Windows 10 End of Life
Posted by on | Featured | No Comments

Why Windows 10’s End of Life Matters for Cyber Essentials Plus

Microsoft officially ended support for Windows 10 on 14 October 2025, marking a major shift for organisations working toward Cyber Essentials Plus (CE+) certification. Without free security updates or patches, Windows 10 devices now pose a compliance risk – unless covered by Microsoft’s Extended Security Updates (ESU) programme.

For CE+ applicants, this change is more than a technical footnote. It directly affects your certification status. Devices running Windows 10 are no longer considered secure by default. To remain compliant, organisations must upgrade to Windows 11 version 23H2 or newer (ideally 24H2 or 25H2).

If your CE+ audit is scheduled within the 90-day window following your Cyber Essentials certification, any Windows 10 devices must be upgraded or removed from scope before submitting your asset list to the auditor.

“With Windows 10 now out of support, organisations pursuing Cyber Essentials Plus must act quickly. Upgrading to Windows 11 isn’t just best practice - it’s essential for compliance. At CyberLab, we’re here to make that transition smooth, secure, and audit-ready.”

– Ryan Bradbury, CTO at CyberLab

Why It Matters

Auditors will now perform technical verification during CE+ assessments.
 
If Windows 10 devices are detected:
  • They must be excluded from scope.
  • Failure to do so could result in audit failure or the need to restart both Cyber Essentials and CE+ assessments.

What You Need to Do Now

To stay secure and compliant, here are your next steps:
  • Audit your device inventory: Identify any machines still running Windows 10.
  • Upgrade to Windows 11: Preferably version 24H2 or 25H2. Note that 23H2 reaches end of life on 11 November 2025, so plan accordingly.
  • Consider ESU: If upgrading isn’t feasible, explore Microsoft’s Extended Security Updates programme.
  • Communicate with your auditor: Be transparent about your upgrade plans and ensure your asset list reflects only compliant devices.
This transition is a critical moment for organisations aiming to maintain Cyber Essentials Plus certification. By acting now, you’ll avoid last-minute surprises and ensure your systems meet the latest security standards.
 
Need help navigating the upgrade or preparing for your CE+ audit? CyberLab’s team is here to support you.

Detect. Protect. Support.

Get Cyber Essentials Certified with CyberLab

✅ 1,400+ Successful Certifications

✅ Free Gap-Analysis & re-test

✅ 100% UK-based Assessors

Get Certified

Delvify Achieves Cyber Essentials with CyberLab

Delvify partnered with CyberLab to strengthen its cyber security, ensuring resilient operations for its global fashion tech platform and achieving Cyber Essentials certification.

Read Success Story

Leave a Reply

You must be logged in to post a comment.