diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py
index cc23f5eda93b084d59dbdd9ab6cc7f37e1ce7731..d79a106e775b857bef1d872c1050bdc1112b7575 100644
--- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py
+++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py
@@ -1,18 +1,42 @@
-
-from api_provider_management.models.api_provider_enrolment_details import \
-    APIProviderEnrolmentDetails  # noqa: E501
-from api_provider_management.models.api_provider_enrolment_details_patch import \
-    APIProviderEnrolmentDetailsPatch  # noqa: E501
-from api_provider_management.models.problem_details import \
-    ProblemDetails  # noqa: E501
+from functools import wraps
 from flask import current_app, request
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
 
 from ..core.provider_enrolment_details_api import ProviderManagementOperations
+from ..core.validate_user import ControlAccess
 from ..models.api_provider_enrolment_details_patch import \
-    APIProviderEnrolmentDetailsPatch  # noqa: E501
+        APIProviderEnrolmentDetailsPatch  # noqa: E501
 
 provider_management_ops = ProviderManagementOperations()
+valid_user = ControlAccess()
+
+def cert_validation():
+    def _cert_validation(f):
+        @wraps(f)
+        def __cert_validation(*args, **kwargs):
+
+            args = request.view_args
+            cert_tmp = request.headers['X-Ssl-Client-Cert']
+            cert_raw = cert_tmp.replace('\t', '')
+
+            cert = x509.load_pem_x509_certificate(str.encode(cert_raw), default_backend())
+
+            cn = cert.subject.get_attributes_for_oid(x509.OID_COMMON_NAME)[0].value.strip()
+
+            if cn != "superadmin":
+                cert_signature = cert.signature.hex()
+                result = valid_user.validate_user_cert(args["registrationId"], cert_signature)
+
+                if result is not None:
+                    return result
+
+            result = f(**kwargs)
+            return result
+        return __cert_validation
+    return _cert_validation
 
+@cert_validation()
 def modify_ind_api_provider_enrolment(registration_id, body):  # noqa: E501
     """modify_ind_api_provider_enrolment