You're not technically forced to upgrade, but I think many people would consider ceasing to provide effective security updates as the end of an operating system's general useful lifecycle if it's running on a networked computer.
Most Linux distributions don't provide long-term support, even for security fixes, for very long. As one of the better examples, long-term support for Debian Squeeze -- a stable release of a major Linux distro widely deployed on servers -- is scheduled to end in February 2016. Debian Squeeze was released in February 2011, making that a respectable 5 year window (certainly better than a lot of other platforms).
However, that is far short of the extended support period of more than a decade that Microsoft has committed to for Windows 7 (around 9 years if you consider that they do require SP1, which was released about 16 months after the original, but which didn't add the kind of monkey business we've been seeing with various "upgrades" to software in recent years).
You don't have to upgrade OS X either, but last year when Apple declined to issue a security patch for OS X 10.6 (Snow Leopard) less than five years after it launched and when it was still reportedly in use by around 20% of people on OS X, they also put an upper bound on their viable support lifetime under 5 years.