diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp
index 1c8833f8..bc7876b0 100644
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -548,17 +548,18 @@ CdmResponseType CdmSession::Decrypt(const CdmDecryptionParameters& params) {
 
   // Playback may not begin until either the start time passes or the license
   // is updated, so we treat this Decrypt call as invalid.
-  if (params.is_encrypted &&
-      !policy_engine_->CanDecryptContent(*params.key_id)) {
-    if (policy_engine_->IsLicenseForFuture())
-      return DECRYPT_NOT_READY;
-    if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
-      return INSUFFICIENT_OUTPUT_PROTECTION;
-    return NEED_KEY;
-  }
+  if (params.is_encrypted) {
+    if (!policy_engine_->CanDecryptContent(*params.key_id)) {
+      if (policy_engine_->IsLicenseForFuture())
+        return DECRYPT_NOT_READY;
+      if (!policy_engine_->IsSufficientOutputProtection(*params.key_id))
+        return INSUFFICIENT_OUTPUT_PROTECTION;
+      return NEED_KEY;
+    }
 
-  if (!policy_engine_->CanUseKey(*params.key_id, security_level_))
-    return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
+    if (!policy_engine_->CanUseKey(*params.key_id, security_level_))
+      return KEY_PROHIBITED_FOR_SECURITY_LEVEL;
+  }
 
   CdmResponseType status = crypto_session_->Decrypt(params);