diff --git a/index.bs b/index.bs
index 6157471dc..4bd765e2c 100644
--- a/index.bs
+++ b/index.bs
@@ -1574,8 +1574,8 @@ during credential generation.
       example, in the case that the authenticator uses self-attestation.)
     <li><dfn>direct</dfn> - indicates that the [=[RP]=] wants the attestation statement as generated by the authenticator. If
       the client returns an attestation statement to the RP in this case, it MUST be the statement generated by the authenticator.
-      If, for whatever reason, the client cannot pass on the authenticator-generated attestation statement, it MUST terminate
-      the credential generation operation with a "{{NotAllowedError}}".
+      If authenticator violates privacy requirements of the attestation scheme it is using, client MUST terminate
+      the credential generation operation with a "{{AttestationNotPrivateError}}".
 </ul>