diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt
index d136aec8d02..3c7c31b9251 100644
--- a/src/build-data/policy/bsi.txt
+++ b/src/build-data/policy/bsi.txt
@@ -36,7 +36,6 @@ emsa_pssr
 iso9796
 
 # pubkey
-dlies
 dh
 #dilithium // not (yet) recommended
 #dilithium_aes // not (yet) recommended
diff --git a/src/lib/pubkey/ec_group/ec_point.h b/src/lib/pubkey/ec_group/ec_point.h
index 72b9b6ef0e7..2ff085b9a2b 100644
--- a/src/lib/pubkey/ec_group/ec_point.h
+++ b/src/lib/pubkey/ec_group/ec_point.h
@@ -223,6 +223,7 @@ class BOTAN_PUBLIC_API(2, 0) EC_Point final {
 #if defined(BOTAN_DISABLE_DEPRECATED_FEATURES)
 
    private:
+      friend class EC_Mul2Table_Data_BN;
 #endif
 
       /**
diff --git a/src/scripts/ci_build.py b/src/scripts/ci_build.py
index 33c32372513..238ba1696a6 100755
--- a/src/scripts/ci_build.py
+++ b/src/scripts/ci_build.py
@@ -215,7 +215,7 @@ def sanitize_kv(some_string):
 
     if target in ['bsi', 'nist']:
         # tls is optional for bsi/nist but add it so verify tests work with these minimized configs
-        flags += ['--module-policy=%s' % (target), '--enable-modules=tls12']
+        flags += ['--module-policy=%s' % (target), '--enable-modules=tls12', '--disable-deprecated-features']
 
     if target in ['docs']:
         flags += ['--with-doxygen', '--with-sphinx', '--with-rst2man']