diff --git a/api/v1beta1/gcpmachine_types.go b/api/v1beta1/gcpmachine_types.go
index c130ee8cc..b631167d0 100644
--- a/api/v1beta1/gcpmachine_types.go
+++ b/api/v1beta1/gcpmachine_types.go
@@ -365,6 +365,13 @@ type GCPMachineSpec struct {
 	// attached to the instance.
 	// +optional
 	GuestAccelerators []Accelerator `json:"guestAccelerators,omitempty"`
+
+	// EnableNestedVirtualization specifies whether to enable nested virtualization or not
+	// (default is false). Nested virtualization allows VMs to run inside other VMs.
+	// Note: Requires at minimum "Intel Haswell" CPU platform.
+	// This field cannot be changed after instance creation.
+	// +optional
+	EnableNestedVirtualization *bool `json:"enableNestedVirtualization,omitempty"`
 }
 
 // Accelerator is a specification of the type and number of accelerator
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
index ba6efce6a..cdd1de8ae 100644
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -529,6 +529,11 @@ func (in *GCPMachineSpec) DeepCopyInto(out *GCPMachineSpec) {
 		*out = make([]Accelerator, len(*in))
 		copy(*out, *in)
 	}
+	if in.EnableNestedVirtualization != nil {
+		in, out := &in.EnableNestedVirtualization, &out.EnableNestedVirtualization
+		*out = new(bool)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPMachineSpec.
diff --git a/cloud/scope/machine.go b/cloud/scope/machine.go
index 8173728f2..1066c8d7e 100644
--- a/cloud/scope/machine.go
+++ b/cloud/scope/machine.go
@@ -493,6 +493,12 @@ func (m *MachineScope) InstanceSpec(log logr.Logger) *compute.Instance {
 		instance.Scheduling.OnHostMaintenance = "TERMINATE"
 	}
 
+	if m.GCPMachine.Spec.EnableNestedVirtualization != nil && *m.GCPMachine.Spec.EnableNestedVirtualization {
+		instance.AdvancedMachineFeatures = &compute.AdvancedMachineFeatures{
+			EnableNestedVirtualization: true,
+		}
+	}
+
 	return instance
 }
 
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml
index a63d7305d..23b8cfa1a 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml
@@ -208,6 +208,13 @@ spec:
                 - AMDEncryptedVirtualizationNestedPaging
                 - IntelTrustedDomainExtensions
                 type: string
+              enableNestedVirtualization:
+                description: |-
+                  EnableNestedVirtualization specifies whether to enable nested virtualization or not
+                  (default is false). Nested virtualization allows VMs to run inside other VMs.
+                  Note: Requires at minimum "Intel Haswell" CPU platform.
+                  This field cannot be changed after instance creation.
+                type: boolean
               guestAccelerators:
                 description: |-
                   GuestAccelerators is a list of the type and count of accelerator cards
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml
index 2a1ac321b..161f07bba 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml
@@ -223,6 +223,13 @@ spec:
                         - AMDEncryptedVirtualizationNestedPaging
                         - IntelTrustedDomainExtensions
                         type: string
+                      enableNestedVirtualization:
+                        description: |-
+                          EnableNestedVirtualization specifies whether to enable nested virtualization or not
+                          (default is false). Nested virtualization allows VMs to run inside other VMs.
+                          Note: Requires at minimum "Intel Haswell" CPU platform.
+                          This field cannot be changed after instance creation.
+                        type: boolean
                       guestAccelerators:
                         description: |-
                           GuestAccelerators is a list of the type and count of accelerator cards
diff --git a/docs/book/src/SUMMARY.md b/docs/book/src/SUMMARY.md
index 7b728ef22..db3e4485c 100644
--- a/docs/book/src/SUMMARY.md
+++ b/docs/book/src/SUMMARY.md
@@ -19,6 +19,7 @@
     - [Conformance](./topics/conformance.md)
     - [Machine Locations](./topics/machine-locations.md)
     - [Preemptible VMs](./topics/preemptible-vms.md)
+    - [Nested Virtualization](./topics/nested-virtualization.md)
 - [Developer Guide](./developers/index.md)
     - [Development](./developers/development.md)
     - [Try unreleased changes with Nightly Builds](./developers/nightlies.md)
diff --git a/docs/book/src/topics/nested-virtualization.md b/docs/book/src/topics/nested-virtualization.md
new file mode 100644
index 000000000..d0ab839b4
--- /dev/null
+++ b/docs/book/src/topics/nested-virtualization.md
@@ -0,0 +1,21 @@
+# Nested Virtualization
+
+Enable nested virtualization to run VMs inside GCE instances via the `enableNestedVirtualization` field. This allows running container sandboxes, KVM, QEMU, or other hypervisors inside the instance. Requires Intel Haswell or later CPU platforms.
+
+```yaml
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: GCPMachineTemplate
+metadata:
+  name: mygcpmachinetemplate
+  namespace: mynamespace
+spec:
+  template:
+    spec:
+      instanceType: n2-standard-8
+      enableNestedVirtualization: true
+```
+
+https://cloud.google.com/compute/docs/instances/nested-virtualization/overview
+
+NOTE: Nested virtualization must be enabled at instance creation time and cannot be changed after the instance is created.
\ No newline at end of file