diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt
index cfd3a4b9f0..44007e2c28 100644
--- a/ChangeLog.d/8647.txt
+++ b/ChangeLog.d/8647.txt
@@ -1,7 +1,10 @@
 Default behavior changes
-   * Importing of RSA keys in PEM format in PSA is officially unsupported
-     (this was previously undocumented).
+   * psa_import_key() now only accepts RSA keys in the PSA standard formats.
+     The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
+     PEM) accepted by the pkparse module has been removed. Applications that
+     need these format can call mbedtls_pk_parse_{public,}key() followed by
+     mbedtls_pk_import_into_psa().
 
-Features
-   * It is possible to enable RSA support in PSA (MBEDTLS_PSA_CRYPTO_C +
-     RSA_C) without enabling PK module (MBEDTLS_[PK|PK_WRITE|PK_PARSE]_C).
+Changes
+   * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules,
+     saving code size when those are not otherwise enabled.