diff --git a/conduwuit-example.toml b/conduwuit-example.toml
index 51c0cade7..37b2aaa14 100644
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@@ -1857,6 +1857,11 @@
 #
 #support_page =
 
+# The ed25519 public key for the policy server available at this server's
+# name. Must be unpadded base64.
+#
+#policy_server_public_key =
+
 # Role string for server support contacts, to be served as part of the
 # MSC1929 server support endpoint at /.well-known/matrix/support.
 #
diff --git a/src/api/client/well_known.rs b/src/api/client/well_known.rs
index c0632955f..11cd0b351 100644
--- a/src/api/client/well_known.rs
+++ b/src/api/client/well_known.rs
@@ -3,6 +3,7 @@ use conduwuit::{Err, Result};
 use ruma::{
 	api::client::discovery::{
 		discover_homeserver::{self, HomeserverInfo},
+		discover_policy_server,
 		discover_support::{self, Contact, ContactRole},
 	},
 	assign,
@@ -114,3 +115,18 @@ pub(crate) async fn well_known_support(
 
 	Ok(assign!(discover_support::Response::with_contacts(contacts), { support_page }))
 }
+
+/// # `GET /.well-known/matrix/policy_server`
+///
+/// Advertises the policy server's public key, allowing clients to discover the
+/// values to be set in m.room.policy. Introduced in spec v1.18.
+pub(crate) async fn well_known_policy_server(
+	State(services): State<crate::State>,
+	_body: Ruma<discover_policy_server::Request>,
+) -> Result<discover_policy_server::Response> {
+	if let Some(key) = services.config.well_known.policy_server_public_key.clone() {
+		Ok(discover_policy_server::Response::new(key))
+	} else {
+		Err!(Request(NotFound("No policy server available.")))
+	}
+}
diff --git a/src/api/router.rs b/src/api/router.rs
index 6aaea7679..da39f22a9 100644
--- a/src/api/router.rs
+++ b/src/api/router.rs
@@ -183,6 +183,7 @@ pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 		.ruma_route(&client::put_suspended_status)
 		.ruma_route(&client::well_known_support)
 		.ruma_route(&client::well_known_client)
+		.ruma_route(&client::well_known_policy_server)
 		.ruma_route(&client::get_rtc_transports)
 		.ruma_route(&client::room_initial_sync_route)
 		.route("/_conduwuit/server_version", get(client::conduwuit_server_version))
diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs
index 65a812b08..633536e3b 100644
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -21,6 +21,7 @@ use regex::RegexSet;
 use ruma::{
 	OwnedRoomId, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId, RoomVersionId,
 	api::client::{discovery::discover_support::ContactRole, rtc::RtcTransport},
+	serde::Base64,
 };
 use serde::{Deserialize, Serialize, de::IgnoredAny};
 use url::Url;
@@ -2175,6 +2176,10 @@ pub struct WellKnownConfig {
 	/// Will be included alongside any contact information
 	pub support_page: Option<Url>,
 
+	/// The ed25519 public key for the policy server available at this server's
+	/// name. Must be unpadded base64.
+	pub policy_server_public_key: Option<Base64<ruma::serde::base64::Standard>>,
+
 	/// Role string for server support contacts, to be served as part of the
 	/// MSC1929 server support endpoint at /.well-known/matrix/support.
 	///