diff --git a/src/main/java/ch/dlmw/swisssignchallenge/controllers/ControllerAdvice.java b/src/main/java/ch/dlmw/swisssignchallenge/controllers/ControllerAdvice.java
new file mode 100644
index 0000000..fad9c6b
--- /dev/null
+++ b/src/main/java/ch/dlmw/swisssignchallenge/controllers/ControllerAdvice.java
@@ -0,0 +1,18 @@
+package ch.dlmw.swisssignchallenge.controllers;
+
+import org.openapitools.model.ErrorResponse;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import java.util.NoSuchElementException;
+
+@RestControllerAdvice
+public class ControllerAdvice {
+    @ExceptionHandler(value = {NoSuchElementException.class})
+    public ResponseEntity<ErrorResponse> handleAuthenticationException(Exception e) {
+        var response = new ErrorResponse("TODO", HttpStatus.UNAUTHORIZED.value());
+        return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
+    }
+}
diff --git a/src/main/java/ch/dlmw/swisssignchallenge/exceptions/JwtAuthenticationException.java b/src/main/java/ch/dlmw/swisssignchallenge/exceptions/JwtAuthenticationException.java
new file mode 100644
index 0000000..a35e0d8
--- /dev/null
+++ b/src/main/java/ch/dlmw/swisssignchallenge/exceptions/JwtAuthenticationException.java
@@ -0,0 +1,7 @@
+package ch.dlmw.swisssignchallenge.exceptions;
+
+public class JwtAuthenticationException extends RuntimeException {
+    public JwtAuthenticationException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java b/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
index 68d523b..3f326ef 100644
--- a/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
+++ b/src/main/java/ch/dlmw/swisssignchallenge/filters/JwtRequestFilter.java
@@ -1,10 +1,14 @@
 package ch.dlmw.swisssignchallenge.filters;
 
+import ch.dlmw.swisssignchallenge.exceptions.JwtAuthenticationException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.openapitools.model.ErrorResponse;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -24,33 +28,44 @@ public class JwtRequestFilter extends OncePerRequestFilter {
     @Autowired
     private UserDetailsService userDetailsService;
 
+    @Autowired
+    ObjectMapper objectMapper;
+
     @Autowired
     private JwtUtil jwtUtil;
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        final String authorizationHeader = request.getHeader("Authorization");
+        try {
+            final String authorizationHeader = request.getHeader("Authorization");
 
-        String username = null;
-        String jwt = null;
+            String username = null;
+            String jwt = null;
 
-        if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
-            jwt = authorizationHeader.substring(7);
-            username = jwtUtil.extractUsername(jwt);
-        }
+            if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
+                jwt = authorizationHeader.substring(7);
+                username = jwtUtil.extractUsername(jwt);
+            }
 
-        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+                if (!jwtUtil.validateToken(jwt, userDetails)) {
+                    throw new JwtAuthenticationException("Couldn't validate token");
+                }
 
-            if (jwtUtil.validateToken(jwt, userDetails)) {
                 UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
                         userDetails, null, userDetails.getAuthorities());
                 authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 SecurityContextHolder.getContext().setAuthentication(authenticationToken);
             }
-        }
 
-        filterChain.doFilter(request, response);
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+            response.setContentType("application/json");
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            response.getWriter().write(objectMapper.writeValueAsString(new ErrorResponse("Couldn't authenticate", HttpStatus.UNAUTHORIZED.value())));
+        }
     }
 
     @Override