diff --git a/pallets/invulnerables/src/lib.rs b/pallets/invulnerables/src/lib.rs
index 57695c468..a988839f3 100644
--- a/pallets/invulnerables/src/lib.rs
+++ b/pallets/invulnerables/src/lib.rs
@@ -160,6 +160,8 @@ pub mod pallet {
         AlreadyInvulnerable,
         /// Account is not an Invulnerable.
         NotInvulnerable,
+        /// Account does not have keys registered
+        NoKeysRegistered,
     }
 
     #[pallet::call]
@@ -221,6 +223,14 @@ pub mod pallet {
             who: T::AccountId,
         ) -> DispatchResultWithPostInfo {
             T::UpdateOrigin::ensure_origin(origin)?;
+            // don't let one unprepared collator ruin things for everyone.
+            let collator_id = T::CollatorIdOf::convert(who.clone());
+
+            // Ensure it has keys registered
+            ensure!(
+                collator_id.map_or(false, |key| T::CollatorRegistration::is_registered(&key)),
+                Error::<T>::NoKeysRegistered
+            );
 
             <Invulnerables<T>>::try_mutate(|invulnerables| -> DispatchResult {
                 if invulnerables.contains(&who) {
diff --git a/pallets/invulnerables/src/tests.rs b/pallets/invulnerables/src/tests.rs
index c591208c4..b2fa54724 100644
--- a/pallets/invulnerables/src/tests.rs
+++ b/pallets/invulnerables/src/tests.rs
@@ -85,6 +85,20 @@ fn add_invulnerable_works() {
     });
 }
 
+#[test]
+fn add_invulnerable_does_not_work_if_not_registered() {
+    new_test_ext().execute_with(|| {
+        initialize_to_block(1);
+        assert_eq!(Invulnerables::invulnerables(), vec![1, 2]);
+        let new = 42;
+
+        assert_noop!(
+            Invulnerables::add_invulnerable(RuntimeOrigin::signed(RootAccount::get()), new),
+            Error::<Test>::NoKeysRegistered
+        );
+    });
+}
+
 #[test]
 fn invulnerable_limit_works() {
     new_test_ext().execute_with(|| {