diff --git a/internal/webhook/nodereadinessgaterule_webhook.go b/internal/webhook/nodereadinessgaterule_webhook.go
index 4481f82..564ebaf 100644
--- a/internal/webhook/nodereadinessgaterule_webhook.go
+++ b/internal/webhook/nodereadinessgaterule_webhook.go
@@ -80,9 +80,12 @@ func (w *NodeReadinessRuleWebhook) validateTaintConflicts(ctx context.Context, r
 	// List all existing rules
 	ruleList := &readinessv1alpha1.NodeReadinessRuleList{}
 	if err := w.List(ctx, ruleList); err != nil {
-		// If we can't list rules, allow the operation but log the issue
-		ctrl.Log.Error(err, "Failed to list rules for conflict validation")
-		return allErrs
+		// Fail closed: if we can't list rules, we cannot safely validate
+		// for conflicts. Reject the request so the client can retry.
+		return append(allErrs, field.InternalError(
+			field.NewPath("spec", "taint", "key"),
+			fmt.Errorf("unable to validate taint conflicts, please retry: %w", err),
+		))
 	}
 
 	taintField := field.NewPath("spec", "taint", "key")