diff --git a/config/authsources.php b/config/authsources.php
index 1d796437d..d7075cbaa 100644
--- a/config/authsources.php
+++ b/config/authsources.php
@@ -108,3 +108,21 @@
         ],
     ];
 }
+
+if ($saml2auth->config->refedscodeofconduct === '1') {
+    $sp = $saml2auth->spname;
+
+    if (!isset($config[$sp]['EntityAttributes'])) {
+        $config[$sp]['EntityAttributes'] = [];
+    }
+
+    if (!isset($config[$sp]['EntityAttributes']['https://macedir.org/entity-category'])) {
+        $config[$sp]['EntityAttributes']['https://macedir.org/entity-category'] = [];
+    }
+
+    $config[$sp]['EntityAttributes']['https://macedir.org/entity-category'][] =
+        'https://refeds.org/category/code-of-conduct/v2';
+
+    $config[$sp]['EntityAttributes']['https://macedir.org/entity-category'][] =
+        'http://www.geant.net/uri/dataprotection-code-of-conduct/v1';
+}
diff --git a/lang/en/auth_saml2.php b/lang/en/auth_saml2.php
index f0974abc5..e34f17ea2 100644
--- a/lang/en/auth_saml2.php
+++ b/lang/en/auth_saml2.php
@@ -192,6 +192,8 @@
 $string['pluginname'] = 'SAML2';
 $string['privatekeypass'] = 'Private certificate key password';
 $string['privatekeypass_help'] = 'This is used for signing the local Moodle certificate, changing this will invalidate the current certificate.';
+$string['refedscodeofconduct'] = 'REFEDS Data Protection Code of Conduct v2.0';
+$string['refedscodeofconduct_desc'] = 'Include in the Service Provider metadata that this Moodle instance adheres to the <a href="{$a}" target="_blank">REFEDS Data Protection Code of Conduct v2.0</a>.';
 $string['regenerate_submit'] = 'Regenerate';
 $string['regenerateheading'] = 'Regenerate Private Key and Certificate';
 $string['rememberidp'] = 'Remember login service';
diff --git a/settings.php b/settings.php
index 865ea42b5..e7fb087e8 100644
--- a/settings.php
+++ b/settings.php
@@ -362,6 +362,18 @@
         PARAM_TEXT
     ));
 
+    // Signal REFEDS Data Protection Code of Conduct.
+    $settings->add(new admin_setting_configcheckbox(
+        'auth_saml2/refedscodeofconduct',
+        get_string('refedscodeofconduct', 'auth_saml2'),
+        get_string(
+            'refedscodeofconduct_desc',
+            'auth_saml2',
+            'https://refeds.org/category/code-of-conduct/v2'
+        ),
+        '0'
+    ));
+
     // Autocreate Users.
     $settings->add(new admin_setting_configselect(
         'auth_saml2/autocreate',