diff --git a/bazel/api_build_system.bzl b/bazel/api_build_system.bzl
index e9119b32..c0269d16 100644
--- a/bazel/api_build_system.bzl
+++ b/bazel/api_build_system.bzl
@@ -80,6 +80,10 @@ def py_proto_library(name, deps = [], plugin = None):
     if name == "annotations_py_proto":
         proto_deps = proto_deps + [":http_py_proto"]
 
+    # checked.proto depends on syntax.proto, we have to add this dependency manually as well.
+    if name == "checked_py_proto":
+        proto_deps = proto_deps + [":syntax_py_proto"]
+
     # py_proto_library does not support plugin as an argument yet at gRPC v1.25.0:
     # https://github.com/grpc/grpc/blob/v1.25.0/bazel/python_rules.bzl#L72.
     # plugin should also be passed in here when gRPC version is greater than v1.25.x.
@@ -172,13 +176,16 @@ def api_proto_package(
     if has_services:
         compilers = ["@io_bazel_rules_go//proto:go_grpc", "@envoy_api//bazel:pgv_plugin_go"]
 
+    # Because RBAC proro depends on googleapis syntax.proto and checked.proto,
+    # which share the same go proto library, it causes duplicative dependencies.
+    # Thus, we use depset().to_list() to remove duplicated depenencies.
     go_proto_library(
         name = name + _GO_PROTO_SUFFIX,
         compilers = compilers,
         importpath = _GO_IMPORTPATH_PREFIX + native.package_name(),
         proto = name,
         visibility = ["//visibility:public"],
-        deps = [_go_proto_mapping(dep) for dep in deps] + [
+        deps = depset([_go_proto_mapping(dep) for dep in deps] + [
             "@com_github_golang_protobuf//ptypes:go_default_library",
             "@com_github_golang_protobuf//ptypes/any:go_default_library",
             "@com_github_golang_protobuf//ptypes/duration:go_default_library",
@@ -188,5 +195,5 @@ def api_proto_package(
             "@com_envoyproxy_protoc_gen_validate//validate:go_default_library",
             "@com_google_googleapis//google/api:annotations_go_proto",
             "@com_google_googleapis//google/rpc:status_go_proto",
-        ],
+        ]).to_list(),
     )
diff --git a/bazel/external_proto_deps.bzl b/bazel/external_proto_deps.bzl
index 514093ab..659c7a72 100644
--- a/bazel/external_proto_deps.bzl
+++ b/bazel/external_proto_deps.bzl
@@ -9,6 +9,7 @@
 # external dependencies. Since BUILD files are generated, this is the canonical
 # place to define this mapping.
 EXTERNAL_PROTO_IMPORT_BAZEL_DEP_MAP = {
+    "google/api/expr/v1alpha1/checked.proto": "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto",
     "google/api/expr/v1alpha1/syntax.proto": "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto",
     "metrics.proto": "@prometheus_metrics_model//:client_model",
     "opencensus/proto/trace/v1/trace.proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_proto",
@@ -17,6 +18,7 @@ EXTERNAL_PROTO_IMPORT_BAZEL_DEP_MAP = {
 
 # This maps from the Bazel proto_library target to the Go language binding target for external dependencies.
 EXTERNAL_PROTO_GO_BAZEL_DEP_MAP = {
+    "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto": "@com_google_googleapis//google/api/expr/v1alpha1:expr_go_proto",
     "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto": "@com_google_googleapis//google/api/expr/v1alpha1:expr_go_proto",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_proto_go",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_and_config_proto_go",
@@ -24,6 +26,7 @@ EXTERNAL_PROTO_GO_BAZEL_DEP_MAP = {
 
 # This maps from the Bazel proto_library target to the C++ language binding target for external dependencies.
 EXTERNAL_PROTO_CC_BAZEL_DEP_MAP = {
+    "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto": "@com_google_googleapis//google/api/expr/v1alpha1:checked_cc_proto",
     "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto": "@com_google_googleapis//google/api/expr/v1alpha1:syntax_cc_proto",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_proto_cc",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto_cc",
@@ -31,6 +34,7 @@ EXTERNAL_PROTO_CC_BAZEL_DEP_MAP = {
 
 # This maps from the Bazel proto_library target to the Python language binding target for external dependencies.
 EXTERNAL_PROTO_PY_BAZEL_DEP_MAP = {
+    "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto": "@com_google_googleapis//google/api/expr/v1alpha1:checked_py_proto",
     "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto": "@com_google_googleapis//google/api/expr/v1alpha1:syntax_py_proto",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_proto_py",
     "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto": "@opencensus_proto//opencensus/proto/trace/v1:trace_config_proto_py",
diff --git a/envoy/config/rbac/v3/BUILD b/envoy/config/rbac/v3/BUILD
index bef4331a..ce88bd5e 100644
--- a/envoy/config/rbac/v3/BUILD
+++ b/envoy/config/rbac/v3/BUILD
@@ -11,6 +11,7 @@ api_proto_package(
         "//envoy/config/route/v3:pkg",
         "//envoy/type/matcher/v3:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto",
         "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto",
     ],
 )
diff --git a/envoy/config/rbac/v3/rbac.proto b/envoy/config/rbac/v3/rbac.proto
index 040f537d..10520b1b 100644
--- a/envoy/config/rbac/v3/rbac.proto
+++ b/envoy/config/rbac/v3/rbac.proto
@@ -8,8 +8,10 @@ import "envoy/type/matcher/v3/metadata.proto";
 import "envoy/type/matcher/v3/path.proto";
 import "envoy/type/matcher/v3/string.proto";
 
+import "google/api/expr/v1alpha1/checked.proto";
 import "google/api/expr/v1alpha1/syntax.proto";
 
+import "udpa/annotations/migrate.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@@ -104,7 +106,15 @@ message Policy {
   // An optional symbolic expression specifying an access control
   // :ref:`condition <arch_overview_condition>`. The condition is combined
   // with the permissions and the principals as a clause with AND semantics.
-  google.api.expr.v1alpha1.Expr condition = 3;
+  // Only be used when checked_condition is not used.
+  google.api.expr.v1alpha1.Expr condition = 3
+      [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"];
+
+  // [#not-implemented-hide:]
+  // An optional symbolic expression that has been successfully type checked.
+  // Only be used when condition is not used.
+  google.api.expr.v1alpha1.CheckedExpr checked_condition = 4
+      [(udpa.annotations.field_migrate).oneof_promotion = "expression_specifier"];
 }
 
 // Permission defines an action (or actions) that a principal can take.
diff --git a/envoy/config/rbac/v4alpha/BUILD b/envoy/config/rbac/v4alpha/BUILD
index f0707bae..be78d751 100644
--- a/envoy/config/rbac/v4alpha/BUILD
+++ b/envoy/config/rbac/v4alpha/BUILD
@@ -11,6 +11,7 @@ api_proto_package(
         "//envoy/config/route/v4alpha:pkg",
         "//envoy/type/matcher/v4alpha:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_google_googleapis//google/api/expr/v1alpha1:checked_proto",
         "@com_google_googleapis//google/api/expr/v1alpha1:syntax_proto",
     ],
 )
diff --git a/envoy/config/rbac/v4alpha/rbac.proto b/envoy/config/rbac/v4alpha/rbac.proto
index 3ca9f7f0..11b69b16 100644
--- a/envoy/config/rbac/v4alpha/rbac.proto
+++ b/envoy/config/rbac/v4alpha/rbac.proto
@@ -8,6 +8,7 @@ import "envoy/type/matcher/v4alpha/metadata.proto";
 import "envoy/type/matcher/v4alpha/path.proto";
 import "envoy/type/matcher/v4alpha/string.proto";
 
+import "google/api/expr/v1alpha1/checked.proto";
 import "google/api/expr/v1alpha1/syntax.proto";
 
 import "udpa/annotations/status.proto";
@@ -101,10 +102,18 @@ message Policy {
   // Principal with the `any` field set to true should be used.
   repeated Principal principals = 2 [(validate.rules).repeated = {min_items: 1}];
 
-  // An optional symbolic expression specifying an access control
-  // :ref:`condition <arch_overview_condition>`. The condition is combined
-  // with the permissions and the principals as a clause with AND semantics.
-  google.api.expr.v1alpha1.Expr condition = 3;
+  oneof expression_specifier {
+    // An optional symbolic expression specifying an access control
+    // :ref:`condition <arch_overview_condition>`. The condition is combined
+    // with the permissions and the principals as a clause with AND semantics.
+    // Only be used when checked_condition is not used.
+    google.api.expr.v1alpha1.Expr condition = 3;
+
+    // [#not-implemented-hide:]
+    // An optional symbolic expression that has been successfully type checked.
+    // Only be used when condition is not used.
+    google.api.expr.v1alpha1.CheckedExpr checked_condition = 4;
+  }
 }
 
 // Permission defines an action (or actions) that a principal can take.