Microsoft ended support for Windows 10 on 14 October 2025. For regulated organisations supervised by FINMA, the DFSA, or the FSRA, that milestone carries compliance implications as well as operational ones. Systems that no longer receive security updates now fall outside the minimum expectations for patching, lifecycle management and ICT governance.
In software terms, end of life marks the point when a vendor permanently stops releasing security updates, patches, or technical support. From that date onward, vulnerabilities remain unpatched and every unprotected device becomes an entry point for exploitation. What was once routine maintenance becomes risk containment.
At Penta, we have seen this shift across banks, family offices and fund managers. Under frameworks such as FINMA Circular 2023/1 (Operational Risks and Resilience), unsupported systems no longer meet the standard for controlled operation. They weaken both cyber defences and compliance posture, often without visible warning.
Rafik Kattoum, Penta’s Infrastructure Manager, captures it precisely:
“Windows 10 end-of-life is more than a technical milestone. It is a governance fault line. Once updates stop, every unpatched device becomes a live weakness. Firms need to decide whether to isolate it, upgrade it, or retire it before that weakness spreads.”
Replacing an operating system is no small task. It affects infrastructure, budgets and user experience in ways that ripple through daily operations. Yet lifecycle transitions of this scale are an integral part of maintaining resilience. Each one tests how well technology planning, governance and risk management work together in practice.
Seen through that lens, Windows 10’s retirement is less about the loss of a familiar platform and more about institutional maturity. Organisations that manage technology life cycles as a continuous process, aligning updates, budgets and controls within a single governance view, are the ones best placed to adapt with minimal disruption.
To support that process, firms can request a Penta Infrastructure Audit to identify vulnerable Windows 10 machines and develop a structured transition plan. The audit can also help determine how best to use Microsoft’s Extended Security Updates programme as a temporary safeguard during the migration.