diff --git a/samples/boards/nordic/nrf_ironside/update/src/main.c b/samples/boards/nordic/nrf_ironside/update/src/main.c
index 29d058ca139cd..ee8823217de24 100644
--- a/samples/boards/nordic/nrf_ironside/update/src/main.c
+++ b/samples/boards/nordic/nrf_ironside/update/src/main.c
@@ -10,6 +10,9 @@
 
 LOG_MODULE_REGISTER(app, LOG_LEVEL_INF);
 
+BUILD_ASSERT(CONFIG_UPDATE_BLOB_ADDRESS >= IRONSIDE_UPDATE_MIN_ADDRESS);
+BUILD_ASSERT(CONFIG_UPDATE_BLOB_ADDRESS <= IRONSIDE_UPDATE_MAX_ADDRESS);
+
 int main(void)
 {
 	int err;
diff --git a/soc/nordic/ironside/include/nrf_ironside/update.h b/soc/nordic/ironside/include/nrf_ironside/update.h
index b01b5df6dadb1..6e520e4e680b8 100644
--- a/soc/nordic/ironside/include/nrf_ironside/update.h
+++ b/soc/nordic/ironside/include/nrf_ironside/update.h
@@ -18,11 +18,27 @@
 #define IRONSIDE_UPDATE_ERROR_NOT_PERMITTED     (1)
 /** Failed to write the update metadata to SICR. */
 #define IRONSIDE_UPDATE_ERROR_SICR_WRITE_FAILED (2)
+/** Update candidate is placed outside of valid range */
+#define IRONSIDE_UPDATE_ERROR_INVALID_ADDRESS (3)
 
 /**
  * @}
  */
 
+/** Size of the update blob */
+#ifdef CONFIG_SOC_SERIES_NRF54HX
+#define IRONSIDE_UPDATE_BLOB_SIZE (160 * 1024)
+#elif CONFIG_SOC_SERIES_NRF92X
+#define IRONSIDE_UPDATE_BLOB_SIZE (160 * 1024)
+#else
+#error "Missing update blob size"
+#endif
+
+/** Min address used for storing the update candidate */
+#define IRONSIDE_UPDATE_MIN_ADDRESS (0x0e100000)
+/** Max address used for storing the update candidate */
+#define IRONSIDE_UPDATE_MAX_ADDRESS (0x0e200000 - IRONSIDE_UPDATE_BLOB_SIZE)
+
 /** Length of the update manifest in bytes */
 #define IRONSIDE_UPDATE_MANIFEST_LENGTH  (256)
 /** Length of the update public key in bytes. */
@@ -62,6 +78,8 @@ struct ironside_update_blob {
  * @param update Pointer to update blob
  *
  * @retval 0 on a successful request (although the update itself may still fail).
+ * @retval -IRONSIDE_UPDATE_ERROR_INVALID_ADDRESS if the address of the update is outside of the
+ *          accepted range.
  * @retval -IRONSIDE_UPDATE_ERROR_NOT_PERMITTED if missing access to the update candidate.
  * @retval -IRONSIDE_UPDATE_ERROR_SICR_WRITE_FAILED if writing update parameters to SICR failed.
  * @retval Positive error status if reported by IronSide call (see error codes in @ref call.h).
diff --git a/soc/nordic/ironside/update.c b/soc/nordic/ironside/update.c
index a56407a3fa149..fabf6fb010490 100644
--- a/soc/nordic/ironside/update.c
+++ b/soc/nordic/ironside/update.c
@@ -11,6 +11,11 @@ int ironside_update(const struct ironside_update_blob *update)
 	int err;
 	struct ironside_call_buf *const buf = ironside_call_alloc();
 
+	if ((uintptr_t)update < IRONSIDE_UPDATE_MIN_ADDRESS ||
+	    (uintptr_t)update > IRONSIDE_UPDATE_MAX_ADDRESS) {
+		return -IRONSIDE_UPDATE_ERROR_INVALID_ADDRESS;
+	}
+
 	buf->id = IRONSIDE_CALL_ID_UPDATE_SERVICE_V0;
 	buf->args[IRONSIDE_UPDATE_SERVICE_UPDATE_PTR_IDX] = (uintptr_t)update;