Microsoft has announced a major change to the way Windows manages drivers, ending a more than two-decade-old practice.
As of April 2026, the Windows kernel will no longer accept drivers signed through the outdated “cross-signing” program, which dates back to the early 2000s. Although this system was officially discontinued in 2021, the operating system still trusted the old certificates until now.
Microsoft is making a turnaround – the end of the old Windows cross-signing practice
In the new model, Windows will only accept drivers that are certified through the Windows Hardware Compatibility Program (WHCP). This change will cover versions like Windows 11 24H2, 25H2, 26H1, as well as Windows Server 2025 and all future versions.
To mitigate potential compatibility issues, Microsoft plans to introduce a whitelist of trusted legacy drivers that will still be able to load. Also, the initial phase of implementation will be in monitoring mode, without immediate blocking: the system will monitor behavior and collect data before full implementation.
Additional flexibility is provided for business users. Through Application Control for Business it is possible to manually allow loading of internal or specific drivers, which is important for companies using proprietary solutions.
This decision comes as part of a broader strategy to strengthen Windows system security. Microsoft says it’s based on an analysis of massive amounts of telemetry data, which showed that old signing models pose a potential security risk.
Windows is entering a new phase where the principle of compatibility is no longer above security, and old drivers will finally have to give way to modern standards.