diff --git a/coordinator/coordapi.go b/coordinator/coordapi.go
index 68c4a61f8c..86ffc5ac2f 100644
--- a/coordinator/coordapi.go
+++ b/coordinator/coordapi.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"log/slog"
 	"net"
 	"sync"
 	"time"
@@ -29,7 +30,8 @@ type coordAPIServer struct {
 }
 
 func newCoordAPIServer(mSetter manifestSetter, caGetter certChainGetter) (*coordAPIServer, error) {
-	issuer := snp.NewIssuer()
+	// TODO(malt3): pass logger down.
+	issuer := snp.NewIssuer(slog.Default())
 	credentials := atlscredentials.New(issuer, nil)
 	grpcServer := grpc.NewServer(
 		grpc.Creds(credentials),
diff --git a/initializer/main.go b/initializer/main.go
index acfc798874..12294977ab 100644
--- a/initializer/main.go
+++ b/initializer/main.go
@@ -59,7 +59,7 @@ func run() (retErr error) {
 	logger.Info("Deriving public key", "pubKeyHash", pubKeyHashStr)
 
 	requestCert := func() (*intercom.NewMeshCertResponse, error) {
-		dial := dialer.NewWithKey(snp.NewIssuer(), atls.NoValidator, &net.Dialer{}, privKey)
+		dial := dialer.NewWithKey(snp.NewIssuer(logger), atls.NoValidator, &net.Dialer{}, privKey)
 		conn, err := dial.Dial(ctx, net.JoinHostPort(coordinatorHostname, intercom.Port))
 		if err != nil {
 			return nil, fmt.Errorf("dialing: %w", err)
diff --git a/internal/attestation/snp/issuer.go b/internal/attestation/snp/issuer.go
index 8a34cc9adb..a2068e57ed 100644
--- a/internal/attestation/snp/issuer.go
+++ b/internal/attestation/snp/issuer.go
@@ -12,18 +12,19 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
-	"log"
+	"log/slog"
 
 	"github.com/google/go-sev-guest/client"
 )
 
 type Issuer struct {
 	snpDevicePath string
+	logger        *slog.Logger
 }
 
 // NewIssuer returns a new Issuer.
-func NewIssuer() *Issuer {
-	return &Issuer{}
+func NewIssuer(log *slog.Logger) *Issuer {
+	return &Issuer{logger: log.WithGroup("snp-issuer")}
 }
 
 func (i *Issuer) OID() asn1.ObjectIdentifier {
@@ -33,16 +34,16 @@ func (i *Issuer) OID() asn1.ObjectIdentifier {
 // userData is hash of issuer public key.
 // nonce from validator.
 func (i *Issuer) Issue(ctx context.Context, ownPublicKey []byte, nonce []byte) (res []byte, err error) {
-	log.Println("issuer: issue called")
+	i.logger.Info("Issue called")
 	defer func() {
 		if err != nil {
-			log.Printf("Failed to issue attestation statement: %s", err)
+			i.logger.Error("Failed to issue attestation statement", "err", err)
 		}
 	}()
 
 	snpGuestDevice, err := client.OpenDevice()
 	if err != nil {
-		log.Fatalf("issuer: opening device: %v", err)
+		return nil, fmt.Errorf("issuer: opening device: %w", err)
 	}
 	defer snpGuestDevice.Close()
 
@@ -50,13 +51,13 @@ func (i *Issuer) Issue(ctx context.Context, ownPublicKey []byte, nonce []byte) (
 
 	reportRaw, err := client.GetRawReport(snpGuestDevice, reportData)
 	if err != nil {
-		return nil, fmt.Errorf("getting raw report: %w", err)
+		return nil, fmt.Errorf("issuer: getting raw report: %w", err)
 	}
-	log.Printf("issuer: Report raw: %v", hex.EncodeToString(reportRaw))
+	i.logger.Info("Retrieved report", "reportRaw", hex.EncodeToString(reportRaw))
 
 	reportB64 := make([]byte, base64.StdEncoding.EncodedLen(len(reportRaw)))
 	base64.StdEncoding.Encode(reportB64, reportRaw)
 
-	log.Println("issuer: Successfully issued attestation statement")
+	i.logger.Info("Successfully issued attestation statement")
 	return reportB64, nil
 }