diff --git a/EVENT.md b/EVENT.md
index fba48e1735..2b607f26ce 100644
--- a/EVENT.md
+++ b/EVENT.md
@@ -217,8 +217,8 @@ Policy](https://w3c.github.io/webappsec-permissions-policy/):
 </iframe>
 ```
 
-The API will be enabled by default in the top-level context and in same-origin
-children. Any script running in these contexts can declare a source with any
+The API will be disabled by default so that web site authors can turn it on only for pages
+where it presents an acceptable level of risk. Any script running in these contexts can declare a source with any
 reporting origin. Publishers who wish to explicitly disable the API for all
 parties can do so via an [HTTP
 header](https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field).