By deciding to terminate Windows 10 security updates, Microsoft is seeking to force users to upgrade to Windows 11. Microsoft justifies this policy by invoking the need to improve security through the use of TPM modules. But this decision generates a cluster of dangers to which Microsoft seems blind. This case study illustrates the notions of danger situation and situation horizon, and shows how to build a step-by-step description of a situation from an initial problem, extending it to the actors concerned by the dangers that appear as the analysis proceeds.

The actors involved in this situation are Microsoft and Windows users: individuals, but also, notably, companies and institutions. The scope of this issue is therefore global. Temporally, the situation is considered over a time span from the present to October 14, 2025, which is the end-of-support date1 for Windows 10. That said, to better understand how a version of Windows imposing the use of TPM modules emerged, it may be interesting to go back to 2002, since the TPM issue had received media coverage at the time of the debates on digital right management systems (DRMS2): a time when Microsoft supported the DRMS desired by the music and film industries, which can be explained by the fact that the very notion of DRMS not being compatible with Linux, the dissemination of DRMS would have forced Linux users to buy Windows.

The situation, not being consensual, must be described to the second order: if Microsoft wants a transformation (a massive migration to Windows 11), many users are opposed to this transformation. This prospective divergence may have several reasons: some may wish to continue using software that is incompatible with Windows 11, some may be fundamentally opposed to a third party deciding whether or not software can be installed on their PC, and some own PCs that are not compatible with Windows 11, notably due to the absence of a TPM 2 module. And despite the hundreds of millions of PCs worldwide that cannot run Windows 11, Microsoft refuses to offer a version compatible with these PCs lacking a TPM module, and forces users to buy a new PC.

That said, the description of the situation gradually brings to light new issues and new actors. For starters, Microsoft seems unaware that many households simply can't afford to buy a new computer. This leads us to specifically consider Africa, which will be the most affected by Microsoft's policy, which could be perceived as racist or neo-colonialist, resulting in a significant reputation risk for Microsoft.

Quantitatively, more than a billion PCs run Windows 103 , of which only around 50% have a TPM 2 module, which leads us to consider two possibilities:

Firstly, hundreds of millions of users will be forced to buy a new PC, leading to an enormous amount of CO2e being emitted, bearing in mind that the manufacture of a PC emits between 200 and 300 kg CO2e. The situation therefore needs to take into account all those involved in the fight against climate change, including institutions and NGOs. Here again, Microsoft's image is threatened: with such CO2e emissions, the US company could be perceived as one of the bad guys in the fight against global warming. A related danger is that of electronic waste: a significant proportion of these hundreds of millions of PCs will end up in landfills in Africa, without being recycled, and will have harmful effects on the health of people working in or living near these landfills, particularly children. Thus, Microsoft's policy also threatens the environment and human health.

Secondly, hundreds of millions of users unable to buy a new PC will continue to use Windows 10, without security updates since Microsoft refuses to continue providing them: by refusing to provide a version of Windows 11 compatible with non-TPM PCs, Microsoft is about to be responsible for the biggest vulnerability in the history of cyberspace. Beyond the cybercriminal threat, from a strategic point of view, in a context where Russia is waging an increasingly unrestrained hybrid warfare, the deliberate creation of easily usable security flaws generates an unimaginable risk, the almost certain materialization of which will have incalculable consequences. Many countries, particularly in the West, are therefore directly threatened by a Microsoft policy that will trigger acts of hybrid warfare, particularly against the European Union: it is almost as if Microsoft were supplying digital weapons to Russia. The description of the situation must therefore take into account the threatened states, the European Union, the Trump administration and the states conducting hybrid operations.

In terms of power, with Windows installed on around 70% of PCs worldwide, Microsoft finds itself in a virtual monopoly situation, and probably believes that this gives it the power to impose its prospective, notably on the European Union. At this point in the analysis, it is necessary to go to the third order, to take into account the relativity of the perception of power. With an installed software base that cannot be replaced even in the medium term, Windows is inescapable. But, faced with threats to their national security, the member states of the European Union are now condemned to consider their dependence on Microsoft and to devise a strategy of software sovereignty. In the meantime, the European Union can find ways of imposing a truly dissuasive fine on Microsoft if a version of Windows 11 usable without TPM is not proposed, and it could do so all the more easily if civil societies mobilized, and generated power by coordinating NGOs operating in different fields, such as the environment, global warming, or digital rights advocacy.