diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index ef47980957..8ef3b945f9 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -58,7 +58,7 @@ updates:
         dependency-name: "*" # Match all packages
     reviewers:
       - "2i2c-org/tech-team"
-  # Maintain dependencies for pip defined in helm-charts/images/hub folder (default hub image)
+  # Signal pip dependencies updates in helm-charts/images/hub folder (default hub image)
   - package-ecosystem: "pip"
     directory: "/helm-charts/images/hub"
     schedule:
@@ -70,3 +70,7 @@ updates:
         dependency-name: "*" # Match all packages
     reviewers:
       - "2i2c-org/tech-team"
+    labels:
+      # This dependabot PRs should not be merged as is, because additional manual steps are required also.
+      # Checkout https://infrastructure.2i2c.org/en/latest/topic/infrastructure/hub-image.html#updating-the-hub-image
+      - "requires follow-up"
diff --git a/.github/workflows/comment-dependabot-prs.yaml b/.github/workflows/comment-dependabot-prs.yaml
new file mode 100644
index 0000000000..af4838b254
--- /dev/null
+++ b/.github/workflows/comment-dependabot-prs.yaml
@@ -0,0 +1,19 @@
+# From https://docs.github.com/en/actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added
+name: Comment dependabot PRs with specific label
+on:
+  pull_request:
+    types:
+      - labeled
+jobs:
+  add-comment:
+    if: github.event.label.name == 'requires follow-up'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Add comment
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            After merging this PR, remember to take the additional manual steps described in https://infrastructure.2i2c.org/en/latest/topic/infrastructure/hub-image.html#updating-the-hub-image