diff --git a/src/routers/resource_router.py b/src/routers/resource_router.py
index b6ec00a2..6aff556f 100644
--- a/src/routers/resource_router.py
+++ b/src/routers/resource_router.py
@@ -465,6 +465,7 @@ def register_resource(
             resource_create: clz_create,  # type: ignore
             user: KeycloakUser = Depends(get_user_or_raise),
         ):
+            _raise_if_contact_person_and_organisation_are_both_filled(resource_create)
             platform = getattr(resource_create, "platform", None)
             platform_resource_identifier = getattr(
                 resource_create, "platform_resource_identifier", None
@@ -546,6 +547,7 @@ def put_resource(
             resource_create_instance: clz_create,  # type: ignore
             user: KeycloakUser = Depends(get_user_or_raise),
         ):
+            _raise_if_contact_person_and_organisation_are_both_filled(resource_create_instance)
             self._raise_if_identifier_is_wrong_type(identifier)
             with DbSession() as session:
                 try:
@@ -908,6 +910,19 @@ def _raise_error_on_invalid_schema(possible_schemas, schema):
         )
 
 
+def _raise_if_contact_person_and_organisation_are_both_filled(resource):
+    if not (hasattr(resource, "person") and hasattr(resource, "organisation")):
+        return
+    if (
+        getattr(resource, "person", None) is not None
+        and getattr(resource, "organisation", None) is not None
+    ):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Person and organisation cannot be both filled.",
+        )
+
+
 def _raise_if_contains_binary_blob(item):
     distributions = []
     if hasattr(item, "distribution") and (distribution := getattr(item, "distribution")):
diff --git a/src/tests/routers/resource_routers/test_router_contact.py b/src/tests/routers/resource_routers/test_router_contact.py
index 5990e1b8..900156c3 100644
--- a/src/tests/routers/resource_routers/test_router_contact.py
+++ b/src/tests/routers/resource_routers/test_router_contact.py
@@ -86,13 +86,17 @@ def test_post_duplicate_email(
         assert set(contact["email"]) == {"b@example.com", "c@example.com"}, msg
 
 
-@pytest.mark.skip(reason="https://github.com/aiondemand/AIOD-rest-api/issues/518")
 def test_person_and_organisation_both_specified(client: TestClient):
     headers = {"Authorization": "Fake token"}
-    body = {"person": 1, "organisation": 1}
     with logged_in_user():
-        client.post("/persons", json={"name": "test person"}, headers=headers)
-        client.post("/organisations", json={"name": "test organisation"}, headers=headers)
+        person_res = client.post("/persons", json={"name": "test person"}, headers=headers)
+        organisation_res = client.post(
+            "/organisations", json={"name": "test organisation"}, headers=headers
+        )
+        body = {
+            "person": person_res.json()["identifier"],
+            "organisation": organisation_res.json()["identifier"],
+        }
         response = client.post("/contacts", json=body, headers=headers)
     assert response.status_code == 400, response.json()
     assert response.json()["detail"] == "Person and organisation cannot be both filled."