diff --git a/src/Api/Controllers/EmergencyAccessController.cs b/src/Api/Controllers/EmergencyAccessController.cs
index eef3f2a5b5..d28fe3b788 100644
--- a/src/Api/Controllers/EmergencyAccessController.cs
+++ b/src/Api/Controllers/EmergencyAccessController.cs
@@ -85,8 +85,8 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            var userId = _userService.GetProperUserId(User);
-            await _emergencyAccessService.SaveAsync(model.ToEmergencyAccess(emergencyAccess), userId.Value);
+            var user = await _userService.GetUserByPrincipalAsync(User);
+            await _emergencyAccessService.SaveAsync(model.ToEmergencyAccess(emergencyAccess), user);
         }
 
         [HttpDelete("{id}")]
diff --git a/src/Core/Services/IEmergencyAccessService.cs b/src/Core/Services/IEmergencyAccessService.cs
index fe37f42777..4dcf7f2688 100644
--- a/src/Core/Services/IEmergencyAccessService.cs
+++ b/src/Core/Services/IEmergencyAccessService.cs
@@ -15,7 +15,7 @@ namespace Bit.Core.Services
         Task DeleteAsync(Guid emergencyAccessId, Guid grantorId);
         Task<EmergencyAccess> ConfirmUserAsync(Guid emergencyAccessId, string key, Guid grantorId);
         Task<EmergencyAccessDetails> GetAsync(Guid emergencyAccessId, Guid userId);
-        Task SaveAsync(EmergencyAccess emergencyAccess, Guid savingUserId);
+        Task SaveAsync(EmergencyAccess emergencyAccess, User savingUser);
         Task InitiateAsync(Guid id, User initiatingUser);
         Task ApproveAsync(Guid id, User approvingUser);
         Task RejectAsync(Guid id, User rejectingUser);
diff --git a/src/Core/Services/Implementations/EmergencyAccessService.cs b/src/Core/Services/Implementations/EmergencyAccessService.cs
index 2b9aa2ff14..844ad00071 100644
--- a/src/Core/Services/Implementations/EmergencyAccessService.cs
+++ b/src/Core/Services/Implementations/EmergencyAccessService.cs
@@ -189,9 +189,14 @@ namespace Bit.Core.Services
             return emergencyAccess;
         }
 
-        public async Task SaveAsync(EmergencyAccess emergencyAccess, Guid savingUserId)
+        public async Task SaveAsync(EmergencyAccess emergencyAccess, User savingUser)
         {
-            if (emergencyAccess.GrantorId != savingUserId)
+            if (!await _userService.CanAccessPremium(savingUser))
+            {
+                throw new BadRequestException("Not a premium user.");
+            }
+
+            if (emergencyAccess.GrantorId != savingUser.Id)
             {
                 throw new BadRequestException("Emergency Access not valid.");
             }
diff --git a/test/Core.Test/Services/EmergencyAccessServiceTests.cs b/test/Core.Test/Services/EmergencyAccessServiceTests.cs
index aed79cc171..f9319e7634 100644
--- a/test/Core.Test/Services/EmergencyAccessServiceTests.cs
+++ b/test/Core.Test/Services/EmergencyAccessServiceTests.cs
@@ -15,6 +15,26 @@ namespace Bit.Core.Test.Services
 {
     public class EmergencyAccessServiceTests
     {
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveAsync_PremiumCannotUpdate(
+            SutProvider<EmergencyAccessService> sutProvider, User savingUser)
+        {
+            savingUser.Premium = false;
+            var emergencyAccess = new EmergencyAccess
+            {
+                Type = Enums.EmergencyAccessType.Takeover,
+                GrantorId = savingUser.Id,
+            };
+
+            sutProvider.GetDependency<IUserService>().GetUserByIdAsync(savingUser.Id).Returns(savingUser);
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
+
+            Assert.Contains("Not a premium user.", exception.Message);
+            await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);
+        }
+
         [Theory, CustomAutoData(typeof(SutProviderCustomization))]
         public async Task InviteAsync_UserWithKeyConnectorCannotUseTakeover(
             SutProvider<EmergencyAccessService> sutProvider, User invitingUser, string email, int waitTime)
@@ -62,10 +82,12 @@ namespace Bit.Core.Test.Services
                 GrantorId = savingUser.Id,
             };
 
-            sutProvider.GetDependency<IUserService>().GetUserByIdAsync(savingUser.Id).Returns(savingUser);
+            var userService = sutProvider.GetDependency<IUserService>();
+            userService.GetUserByIdAsync(savingUser.Id).Returns(savingUser);
+            userService.CanAccessPremium(savingUser).Returns(true);
 
             var exception = await Assert.ThrowsAsync<BadRequestException>(
-                () => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser.Id));
+                () => sutProvider.Sut.SaveAsync(emergencyAccess, savingUser));
 
             Assert.Contains("You cannot use Emergency Access Takeover because you are using Key Connector", exception.Message);
             await sutProvider.GetDependency<IEmergencyAccessRepository>().DidNotReceiveWithAnyArgs().ReplaceAsync(default);