diff --git a/python/src/ccf/cose.py b/python/src/ccf/cose.py
index 553dbff90f3..6bcc84438b7 100644
--- a/python/src/ccf/cose.py
+++ b/python/src/ccf/cose.py
@@ -44,6 +44,8 @@
 # should move to a pycose.header value after RFC publication
 
 COSE_PHDR_VDP_LABEL = 396
+COSE_PHDR_VDS_LABEL = 395
+COSE_PHDR_VDS_CCF_LEDGER_SHA256 = 2
 COSE_RECEIPT_INCLUSION_PROOF_LABEL = -1
 
 # See https://datatracker.ietf.org/doc/draft-birkholz-cose-receipts-ccf-profile/
@@ -222,6 +224,13 @@ def verify_receipt(
     assert receipt.phdr[pycose.headers.KID] == expected_kid
     receipt.key = cose_key
 
+    assert (
+        COSE_PHDR_VDS_LABEL in receipt.phdr
+    ), "Verifiable data structure type is required"
+    assert (
+        receipt.phdr[COSE_PHDR_VDS_LABEL] == COSE_PHDR_VDS_CCF_LEDGER_SHA256
+    ), "vds(395) protected header must be CCF_LEDGER_SHA256(2)"
+
     assert COSE_PHDR_VDP_LABEL in receipt.uhdr, "Verifiable data proof is required"
     proof = receipt.uhdr[COSE_PHDR_VDP_LABEL]
     assert COSE_RECEIPT_INCLUSION_PROOF_LABEL in proof, "Inclusion proof is required"