diff --git a/app/dao/broadcast_service_dao.py b/app/dao/broadcast_service_dao.py
index 40611bbe2..546b6ed91 100644
--- a/app/dao/broadcast_service_dao.py
+++ b/app/dao/broadcast_service_dao.py
@@ -9,6 +9,7 @@ from app.models import (
     EMAIL_AUTH_TYPE,
     INVITE_PENDING,
     VIEW_ACTIVITY,
+    ApiKey,
     InvitedUser,
     Organisation,
     Permission,
@@ -67,6 +68,13 @@ def set_broadcast_service_type(service, service_mode, broadcast_channel, provide
         status=INVITE_PENDING
     ).update({'permissions': VIEW_ACTIVITY})
 
+    # Revoke any API keys to avoid a regular API key being used to send alerts
+    ApiKey.query.filter_by(
+        service_id=service.id
+    ).update({
+        ApiKey.expiry_date: datetime.utcnow()
+    })
+
     # Add service to organisation
     organisation = Organisation.query.filter_by(
         id=current_app.config['BROADCAST_ORGANISATION_ID']
diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py
index f80063dd6..a74ff05c9 100644
--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -4170,3 +4170,25 @@ def test_set_as_broadcast_service_removes_user_permissions(
 
     # Permissions for other services remain
     assert service_user.get_permissions(service_id=sample_service_full_permissions.id) == ['send_emails']
+
+
+def test_set_as_broadcast_service_revokes_api_keys(
+    admin_request,
+    broadcast_organisation,
+    sample_service,
+    sample_service_full_permissions,
+):
+    api_key_1 = create_api_key(service=sample_service)
+    api_key_2 = create_api_key(service=sample_service_full_permissions)
+
+    admin_request.post(
+        'service.set_as_broadcast_service',
+        service_id=sample_service.id,
+        _data={
+            'broadcast_channel': 'government',
+            'service_mode': 'live',
+            'provider_restriction': 'all',
+        }
+    )
+    assert api_key_1.expiry_date < datetime.utcnow()
+    assert api_key_2.expiry_date is None