855f7 style E fill:#fef9c3,stroke:#eab308 style F fill:#fef9c3,stroke:#eab308 style G fill:#d1fae5,stroke:#10b981 style H fill:#fef9c3,stroke:#eab308

6. Components

Component Type Responsibility Technology Options Criticality
Sidecar AI Proxy Service Intercept request/response, invoke enrichment, return enriched response without modifying legacy contract Envoy with WASM plugin, NGINX with Lua scripting, Custom Go/Node service High
API Adapter Service Translate legacy protocols (SOAP, COBOL copybook, flat file, EBCDIC) to REST/JSON Apache Camel, MuleSoft, custom Spring Integration, IBM App Connect High
Response Enrichment Service Service Invoke AI models on legacy response content, compose enriched response, handle AI failures gracefully Python FastAPI, Node.js, Azure Functions High
Feature Flag Controller Service Enable/disable enrichment capabilities without deployment; degrade gracefully on AI failure LaunchDarkly, AWS AppConfig, custom Redis-backed flags High
Augmentation Audit Logger Service Log every enrichment event with legacy transaction reference, model, output, and viewing user Structured logging → SIEM, custom audit DB table Critical
AI Classification Model AI Service Classify legacy data items (document type, risk category, intent) Azure AI Document Intelligence, AWS Comprehend, fine-tuned LLM Medium
AI Summarisation Model AI Service Generate narrative summaries of structured legacy data GPT-4o, Claude 3.5 Sonnet, Llama 3 Medium
Recommendation Engine AI Service Generate suggested next actions based on legacy data context RAG pipeline with enterprise knowledge base Medium
Side-car Data Store Storage Store pre-enriched results for async enrichment topology; serve enriched views to UI PostgreSQL, Redis, Azure Cosmos DB Medium
Legacy DB Read Replica Infrastructure Provide AI components read access to legacy data without loading the production DB RDBMS replica, read-only API Low (enabler)

7. Data Flow

Primary Flow — Synchronous Sidecar Enrichment

Step Actor Action Output
1 User Application HTTP/SOAP request to legacy system endpoint Request received by Sidecar AI Proxy
2 Sidecar AI Proxy Forwards original request unmodified to legacy system Legacy system processes request normally
3 Legacy System Processes request, returns response in legacy format Original legacy response
4 Sidecar AI Proxy Receives legacy response; checks feature flag status Enrichment enabled: proceed; disabled: return legacy response directly
5 Response Enrichment Service Transforms legacy response to AI-consumable format; invokes AI models AI enrichment results (classification, summary, recommendations)
6 Response Enrichment Service Composes enriched response: original legacy fields preserved + AI fields added in separate namespace Enriched response with ai_enrichment.* field set
7 Sidecar AI Proxy Returns enriched response to caller Caller receives legacy data plus AI additions
8 Augmentation Audit Logger Logs: legacy transaction ref, model used, output, timestamp, caller identity Audit record persisted

Error Flow

Step Error Condition Detection Recovery
2 Legacy system unavailable Proxy receives connection error or timeout Proxy returns legacy system error to caller; no AI involvement; normal legacy failure path
4 Feature flag service unavailable Flag check times out Fail open — proceed without enrichment; return legacy response only; log event
5 AI model times out or returns error AI service HTTP error or timeout Return legacy response with ai_enrichment_failed: true; never block on AI failure
5 AI model returns safety-filtered response Model content policy rejection Log incident; return unenriched response; trigger governance review
6 Response composition fails (malformed AI output) Schema validation of AI output fails Return original legacy response; log composition failure with AI output for investigation

8. Security Considerations

Authentication and Authorisation

  • Sidecar proxy authenticates to legacy system using existing service credentials (no new credentials introduced to legacy system).
  • AI enrichment services use separate service accounts with read-only access to legacy data; never write-access.
  • Caller authentication enforced at the proxy — the legacy system's authentication requirements are preserved; AI enrichment is transparent to the caller.

Secrets Management

  • Legacy system credentials (service accounts, certificates) stored in enterprise secrets manager; injected into proxy at startup.
  • AI provider API keys stored separately; not shared with legacy system credentials.
  • Read replica credentials rotated on standard schedule; proxy reconnects automatically via connection pool refresh.

Data Classification

  • Privacy impact assessment must classify all legacy data fields accessible to AI enrichment.
  • Fields classified as sensitive (health, credit, biometric) require explicit AI model clearance before enrichment.
  • PII fields may be tokenised or masked before sending to cloud AI services where data residency requirements prohibit offshore processing.

Encryption

  • All proxy-to-legacy-system traffic encrypted in transit (TLS 1.2 minimum; 1.3 where legacy system supports it).
  • Proxy-to-AI-service traffic encrypted (TLS 1.3).
  • Side-car data store encrypted at rest (AES-256); enriched results may contain inferred sensitive attributes.

Auditability

  • Audit log is the primary compensating control for legacy system's lack of AI audit infrastructure.
  • Every enrichment event logged with immutable timestamp, user identifier, model identifier, and AI output hash.
  • Audit log retention matches the regulatory retention requirement for the underlying legacy transaction type.

OWASP LLM Top 10 Mitigations

OWASP LLM Risk Relevance Mitigation in This Pattern
LLM01 — Prompt Injection High Legacy data passed to AI enrichment is structured (not free text from untrusted users); field-level input sanitisation before prompt construction
LLM02 — Insecure Output Handling High AI enrichment output validated against schema before insertion into enriched response; consumers receive typed fields not raw model text
LLM03 — Training Data Poisoning Low Legacy system is read-only data source for AI; AI does not write back to legacy system; no training data pipeline in this pattern
LLM04 — Model Denial of Service Medium Enrichment service implements per-request timeout; circuit breaker (EAAPL-INT007) on AI service calls; legacy function continues on AI failure
LLM05 — Supply Chain Vulnerabilities Medium AI model provider contracts reviewed for data handling obligations; SDK versions pinned; SBOM per enrichment service release
LLM06 — Sensitive Information Disclosure High PII/sensitive field masking before sending to cloud AI providers; data residency requirements enforced by adapter configuration
LLM07 — Insecure Plugin Design Low Enrichment service makes read-only AI calls; no plugin or function-calling execution capability
LLM08 — Excessive Agency Low Enrichment is read-only and additive; AI has no write access to legacy system or downstream systems
LLM09 — Overreliance High UI clearly labels AI-generated enrichment fields as "AI-suggested"; legacy data fields presented with equal or greater prominence
LLM10 — Model Theft Low AI model is a consumed service, not a trained asset; mitigation managed by model provider contracts

9. Governance Considerations

Responsible AI

  • AI enrichment fields must be clearly labelled in the user interface as AI-generated; users must not be able to mistake an AI recommendation for a legacy system authoritative output.
  • Enrichment models must be periodically evaluated for bias against the population served by the legacy system (e.g., demographic parity in risk classification).
  • Enrichment audit logs enable post-hoc investigation of cases where AI recommendations may have influenced human decisions adversely.

Model Risk Management

  • Enrichment models are subject to Model Risk Management (MRM) review per APRA CPG 229 guidance for financial services: model purpose, methodology, validation evidence, ongoing performance monitoring.
  • Model version tracked in every audit log record; enables retrospective analysis of model version impact on decision outcomes.

Human Approval Gates

  • For high-stakes enrichment (credit risk narratives, benefit eligibility recommendations), human approval of AI output is required before the enriched result can be acted upon — implemented as a workflow step in the consuming application, not in the augmentation layer.

Policy and Traceability

  • AI usage policy for legacy augmentation must explicitly list: which legacy systems are in scope, which data fields are accessible to AI, which AI models are approved for each enrichment use case.
  • Traceability from end-user decision → enriched response → AI model version → legacy system transaction → original data is achievable via audit log correlation.

Governance Artefacts

Artefact Owner Update Frequency Storage Location
Privacy Impact Assessment for Legacy AI Access Privacy Officer Per new legacy system onboarded Privacy register
AI Enrichment Model Risk Assessment Model Risk team Per model version change MRM register
Legacy System AI Augmentation Register Enterprise Architecture Per new augmentation deployed EA repository
Enrichment Audit Logs Platform Engineering Continuous Immutable audit log store
Graceful Degradation Test Report QA Engineering Per release Test management platform
Data Field Classification Map Data Governance Quarterly review Data catalogue

10. Operational Considerations

Monitoring and SLOs

SLO Target Measurement Alert Threshold
Legacy system response time impact < 5% degradation vs baseline p99 latency of enriched endpoint vs legacy direct > 10% degradation sustained
Enrichment service availability 99.9% Health check success rate < 99.5% over 5 min
Graceful degradation activation rate < 1% of requests Requests returning ai_enrichment_failed: true > 5% in any 15-min window
Audit log write success rate 100% Failed audit log writes Any failure — PagerDuty immediately
AI enrichment latency (p99) < 3s added latency Time from legacy response received to enriched response returned > 5s
Feature flag resolution latency < 10ms Flag service response time > 50ms

Logging

  • Sidecar proxy logs: request received, legacy forwarded, legacy responded, enrichment invoked, enrichment result, response returned — all with timestamps for latency profiling.
  • Enrichment service logs: legacy data fields received (sanitised), AI model called, response received, composition result.
  • Feature flag logs: flag evaluated, result, reason (enabled/disabled/circuit-open).

Incident Response

  • Legacy system degradation: proxy detects legacy system errors; forwards errors to caller normally; AI enrichment not invoked on error responses.
  • AI service degradation: enrichment service triggers graceful degradation; feature flags auto-disable enrichment; legacy function unaffected.
  • Audit log failure: this is a critical incident — stop enrichment processing until audit log is restored; accept unenriched legacy responses; log loss cannot be tolerated in regulated environments.

Disaster Recovery

Scenario RTO RPO Recovery Procedure
Enrichment service failure 3 minutes 0 (stateless service) Auto-scaling replacement; legacy system unaffected; enrichment resumes on recovery
Sidecar proxy failure 5 minutes 0 Kubernetes deployment restart; configure DNS fallback to legacy system direct during proxy outage
Side-car data store failure 30 minutes Up to 15 minutes of async enrichment Restore from backup; re-run async enrichment for missed events from audit log
Legacy system failure Per legacy system RTO Per legacy system RPO Legacy DR plan executes; augmentation layer follows legacy recovery automatically

Capacity Planning

  • Sidecar proxy: size for peak legacy system throughput × (1 + enrichment overhead factor of 1.5–3x latency); proxy is CPU-bound, not memory-bound.
  • Enrichment service: scale independently from proxy; enrichment is AI-bound; size based on AI model SLA and concurrency limits.
  • Side-car data store: size for (enriched record size) × (retention period) × (number of legacy system records enriched per day).

11. Cost Considerations

Cost Drivers

Cost Driver Description Typical Proportion
AI Enrichment API Costs Token-based charges for classification, summarisation, and recommendation calls 45–65%
Sidecar Proxy Compute Container runtime for proxy fleet; scales with legacy system traffic 10–20%
Enrichment Service Compute Container runtime for enrichment service fleet 10–15%
Side-car Data Store Storage and query cost for enriched results 5–10%
Audit Log Storage Retention of full enrichment audit trail 5–10%
Adapter Development and Maintenance Ongoing cost to maintain legacy protocol adapters as legacy system changes One-time + 15–25% of opex

Scaling Risks

  • AI enrichment cost scales directly with legacy system transaction volume; unexpected volume spikes (e.g., batch job triggering enrichment on millions of records) can generate large unplanned AI API costs.
  • Adapter maintenance cost is often underestimated; legacy system upgrades may change interface contracts without notice, breaking adapters.

Cost Optimisations

  • Selective enrichment: not every legacy transaction needs AI enrichment; apply enrichment selectively based on transaction type, amount, or risk profile.
  • Asynchronous enrichment for non-latency-sensitive use cases: batch enrichment overnight at off-peak AI provider pricing.
  • Response caching: for repeated queries about the same legacy record, serve cached enrichment results; TTL aligned with legacy data change frequency.
  • Cheaper model tiers: classification tasks do not require GPT-4o; use smaller/cheaper models (GPT-4o-mini, Claude Haiku) for high-volume, lower-complexity enrichment.

Indicative Cost Range

Scale Monthly Infrastructure AI Enrichment API Adapter Maintenance Total Monthly
Small (100K transactions/mo) $800–$2,000 $500–$3,000 $2,000–$5,000 $3,300–$10,000
Medium (5M transactions/mo) $5,000–$12,000 $15,000–$60,000 $5,000–$10,000 $25,000–$82,000
Large (50M+ transactions/mo) $25,000–$60,000 $100,000–$400,000 $10,000–$20,000 $135,000–$480,000

12. Trade-Off Analysis

Architectural Options Comparison

Option Invasiveness to Legacy AI Value Delivery Time Risk Recommended For
Option A — Sidecar AI Proxy (this pattern) None — no legacy change Medium-High 8–16 weeks Low Systems with accessible network integration point
Option B — Legacy System Replacement with AI-Native Design Maximum — full replacement Very High 2–5 years Very High Long-term strategic investment; not near-term AI access
Option C — AI-Native Parallel System Medium — dual-write migration High 12–18 months Medium Where legacy system has limited remaining life and migration is planned
Option D — API Gateway with AI Plugin Low — API gateway only Medium 4–8 weeks Low Legacy systems with existing modern API gateway

Architectural Tensions

Tension Trade-Off Resolution
Enrichment latency vs. User experience Synchronous enrichment adds AI latency to every legacy transaction Use async enrichment for non-time-critical use cases; accept synchronous latency only where real-time enrichment is essential
Data privacy vs. AI quality Richer data to AI = better enrichment; but PII/sensitive data requires careful handling Field-level classification and masking; contextual enrichment using anonymised or tokenised legacy data where possible
Audit completeness vs. Storage cost Complete enrichment audit requires storing full AI inputs and outputs Hash AI input and output; store full record only for high-risk transaction types; store hash for audit integrity with on-demand full record retrieval

13. Failure Modes

Failure Likelihood Impact Detection Recovery
Sidecar proxy unavailable Low High — legacy system unreachable via normal path Health check failure; upstream 503 errors Kubernetes restart; DNS fallback to legacy direct endpoint
AI enrichment service unavailable Medium Medium — enrichment disabled; legacy function continues Health check; elevated ai_enrichment_failed rate Graceful degradation activated; feature flags auto-disable enrichment
Legacy system interface change breaks adapter Medium High — all transactions through adapter fail Adapter error rate spikes; integration tests fail Adapter update required; emergency change process; fallback to legacy direct
AI model returns biased output systematically Low High — incorrect enrichment influences decisions at scale Model monitoring — output distribution drift detected Feature flag disables enrichment; MRM investigation; model rollback
Audit log storage full Low Critical — enrichment must stop in regulated environments Storage utilisation alert Emergency capacity increase; audit log retention policy enforcement
PII leak to non-cleared AI model Low Critical — regulatory and reputational DLP scanning of enrichment requests; audit log PII field presence check Incident response; regulatory notification; model enrichment suspended pending investigation

Cascading Failure Scenarios

  • Sidecar proxy memory leak + high traffic: Proxy OOMKills → legacy system temporarily unreachable → business operations disrupted until Kubernetes restarts proxy → if DR path (direct legacy endpoint) not configured, extended outage. Mitigation: mandatory direct-legacy DNS fallback path; memory limits and liveness probes on proxy.
  • Adapter breakage + no automated testing: Legacy system upgrades without notice → adapter begins returning malformed responses → enrichment service silently produces incorrect enrichment → users receive wrong AI recommendations for hours before manual detection. Mitigation: integration tests run on every legacy system deployment pipeline; enrichment output schema validation catches format anomalies immediately.

14. Regulatory Considerations

APRA CPS 230 — Operational Risk

  • Clause 36 (Business Continuity): Graceful degradation architecture directly satisfies the requirement that AI augmentation does not introduce new failure modes into the legacy system's critical business continuity profile.
  • Clause 49 (Third-Party Risk): AI model providers are third-party service providers under CPS 230; AI enrichment service must be included in the vendor risk register and subject to concentration risk assessment.

APRA CPS 234 — Information Security

  • Clause 15: mTLS between proxy and legacy system, field-level PII masking before AI service calls, and audit logging with access controls address information security control requirements.
  • Clause 24 (Testing): Graceful degradation test scenarios must be included in the annual CPS 234 penetration and resilience testing programme.

APRA CPG 229 — Credit Risk (for financial services applications)

  • AI enrichment used in credit decision support is subject to Model Risk Management requirements under CPG 229 Attachment C — model purpose statement, methodology documentation, validation evidence, and ongoing performance monitoring are all required.

Australian Privacy Act 1988 (as amended)

  • APP 3 (Collection): Accessing legacy system personal data through the augmentation layer is a secondary use; must be within the scope of the original collection purpose or rely on a specific exemption.
  • APP 11 (Security): The enrichment audit log constitutes a new record set containing personal data; it must be subject to the same security and retention obligations as the underlying legacy system data.

EU AI Act (2024)

  • Article 10 (Data Governance): AI enrichment models trained or fine-tuned on legacy system data must document data governance practices, including data quality and bias assessment.
  • Article 14 (Human Oversight): Human oversight mechanisms (review workflows, confidence thresholds for high-stakes enrichment) are required for AI systems used in high-risk categories (credit, employment, benefits).

ISO 42001 — AI Management System

  • Clause 8.4 (AI System Impact Assessment): A documented impact assessment is required before deploying AI enrichment on a legacy system handling personal or sensitive data.
  • Clause 9.1 (Monitoring and Measurement): Enrichment quality metrics (accuracy of classification, user override rate, confidence score distribution) constitute the performance monitoring evidence required under ISO 42001.

NIST AI RMF (2023)

  • MAP 1.6: The risk of AI outputs influencing legacy-system-authoritative decisions without transparency is identified and mitigated through clear UI labelling and human oversight workflows.
  • MEASURE 2.7: Ongoing monitoring of enrichment output distributions detects performance degradation or bias drift and triggers model review.

15. Reference Implementations

AWS

  • Sidecar Proxy: Application Load Balancer with Lambda@Edge enrichment function OR AWS App Mesh Envoy sidecar
  • API Adapter: AWS Integration on API Gateway with VTL mapping templates; or Apache Camel on ECS for complex transformations
  • Enrichment Service: Lambda function or ECS Fargate service calling Amazon Bedrock or external AI provider
  • Feature Flags: AWS AppConfig with Lambda integration
  • Audit Logger: Lambda → Amazon Kinesis → S3 with Glacier archival
  • Side-car Store: Amazon RDS PostgreSQL or Amazon DynamoDB

Azure

  • Sidecar Proxy: Azure API Management with policy enrichment OR custom AKS sidecar
  • API Adapter: Azure Logic Apps with BizTalk connectors for legacy protocol translation, or Azure Integration Services
  • Enrichment Service: Azure Functions calling Azure OpenAI Service or external AI API
  • Feature Flags: Azure App Configuration with feature management SDK
  • Audit Logger: Event Hub → Azure Data Explorer for queryable audit log
  • Side-car Store: Azure Cosmos DB or Azure SQL Database

GCP

  • Sidecar Proxy: Cloud Endpoints with Extensible Service Proxy (ESP) and Cloud Functions enrichment
  • API Adapter: Apigee API Platform with policy-based transformation
  • Enrichment Service: Cloud Run calling Vertex AI or external AI provider
  • Feature Flags: Firebase Remote Config or custom Firestore-backed flags
  • Audit Logger: Cloud Pub/Sub → Cloud Logging → BigQuery for compliance queries
  • Side-car Store: Cloud Firestore or Cloud SQL PostgreSQL

On-Premises / Private Cloud

  • Sidecar Proxy: Envoy with custom WASM enrichment plugin on Kubernetes
  • API Adapter: Apache Camel running in Spring Boot on Kubernetes
  • Enrichment Service: FastAPI container on Kubernetes calling on-premises LLM (Ollama, vLLM, OpenShift AI)
  • Feature Flags: Unleash OSS on Kubernetes
  • Audit Logger: Fluentd → Elasticsearch → Kibana; or directly to immutable WORM storage
  • Side-car Store: PostgreSQL on Kubernetes via CloudNativePG operator
Pattern Relationship Notes
EAAPL-INT001 — Enterprise AI Service Bus Complementary Enrichment events from augmented legacy systems can be published to the AI Service Bus for enterprise-wide visibility and replay
EAAPL-INT007 — AI Circuit Breaker Enables Circuit breaker is a required sub-component of the enrichment service to implement graceful degradation
EAAPL-INT003 — AI-Powered API Composition Related API composition can use the legacy API adapter as one of the APIs in its composition catalogue
EAAPL-INT008 — Bidirectional AI Sync Complementary Sync pattern can propagate AI enrichment results to the enterprise data fabric for cross-system use

17. Maturity Assessment

Overall Maturity: Proven

Dimension Score (1–5) Justification
Architectural Completeness 5 All four topologies covered; graceful degradation, audit, and governance addressed
Operational Readiness 4 SLOs defined; DR procedures cover major scenarios; some legacy-specific DR steps require customisation
Security Coverage 5 PII masking, audit logging, data classification enforcement, OWASP LLM Top 10 addressed
Governance Coverage 5 Model risk management, privacy impact, human oversight, traceability all included
Cost Predictability 4 Selective enrichment strategies described; adapter maintenance costs unpredictable due to legacy system change patterns
Implementation Complexity 3 Medium — requires deep understanding of legacy protocols; proxy/adapter patterns are well-established
Industry Validation 5 Widely deployed in production at major banks and government agencies globally

18. Revision History

Version Date Author Changes
1.0 2026-06-12 EAAPL Working Group Initial publication — integration patterns series
← Back to LibraryMore AI Integration