diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index cf9b78a7914a..0881922d2244 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -33,6 +33,7 @@ import (
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/containers/podman/v4/utils"
 	"github.com/coreos/go-systemd/v22/daemon"
+	"github.com/docker/distribution/reference"
 	"github.com/opencontainers/go-digest"
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
@@ -992,12 +993,7 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string,
 		}
 		pulledImage = i
 	} else {
-		// NOTE: set the pull policy to "newer".  This will cover cases
-		// where the "latest" tag requires a pull and will also
-		// transparently handle "localhost/" prefixed files which *may*
-		// refer to a locally built image OR an image running a
-		// registry on localhost.
-		pullPolicy := config.PullPolicyNewer
+		pullPolicy := config.PullPolicyMissing
 		if len(container.ImagePullPolicy) > 0 {
 			// Make sure to lower the strings since K8s pull policy
 			// may be capitalized (see bugzilla.redhat.com/show_bug.cgi?id=1985905).
@@ -1006,6 +1002,14 @@ func (ic *ContainerEngine) getImageAndLabelInfo(ctx context.Context, cwd string,
 			if err != nil {
 				return nil, nil, err
 			}
+		} else {
+			if named, err := reference.ParseNamed(container.Image); err == nil {
+				tagged, isTagged := named.(reference.NamedTagged)
+				if isTagged && tagged.Tag() == "latest" {
+					// Make sure to always pull the latest image in case it got updated.
+					pullPolicy = config.PullPolicyNewer
+				}
+			}
 		}
 		// This ensures the image is the image store
 		pullOptions := &libimage.PullOptions{}
diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index efa8eced50d7..c51784991943 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -764,3 +764,36 @@ EOF
     run_podman pod rm -a
     run_podman rm -a
 }
+
+@test "podman kube play - pull policy" {
+    skip_if_remote "pull debug logs only work locally"
+
+    stderr="$PODMAN_TMPDIR/stderr"
+    yaml_source="$PODMAN_TMPDIR/test.yaml"
+    _write_test_yaml command=true
+
+    # Pipe stderr to a file to avoid polluting the logs
+    $PODMAN --debug kube play $yaml_source 2>$stderr
+    if [[ $status != 0 ]]; then
+        cat $stderr
+        die "kube play failed: $output"
+    fi
+    assert "$(< $stderr)" =~ "Pulling image $IMAGE \(policy\: missing\)" "default pull policy is missing"
+    run_podman kube down $yaml_source
+
+    rm $yaml_source $stderr
+    local_image="localhost/name:latest"
+    run_podman tag $IMAGE $local_image
+    _write_test_yaml command=true image=$local_image
+
+    # Pipe stderr to a file to avoid polluting the logs
+    $PODMAN --debug kube play $yaml_source 2>$stderr
+    if [[ $status != 0 ]]; then
+        cat $stderr
+        die "kube play failed: $output"
+    fi
+    assert "$(< $stderr)" =~ "Pulling image $local_image \(policy\: newer\)" "pull policy is set to newhen pulling latest tag"
+    run_podman kube down $yaml_source
+
+    run_podman rmi $local_image
+}