diff --git a/ee/app/controllers/phone_verification/telesign_callbacks_controller.rb b/ee/app/controllers/phone_verification/telesign_callbacks_controller.rb
index 5a55a32c1f61970654438d26c61a2e7ccda156c0..7d371a06b3041dcd5078a069a4e41a951b0252b4 100644
--- a/ee/app/controllers/phone_verification/telesign_callbacks_controller.rb
+++ b/ee/app/controllers/phone_verification/telesign_callbacks_controller.rb
@@ -28,11 +28,15 @@ def callback
     end
 
     def exempt_user_from_phone_number_verification
-      return unless ::Feature.enabled?(:auto_request_phone_number_verification_exemption, type: :gitlab_com_derisk)
-
       user = callback.user
 
-      return unless user&.offer_phone_number_exemption?
+      return unless user
+
+      return unless ::Feature.enabled?(
+        :auto_request_phone_number_verification_exemption, user, type: :gitlab_com_derisk
+      )
+
+      return unless user.offer_phone_number_exemption?
 
       user.create_phone_number_exemption!
       Gitlab::EtagCaching::Store.new.touch(verification_state_identity_verification_path)
diff --git a/ee/app/controllers/users/identity_verification_controller.rb b/ee/app/controllers/users/identity_verification_controller.rb
index 26e1640cebafb5188003b92de2e0852059c578f8..6ebe7f1e4aebfc635d6ea01910eb6005a25bf981 100644
--- a/ee/app/controllers/users/identity_verification_controller.rb
+++ b/ee/app/controllers/users/identity_verification_controller.rb
@@ -31,7 +31,7 @@ class IdentityVerificationController < ApplicationController
     layout 'minimal'
 
     def show
-      push_frontend_feature_flag(:auto_request_phone_number_verification_exemption, type: :gitlab_com_derisk)
+      push_frontend_feature_flag(:auto_request_phone_number_verification_exemption, @user, type: :gitlab_com_derisk)
 
       # We to perform cookie migration for tracking from logged out to log in
       # calling this before tracking gives us access to request where the
diff --git a/ee/spec/requests/phone_verification/telesign_callbacks_controller_spec.rb b/ee/spec/requests/phone_verification/telesign_callbacks_controller_spec.rb
index fd22db8b84ef2933cb9556e394e022769b6f8d7a..6fb5bd007eec3c79cfce9e0edd31bff34e7eaba8 100644
--- a/ee/spec/requests/phone_verification/telesign_callbacks_controller_spec.rb
+++ b/ee/spec/requests/phone_verification/telesign_callbacks_controller_spec.rb
@@ -81,6 +81,7 @@
 
         before do
           allow(user).to receive(:offer_phone_number_exemption?).and_return(true)
+          stub_feature_flags(auto_request_phone_number_verification_exemption: user)
         end
 
         it 'exempts the user' do
@@ -104,9 +105,9 @@
           it_behaves_like 'does not invalidate verification_state_identity_verification_path cache'
         end
 
-        context 'when auto_request_phone_number_verification_exemption feature flag is disabled' do
+        context 'when auto_request_phone_number_verification_exemption feature flag is disabled for user' do
           before do
-            stub_feature_flags(auto_request_phone_number_verification_exemption: false)
+            stub_feature_flags(auto_request_phone_number_verification_exemption: create(:user))
           end
 
           it_behaves_like 'does not exempt the user'