diff --git a/contracts/contracts/coordination/Coordinator.sol b/contracts/contracts/coordination/Coordinator.sol
index 58bc92d1..2dcb8baf 100644
--- a/contracts/contracts/coordination/Coordinator.sol
+++ b/contracts/contracts/coordination/Coordinator.sol
@@ -412,6 +412,7 @@ contract Coordinator is AccessControlDefaultAdminRules, FlatRateFeeModel {
         bytes memory ciphertextHeader
     ) external view returns (bool) {
         Ritual storage ritual = rituals[ritualId];
+        require(getRitualState(ritual) == RitualState.FINALIZED, "Ritual not finalized");
         return ritual.accessController.isAuthorized(ritualId, evidence, ciphertextHeader);
     }
 
diff --git a/tests/test_coordinator.py b/tests/test_coordinator.py
index e8759768..4a0cf8cb 100644
--- a/tests/test_coordinator.py
+++ b/tests/test_coordinator.py
@@ -385,7 +385,6 @@ def test_authorize_using_global_allow_list(
 
     # Not authorized
     assert not global_allow_list.isAuthorized(0, bytes(signature), bytes(digest))
-    assert not coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(digest))
 
     # Negative test cases for authorization
     with ape.reverts("Only ritual authority is permitted"):
@@ -394,6 +393,9 @@ def test_authorize_using_global_allow_list(
     with ape.reverts("Only active rituals can add authorizations"):
         global_allow_list.authorize(0, [deployer.address], sender=initiator)
 
+    with ape.reverts("Ritual not finalized"):
+        coordinator.isEncryptionAuthorized(0, bytes(signature), bytes(digest))
+
     # Finalize ritual
     transcript = os.urandom(transcript_size(len(nodes), len(nodes)))
     for node in nodes: