diff --git a/README.md b/README.md
index 9ab625e..c14357c 100644
--- a/README.md
+++ b/README.md
@@ -352,6 +352,8 @@ See:
 
 ## Application-specific hardening
 
+* Enables "`apt-get --error-on=any`" which makes apt exit non-zero for
+ transient failures. — `/etc/apt/apt.conf.d/40error-on-any`.
 * Enables APT seccomp-BPF sandboxing — `/etc/apt/apt.conf.d/40sandbox`.
 * Deactivates previews in Dolphin.
 * Deactivates previews in Nautilus —
diff --git a/etc/apt/apt.conf.d/40error-on-any b/etc/apt/apt.conf.d/40error-on-any
new file mode 100644
index 0000000..e9357e6
--- /dev/null
+++ b/etc/apt/apt.conf.d/40error-on-any
@@ -0,0 +1,9 @@
+## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## Make "sudo apt-get update" exit non-zero for transient failures.
+## Same as "apt-get --error-on=any".
+## https://forums.whonix.org/t/debian-bullseye-apt-get-error-on-any/12068
+## https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594813
+## https://salsa.debian.org/apt-team/apt/-/commit/c7123bea6a8dc2c9e327ce41ddfc25e29f1bb145
+APT::Update::Error-Mode any;