diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go
index ae21dae48..6e8ce7ae4 100644
--- a/pkg/cmd/attestation/verification/policy.go
+++ b/pkg/cmd/attestation/verification/policy.go
@@ -43,5 +43,8 @@ func (c EnforcementCriteria) Valid() error {
 	if c.PredicateType == "" {
 		return fmt.Errorf("PredicateType must be set")
 	}
+	if c.SANRegex == "" && c.SAN == "" {
+		return fmt.Errorf("SANRegex or SAN must be set")
+	}
 	return nil
 }