diff --git a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
index 0d72c297..bbe33cbc 100644
--- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
+++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
@@ -44,7 +44,7 @@ public class AnnotationController : ControllerBase
 
     [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpPost]
-    public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation psPdfKitAnnotation, CancellationToken cancel = default)
+    public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
     {
         // get claims
         var signature = User.GetAuthReceiverSignature();
@@ -56,6 +56,12 @@ public class AnnotationController : ControllerBase
             return Unauthorized("User authentication is incomplete. Missing required claims for processing this request.");
         }
 
+        // check if non read-and-confirm envelope is signed without annotation
+        var er = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound);
+
+        if (!er.Envelope!.ReadOnly && psPdfKitAnnotation is null)
+            return BadRequest();
+
         // Again check if receiver has already signed
         if (await _mediator.IsSignedAsync(uuid, signature, cancel))
             return Problem(statusCode: 409);