diff --git a/staging/src/k8s.io/pod-security-admission/admission/admission.go b/staging/src/k8s.io/pod-security-admission/admission/admission.go
index 00f3b9beacb..722aee1955d 100644
--- a/staging/src/k8s.io/pod-security-admission/admission/admission.go
+++ b/staging/src/k8s.io/pod-security-admission/admission/admission.go
@@ -432,6 +432,8 @@ func (a *Admission) EvaluatePod(ctx context.Context, nsPolicy api.Policy, nsPoli
 
 	response := allowedResponse()
 	if enforce {
+		auditAnnotations[api.EnforcedPolicyAnnotationKey] = nsPolicy.Enforce.String()
+
 		if result := policy.AggregateCheckResults(a.Evaluator.EvaluatePod(nsPolicy.Enforce, podMetadata, podSpec)); !result.Allowed {
 			response = forbiddenResponse(fmt.Sprintf(
 				"pod violates PodSecurity %q: %s",
diff --git a/staging/src/k8s.io/pod-security-admission/api/constants.go b/staging/src/k8s.io/pod-security-admission/api/constants.go
index efabfb7535b..9d87ad59b17 100644
--- a/staging/src/k8s.io/pod-security-admission/api/constants.go
+++ b/staging/src/k8s.io/pod-security-admission/api/constants.go
@@ -45,5 +45,6 @@ const (
 	WarnVersionLabel    = labelPrefix + "warn-version"
 
 	ExemptionReasonAnnotationKey = "exempt"
-	AuditViolationsAnnotationKey  = "audit-violations"
+	AuditViolationsAnnotationKey = "audit-violations"
+	EnforcedPolicyAnnotationKey  = "enforce-policy"
 )