This is the most likely, yup. The certs are unlikely to have a precise end-of-year expiration. It will be whatever the expiration is for the last certs loaded.
10 years in cinema IoT, here. Features are encrypted by Key Delivery Messages (KDM), and those are per cinema server/projector "marriage". No KDM will be considered valid if the server certs are expired.
