Microsoft has introduced a significant, confirmed change in Windows 11. Starting with the April 2026 update, the operating system will no longer implicitly trust older kernel drivers signed under the legacy cross-signing program. What might appear as a minor technical detail poses a considerable challenge for thousands of users and businesses.
Simply put, Microsoft is closing a long-standing loophole that allowed drivers to be loaded without undergoing the modern Windows Hardware Compatibility Program (WHCP) validation process. While this doesn’t mean all old drivers will stop working overnight, it fundamentally alters the system’s trust baseline.
Windows 11 to End Support for Legacy Drivers After April 2026 Update
The importance lies not just in the “what,” but in the “how.” Microsoft is not implementing an abrupt cut-off. Instead, the rollout will begin in evaluation mode with the April 2026 update, during which the kernel will monitor and audit loaded drivers before enforcing stricter blocking.
This phased approach aims to reduce the risk of breaking systems that still rely on legacy components, especially in environments where very old hardware or outdated internal drivers are still in use, or have not been updated at all.
This policy will affect Windows 11 24H2, 25H2, and 26H1, as well as Windows Server 2025, establishing it as the standard for future versions like a hypothetical Windows 12. Microsoft frames this as a fundamental security enhancement: moving forward, the standard path for a kernel driver to be accepted will be through the Windows Hardware Compatibility Program (WHCP).
Phased Implementation Unlikely to Prevent Impact on Many Businesses and Users
In parallel, the company will maintain an “allow list” of a limited number of older drivers deemed “reputable,” specifically to prevent critical compatibility breaks in real-world systems. However, it’s anticipated that problems will still arise, particularly for small businesses.
The core issue is that Microsoft isn’t labeling old software as “malware” purely due to obsolescence, but rather deeming the old trust model insufficient. A kernel driver operates in the most sensitive part of the system, and allowing software signed under a legacy scheme creates a security risk surface that Microsoft aims to reduce.
This change is also linked to “App Control for Business,” which in these versions already supports this new kernel trust policy, allowing for managing exceptions or custom signers in very specific corporate scenarios. While the intention seems good, it appears somewhat unrealistic to expect even large enterprises to provide updated, signed drivers for hardware or peripherals that are 20 years old.
In summary, Microsoft hasn’t just resurrected an old debate; it has activated a new, practical phase of a transition that has been brewing for years, and it has finally arrived. This change is current, official, and comes with a specific date when Windows 11 will cease supporting these older drivers. What remains to be seen is how many systems, hardware, and peripherals are still more dependent on that technological past than previously thought.
