diff --git a/handlers/main.yml b/handlers/main.yml
index c2b20f15..23d0e4c6 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -82,6 +82,14 @@
     - "Restart neutron services"
     - "venv changed"
 
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
+  file:
+    path: "/etc/neutron/policy.json"
+    state: absent
+  listen:
+    - "Restart neutron services"
+
 - name: Start services
   service:
     name: "{{ item.service_name }}"
diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml
index 051b7f2d..ac7976d7 100644
--- a/tasks/neutron_post_install.yml
+++ b/tasks/neutron_post_install.yml
@@ -63,17 +63,28 @@
   notify:
     - Restart neutron services
 
-- name: Implement policy.json if there are overrides configured
-  copy:
-    content: "{{ neutron_policy_overrides | to_nice_json }}"
-    dest: "{{ neutron_conf_dir }}/policy.json"
-  notify:
-    - Restart neutron services
+- name: Implement policy.yaml if there are overrides configured
+  config_template:
+    content: "{{ neutron_policy_overrides }}"
+    dest: "{{ neutron_conf_dir }}/policy.yaml"
+    owner: "root"
+    group: "{{ neutron_system_group_name }}"
+    mode: "0640"
+    config_type: yaml
   when:
-    - neutron_policy_overrides != {}
+    - neutron_policy_overrides | length > 0
   tags:
     - neutron-policy-overrides
 
+- name: Remove legacy policy.yaml file
+  file:
+    path: "/etc/neutron/policy.yaml"
+    state: absent
+  when:
+    - neutron_policy_overrides | length == 0
+  tags:
+    - neutron-policy-override
+
 - name: Place api-paste.ini to the correct path in RedHat
   file:
     src: "/usr/share/neutron/api-paste.ini"