diff --git a/.chloggen/exception-message-sensitive.yaml b/.chloggen/exception-message-sensitive.yaml
new file mode 100644
index 0000000000..593578d1e4
--- /dev/null
+++ b/.chloggen/exception-message-sensitive.yaml
@@ -0,0 +1,4 @@
+change_type: enhancement
+component: exception
+note: Indicate that `exception.message` attribute may contain sensitive information.
+issues: [2967, 3310]
diff --git a/docs/exceptions/exceptions-logs.md b/docs/exceptions/exceptions-logs.md
index 6966543ba9..39806978e8 100644
--- a/docs/exceptions/exceptions-logs.md
+++ b/docs/exceptions/exceptions-logs.md
@@ -44,13 +44,19 @@ The table below indicates which attributes should be added to the
| Key | Stability | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Value Type | Description | Example Values |
| --- | --- | --- | --- | --- | --- |
-| [`exception.message`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [1] | string | The exception message. | `Division by zero`; `Can't convert 'int' object to str implicitly` |
-| [`exception.type`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [2] | string | The type of the exception (its fully-qualified class name, if applicable). The dynamic type of the exception should be preferred over the static type in languages that support it. | `java.net.ConnectException`; `OSError` |
+| [`exception.message`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [1] | string | The exception message. [2] | `Division by zero`; `Can't convert 'int' object to str implicitly` |
+| [`exception.type`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [3] | string | The type of the exception (its fully-qualified class name, if applicable). The dynamic type of the exception should be preferred over the static type in languages that support it. | `java.net.ConnectException`; `OSError` |
| [`exception.stacktrace`](/docs/registry/attributes/exception.md) |  | `Recommended` | string | A stacktrace as a string in the natural representation for the language runtime. The representation is to be determined and documented by each language SIG. | `Exception in thread "main" java.lang.RuntimeException: Test exception\n at com.example.GenerateTrace.methodB(GenerateTrace.java:13)\n at com.example.GenerateTrace.methodA(GenerateTrace.java:9)\n at com.example.GenerateTrace.main(GenerateTrace.java:5)` |
**[1] `exception.message`:** Required if `exception.type` is not set, recommended otherwise.
-**[2] `exception.type`:** Required if `exception.message` is not set, recommended otherwise.
+**[2] `exception.message`:**
+
+> [!WARNING]
+>
+> This attribute may contain sensitive information.
+
+**[3] `exception.type`:** Required if `exception.message` is not set, recommended otherwise.
diff --git a/docs/exceptions/exceptions-spans.md b/docs/exceptions/exceptions-spans.md
index d83b212b90..2b1b39c5a7 100644
--- a/docs/exceptions/exceptions-spans.md
+++ b/docs/exceptions/exceptions-spans.md
@@ -33,14 +33,20 @@ This event describes a single exception.
| Key | Stability | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Value Type | Description | Example Values |
| --- | --- | --- | --- | --- | --- |
-| [`exception.message`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [1] | string | The exception message. | `Division by zero`; `Can't convert 'int' object to str implicitly` |
-| [`exception.type`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [2] | string | The type of the exception (its fully-qualified class name, if applicable). The dynamic type of the exception should be preferred over the static type in languages that support it. | `java.net.ConnectException`; `OSError` |
+| [`exception.message`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [1] | string | The exception message. [2] | `Division by zero`; `Can't convert 'int' object to str implicitly` |
+| [`exception.type`](/docs/registry/attributes/exception.md) |  | `Conditionally Required` [3] | string | The type of the exception (its fully-qualified class name, if applicable). The dynamic type of the exception should be preferred over the static type in languages that support it. | `java.net.ConnectException`; `OSError` |
| [`exception.escaped`](/docs/registry/attributes/exception.md) | 
It's no longer recommended to record exceptions that are handled and do not escape the scope of a span. | `Recommended` | boolean | Indicates that the exception is escaping the scope of the span. | |
| [`exception.stacktrace`](/docs/registry/attributes/exception.md) |  | `Recommended` | string | A stacktrace as a string in the natural representation for the language runtime. The representation is to be determined and documented by each language SIG. | `Exception in thread "main" java.lang.RuntimeException: Test exception\n at com.example.GenerateTrace.methodB(GenerateTrace.java:13)\n at com.example.GenerateTrace.methodA(GenerateTrace.java:9)\n at com.example.GenerateTrace.main(GenerateTrace.java:5)` |
**[1] `exception.message`:** Required if `exception.type` is not set, recommended otherwise.
-**[2] `exception.type`:** Required if `exception.message` is not set, recommended otherwise.
+**[2] `exception.message`:**
+
+> [!WARNING]
+>
+> This attribute may contain sensitive information.
+
+**[3] `exception.type`:** Required if `exception.message` is not set, recommended otherwise.
diff --git a/docs/registry/attributes/exception.md b/docs/registry/attributes/exception.md
index 633bab2768..b6629f6240 100644
--- a/docs/registry/attributes/exception.md
+++ b/docs/registry/attributes/exception.md
@@ -14,10 +14,16 @@ This document defines the shared attributes used to report a single exception as
| Key | Stability | Value Type | Description | Example Values |
| --- | --- | --- | --- | --- |
-| `exception.message` |  | string | The exception message. | `Division by zero`; `Can't convert 'int' object to str implicitly` |
+| `exception.message` |  | string | The exception message. [1] | `Division by zero`; `Can't convert 'int' object to str implicitly` |
| `exception.stacktrace` |  | string | A stacktrace as a string in the natural representation for the language runtime. The representation is to be determined and documented by each language SIG. | `Exception in thread "main" java.lang.RuntimeException: Test exception\n at com.example.GenerateTrace.methodB(GenerateTrace.java:13)\n at com.example.GenerateTrace.methodA(GenerateTrace.java:9)\n at com.example.GenerateTrace.main(GenerateTrace.java:5)` |
| `exception.type` |  | string | The type of the exception (its fully-qualified class name, if applicable). The dynamic type of the exception should be preferred over the static type in languages that support it. | `java.net.ConnectException`; `OSError` |
+**[1] `exception.message`:**
+
+> [!WARNING]
+>
+> This attribute may contain sensitive information.
+
## Deprecated Exception Attributes
Deprecated exception attributes.
diff --git a/model/exceptions/registry.yaml b/model/exceptions/registry.yaml
index 7231a394de..cebf6ce34e 100644
--- a/model/exceptions/registry.yaml
+++ b/model/exceptions/registry.yaml
@@ -20,6 +20,10 @@ groups:
brief: The exception message.
examples:
["Division by zero", "Can't convert 'int' object to str implicitly"]
+ note: |
+ > [!WARNING]
+ >
+ > This attribute may contain sensitive information.
- id: exception.stacktrace
type: string
stability: stable