diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp
index ee47a39b..f4105a0c 100644
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -577,18 +577,20 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
     return NOT_INITIALIZED_ERROR;
   }
 
-  // Playback may not begin until either the start time passes or the license
-  // is updated, so we treat this Decrypt call as invalid.
-  if (params.is_encrypted &&
-      !policy_engine_->CanDecryptContent(*params.key_id)) {
-    if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
-    if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
-      return INSUFFICIENT_OUTPUT_PROTECTION;
-    return NEED_KEY;
-  }
-
-  if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) {
-    return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
+  // Encrypted playback may not begin until either the start time passes or the
+  // license is updated, so we treat this Decrypt call as invalid.
+  // For the clear lead, we allow playback even if the key_id is not found or if
+  // the security level is not high enough yet.
+  if (params.is_encrypted) {
+    if (!policy_engine_->CanDecryptContent(*params.key_id)) {
+      if (policy_engine_->IsLicenseForFuture()) return DECRYPT_NOT_READY;
+      if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
+        return INSUFFICIENT_OUTPUT_PROTECTION;
+      return NEED_KEY;
+    }
+    if (!policy_engine_->CanUseKey(*params.key_id, security_level_)) {
+      return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
+    }
   }
 
   CdmResponseType status = crypto_session_->Decrypt(params);