EOL, EOS, End of Support — a Plain-English Guide for Executives · Global Digital
Global Digital
Let's talk
Global Digital · Insights · Executive guide

EOL, EOS, end of support: a plain-English guide for executives

Vendors announce retirement dates in jargon that hides a simple fact: after a certain day, security fixes stop and the risk is yours. Here is how to decode the terms — and what they mean for insurance, compliance, and budget.

{{ publishDate }}·7-minute read·Fiercely vendor-neutral

The question every executive asks

When an end-of-support notice lands, the honest first question in the room is usually this: "The software still works after that date, doesn't it?" And the answer is yes — it keeps running. Nothing breaks on day one. No alarm sounds, no screen goes dark, no invoice arrives.

That is exactly what makes the date easy to ignore, and exactly why it is dangerous. Until that day, when a security flaw is found, the vendor's engineers fix it — quietly, routinely, hundreds of times a year. After that day, the same flaws are found at the same rate. Nobody fixes them.

Nothing breaks on the day support ends. The risk simply transfers — quietly — from the vendor's engineers to your balance sheet. It's like driving past the end of a warranty: the car runs fine, until the day it doesn't.

The confusion is compounded by vocabulary. Vendors describe the same handful of milestones with a rotating cast of acronyms — EOL, EOS, EOSL, ESU — and they do not use them consistently with each other. The table below is the decoder we use with clients.

The alphabet soup, decoded

Seven terms cover nearly every retirement notice you will receive. One of them matters far more than the rest.

EOL — End of Life
The umbrella term
What it actually means

The product is being retired. Vendors disagree on exactly which milestones an "EOL announcement" includes.

What stops

Varies by vendor — sometimes sales, sometimes features, sometimes everything.

What to ask the vendor

"Which specific dates does this EOL announcement include — and which is the last security patch?"

EOS
The worst offender
What it actually means

Used to mean End of Support, End of Sale, or End of Service — depending on the vendor. Never assume; the three differ by years.

What stops

Depends entirely on which "S" they mean.

What to ask the vendor

"EOS meaning what, exactly — support, sale, or service? Put the definition in writing."

End of active support
Also: mainstream support
What it actually means

Feature development ends; security patching continues. An early warning, not the deadline.

What stops

New features and routine, non-security fixes.

What to ask the vendor

"Do security patches continue after this date — and until when?"

End of support · EOSL
★ The date that matters
What it actually means

Security patches stop. The software keeps running; new vulnerabilities go unfixed. Hardware vendors call it End of Service Life; Cisco says "Last Date of Support."

What stops

Security fixes. From this day, the risk is yours.

What to ask the vendor

"What is the last date you will ship a security patch for the version we run?"

ESU — Extended Security Updates
Paid life support
What it actually means

Some vendors sell security patches past end of support — typically per-device, with pricing that roughly doubles each year. A bridge, not a strategy.

What stops

Nothing yet — you pay to postpone the cliff, usually for a maximum of three years.

What to ask the vendor

"What does year one cost per device — and what does year three cost?"

End of Sale
Also: End of Availability
What it actually means

You can no longer buy it; support continues for a defined period after. Mostly a hardware term — and it starts the countdown clock.

What stops

Purchasing — including spares and capacity expansion.

What to ask the vendor

"How many years past End of Sale is support contractually guaranteed?"

LTS · GA · sunset · deprecated
The supporting cast
What it actually means

LTS: a release supported longer than usual. GA: generally available — the clock starts. Sunset / deprecated: still works, being wound down.

What stops

Nothing immediately — these are signals about where a product sits in its life.

What to ask the vendor

"Is the version we run an LTS release — and when does its support window close?"

Source: Global Digital · globaldigitalit.com Vendors use these terms inconsistently — confirm definitions in writing before you plan against them.

Why this is a board issue, not an IT ticket

Four consequences land outside the IT budget line — which is why the date belongs on a risk register, not just a patch schedule.

01 · BREACH EXPOSURE
Attackers keep a calendar too

Breach activity concentrates on unpatched systems — end-of-support dates are published, so unsupported software is a standing invitation with a known address.

02 · CYBER-INSURANCE
The questionnaire asks about it

Renewal questionnaires ask directly about unsupported software. Answer wrong and premiums rise; misrepresent it and a claim can be denied when you need it most.

03 · COMPLIANCE
Auditors treat it as a finding

PCI-DSS, HIPAA, CMMC and ISO 27001 all treat unsupported software as a control failure — one that surfaces in the audit whether or not anything has gone wrong yet.

04 · BUDGET
Planned is a line item; emergency is a write-down

A migration started on time is budgeted, phased, and negotiated. One started after the deadline happens at the vendor's price, on the vendor's schedule.

Free planning tool
Which of your platforms is closest to its date?

The Platform EOL Radar maps end-of-support dates for common business platforms against a realistic replacement schedule — no signup, saved in your browser.

The runway math

Replacing a business platform is not a weekend project. Selection, contracting, and implementation for a midmarket organization typically take six months to two years, depending on the category. That is why a "start-by" date exists: count backwards from end of support, and the last responsible day to begin is earlier than most calendars assume.

Typical midmarket runway, by category Months before end of support
24 18 12 6 0
ERP
18–24 mo
CRM
9–15 mo
Server OS
6–12 mo
Selection & vendor bidding (RFP) Implementation End of support

Typical midmarket planning ranges, not guarantees — bars show the upper end of each range. Planning methodology: Global Digital.

The math has a second, quieter term: leverage. Start inside the window and you run a competitive selection — the incumbent has to bid against alternatives. Wait past it, and every vendor at the table can see you have no time to switch. Waiting doesn't just compress the schedule; it hands the negotiation to the other side.

What to do with this

You don't need a project or a budget line to act on this article — you need three answers. Ask your IT leader this quarter:

01

Which of our platforms passes end of support in the next 24 months — and who owns each date?

02

Where are we already past a support date, and what compensating controls are in place today?

03

Which budget cycle is the natural moment to start selection — and does that still fit the runway?

We're fiercely vendor-neutral. This guide pushes no product and endorses no migration path — it exists so the timing decision is made by you, not made for you.

Put dates to the names

Now check the platforms you actually run.

The Platform EOL Radar maps end-of-support dates against a realistic start-by schedule for the platforms behind most midmarket businesses — free, no signup.

No SDR layer. We sell expertise, not products.