diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
index 617f949808ce..04bc91ce276b 100644
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -823,6 +823,8 @@
     Note that first solution of the [official FAQ answer](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=BQhH-2HSQs68Nq2EW91DBA)
     is not allowed by the `services.nginx` module's config-checker.
 
+- The new option `boot.binfmt.addEmulatedSystemsToNixSandbox` allows you to skip adding the emulated systems to `nix.settings.extra-platforms`. Now you can emulate foreign binaries locally while only building them on native remote builders.
+
 - The latest available version of Nextcloud is v30 (available as `pkgs.nextcloud30`). The installation logic is as follows:
   - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**)
   - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default.
diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix
index 5a4ee29dadfe..e9de71dc4d5a 100644
--- a/nixos/modules/system/boot/binfmt.nix
+++ b/nixos/modules/system/boot/binfmt.nix
@@ -279,6 +279,16 @@ in {
         type = types.listOf (types.enum (builtins.attrNames magics));
       };
 
+      addEmulatedSystemsToNixSandbox = mkOption {
+        type = types.bool;
+        default = true;
+        example = false;
+        description = ''
+          Whether to add the {option}`boot.binfmt.emulatedSystems` to {option}`nix.settings.extra-platforms`.
+          Disable this to use remote builders for those platforms, while allowing testing binaries locally.
+        '';
+      };
+
       preferStaticEmulators = mkOption {
         default = false;
         description = ''
@@ -325,7 +335,7 @@ in {
         interpreterSandboxPath = mkDefault (dirOf (dirOf config.interpreter));
       } // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}")));
     }) cfg.emulatedSystems);
-    nix.settings = lib.mkIf (cfg.emulatedSystems != []) {
+    nix.settings = lib.mkIf (cfg.addEmulatedSystemsToNixSandbox && cfg.emulatedSystems != []) {
       extra-platforms = cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux";
       extra-sandbox-paths = let
         ruleFor = system: cfg.registrations.${system};