diff --git a/interfaces/builtin/systemd_user_control.go b/interfaces/builtin/systemd_user_control.go
index f6aa45a66e7d..515b6ed8e700 100644
--- a/interfaces/builtin/systemd_user_control.go
+++ b/interfaces/builtin/systemd_user_control.go
@@ -21,6 +21,12 @@ package builtin
 
 const systemdUserControlSummary = `allows to control the user session service manager`
 
+const systemdUserBaseDeclarationPlugs = `
+  systemd-user-control:
+    allow-installation: false
+    deny-auto-connection: true
+`
+
 const systemdUserBaseDeclarationSlots = `
   systemd-user-control:
     allow-installation:
@@ -71,6 +77,7 @@ func init() {
 		implicitOnCore:        true,
 		// This is meant for use by session snaps on core, there's no use for this slot for apps in classic mode
 		implicitOnClassic:     false,
+		baseDeclarationPlugs:  systemdUserBaseDeclarationPlugs,
 		baseDeclarationSlots:  systemdUserBaseDeclarationSlots,
 		connectedPlugAppArmor: systemdUserControlConnectedPlugAppArmor,
 	})
diff --git a/interfaces/policy/basedeclaration_test.go b/interfaces/policy/basedeclaration_test.go
index 1b9fb392e764..166885d2d248 100644
--- a/interfaces/policy/basedeclaration_test.go
+++ b/interfaces/policy/basedeclaration_test.go
@@ -151,6 +151,7 @@ func (s *baseDeclSuite) TestAutoConnection(c *C) {
 		"pkcs11":             true,
 		"remoteproc":         true,
 		"snapd-control":      true,
+		"systemd-user-control": true,
 		"upower-observe":     true,
 		"empty":              true,
 	}
@@ -330,6 +331,25 @@ plugs:
 	c.Check(arity.SlotsPerPlugAny(), Equals, false)
 }
 
+func (s *baseDeclSuite) TestAutoConnectionSystemdUserControl(c *C) {
+	cand := s.connectCand(c, "systemd-user-control", "", "")
+	_, err := cand.CheckAutoConnect()
+	c.Check(err, NotNil)
+	c.Assert(err, ErrorMatches, "auto-connection denied by plug rule of interface \"systemd-user-control\"")
+
+	plugsSlots := `
+plugs:
+  systemd-user-control:
+    allow-auto-connection: true
+`
+
+	lxdDecl := s.mockSnapDecl(c, "some-snap", "J60k4JY0HppjwOjW8dZdYc8obXKxujRu", "canonical", plugsSlots)
+	cand.PlugSnapDeclaration = lxdDecl
+	arity, err := cand.CheckAutoConnect()
+	c.Check(err, IsNil)
+	c.Check(arity.SlotsPerPlugAny(), Equals, false)
+}
+
 func (s *baseDeclSuite) TestAutoConnectionContent(c *C) {
 	// random snaps cannot connect with content
 	// (Sanitize* will now also block this)
@@ -851,7 +871,6 @@ var (
 		"spi":                       {"core", "gadget"},
 		"steam-support":             {"core"},
 		"storage-framework-service": {"app"},
-		"systemd-user-control":      {"core"},
 		"thumbnailer-service":       {"app"},
 		"ubuntu-download-manager":   {"app"},
 		"udisks2":                   {"app", "core"},
@@ -1037,6 +1056,7 @@ func (s *baseDeclSuite) TestPlugInstallation(c *C) {
 		"snapd-control":           true,
 		"steam-support":           true,
 		"system-files":            true,
+		"systemd-user-control":    true,
 		"tee":                     true,
 		"uinput":                  true,
 		"unity8":                  true,
@@ -1337,6 +1357,7 @@ func (s *baseDeclSuite) TestValidity(c *C) {
 		"snapd-control":           true,
 		"steam-support":           true,
 		"system-files":            true,
+		"systemd-user-control":    true,
 		"tee":                     true,
 		"udisks2":                 true,
 		"uinput":                  true,