diff --git a/pkg/apis/cosigned/v1alpha1/clusterimagepolicy_types.go b/pkg/apis/cosigned/v1alpha1/clusterimagepolicy_types.go
index c4a6329e279..75e52a7a8d4 100644
--- a/pkg/apis/cosigned/v1alpha1/clusterimagepolicy_types.go
+++ b/pkg/apis/cosigned/v1alpha1/clusterimagepolicy_types.go
@@ -90,6 +90,8 @@ type Authority struct {
 	// +optional
 	Keyless *KeylessRef `json:"keyless,omitempty"`
 	// +optional
+	Trusted *TrustedRef `json:"trusted,omitempty"`
+	// +optional
 	Sources []Source `json:"source,omitempty"`
 	// +optional
 	CTLog *TLog `json:"ctlog,omitempty"`
@@ -141,6 +143,13 @@ type KeylessRef struct {
 	CACert *KeyRef `json:"ca-cert,omitempty"`
 }
 
+// TrustedRef is reserved for those images that for whatever reason are not or cannot
+// be signed. An optional expiry date may be added.
+type TrustedRef struct {
+	Trust  string `json:"trust,omitempty"`
+	Expiry string `json:"expiry,omitempty"`
+}
+
 // Attestation defines the type of attestation to validate and optionally
 // apply a policy decision to it. Authority block is used to verify the
 // specified attestation types, and if Policy is specified, then it's applied