diff --git a/issuance/issuer.go b/issuance/issuer.go
index bebb6093cf6..1c8b7ed1fa1 100644
--- a/issuance/issuer.go
+++ b/issuance/issuer.go
@@ -148,6 +148,11 @@ type IssuerConfig struct {
 	// The selection of which pool depends on the precertificate's key algorithm.
 	Active bool
 
+	// Profiles is the list of profiles for which this issuer is willing to issue.
+	// For the moment, this does nothing, and exists only for deployability.
+	// TODO(#8390): Make this field required for active issuers.
+	Profiles []string `validate:"omitempty,dive,alphanum,min=1,max=32"`
+
 	IssuerURL  string `validate:"required,url"`
 	CRLURLBase string `validate:"required,url,startswith=http://,endswith=/"`
 
diff --git a/test/config-next/ca.json b/test/config-next/ca.json
index 4ae243721c3..df07e7bec6d 100644
--- a/test/config-next/ca.json
+++ b/test/config-next/ca.json
@@ -100,6 +100,9 @@
 			"issuers": [
 				{
 					"active": true,
+					"profiles": [
+						"legacy"
+					],
 					"crlShards": 10,
 					"issuerURL": "http://ca.example.org:4502/int-ecdsa-a",
 					"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/43104258997432926/",
@@ -111,6 +114,11 @@
 				},
 				{
 					"active": true,
+					"profiles": [
+						"legacy",
+						"modern",
+						"shortlived"
+					],
 					"crlShards": 10,
 					"issuerURL": "http://ca.example.org:4502/int-ecdsa-b",
 					"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/17302365692836921/",
@@ -133,6 +141,9 @@
 				},
 				{
 					"active": true,
+					"profiles": [
+						"legacy"
+					],
 					"crlShards": 10,
 					"issuerURL": "http://ca.example.org:4502/int-rsa-a",
 					"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/29947985078257530/",
@@ -144,6 +155,11 @@
 				},
 				{
 					"active": true,
+					"profiles": [
+						"legacy",
+						"modern",
+						"shortlived"
+					],
 					"crlShards": 10,
 					"issuerURL": "http://ca.example.org:4502/int-rsa-b",
 					"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/6762885421992935/",