diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index 5592d666c8e81ae4cd403a391b3b9fc65098d15c..1d509475a4f5ea3100340e818e0d28b5b2481531 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -679,7 +679,7 @@ Audit event types belong to the following product categories.
 | Type name | Event triggered when | Saved to database | Introduced in | Scope |
 |:----------|:---------------------|:------------------|:--------------|:------|
 | [`email_confirmation_sent`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129261) | Users add or change an email address and it must be confirmed | {{< icon name="dotted-circle" >}} No | GitLab [16.3](https://gitlab.com/gitlab-org/gitlab/-/issues/377625) | User |
-| [`remove_ssh_key`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65615) | A SSH key is removed | {{< icon name="check-circle" >}} Yes | GitLab [14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) | User |
+| [`remove_ssh_key`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65615) | An SSH key is removed from a user's profile. Group scope was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/195390) for enterprise users in GitLab 18.2. | {{< icon name="check-circle" >}} Yes | GitLab [14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/220127) | User, Group |
 | [`user_admin_status_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65168) | A user is either made an administrator or removed as an administrator | {{< icon name="check-circle" >}} Yes | GitLab [14.1](https://gitlab.com/gitlab-org/gitlab/-/issues/323905) | User |
 | [`user_auditor_status_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/136456) | A user is either made an auditor or removed as an auditor | {{< icon name="check-circle" >}} Yes | GitLab [16.6](https://gitlab.com/gitlab-org/gitlab/-/issues/430235) | User |
 | [`user_email_address_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/2103) | A user updates their email address | {{< icon name="check-circle" >}} Yes | GitLab [10.1](https://gitlab.com/gitlab-org/gitlab-ee/issues/1370) | User |
diff --git a/ee/app/services/ee/keys/destroy_service.rb b/ee/app/services/ee/keys/destroy_service.rb
index 483c34d3e80fb1ff7206a99f8ffb64d8b4079da3..e46f6f4b3c2ba411ec2816960277d96c701041c3 100644
--- a/ee/app/services/ee/keys/destroy_service.rb
+++ b/ee/app/services/ee/keys/destroy_service.rb
@@ -18,7 +18,7 @@ def destroy(key)
           audit_context = {
             name: 'remove_ssh_key',
             author: user,
-            scope: key.user,
+            scope: key.user&.enterprise_group.presence || key.user,
             target: key,
             message: 'Removed SSH key'
           }
diff --git a/ee/config/audit_events/types/remove_ssh_key.yml b/ee/config/audit_events/types/remove_ssh_key.yml
index 37a42a5e42f8a555e0a604d5ea7fe9a9075229fa..6b289eff6000cc28b1fbd133b2cb8eaaf1b65229 100644
--- a/ee/config/audit_events/types/remove_ssh_key.yml
+++ b/ee/config/audit_events/types/remove_ssh_key.yml
@@ -1,10 +1,12 @@
 ---
 name: remove_ssh_key
-description: A SSH key is removed
+description:
+  An SSH key is removed from a user's profile.
+  Group scope was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/195390) for enterprise users in GitLab 18.2.
 introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/220127
 introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/65615
 milestone: '14.1'
 feature_category: user_profile
 saved_to_database: true
 streamed: true
-scope: [User]
+scope: [User, Group]
diff --git a/ee/spec/services/ee/keys/destroy_service_spec.rb b/ee/spec/services/ee/keys/destroy_service_spec.rb
index e4af5c51aa46f9d8219c8d5d72613119dab8747e..74780433f50dd4c0bcfb033f01972cc676dc4f2f 100644
--- a/ee/spec/services/ee/keys/destroy_service_spec.rb
+++ b/ee/spec/services/ee/keys/destroy_service_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Keys::DestroyService, feature_category: :source_code_management do
+RSpec.describe Keys::DestroyService, feature_category: :user_profile do
   let_it_be(:user) { create(:user) }
 
   subject { described_class.new(user) }
@@ -35,16 +35,40 @@
         )
       end
 
-      context 'when unlicensed' do
-        before do
-          stub_licensed_features(admin_audit_log: false, audit_events: false, extended_audit_events: false)
+      context 'when on SaaS', :saas do
+        context 'when user is an Enterprise User', :aggregate_failures do
+          let_it_be(:enterprise_group) { create(:group) }
+          let_it_be(:user) do
+            create(:enterprise_user, :with_namespace, enterprise_group: enterprise_group)
+          end
+
+          it 'creates a group audit event' do
+            key = create(:personal_key, user: user)
+            expect { subject.execute(key) }.to change { AuditEvent.count }.by(1)
+
+            expect(AuditEvent.last).to have_attributes(
+              author: user,
+              entity_type: "Group",
+              entity_id: enterprise_group.id,
+              target_id: key.id,
+              target_type: key.class.name,
+              target_details: key.title,
+              details: include(custom_message: 'Removed SSH key')
+            )
+          end
         end
+      end
+    end
 
-        it 'does not track audit event' do
-          key = create(:personal_key)
+    context 'when unlicensed' do
+      before do
+        stub_licensed_features(admin_audit_log: false, audit_events: false, extended_audit_events: false)
+      end
 
-          expect { subject.execute(key) }.not_to change { AuditEvent.count }
-        end
+      it 'does not track audit event' do
+        key = create(:personal_key)
+
+        expect { subject.execute(key) }.not_to change { AuditEvent.count }
       end
     end
   end