diff --git a/modules/agentless-scanning/main.tf b/modules/agentless-scanning/main.tf
index 010767d..a649354 100644
--- a/modules/agentless-scanning/main.tf
+++ b/modules/agentless-scanning/main.tf
@@ -417,6 +417,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement:
diff --git a/modules/agentless-scanning/organizational.tf b/modules/agentless-scanning/organizational.tf
index b4a378a..d722cb4 100644
--- a/modules/agentless-scanning/organizational.tf
+++ b/modules/agentless-scanning/organizational.tf
@@ -181,6 +181,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement: