diff --git a/backend/app/services/disclosure_service.py b/backend/app/services/disclosure_service.py
index 4a9c783..b2866f2 100644
--- a/backend/app/services/disclosure_service.py
+++ b/backend/app/services/disclosure_service.py
@@ -113,6 +113,11 @@ def review_disclosure_request(
     return dr
 
 
+def _utcnow_naive() -> datetime:
+    """Return current UTC time as a naive datetime, matching MySQL DATETIME columns."""
+    return datetime.now(timezone.utc).replace(tzinfo=None)
+
+
 def revoke_disclosure(db: Session, request_id: int, user_id: int, *, admin: bool = False) -> DisclosureRequest:
     """Revoke an active disclosure by setting expires_at to now.
 
@@ -124,12 +129,12 @@ def revoke_disclosure(db: Session, request_id: int, user_id: int, *, admin: bool
         raise ValueError("Disclosure request not found")
     if dr.status != "approved":
         raise ValueError("Only approved disclosures can be revoked")
-    if dr.expires_at and dr.expires_at <= datetime.now(timezone.utc):
+    if dr.expires_at and dr.expires_at <= _utcnow_naive():
         raise ValueError("Disclosure already expired")
     if not admin and dr.requester_id != user_id:
         raise ValueError("Not authorized to revoke this disclosure")
 
-    dr.expires_at = datetime.now(timezone.utc)
+    dr.expires_at = _utcnow_naive()
     db.commit()
     db.refresh(dr)
     return dr