diff --git a/app/v2/notifications/post_notifications.py b/app/v2/notifications/post_notifications.py
index fbffdcece4..1159111c0a 100644
--- a/app/v2/notifications/post_notifications.py
+++ b/app/v2/notifications/post_notifications.py
@@ -183,6 +183,7 @@ def post_bulk():
         raise BadRequestError(message="You should specify either rows or csv", status_code=400)
     template = validate_template_exists(form["template_id"], authenticated_service)
     check_service_has_permission(template.template_type, authenticated_service.permissions)
+    check_rate_limiting(authenticated_service, api_user)
 
     if template.template_type == SMS_TYPE:
         fragments_sent = fetch_todays_requested_sms_count(authenticated_service.id)
diff --git a/tests/app/v2/notifications/test_post_notifications.py b/tests/app/v2/notifications/test_post_notifications.py
index b6a76d8c5f..e05d5dc81c 100644
--- a/tests/app/v2/notifications/test_post_notifications.py
+++ b/tests/app/v2/notifications/test_post_notifications.py
@@ -2829,3 +2829,41 @@ def test_seed_bounce_rate(self, notify_api, sample_email_template, mocker, epoch
 
         if result:
             seed_bounce_rate_in_redis.apply_async.assert_called_once_with(service_id)
+
+
+@pytest.mark.parametrize(
+    "notification_type",
+    [
+        "email",
+        "sms",
+    ],
+)
+def test_post_bulk_returns_429_if_over_rate_limit(
+    notify_db_session,
+    mocker,
+    client,
+    sample_email_template,
+    notify_user,
+    notify_api,
+    notification_type,
+):
+    rows = [["email address"], ["foo@example.com"]]
+    data = {"name": "job_name", "template_id": sample_email_template.id, "rows": rows}
+
+    job_id = str(uuid.uuid4())
+    create_api_key(service=sample_email_template.service)
+    mocker.patch("app.v2.notifications.post_notifications.upload_job_to_s3", return_value=job_id)
+    mocker.patch("app.v2.notifications.post_notifications.process_job.apply_async")
+    mocker.patch(
+        "app.v2.notifications.post_notifications.check_rate_limiting",
+        side_effect=RateLimitError("LIMIT", "INTERVAL", "TYPE"),
+    )
+
+    auth_header = create_authorization_header(service_id=sample_email_template.service.id)
+
+    response = client.post(
+        path="/v2/notifications/bulk",
+        data=json.dumps(data),
+        headers=[("Content-Type", "application/json"), auth_header],
+    )
+    assert response.status_code == 429