diff --git a/pkg/apis/config/feature_flags.go b/pkg/apis/config/feature_flags.go
index aa532fafdf9..34310f3d013 100644
--- a/pkg/apis/config/feature_flags.go
+++ b/pkg/apis/config/feature_flags.go
@@ -316,6 +316,11 @@ func CheckAlphaOrBetaAPIFields(ctx context.Context) bool {
 	return cfg.FeatureFlags.EnableAPIFields == AlphaAPIFields || cfg.FeatureFlags.EnableAPIFields == BetaAPIFields
 }
 
+// IsSpireEnabled checks if non-falsifiable provenance is enforced through SPIRE
+func IsSpireEnabled(ctx context.Context) bool {
+	return FromContextOrDefaults(ctx).FeatureFlags.EnforceNonfalsifiability == EnforceNonfalsifiabilityWithSpire
+}
+
 func setEnableAPIFields(ctx context.Context, want string) context.Context {
 	featureFlags, _ := NewFeatureFlagsFromMap(map[string]string{
 		"enable-api-fields": want,
diff --git a/pkg/apis/config/feature_flags_test.go b/pkg/apis/config/feature_flags_test.go
index c63d7d8a922..b38a255c282 100644
--- a/pkg/apis/config/feature_flags_test.go
+++ b/pkg/apis/config/feature_flags_test.go
@@ -305,6 +305,59 @@ func TestCheckAlphaOrBetaAPIFields(t *testing.T) {
 	}
 }
 
+func TestIsSpireEnabled(t *testing.T) {
+	testCases := []struct {
+		name      string
+		configmap map[string]string
+		want      bool
+	}{{
+		name: "when enable-api-fields is set to beta and non-falsifiablity is not set.",
+		configmap: map[string]string{
+			"enable-api-fields":         "beta",
+			"enforce-nonfalsifiability": config.EnforceNonfalsifiabilityNone,
+		},
+		want: false,
+	}, {
+		name: "when enable-api-fields is set to beta and non-falsifiability is set to 'spire'",
+		configmap: map[string]string{
+			"enable-api-fields":         "beta",
+			"enforce-nonfalsifiability": config.EnforceNonfalsifiabilityWithSpire,
+		},
+		want: false,
+	}, {
+		name: "when enable-api-fields is set to alpha and non-falsifiability is not set",
+		configmap: map[string]string{
+			"enable-api-fields":         "alpha",
+			"enforce-nonfalsifiability": config.EnforceNonfalsifiabilityNone,
+		},
+		want: false,
+	}, {
+		name: "when enable-api-fields is set to alpha and non-falsifiability is set to 'spire'",
+		configmap: map[string]string{
+			"enable-api-fields":         "alpha",
+			"enforce-nonfalsifiability": config.EnforceNonfalsifiabilityWithSpire,
+		},
+		want: true,
+	}}
+	ctx := context.Background()
+	store := config.NewStore(logging.FromContext(ctx).Named("config-store"))
+	for _, tc := range testCases {
+		featureflags := &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "feature-flags",
+			},
+			Data: tc.configmap,
+		}
+		store.OnConfigChanged(featureflags)
+		ctx = store.ToContext(ctx)
+		got := config.IsSpireEnabled(ctx)
+
+		if tc.want != got {
+			t.Errorf("IsSpireEnabled() = %t, want %t", got, tc.want)
+		}
+	}
+}
+
 func verifyConfigFileWithExpectedFeatureFlagsConfig(t *testing.T, fileName string, expectedConfig *config.FeatureFlags) {
 	t.Helper()
 	cm := test.ConfigMapFromTestFile(t, fileName)