diff --git a/api/metadata_pg.py b/api/metadata_pg.py
index 97920d7..a3f94ad 100644
--- a/api/metadata_pg.py
+++ b/api/metadata_pg.py
@@ -1486,8 +1486,6 @@ def update_equipment_pg(
     payload: dict[str, Any],
     user: PlatformUser,
 ) -> dict[str, Any]:
-    _ensure_role_can_register(user)
-
     domain_id = _slugify(domain_id, "equipment")
     conn = get_pg_connection()
     try:
diff --git a/api/tests/test_phase3_security.py b/api/tests/test_phase3_security.py
index 05e1041..a3223ca 100644
--- a/api/tests/test_phase3_security.py
+++ b/api/tests/test_phase3_security.py
@@ -17,6 +17,7 @@
     sys.path.insert(0, str(API_DIR))
 
 import main
+import metadata_pg
 from routers import admin, dataset_v2, equipment, upload
 
 
@@ -384,6 +385,98 @@ def test_equipment_registration_uses_authenticated_owner_context(self):
         )
         self.assertEqual(write_config_snapshot.call_count, 0)
 
+    def test_trusted_maintainer_can_edit_equipment_with_researcher_role(self):
+        connection = FakeConnection(
+            [
+                {
+                    "contains": "FROM equipment_metadata",
+                    "fetchone": {
+                        "domain_id": "etcher_01",
+                        "equipment_name": "Etcher",
+                        "owner_id": "owner-1",
+                        "owner_org": "Birck",
+                        "status": "approved",
+                        "config_json": {},
+                    },
+                },
+                {
+                    "contains": "FROM equipment_access",
+                    "fetchone": {"allowed": 1},
+                },
+            ]
+        )
+        researcher = metadata_pg.PlatformUser(
+            id="researcher-1",
+            email="researcher@example.com",
+            name="Researcher",
+            role="researcher",
+            organization="Birck",
+        )
+
+        with patch.object(
+            metadata_pg,
+            "get_pg_connection",
+            return_value=connection,
+        ), patch.object(
+            metadata_pg,
+            "build_domain_config",
+            return_value={},
+        ):
+            result = metadata_pg.update_equipment_pg(
+                domain_id="etcher_01",
+                payload={"name": "Etcher"},
+                user=researcher,
+            )
+
+        self.assertEqual(result["status"], "approved")
+        self.assertFalse(result["changed"])
+        self.assertTrue(connection.closed)
+
+    def test_untrusted_researcher_cannot_edit_equipment(self):
+        connection = FakeConnection(
+            [
+                {
+                    "contains": "FROM equipment_metadata",
+                    "fetchone": {
+                        "domain_id": "etcher_01",
+                        "equipment_name": "Etcher",
+                        "owner_id": "owner-1",
+                        "owner_org": "Birck",
+                        "status": "approved",
+                        "config_json": {},
+                    },
+                },
+                {
+                    "contains": "FROM equipment_access",
+                    "fetchone": None,
+                },
+            ]
+        )
+        researcher = metadata_pg.PlatformUser(
+            id="researcher-1",
+            email="researcher@example.com",
+            name="Researcher",
+            role="researcher",
+            organization="Birck",
+        )
+
+        with patch.object(
+            metadata_pg,
+            "get_pg_connection",
+            return_value=connection,
+        ):
+            with self.assertRaisesRegex(
+                PermissionError,
+                "trusted maintainer",
+            ):
+                metadata_pg.update_equipment_pg(
+                    domain_id="etcher_01",
+                    payload={"name": "Etcher"},
+                    user=researcher,
+                )
+
+        self.assertTrue(connection.closed)
+
     def test_experiment_creation_flow_uses_postgres_helpers(self):
         with patch.object(
             equipment,