diff --git a/src/iam/router.py b/src/iam/router.py
index fa35345..eae329f 100644
--- a/src/iam/router.py
+++ b/src/iam/router.py
@@ -25,7 +25,11 @@ from src.iam.exceptions import GroupNotFoundException
 from src.organisation.exceptions import OrgNotFoundException
 from src.schemas import GroupSummary, OrgSummary, ResourceName
 from src.service.exceptions import ServiceNotFoundException
-from src.exceptions import ConflictException, ForbiddenException
+from src.exceptions import (
+	ConflictException,
+	ForbiddenException,
+	UnprocessableContentException,
+)
 from src.database import db_dependency
 from src.auth.service import claims_dependency
 from src.auth.dependencies import (
@@ -400,6 +404,9 @@ async def remove_group_permission(
 	if group_model.org_id != org_model.id:
 		raise ForbiddenException("Group does not belong to this organization")
 
+	if perm_model not in group_model.permission_rel:
+		raise UnprocessableContentException("Permission not granted to group")
+
 	group_model.permission_rel.remove(perm_model)
 	db.flush()
 	response = IAMDeleteGroupPermissionResponse(