diff --git a/antora/docs/modules/ROOT/pages/release_policy.adoc b/antora/docs/modules/ROOT/pages/release_policy.adoc
index a653a283..1e3fd626 100644
--- a/antora/docs/modules/ROOT/pages/release_policy.adoc
+++ b/antora/docs/modules/ROOT/pages/release_policy.adoc
@@ -1034,7 +1034,7 @@ This package defines rules to confirm that all RPM packages listed in SBOMs spec
 [#rpm_repos__ids_known]
 === link:#rpm_repos__ids_known[All rpms have known repo ids]
 
-Each RPM package listed in an SBOM must specify the repository id that it comes from, and that repository id must be present in the list of known and permitted repository ids.
+Each RPM package listed in an SBOM must specify the repository id that it comes from, and that repository id must be present in the list of known and permitted repository ids. Currently this is rule enforced only for SBOM components created by cachi2.
 
 *Solution*: Ensure every rpm comes from a known and permitted repository, and that the data in the SBOM correctly records that.
 
diff --git a/policy/release/rpm_repos.rego b/policy/release/rpm_repos.rego
index b343670f..0338d11d 100644
--- a/policy/release/rpm_repos.rego
+++ b/policy/release/rpm_repos.rego
@@ -35,6 +35,7 @@ deny contains result if {
 # description: >-
 #   Each RPM package listed in an SBOM must specify the repository id that it comes from,
 #   and that repository id must be present in the list of known and permitted repository ids.
+#   Currently this is rule enforced only for SBOM components created by cachi2.
 # custom:
 #   short_name: ids_known
 #   failure_msg: 'RPM repo id check failed: %s'