We regularly observe clients of Wikidata Query Service which go way over our throttling limits for a long time. For example, we currently have what looks like a bot, generating HTTP 429 at a rate of ~300/minute, clearly ignoring the rate limit and the "Retry-After" headers. While this is not a major problem (throttled requests are cheap), it is still a concern, since our throttling mechanism does not share state across the cluster. It allows such a bot to max out its throttling limit on each node.
One proposed approach would be to entirely ban such a user for a period of time, if it is obvious that the behaviour can be considered as abusive. For example, a bot generating more than 200 requests per minute during 1h would be banned for 24h.