DKIM: Can I safely add a DomainKey policy record without breaking existing email?

I need to setup DKIM to validate an email provider we are using. In the provider's documentation, they require us to add two records, a selector record and a policy record, like this:

selector._domainkey.mydomain.com TXT "k=rsa; p=mykeyhere"
_domainkey.mydomain.com  TXT "t=y; o=~"

I'm concerned about adding this new policy, because we have quite a few DKIM selectors setup in our DNS zone already, with no existing policy record (we use multiple third party providers that need to send email on our behalf). I want to make sure I don't break existing functionality by creating this record. From what I've read, you can only have a single policy per zone, so it is "shared", so to speak.

I've researched this a bit, and the policy the vendor is requiring, t=y; o=~, should be pretty harmless. It seems to say some emails may be signed, and to treat verified/unverified emails in the same way (reference).

Still, this would impact our production application, and I'm hoping to get some confidence that this is safe to add. Am I correct in my assumption that I can add this record without causing a bunch of our outbound email to be marked as spam? Or am I missing something?

DKIM is a signature tool. it is a post verification tool in the sense you can not guess the selector key before you receive a message.There is a convention to name your selector "selector1" but it is just an easy name, because there is no mandatory form for the name of your selector. So you can publish as many DKIM Selectors in your DNS record, only those used in sent message will be checked (eventually) once these messages are received. And hopefully they will be verified successfully if your DNS publication is correlated to these keys. But publishing DKIM selector keys do not force you to use them per se.

The only case where DKIM will lead to delivery failure is in conjunction with DMARC, only if DMARC require that there is a DKIM Signature aligned with your domain and you fail to insert one in your sent message. Or you inserted one in your message but you forget to publish it in you DNS.

As your DMARC do not require alignment (policy=none) DKIM will not impact the delivery of your business at all.

BTW many messages have multiples DKIM signature in them, without delivery problems.

BTW(2) it would be a good idea to think about adding a DKIM signature to your legacy email servers so you can use DMARC to better protect your business from phishing, or from false allegation to click on a suspect links, but it is another topic.