diff --git a/hscontrol/app.go b/hscontrol/app.go
index 629a2eb3..3349392b 100644
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@@ -838,6 +838,10 @@ func (h *Headscale) Serve() error {
 					Str("signal", sig.String()).
 					Msg("Received SIGHUP, reloading ACL and Config")
 
+				if h.cfg.Policy.IsEmpty() {
+					continue
+				}
+
 				if err := h.loadPolicyManager(); err != nil {
 					log.Error().Err(err).Msg("failed to reload Policy")
 				}
@@ -1102,6 +1106,10 @@ func (h *Headscale) policyBytes() ([]byte, error) {
 			return nil, err
 		}
 
+		if p.Data == "" {
+			return nil, nil
+		}
+
 		return []byte(p.Data), err
 	}
 
diff --git a/hscontrol/policy/pm.go b/hscontrol/policy/pm.go
index 7dbaed33..a9de1aa1 100644
--- a/hscontrol/policy/pm.go
+++ b/hscontrol/policy/pm.go
@@ -122,6 +122,10 @@ func (pm *PolicyManagerV1) SSHPolicy(node *types.Node) (*tailcfg.SSHPolicy, erro
 }
 
 func (pm *PolicyManagerV1) SetPolicy(polB []byte) (bool, error) {
+	if len(polB) == 0 {
+		return false, nil
+	}
+
 	pol, err := LoadACLPolicyFromBytes(polB)
 	if err != nil {
 		return false, fmt.Errorf("parsing policy: %w", err)
diff --git a/hscontrol/types/config.go b/hscontrol/types/config.go
index 5c4b2c6a..f6c5c48a 100644
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@@ -211,6 +211,10 @@ type PolicyConfig struct {
 	Mode PolicyMode
 }
 
+func (p *PolicyConfig) IsEmpty() bool {
+	return p.Mode == PolicyModeFile && p.Path == ""
+}
+
 type LogConfig struct {
 	Format string
 	Level  zerolog.Level