diff --git a/sdk/src/validation_results.rs b/sdk/src/validation_results.rs
index db47a5813..1d7f15d3f 100644
--- a/sdk/src/validation_results.rs
+++ b/sdk/src/validation_results.rs
@@ -35,10 +35,10 @@ use crate::{
 #[derive(Copy, Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 #[cfg_attr(feature = "json_schema", derive(JsonSchema))]
 pub enum ValidationState {
+    /// Validation is disabled in the SDK and the [ValidationState] is unable to be determined.
+    Unknown,
     /// The manifest store fails to meet [ValidationState::WellFormed] requirements, meaning it cannot
     /// even be parsed or its basic structure is non-compliant.
-    ///
-    /// This case may also occur if validation is disabled in the SDK.
     Invalid,
     /// The manifest store is well-formed and the cryptographic integrity checks succeed.
     ///
@@ -238,6 +238,10 @@ impl ValidationResults {
             } else if is_valid {
                 return ValidationState::Valid;
             }
+        } else {
+            // REVIEW-NOTE: is this the best way to detect that it wasn't validated? should we also check if success/failure is empty if there
+            //              is an active manifest?
+            return ValidationState::Unknown;
         }
 
         ValidationState::Invalid