diff --git a/lib/private/Security/Signature/SignatureManager.php b/lib/private/Security/Signature/SignatureManager.php
index fa52bbfaa7c21..91a06e29b4a82 100644
--- a/lib/private/Security/Signature/SignatureManager.php
+++ b/lib/private/Security/Signature/SignatureManager.php
@@ -142,7 +142,7 @@ private function confirmIncomingRequestSignature(
 			if ($ttlSignatory > 0 && $knownSignatory->getLastUpdated() < (time() - $ttlSignatory)) {
 				$signatory = $this->getSaneRemoteSignatory($signatoryManager, $signedRequest);
 				$this->updateSignatoryMetadata($signatory);
-				$knownSignatory->setMetadata($signatory->getMetadata());
+				$knownSignatory->setMetadata($signatory->getMetadata() ?? []);
 			}
 
 			$signedRequest->setSignatory($knownSignatory);
@@ -353,6 +353,7 @@ private function insertSignatory(Signatory $signatory): void {
 		$time = time();
 		$signatory->setCreation($time);
 		$signatory->setLastUpdated($time);
+		$signatory->setMetadata($signatory->getMetadata() ?? []); // trigger insert on field metadata using current or default value
 		$this->mapper->insert($signatory);
 	}
 
diff --git a/lib/unstable/Security/Signature/Model/Signatory.php b/lib/unstable/Security/Signature/Model/Signatory.php
index d42be9c4544c1..c3a275082ae35 100644
--- a/lib/unstable/Security/Signature/Model/Signatory.php
+++ b/lib/unstable/Security/Signature/Model/Signatory.php
@@ -42,7 +42,7 @@
  * @method void setAccount(string $account)
  * @method string getAccount()
  * @method void setMetadata(array $metadata)
- * @method array getMetadata()
+ * @method ?array getMetadata()
  * @method void setCreation(int $creation)
  * @method int getCreation()
  * @method void setLastUpdated(int $creation)
@@ -59,7 +59,7 @@ class Signatory extends Entity implements JsonSerializable {
 	protected string $account = '';
 	protected int $type = 9;
 	protected int $status = 1;
-	protected array $metadata = [];
+	protected ?array $metadata = null;
 	protected int $creation = 0;
 	protected int $lastUpdated = 0;