The States of Guernsey has launched a government-wide laptop replacement program, informing staff that any device incapable of running Windows 11 will be swapped for new hardware. The move is a direct response to Microsoft’s impending end of support for Windows 10 on October 14, 2025, and sits within a broader IT overhaul following the high-profile termination of the island’s decade-long contract with single supplier Agilisys. Roughly 3,000 staff laptops are in line for replacement under a new hardware supply contract, a figure that underscores both the scale of the modernization and the technical chasm between older fleet hardware and Windows 11’s strict security requirements.

The refresh is not an isolated hardware lifecycle event. It is the visible edge of a sweeping reorganization that touches hosting, helpdesk, procurement, and—crucially—the governance structures that allowed a single-vendor dependency to underperform. For Windows enthusiasts, IT managers, and public sector observers, Guernsey’s program offers a real-world case study in aligning endpoint security with vendor strategy, budgeting for AI-ready hardware, and avoiding the pitfalls that can derail large migrations.

A Mandate for Modernization: Windows 11 and the End of the Road for Windows 10

Microsoft will pull the plug on free security updates for Windows 10 on October 14, 2025. After that date, systems remaining on the old platform will no longer receive patches for newly discovered vulnerabilities unless the organization pays for Extended Security Updates. For a government that handles sensitive citizen data and critical public services, running an unsupported operating system is not a theoretical risk—it is an open door to compliance failures, data breaches, and operational disruption.

Windows 11, released in October 2021, is the company’s designated successor. It introduces a refreshed user interface, deeper integration with Microsoft 365 and AI-powered Copilot experiences, and a hardened security baseline built around hardware-enforced features. Microsoft and cybersecurity agencies worldwide have urged organizations to migrate well before the deadline, making the States’ timeline both prudent and necessary.

From Agilisys to Multi-Vendor: The New IT Strategy

The laptop replacement plan cannot be understood without the backdrop of the Agilisys contract termination. In early 2025, following a critical report into digital service delivery, the States’ Policy & Resources Committee voted unanimously to end its agreement with Agilisys, just five years into a ten-year deal. The decision was explicitly driven by a desire for “improved accountability” and better value for taxpayers. Boley Smillie, chief executive of the public service, said moving to a multi-vendor model would allow the States to “keep pace with digital solutions that the community not only expects but deserves.”

In the post-Agilisys landscape, separate contracts have been awarded for helpdesk services, hosting and network support, and hardware lifecycle management. The hardware supplier is tasked with refreshing the laptop estate as part of its remit, while local firms have secured other pieces of the puzzle. This breakup is designed to reduce single-point-of-failure risk, inject specialist expertise into each domain, and sharpen service level agreements—but it also demands rigorous coordination from the in-house IT team.

Hardware Requirements: Why Some Laptops Can’t Make the Cut

Windows 11’s minimum system requirements represent a significant departure from the comparatively lax rules of Windows 10. The official documentation mandates a compatible 64-bit processor with two or more cores running at 1 GHz or faster, at least 4 GB of RAM, 64 GB of storage, UEFI firmware with Secure Boot capability, and—most notably—a Trusted Platform Module (TPM) version 2.0. Microsoft further restricts supported CPUs to specific generations, effectively locking out many chips manufactured before 2018.

These requirements are not arbitrary marketing hurdles. TPM 2.0 and Secure Boot underpin virtualization-based security, credential guard, and advanced firmware protection that make modern ransomware and bootkits far harder to deploy. For a government entity, the security dividend is tangible. The downside is that a substantial swath of the existing laptop fleet—likely anything purchased before 2019—cannot be upgraded in-place. The binary choice is stark: pay for extended Windows 10 support on aging hardware, or replace the devices entirely. Guernsey chose the latter.

The Replacement Program: 3,000 Devices and Counting

Internal communications to States staff have confirmed that anyone whose role requires a laptop will receive a new machine if their current one falls short of Windows 11 compatibility. The hardware supplier’s contract explicitly references a large-scale refresh targeting approximately 3,000 devices, making this one of the island’s most significant public-sector IT procurements in recent years.

The program is designed as a structured rollout rather than an emergency patch. That provides breathing room for inventory validation, staged deployment waves, and user training—all elements that large-scale migration post-mortems consistently flag as critical to success. The States has also signalled that the hardware supplier will be responsible for imaging, asset tagging, secure data wipe, and recycling, indicating a lifecycle approach beyond simple box-dropping.

Security and Compliance: The Unforgiving Deadline of October 2025

Continuing to operate Windows 10 after October 2025 exposes the States to escalating operational risk. Without security patches, every new vulnerability becomes a permanent zero-day targeting the organization. In regulated environments, auditors will flag unsupported systems, potentially triggering sanctions or increased insurance premiums. By front-loading the laptop replacement now, Guernsey aims to close the patching gap before it widens.

A Windows 11 fleet also unlocks advanced security features that are simply unavailable on older hardware. Hotpatching, for instance—which delivers critical fixes without rebooting—requires virtualization-based security and is only supported on Windows 11. The upgrade therefore doesn’t just maintain parity; it raises the baseline defence posture.

Beyond the OS: Copilot, AI, and the Copilot+ PC Question

Windows 11 is increasingly the vehicle for Microsoft’s AI ambitions. Copilot, the system-wide assistant, is being augmented with semantic search, vision capabilities, and deeper app integration. However, the most advanced “Copilot+ PC” experiences require dedicated Neural Processing Units (NPUs) and higher specifications—16 GB of RAM or more, fast NVMe storage—to accelerate AI tasks locally while preserving privacy.

For the States, this introduces a procurement nuance. Delivering baseline Windows 11 compatibility satisfies the security mandate; enabling Copilot+ features for power users demands a different tier of hardware. The two objectives are related but distinct, and organizations that conflate them risk either overspending on unnecessary AI silicon for general users or underspecifying machines that will struggle with future workloads. Guernsey’s IT team must therefore map user personas to hardware tiers, a task that requires close collaboration between HR, finance, and departmental leads.

AI governance also looms. Copilot’s ability to process files, screen content, and cloud-based data raises legitimate privacy questions. Public-sector deployments must establish clear policies on which Copilot features are permitted, ensure data residency compliance, and default to conservative settings—ideally opt-in—for sensitive user groups. Microsoft’s own guidance stresses user consent and transparency, but the onus is on the organization to enforce these guardrails.

Strengths of the Multi-Vendor Approach

The move away from a single integrator offers several structural advantages. Specialization allows the States to contract a helpdesk provider that excels at user support, a hosting partner with deep networking expertise, and a hardware vendor that manages device lifecycles efficiently. Early contract awards have gone to local firms, which can improve responsiveness and keep economic benefits on the island.

The hardware replacement policy is also commendably clear: incompatible laptops will be replaced. This binary rule avoids the murky middle ground where devices of borderline capability limp forward and generate support overhead. Pairing the refresh with a new hardware supplier also simplifies future lifecycle management, as the supplier shoulders imaging, warranty, and disposal responsibilities.

For all its logic, the program is not without risk. Replacing 3,000 laptops is expensive. Beyond the per-unit cost of the machines themselves, the total bill balloons with docking stations, monitors, warranty extensions, deployment engineering, data migration, and the secure disposal of old devices. In a public-sector environment with competing budgetary demands, even a well-planned project can face funding pressures that force scope reductions or timeline extensions.

Coordinating multiple vendors is another challenge. Where Agilisys once served as a single throat to choke, the States must now orchestrate handoffs between helpdesk, hosting, and hardware supply. That demands robust contract management, shared incident playbooks, and integration testing that validates imaging tools, endpoint management agents, and VPN connectivity across the new stack. Without strong internal governance, the break-up can create friction rather than resilience.

Legacy applications and specialized peripherals pose a subtler threat. Some departmental software may rely on 32-bit drivers, older .NET frameworks, or hardware interfaces that break under Windows 11. Lab equipment, kiosks, and operational technology often run on bespoke builds that cannot be easily upgraded. These exceptions must be identified early and quarantined with network segmentation, isolated virtual machines, or, as a last resort, tightly controlled extended support agreements.

User experience cannot be overlooked. Windows 11 introduces a centered Start menu, redesigned settings, and adjusted workflows that will confuse staff accustomed to Windows 10. Without a proactive training program—quick reference guides, short video walkthroughs, and floor-walking support during cutover—helpdesk ticket volumes will spike and productivity will dip.

A Practical Roadmap for Public Sector IT Teams

Drawing from the States’ approach and well-documented best practices, any organization facing a similar transition should follow a disciplined sequence:

  • Inventory everything. Build a complete database of every managed endpoint, recording CPU model, TPM version, Secure Boot status, RAM, storage, and attached peripherals. This single dataset is the foundation for accurate procurement and deployment planning.
  • Segment the fleet. Categorize devices as (A) fully compatible for in-place upgrade; (B) upgradeable with minor hardware tweaks; (C) requiring full replacement. Prioritize mission-critical users and high-risk devices in the first migration wave.
  • Define exception governance. Establish a formal process for legacy system waivers, with compensating controls such as network micro-segmentation and continuous monitoring, and enforce time-bound approvals.
  • Procure for lifecycle, not just hardware. Contracts should mandate imaging, asset tagging, certified data destruction, recycling, repair SLAs, and a buffer of spare units to avoid downtime during deployment.
  • Invest in user onboarding. Develop simple self-help materials, organize hands-on workshops, and brief the helpdesk on common transition issues.
  • Pilot before you plunge. Test the new image with a representative cross-section of users—IT staff, finance, and frontline departments—validating application compatibility, identity flows, and peripheral access.
  • Set AI and privacy policies now. Decide which Copilot features will be available, lock down default settings, and obtain sign-off from legal and data protection officers before rollout.
  • Monitor post-deployment telemetry. Use endpoint management and EDR tools to track update compliance, feature enablement, and device health, isolating non-compliant machines swiftly.

The Bottom Line: A Necessary Overhaul with Guardrails

The States of Guernsey’s plan to replace Windows 10-incompatible laptops is a pragmatic, security-first response to an immovable deadline. By coupling the refresh with a multi-vendor strategy born from the Agilisys experience, the government has an opportunity to build a more resilient and accountable IT ecosystem. The road ahead is demanding: cost pressures, vendor coordination, legacy application remediation, and AI governance all require sustained attention. But the alternative—a public service estate stranded on an unsupported operating system—is far riskier.

If the States executes with rigorous inventory management, staged deployments, and firm vendor oversight, the result will be a secure, modern workplace capable of supporting both current duties and future AI-enhanced workflows. The 3,000-laptop refresh is not just an upgrade; it is a litmus test for whether Guernsey’s IT leadership can turn a painful contractual breakup into a structural advantage.