diff --git a/src/Altinn.ResourceRegistry.Core/Helpers/PolicyHelper.cs b/src/Altinn.ResourceRegistry.Core/Helpers/PolicyHelper.cs
index a649d8e1..3e2f2926 100644
--- a/src/Altinn.ResourceRegistry.Core/Helpers/PolicyHelper.cs
+++ b/src/Altinn.ResourceRegistry.Core/Helpers/PolicyHelper.cs
@@ -346,7 +346,6 @@ private static List<AttributeMatch> GetResourceFromXacmlRule(XacmlRule rule)
             }
 
             return result;
-        }
-       
+        }    
     }
 }
diff --git a/src/Altinn.ResourceRegistry/Controllers/ResourceController.cs b/src/Altinn.ResourceRegistry/Controllers/ResourceController.cs
index 7072bef8..420ab5c0 100644
--- a/src/Altinn.ResourceRegistry/Controllers/ResourceController.cs
+++ b/src/Altinn.ResourceRegistry/Controllers/ResourceController.cs
@@ -14,6 +14,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ApplicationModels;
 using Microsoft.AspNetCore.Mvc.ModelBinding.Validation;
+using System.Xml;
 
 namespace Altinn.ResourceRegistry.Controllers
 {
@@ -395,6 +396,11 @@ public async Task<ActionResult> WritePolicy(string id, IFormFile policyFile, Can
                 _logger.LogError(ex.Message);
                 return BadRequest(ex.Message);
             }
+            catch (XmlException ex)
+            {
+                _logger.LogError(ex.Message);
+                return BadRequest(ex.Message);
+            }
             catch (Exception ex)
             {
                 _logger.LogError(ex.ToString());
diff --git a/test/Altinn.ResourceRegistry.Tests/Altinn.ResourceRegistry.Tests.csproj b/test/Altinn.ResourceRegistry.Tests/Altinn.ResourceRegistry.Tests.csproj
index 72f66364..5254aae0 100644
--- a/test/Altinn.ResourceRegistry.Tests/Altinn.ResourceRegistry.Tests.csproj
+++ b/test/Altinn.ResourceRegistry.Tests/Altinn.ResourceRegistry.Tests.csproj
@@ -22,6 +22,9 @@
     <None Update="appsettings.test.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Update="Data\ResourcePolicies\altinn_access_management_missinganyof.xml">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Update="Data\ResourcePolicies\altinn_access_management\resourcepolicy.xml">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
diff --git a/test/Altinn.ResourceRegistry.Tests/Data/ResourcePolicies/altinn_access_management_missinganyof.xml b/test/Altinn.ResourceRegistry.Tests/Data/ResourcePolicies/altinn_access_management_missinganyof.xml
new file mode 100644
index 00000000..03c804fb
--- /dev/null
+++ b/test/Altinn.ResourceRegistry.Tests/Data/ResourcePolicies/altinn_access_management_missinganyof.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:altinn:example:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
+  <xacml:Target/>
+  <xacml:Rule RuleId="urn:altinn:example:ruleid:1" Effect="Permit">
+    <xacml:Description>Policy for altinn_access_management</xacml:Description>
+    <xacml:Target>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ADMAI</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+      <xacml:AnyOf>
+        <xacml:AllOf>
+          <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">altinn_access_management</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+          </xacml:Match>
+        </xacml:AllOf>
+      </xacml:AnyOf>
+        <xacml:AllOf>
+            <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+            </xacml:Match>
+        </xacml:AllOf>
+        <xacml:AllOf>
+            <xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+            <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+            <xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+            </xacml:Match>
+        </xacml:AllOf>
+    </xacml:Target>
+  </xacml:Rule>
+  <xacml:ObligationExpressions>
+    <xacml:ObligationExpression FulfillOn="Permit" ObligationId="urn:altinn:obligation:authenticationLevel1">
+      <xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation1-assignment1" Category="urn:altinn:minimum-authenticationlevel">
+        <xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</xacml:AttributeValue>
+      </xacml:AttributeAssignmentExpression>
+    </xacml:ObligationExpression>
+  </xacml:ObligationExpressions>
+</xacml:Policy>
diff --git a/test/Altinn.ResourceRegistry.Tests/ResourceControllerWithDbTests.cs b/test/Altinn.ResourceRegistry.Tests/ResourceControllerWithDbTests.cs
index 214a2ccf..e98db5f2 100644
--- a/test/Altinn.ResourceRegistry.Tests/ResourceControllerWithDbTests.cs
+++ b/test/Altinn.ResourceRegistry.Tests/ResourceControllerWithDbTests.cs
@@ -160,6 +160,52 @@ public async Task SetResourcePolicy_OK()
 
     }
 
+    [Fact]
+    public async Task SetResourcePolicy_MissingAnyOf_()
+    {
+        // Add one that should be marked as deleted when updating with policy
+        await Repository.SetResourceSubjects(CreateResourceSubjects("urn:altinn:resource:altinn_access_management", ["urn:altinn:rolecode:tobedeleted"], "skd"));
+
+        ServiceResource resource = new ServiceResource()
+        {
+            Identifier = "altinn_access_management",
+            HasCompetentAuthority = new CompetentAuthority()
+            {
+                Organization = "974761076",
+                Orgcode = "skd"
+            }
+        };
+        await Repository.CreateResource(resource);
+
+        using var client = CreateClient();
+        string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:resourceregistry/resource.write");
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+
+        string fileName = $"{resource.Identifier}_missinganyof.xml";
+        string filePath = $"Data/ResourcePolicies/{fileName}";
+
+        Uri requestUri = new Uri($"resourceregistry/api/v1/Resource/{resource.Identifier}/policy", UriKind.Relative);
+
+        ByteArrayContent fileContent = new ByteArrayContent(File.ReadAllBytes(filePath));
+        fileContent.Headers.ContentType = MediaTypeHeaderValue.Parse("text/xml");
+
+        MultipartFormDataContent content = new();
+        content.Add(fileContent, "policyFile", fileName);
+
+        HttpRequestMessage httpRequestMessage = new() { Method = HttpMethod.Post, RequestUri = requestUri, Content = content };
+        httpRequestMessage.Headers.Add("ContentType", "multipart/form-data");
+
+        HttpResponseMessage response = await client.SendAsync(httpRequestMessage);
+
+        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+
+        string responseContent = await response.Content.ReadAsStringAsync();
+
+        Assert.Contains("invalid XmlNodeType", responseContent);
+
+    }
+
     [Fact]
     public async Task GetUpdatedResourceSubjects_Paginates()
     {