diff --git a/.asf.yaml b/.asf.yaml
index 1a37fb49233..7d2d7557d3d 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -18,6 +18,13 @@
 # `.asf.yaml` is a branch-specific YAML configuration file for Git repositories to control features such as notifications, GitHub settings, etc.
 # See its documentation for details: https://github.com/apache/infrastructure-asfyaml
 
+#
+# Additional non-standard features
+#
+meta:
+  environments:
+    - github_rulesets
+
 # Bare minimum `notifications` to
 #
 # 1. Forward GitHub _activity_ to `notifications@`
@@ -72,35 +79,35 @@ github:
     merge:   false
     rebase:  false
 
-  # Enforce Review-then-Commit
-  protected_branches:
-    2.x:
-      # All reviews must be addressed before merging
-      required_conversation_resolution: true
-      # Require checks to pass before merging
-      required_status_checks:
-        checks:
-          # The GitHub Actions app: 15368
-          - app_id: 15368
-            context: "build / build (ubuntu-latest)"
-          # The GitHub Advanced Security app: 57789
-          - app_id: 57789
-            context: "CodeQL"
-      # At least one positive review must be present
-      required_pull_request_reviews:
-        required_approving_review_count: 1
-    main:
+  # Clear Protected Branches configuration: it is replaced by GitHub Rulesets
+  protected_branches: { }
+
+  rulesets:
+    # Enforce Review-then-Commit
+    - name: "Branch protection"
+      type: branch
+      branches:
+        includes:
+          - "refs/heads/2.x"
+          - "refs/heads/main"
       # All reviews must be addressed before merging
       required_conversation_resolution: true
       # Require checks to pass before merging
       required_status_checks:
-        checks:
-          # The GitHub Actions app: 15368
-          - app_id: 15368
-            context: "build / build (ubuntu-latest)"
-          # The GitHub Advanced Security app: 57789
-          - app_id: 57789
-            context: "CodeQL"
+        # The GitHub Actions app
+        # https://api.github.com/apps/github-actions
+        - app_slug: 15368
+          name: "build / build (ubuntu-latest)"
+        # The GitHub Advanced Security
+        # https://api.github.com/apps/github-advanced-security
+        - app_slug: 57789
+          name: "CodeQL"
       # At least one positive review must be present
       required_pull_request_reviews:
         required_approving_review_count: 1
+    # Protect tags
+    - name: "Tag protection"
+      type: tag
+      branches:
+        includes:
+          - "refs/tags/rel/*"