diff --git a/doc/administration/dedicated/create_instance.md b/doc/administration/dedicated/create_instance.md
index d13b5981174ecedf89cd2bf5f6e5464e571f7085..62922ff024790b13d89a8f61228ad104e44c279d 100644
--- a/doc/administration/dedicated/create_instance.md
+++ b/doc/administration/dedicated/create_instance.md
@@ -42,7 +42,7 @@ complete your onboarding to create a new instance.
 NOTE:
 To enable BYOK, you must do it before onboarding.
 
-You can opt to encrypt your GitLab data at rest with AWS KMS keys, which must be made accessible to GitLab Dedicated infrastructure. GitLab Dedicated only supports keys with AWS-managed key material (the [AWS_KMS](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin) origin type).
+You can opt to encrypt your GitLab data at rest with AWS KMS keys, which must be made accessible to GitLab Dedicated infrastructure. Due to key rotation requirements, GitLab Dedicated only supports keys with AWS-managed key material (the [AWS_KMS](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin) origin type).
 
 In GitLab Dedicated, you can use KMS keys in two ways: