diff --git a/README.md b/README.md
index f48e435a..c658e092 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,12 @@ You can learn more about it in [the specification](http://bsonspec.org).
 
 ### Release Integrity
 
+Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
+
+```shell
+gpg --import node-driver.asc
+```
+
 The GitHub release contains a detached signature file for the NPM package (named
 `bson-X.Y.Z.tgz.sig`).
 
@@ -29,6 +35,8 @@ To verify the integrity of the downloaded package, run the following command:
 gpg --verify bson-X.Y.Z.tgz.sig bson-X.Y.Z.tgz
 ```
 
+>[!Note]
+No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical.
 
 ## Bugs / Feature Requests