diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt
new file mode 100644
index 0000000000..3dad7f3b67
--- /dev/null
+++ b/ChangeLog.d/unify-errors.txt
@@ -0,0 +1,8 @@
+API changes
+   * Make the following error codes aliases of their PSA equivalents, where
+     xxx is a module, e.g. X509 or SSL.
+     MBEDTLS_ERR_xxx_BAD_INPUT_DATA    -> PSA_ERROR_INVALID_ARGUMENT
+     MBEDTLS_ERR_xxx_ALLOC_FAILED      -> PSA_ERROR_INSUFFICIENT_MEMORY
+     MBEDTLS_ERR_xxx_VERIFY_FAILED     -> PSA_ERROR_INVALID_SIGNATURE
+     MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE
+     MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL  -> PSA_ERROR_BUFFER_TOO_SMALL
diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md
index 074acc04bb..3bcdb8c580 100644
--- a/docs/4.0-migration-guide/error-codes.md
+++ b/docs/4.0-migration-guide/error-codes.md
@@ -18,6 +18,8 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l
 
 Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface.
 
+#### Specific error codes
+
 | Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) |
 | ------------------------------ | --------------------------- |
 | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` |
@@ -25,4 +27,16 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally
 | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`
 | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` |
 
+#### General Replacements
+
+The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code.
+
+| Legacy constant (Mbed TLS 3.6)  | PSA constant (TF-PSA-Crypto 1.0) |
+|---------------------------------| ---------------------------------------------- |
+| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` |
+| `MBEDTLS_ERR_xxx_ALLOC_FAILED`  | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` |
+| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` |
+| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL` |
+
 See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.