Kernel mode driver signing

Hi.

Sorry for my english, it is not my first language.

I used to distribute some window kernel driver mode to help some buisiness to protect their important data.
Recently my compagny EV certificate expired and I renew it, but it seems impossible to sign any driver.
I have look for information on microsoft site where i found some informations that seems contradictory. First i read :

Using cross-certificates to sign kernel-mode drivers is a violation of the Microsoft Trusted Root Program (TRP) policy.

then I read :

    The PC was upgraded from an earlier release of Windows to Windows 10, version 1607.
    Secure Boot is off in the BIOS.
    Drivers was signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA.```

I would like to know if the exception can still be used for today driver signing. Or if the security in window 10 drivers is definitly removed from user management to a third party compagny (Microsoft, in this case) in which they may or not have trust, but no choice for them.

My question is only about windows 10. The requirement of windows 11 and more explicitly removed users rights to manage their own security for kernel drivers.