How the Windows 10 End-of-Support Affects Medical Device Safety & Compliance
Microsoft Ends Windows 10 Support - What It Means
On 14 October 2025, Microsoft officially terminated support for Windows 10. All mainstream editions - Home, Pro, Enterprise, and Education - are included in this.
As a result, devices still running Windows 10 will no longer receive security updates, feature patches, or technical support from Microsoft.
While the operating system may continue to function, the lack of updates exposes devices, including PCs and embedded systems to growing cybersecurity risks.
Why This Matters for Medical Devices
Cybersecurity and Patient Safety Risks
According to the TGA, some medical devices rely on Windows 10 as their underlying operating system. With support ending, these devices may become vulnerable to cyber incidents, including malware, ransomware, unauthorized access, or other malicious activity.
For the manufacturers and sponsors, running Windows 10 after the support date without taking preventive measures increases the likelihood that the device may not satisfy the cybersecurity requirements.
This is more than just a software aging problem: an unpatched OS or driver issue can endanger device operation, the safety of patient data, and even overall compliance with regulations.
Regulatory and Compliance Implications
The TGA emphasizes that manufacturers and sponsors need a plan either a transition to a supported OS (like Microsoft Windows 11) or, where appropriate, a migration to a secure configuration (e.g., extended support or alternative OS). If hardware does not meet Windows 11 requirements, sponsors must notify customers and propose alternative solutions to ensure continued compliance and safety.
Further, if devices remain on unsupported OS long-term, there may be a need for corrective action including product alerts, recalls, or updates - especially if patient safety or data protection is at risk.
What Are the Options for Manufacturers & Users?
⦿ Upgrade to Windows 11: If hardware permits, migrating devices to a supported OS ensures continued security patches and vendor support.
⦿ Extended Security Updates (ESU): For eligible Windows 10 devices, the Windows 10 Consumer ESU program may extend security updates (subject to licence and eligibility).
⦿ Alternative OS or Platform: For embedded medical devices, consider migrating to other supported OS configurations or upgrading hardware/firmware to meet current security standards.
⦿ Post-market Vigilance and Risk Management: Manufacturers must revisit their post-market obligations, ensure cyber risk assessments, and inform end-users of potential hazards. This aligns with global regulatory expectations for medical device cybersecurity.
What Should Device Sponsors Do Now?
⦿ Perform an inventory audit of all devices that rely on Windows 10.
⦿ Determine which devices can be upgraded to Windows 11, and which require alternate mitigation (ESU, hardware upgrades, replacement).
⦿ Develop a transition plan and communicate with customers especially where hardware may not support Windows 11.
⦿ Ensure any upgrade or replacement maintains compliance with regulatory “Essential Principles” regarding patient safety, data integrity, and device performance.
⦿ Monitor and document any incidents, and report problems as required under regulatory post-market surveillance frameworks.
How Elexes Can Help
At Elexes, we understand the regulatory, cybersecurity, and compliance challenges that arise when legacy operating systems reach end-of-life. We offer consulting services to help medical device manufacturers and sponsors:
⦿ Audit & inventory of affected devices — Identify all devices dependent on Windows 10 and determine which ones require an OS upgrade, ESU adoption, or system redesign.
⦿ Regulatory risk assessment & change management — Assess how OS changes impact regulatory compliance and determine if re-validation, documentation updates, or regulatory notifications are needed.
⦿ Cybersecurity & post-market vigilance support — Update cybersecurity and risk-management files and ensure PMS, complaint, and recall procedures address risks from the unsupported OS.
⦿ Guidance for software-based devices & SaMD — Confirm correct classification and regulatory compliance for software-driven devices impacted by the OS change.
⦿ Communication & customer support material — Prepare compliant customer notices, instructions, and safety communications to support a smooth and safe transition.
Whether you are preparing for CE marking, FDA submission, ISO 13485 certification, or simply seeking to safeguard patient safety and data integrity, Elexes can guide you through the process.
If your medical devices rely on Windows 10, now is the time to act. Contact Elexes today to assess the impact, develop a robust remediation plan, and ensure your devices remain secure, compliant, and market-ready.
