diff --git a/deny.toml b/deny.toml
index 00734e397..1837a5f3e 100644
--- a/deny.toml
+++ b/deny.toml
@@ -24,38 +24,38 @@ allow = [
   "Zlib",
 ]
 
-[[exceptions]]
+[[licenses.clarify]]
+crate = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[[licenses.exceptions]]
 allow = ["BUSL-1.1"]
 crate = "surrealdb"
 
-[[exceptions]]
+[[licenses.exceptions]]
 allow = ["BUSL-1.1"]
 crate = "surrealdb-core"
 
-[[exceptions]]
+[[licenses.exceptions]]
 allow = ["OpenSSL"]
 crate = "ring"
 
-[[exceptions]]
+[[licenses.exceptions]]
 allow = ["Unicode-DFS-2016"]
 crate = "unicode-ident"
 
-[[exceptions]]
+[[licenses.exceptions]]
 allow = ["W3C-20150513", "CC-BY-SA-3.0"]
 crate = "ssi-contexts"
 
-[[licenses.clarify]]
-crate = "ring"
-# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
-# https://spdx.org/licenses/OpenSSL.html
-# ISC - Both BoringSSL and ring use this for their new files
-# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
-# license, for third_party/fiat, which, unlike other third_party directories, is
-# compiled into non-test libraries, is included below."
-# OpenSSL - Obviously
-expression = "ISC AND MIT AND OpenSSL"
-license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
-
 [advisories]
 version = 2
 ignore = [