diff --git a/ENV_CONFIG.md b/ENV_CONFIG.md
index 67697c5db..6a64e0970 100644
--- a/ENV_CONFIG.md
+++ b/ENV_CONFIG.md
@@ -47,6 +47,9 @@ RABBITMQ_ENABLE=true
 JWT_SECRET=your-secret-key-here-change-in-production
 CORS_ALLOWED_ORIGINS=http://localhost:3000
 
+# Rate limiting (P1.6): Use DISABLE_RATE_LIMIT_FOR_TESTS=true ONLY for automated test runners.
+# Never set in production. When set, bypasses rate limiting for E2E/integration tests.
+
 # Services
 STREAM_SERVER_URL=http://localhost:8082
 CHAT_SERVER_URL=http://localhost:8081
diff --git a/veza-backend-api/README.md b/veza-backend-api/README.md
index 358068b50..98458920d 100644
--- a/veza-backend-api/README.md
+++ b/veza-backend-api/README.md
@@ -149,6 +149,7 @@ CHAT_SERVER_URL=http://localhost:8081     # URL Chat Server
 # DEV/TEST UNIQUEMENT - Ne jamais utiliser en production
 # CSRF_DISABLED=true                       # Désactive CSRF (dev/test seulement)
 # BYPASS_CONTENT_CREATOR_ROLE=true         # Bypass vérification rôle créateur (dev/test seulement)
+# DISABLE_RATE_LIMIT_FOR_TESTS=true        # Désactive rate limiting (E2E/integration tests seulement)
 ```
 
 ### Fichiers de Configuration
diff --git a/veza-backend-api/internal/config/testutils.go b/veza-backend-api/internal/config/testutils.go
index 5e3142186..282afd9cd 100644
--- a/veza-backend-api/internal/config/testutils.go
+++ b/veza-backend-api/internal/config/testutils.go
@@ -60,6 +60,7 @@ func ResetEnv() {
 		"RATE_LIMIT_LIMIT",
 		"RATE_LIMIT_WINDOW",
 		"LOG_LEVEL",
+		"DISABLE_RATE_LIMIT_FOR_TESTS",
 	}
 	for _, v := range testVars {
 		os.Unsetenv(v)
diff --git a/veza-backend-api/internal/middleware/endpoint_limiter.go b/veza-backend-api/internal/middleware/endpoint_limiter.go
index f701f280e..12419c5e3 100644
--- a/veza-backend-api/internal/middleware/endpoint_limiter.go
+++ b/veza-backend-api/internal/middleware/endpoint_limiter.go
@@ -171,18 +171,8 @@ func (el *EndpointLimiter) createEndpointLimit(
 	errorMessage string,
 ) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// Désactiver le rate limiting en mode test/e2e/development pour les tests E2E et développement.
-		// Utiliser uniquement les variables d'environnement (jamais de headers contrôlables par le client).
-		if os.Getenv("GO_ENV") == "test" ||
-			os.Getenv("GO_ENV") == "e2e" ||
-			os.Getenv("GO_ENV") == "development" ||
-			os.Getenv("E2E_TEST") == "true" ||
-			os.Getenv("NODE_ENV") == "test" ||
-			os.Getenv("NODE_ENV") == "e2e" ||
-			os.Getenv("NODE_ENV") == "development" ||
-			os.Getenv("APP_ENV") == "test" ||
-			os.Getenv("APP_ENV") == "e2e" ||
-			os.Getenv("APP_ENV") == "development" {
+		// P1.6: Use explicit DISABLE_RATE_LIMIT_FOR_TESTS flag instead of env-based bypass.
+		if os.Getenv("DISABLE_RATE_LIMIT_FOR_TESTS") == "true" {
 			c.Next()
 			return
 		}
diff --git a/veza-backend-api/internal/middleware/rate_limiter.go b/veza-backend-api/internal/middleware/rate_limiter.go
index 1f7442959..a438adbb0 100644
--- a/veza-backend-api/internal/middleware/rate_limiter.go
+++ b/veza-backend-api/internal/middleware/rate_limiter.go
@@ -96,14 +96,9 @@ func (rl *RateLimiter) RateLimitMiddleware() gin.HandlerFunc {
 			return
 		}
 
-		// Désactiver le rate limiting en mode test/e2e/development pour les tests E2E et développement.
-		// Utiliser uniquement les variables d'environnement (jamais de headers contrôlables par le client).
-		if os.Getenv("NODE_ENV") == "test" ||
-			os.Getenv("NODE_ENV") == "e2e" ||
-			os.Getenv("NODE_ENV") == "development" ||
-			os.Getenv("APP_ENV") == "test" ||
-			os.Getenv("APP_ENV") == "e2e" ||
-			os.Getenv("APP_ENV") == "development" {
+		// P1.6: Use explicit DISABLE_RATE_LIMIT_FOR_TESTS flag instead of env-based bypass.
+		// Only test runners should set this. Never use in production.
+		if os.Getenv("DISABLE_RATE_LIMIT_FOR_TESTS") == "true" {
 			c.Next()
 			return
 		}
diff --git a/veza-backend-api/internal/middleware/ratelimit.go b/veza-backend-api/internal/middleware/ratelimit.go
index e7693e3ab..564750c5f 100644
--- a/veza-backend-api/internal/middleware/ratelimit.go
+++ b/veza-backend-api/internal/middleware/ratelimit.go
@@ -75,14 +75,8 @@ func (rl *SimpleRateLimiter) Middleware() gin.HandlerFunc {
 			return
 		}
 
-		// Désactiver le rate limiting en mode test/e2e/development pour les tests E2E et développement.
-		// Utiliser uniquement les variables d'environnement (jamais de headers contrôlables par le client).
-		if os.Getenv("NODE_ENV") == "test" ||
-			os.Getenv("NODE_ENV") == "e2e" ||
-			os.Getenv("NODE_ENV") == "development" ||
-			os.Getenv("APP_ENV") == "test" ||
-			os.Getenv("APP_ENV") == "e2e" ||
-			os.Getenv("APP_ENV") == "development" {
+		// P1.6: Use explicit DISABLE_RATE_LIMIT_FOR_TESTS flag instead of env-based bypass.
+		if os.Getenv("DISABLE_RATE_LIMIT_FOR_TESTS") == "true" {
 			c.Next()
 			return
 		}