diff --git a/.env b/.env
index 196ed35..221b2c4 100644
--- a/.env
+++ b/.env
@@ -60,10 +60,13 @@ LOCK_DSN=flock
 MAILER_SENDER_NAME="Domain Watchdog"
 MAILER_SENDER_EMAIL=notifications@example.com
 REGISTRATION_ENABLED=true
-LIMITED_FEATURES=false
 OAUTH_CLIENT_ID=
 OAUTH_CLIENT_SECRET=
 OAUTH_AUTHORIZATION_URL=
 OAUTH_TOKEN_URL=
 OAUTH_USERINFO_URL=
 OAUTH_SCOPE=
+
+LIMITED_FEATURES=false
+LIMIT_MAX_WATCHLIST=0
+LIMIT_MAX_WATCHLIST_DOMAINS=0
diff --git a/config/services.yaml b/config/services.yaml
index 175e7b9..4c093ff 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -7,9 +7,12 @@ parameters:
     mailer_sender_email: '%env(string:MAILER_SENDER_EMAIL)%'
     mailer_sender_name: '%env(string:MAILER_SENDER_NAME)'
     oauth_enabled: '%env(OAUTH_CLIENT_ID)%'
-    limited_features: '%env(bool:LIMITED_FEATURES)%'
     registration_enabled: '%env(bool:REGISTRATION_ENABLED)%'
 
+    limited_features: '%env(bool:LIMITED_FEATURES)%'
+    limit_max_watchlist: '%env(int:LIMIT_MAX_WATCHLIST)%'
+    limit_max_watchlist_domains: '%env(int:LIMIT_MAX_WATCHLIST_DOMAINS)%'
+
 services:
     # default configuration for services in *this* file
     _defaults:
diff --git a/src/Controller/WatchListController.php b/src/Controller/WatchListController.php
index 4287859..dbc5237 100644
--- a/src/Controller/WatchListController.php
+++ b/src/Controller/WatchListController.php
@@ -69,8 +69,23 @@ class WatchListController extends AbstractController
          * This policy guarantees the equal probability of obtaining a domain name if it is requested by several users.
          */
         if ($this->getParameter('limited_features')) {
+            if ($watchList->getDomains()->count() >= (int) $this->getParameter('limit_max_watchlist_domains')) {
+                $this->logger->notice('User {username} tried to create a Watchlist. However, the maximum number of domains has been reached for this Watchlist', [
+                    'username' => $user->getUserIdentifier(),
+                ]);
+                throw new AccessDeniedHttpException('You have exceeded the maximum number of domain names allowed in this Watchlist');
+            }
+
+            $userWatchLists = $user->getWatchLists();
+            if ($userWatchLists->count() >= (int) $this->getParameter('limit_max_watchlist')) {
+                $this->logger->notice('User {username} tried to create a Watchlist. However, the maximum number of Watchlists has been reached.', [
+                    'username' => $user->getUserIdentifier(),
+                ]);
+                throw new AccessDeniedHttpException('You have exceeded the maximum number of Watchlists allowed');
+            }
+
             /** @var Domain[] $trackedDomains */
-            $trackedDomains = $user->getWatchLists()->reduce(fn (array $acc, WatchList $watchList) => [...$acc, ...$watchList->getDomains()->toArray()], []);
+            $trackedDomains = $userWatchLists->reduce(fn (array $acc, WatchList $watchList) => [...$acc, ...$watchList->getDomains()->toArray()], []);
 
             /** @var Domain $domain */
             foreach ($watchList->getDomains()->getIterator() as $domain) {