Microsoft defined one point in time (I think it was June 1st, 2016) and starting with Windows 10 version 1607, the following restrictions apply to kernel mode drivers
without a signature from "Microsoft Windows Hardware Compatibility Publisher":
- If the signing certificate expired before June 1st, 2016, the driver is allowed to load.
- If the signing certificate became valid before June 1st, 2016 and expired after June 1st, 2016, the timestamp of the signature is checked to decide if the driver is allowed to load.
- If the signing certificate became valid after June 1st, 2016, the driver is always denied to load.
For obvious reasons you cannot get any new certificate which expires before June 1st, 2016, so you are required to have a signature from Microsoft for any drivers you want to distribute.
Even if you had an old certificate, it would be a SHA1 certificate, but since 2022 all drivers are required to have a SHA256 signature on Windows 10/11/2019/2022. (and that old certificate would probably be "leaked" and any file signed with it would get instantly deleted by anti-virus, so you couldn't even use in on 32-bit Windows 7/8/8.1)