diff --git a/src/Admin/Controllers/UsersController.cs b/src/Admin/Controllers/UsersController.cs
index 71be19a041..cecd7a2142 100644
--- a/src/Admin/Controllers/UsersController.cs
+++ b/src/Admin/Controllers/UsersController.cs
@@ -167,7 +167,6 @@ public class UsersController : Controller
     [HttpPost]
     [ValidateAntiForgeryToken]
     [RequirePermission(Permission.User_NewDeviceException_Edit)]
-    [RequireFeature(FeatureFlagKeys.NewDeviceVerification)]
     public async Task<IActionResult> ToggleNewDeviceVerification(Guid id)
     {
         var user = await _userRepository.GetByIdAsync(id);
diff --git a/src/Api/Auth/Controllers/AccountsController.cs b/src/Api/Auth/Controllers/AccountsController.cs
index 621524228a..2134a7fc4e 100644
--- a/src/Api/Auth/Controllers/AccountsController.cs
+++ b/src/Api/Auth/Controllers/AccountsController.cs
@@ -693,7 +693,6 @@ public class AccountsController : Controller
         }
     }
 
-    [RequireFeature(FeatureFlagKeys.NewDeviceVerification)]
     [AllowAnonymous]
     [HttpPost("resend-new-device-otp")]
     public async Task ResendNewDeviceOtpAsync([FromBody] UnauthenticatedSecretVerificationRequestModel request)
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index a27738fd19..3399a729d1 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -115,7 +115,6 @@ public static class FeatureFlagKeys
     public const string TwoFactorExtensionDataPersistence = "pm-9115-two-factor-extension-data-persistence";
     public const string EmailVerification = "email-verification";
     public const string UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh";
-    public const string NewDeviceVerification = "new-device-verification";
     public const string SetInitialPasswordRefactor = "pm-16117-set-initial-password-refactor";
     public const string ChangeExistingPasswordRefactor = "pm-16117-change-existing-password-refactor";
     public const string RecoveryCodeLogin = "pm-17128-recovery-code-login";
diff --git a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
index 36a08326ab..4dc77c4449 100644
--- a/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs
@@ -22,8 +22,7 @@ public class DeviceValidator(
     ICurrentContext currentContext,
     IUserService userService,
     IDistributedCache distributedCache,
-    ILogger<DeviceValidator> logger,
-    IFeatureService featureService) : IDeviceValidator
+    ILogger<DeviceValidator> logger) : IDeviceValidator
 {
     private readonly IDeviceService _deviceService = deviceService;
     private readonly IDeviceRepository _deviceRepository = deviceRepository;
@@ -33,7 +32,6 @@ public class DeviceValidator(
     private readonly IUserService _userService = userService;
     private readonly IDistributedCache distributedCache = distributedCache;
     private readonly ILogger<DeviceValidator> _logger = logger;
-    private readonly IFeatureService _featureService = featureService;
 
     public async Task<bool> ValidateRequestDeviceAsync(ValidatedTokenRequest request, CustomValidatorRequestContext context)
     {
@@ -64,9 +62,7 @@ public class DeviceValidator(
         }
 
         // We have established that the device is unknown at this point; begin new device verification
-        // PM-13340: remove feature flag
-        if (_featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification) &&
-            request.GrantType == "password" &&
+        if (request.GrantType == "password" &&
             request.Raw["AuthRequest"] == null &&
             !context.TwoFactorRequired &&
             !context.SsoRequired &&
diff --git a/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs b/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
index b71dd6c230..9e20e630cd 100644
--- a/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
+++ b/test/Identity.Test/IdentityServer/DeviceValidatorTests.cs
@@ -1,5 +1,4 @@
-using Bit.Core;
-using Bit.Core.Context;
+using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
@@ -28,7 +27,7 @@ public class DeviceValidatorTests
     private readonly IUserService _userService;
     private readonly IDistributedCache _distributedCache;
     private readonly Logger<DeviceValidator> _logger;
-    private readonly IFeatureService _featureService;
+
     private readonly DeviceValidator _sut;
 
     public DeviceValidatorTests()
@@ -41,7 +40,6 @@ public class DeviceValidatorTests
         _userService = Substitute.For<IUserService>();
         _distributedCache = Substitute.For<IDistributedCache>();
         _logger = new Logger<DeviceValidator>(Substitute.For<ILoggerFactory>());
-        _featureService = Substitute.For<IFeatureService>();
         _sut = new DeviceValidator(
             _deviceService,
             _deviceRepository,
@@ -50,8 +48,7 @@ public class DeviceValidatorTests
             _currentContext,
             _userService,
             _distributedCache,
-            _logger,
-            _featureService);
+            _logger);
     }
 
     [Theory, BitAutoData]
@@ -312,8 +309,6 @@ public class DeviceValidatorTests
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification)
-            .Returns(true);
 
         request.GrantType = grantType;
 
@@ -336,8 +331,6 @@ public class DeviceValidatorTests
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification)
-            .Returns(true);
 
         request.Raw.Add("AuthRequest", "authRequest");
 
@@ -360,8 +353,6 @@ public class DeviceValidatorTests
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification)
-            .Returns(true);
 
         context.TwoFactorRequired = true;
 
@@ -384,8 +375,6 @@ public class DeviceValidatorTests
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification)
-            .Returns(true);
 
         context.SsoRequired = true;
 
@@ -404,7 +393,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
 
         context.User = null;
@@ -430,7 +418,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         context.User.VerifyDevices = false;
 
@@ -454,7 +441,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);
         context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromHours(23);
@@ -479,7 +465,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _distributedCache.GetAsync(Arg.Any<string>()).Returns([1]);
 
@@ -503,7 +488,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);
 
@@ -535,7 +519,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);
 
@@ -564,7 +547,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _distributedCache.GetAsync(Arg.Any<string>()).Returns([1]);
         _deviceRepository.GetManyByUserIdAsync(context.User.Id).Returns([]);
@@ -590,7 +572,6 @@ public class DeviceValidatorTests
     {
         // Arrange
         ArrangeForHandleNewDeviceVerificationTest(context, request);
-        _featureService.IsEnabled(FeatureFlagKeys.NewDeviceVerification).Returns(true);
         _globalSettings.EnableNewDeviceVerification = true;
         _deviceRepository.GetManyByUserIdAsync(context.User.Id).Returns([new Device()]);
         _distributedCache.GetAsync(Arg.Any<string>()).Returns(null as byte[]);