diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go
index f5f4010aa..4b97113c9 100644
--- a/pkg/cmd/attestation/verification/policy.go
+++ b/pkg/cmd/attestation/verification/policy.go
@@ -49,3 +49,29 @@ func (c EnforcementCriteria) Valid() error {
 	}
 	return nil
 }
+
+func (c EnforcementCriteria) PrintPolicyInformation() string {
+	info := fmt.Sprintf(`
+		The following policy enforcement criteria will be checked against all attestations:
+		- Attestation predicate type must match %s
+		- Attestation must be signed by a certificate whose OIDC issuer matches %s
+		- Attestation must be associated with an artifact built in an organization whose URI is %s
+	`, c.PredicateType, c.Certificate.Issuer, c.Certificate.SourceRepositoryOwnerURI)
+
+	if c.Certificate.SourceRepositoryURI != "" {
+		info += fmt.Sprintf("- Attestation must be associated with an artifact built in a repository whose URI is %s", c.Certificate.SourceRepositoryURI)
+	}
+
+	if c.Certificate.RunnerEnvironment == GitHubRunner {
+		info += "- Attestation must be signed by a certificate that was generated by a Action workflow executed in a GitHub hosted runner"
+	}
+
+	if c.SANRegex != "" {
+		info += fmt.Sprintf("- Attestation must be signed by a certificate with a Subject Alternative Name matching the regex %s", c.SANRegex)
+	}
+	if c.SAN != "" {
+		info += fmt.Sprintf("- Attestation must be signed by a certificate with a Subject Alternative Name matching the exact value %s", c.SAN)
+	}
+
+	return info
+}
diff --git a/pkg/cmd/attestation/verify/policy.go b/pkg/cmd/attestation/verify/policy.go
index c2e154fe2..207cc829e 100644
--- a/pkg/cmd/attestation/verify/policy.go
+++ b/pkg/cmd/attestation/verify/policy.go
@@ -22,7 +22,9 @@ func expandToGitHubURL(tenant, ownerOrRepo string) string {
 }
 
 func newEnforcementCriteria(opts *Options) (verification.EnforcementCriteria, error) {
-	var c verification.EnforcementCriteria
+	c := verification.EnforcementCriteria{
+		PredicateType: opts.PredicateType,
+	}
 
 	// Set SANRegex using either the opts.SignerRepo or opts.SignerWorkflow values
 	if opts.SignerRepo != "" {
@@ -80,8 +82,6 @@ func newEnforcementCriteria(opts *Options) (verification.EnforcementCriteria, er
 		c.Certificate.Issuer = opts.OIDCIssuer
 	}
 
-	c.PredicateType = opts.PredicateType
-
 	return c, nil
 }