diff --git a/agent/consul/fsm/snapshot_oss.go b/agent/consul/fsm/snapshot_oss.go
index c12ffe5dfe..75a590a95e 100644
--- a/agent/consul/fsm/snapshot_oss.go
+++ b/agent/consul/fsm/snapshot_oss.go
@@ -15,7 +15,7 @@ func init() {
 	registerRestorer(structs.KVSRequestType, restoreKV)
 	registerRestorer(structs.TombstoneRequestType, restoreTombstone)
 	registerRestorer(structs.SessionRequestType, restoreSession)
-	registerRestorer(structs.DeprecatedACLRequestType, restoreACL)
+	registerRestorer(structs.DeprecatedACLRequestType, restoreACL)         // TODO(ACL-Legacy-Compat) - remove in phase 2
 	registerRestorer(structs.ACLBootstrapRequestType, restoreACLBootstrap) // TODO(ACL-Legacy-Compat) - remove in phase 2
 	registerRestorer(structs.CoordinateBatchUpdateType, restoreCoordinates)
 	registerRestorer(structs.PreparedQueryRequestType, restorePreparedQuery)
@@ -562,8 +562,9 @@ func restoreSession(header *SnapshotHeader, restore *state.Restore, decoder *cod
 	return nil
 }
 
-func restoreACL(header *SnapshotHeader, restore *state.Restore, decoder *codec.Decoder) error {
-	var req structs.ACL
+// TODO(ACL-Legacy-Compat) - remove in phase 2
+func restoreACL(_ *SnapshotHeader, restore *state.Restore, decoder *codec.Decoder) error {
+	var req LegacyACL
 	if err := decoder.Decode(&req); err != nil {
 		return err
 	}
@@ -574,6 +575,40 @@ func restoreACL(header *SnapshotHeader, restore *state.Restore, decoder *codec.D
 	return nil
 }
 
+// TODO(ACL-Legacy-Compat) - remove in phase 2
+type LegacyACL struct {
+	ID    string
+	Name  string
+	Type  string
+	Rules string
+
+	structs.RaftIndex
+}
+
+// TODO(ACL-Legacy-Compat): remove in phase 2, used by snapshot restore
+func (a LegacyACL) Convert() *structs.ACLToken {
+	correctedRules := structs.SanitizeLegacyACLTokenRules(a.Rules)
+	if correctedRules != "" {
+		a.Rules = correctedRules
+	}
+
+	token := &structs.ACLToken{
+		AccessorID:        "",
+		SecretID:          a.ID,
+		Description:       a.Name,
+		Policies:          nil,
+		ServiceIdentities: nil,
+		NodeIdentities:    nil,
+		Type:              a.Type,
+		Rules:             a.Rules,
+		Local:             false,
+		RaftIndex:         a.RaftIndex,
+	}
+
+	token.SetHash(true)
+	return token
+}
+
 // TODO(ACL-Legacy-Compat) - remove in phase 2
 func restoreACLBootstrap(_ *SnapshotHeader, restore *state.Restore, decoder *codec.Decoder) error {
 	type ACLBootstrap struct {
diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go
index 12dc51040a..c4a7b3faa8 100644
--- a/agent/consul/fsm/snapshot_oss_test.go
+++ b/agent/consul/fsm/snapshot_oss_test.go
@@ -456,7 +456,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
 	_, err = sink.Write([]byte{byte(structs.DeprecatedACLRequestType)})
 	require.NoError(t, err)
 
-	acl := structs.ACL{
+	acl := LegacyACL{
 		ID:        "1057354f-69ef-4487-94ab-aead3c755445",
 		Name:      "test-legacy",
 		Type:      "client",
@@ -737,12 +737,12 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
 
 // convertACLTokenToLegacy attempts to convert an ACLToken into an legacy ACL.
 // TODO(ACL-Legacy-Compat): remove in phase 2, used by snapshot restore
-func convertACLTokenToLegacy(tok *structs.ACLToken) (*structs.ACL, error) {
+func convertACLTokenToLegacy(tok *structs.ACLToken) (*LegacyACL, error) {
 	if tok.Type == "" {
 		return nil, fmt.Errorf("Cannot convert ACLToken into compat token")
 	}
 
-	compat := &structs.ACL{
+	compat := &LegacyACL{
 		ID:        tok.SecretID,
 		Name:      tok.Description,
 		Type:      tok.Type,
diff --git a/agent/structs/acl_legacy.go b/agent/structs/acl_legacy.go
index 11233b16d5..bc3e4bc1d8 100644
--- a/agent/structs/acl_legacy.go
+++ b/agent/structs/acl_legacy.go
@@ -14,45 +14,3 @@ const (
 	// make other tokens and can access all resources.
 	ACLTokenTypeManagement = "management"
 )
-
-// ACL is used to represent a token and its rules
-type ACL struct {
-	ID    string
-	Name  string
-	Type  string
-	Rules string
-
-	RaftIndex
-}
-
-// Convert does a 1-1 mapping of the ACLCompat structure to its ACLToken
-// equivalent. This will NOT fill in the other ACLToken fields or perform any other
-// upgrade (other than correcting an older HCL syntax that is no longer
-// supported).
-// TODO(ACL-Legacy-Compat): remove in phase 2, used by snapshot restore
-func (a *ACL) Convert() *ACLToken {
-	// Ensure that we correct any old HCL in legacy tokens to prevent old
-	// syntax from leaking elsewhere into the system.
-	//
-	// DEPRECATED (ACL-Legacy-Compat)
-	correctedRules := SanitizeLegacyACLTokenRules(a.Rules)
-	if correctedRules != "" {
-		a.Rules = correctedRules
-	}
-
-	token := &ACLToken{
-		AccessorID:        "",
-		SecretID:          a.ID,
-		Description:       a.Name,
-		Policies:          nil,
-		ServiceIdentities: nil,
-		NodeIdentities:    nil,
-		Type:              a.Type,
-		Rules:             a.Rules,
-		Local:             false,
-		RaftIndex:         a.RaftIndex,
-	}
-
-	token.SetHash(true)
-	return token
-}
diff --git a/agent/structs/acl_legacy_test.go b/agent/structs/acl_legacy_test.go
deleted file mode 100644
index 20c643a9de..0000000000
--- a/agent/structs/acl_legacy_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package structs
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestStructs_ACL_Convert(t *testing.T) {
-
-	acl := &ACL{
-		ID:    "guid",
-		Name:  "AN ACL for testing",
-		Type:  "client",
-		Rules: `service "" { policy "read" }`,
-	}
-
-	token := acl.Convert()
-	require.Equal(t, "", token.AccessorID)
-	require.Equal(t, acl.ID, token.SecretID)
-	require.Equal(t, acl.Type, token.Type)
-	require.Equal(t, acl.Name, token.Description)
-	require.Nil(t, token.Policies)
-	require.False(t, token.Local)
-	require.Equal(t, acl.Rules, token.Rules)
-	require.Equal(t, acl.CreateIndex, token.CreateIndex)
-	require.Equal(t, acl.ModifyIndex, token.ModifyIndex)
-	require.NotEmpty(t, token.Hash)
-}
diff --git a/agent/structs/acl_test.go b/agent/structs/acl_test.go
index f1e27867c7..64f59661e6 100644
--- a/agent/structs/acl_test.go
+++ b/agent/structs/acl_test.go
@@ -35,43 +35,6 @@ func TestStructs_ACLToken_PolicyIDs(t *testing.T) {
 		require.Equal(t, "three", policyIDs[2])
 	})
 
-	t.Run("Legacy Management", func(t *testing.T) {
-
-		a := &ACL{
-			ID:   "root",
-			Type: ACLTokenTypeManagement,
-			Name: "management",
-		}
-
-		token := a.Convert()
-
-		policyIDs := token.PolicyIDs()
-		require.Len(t, policyIDs, 0)
-
-		embedded := token.EmbeddedPolicy()
-		require.NotNil(t, embedded)
-		require.Equal(t, ACLPolicyGlobalManagement, embedded.Rules)
-	})
-
-	t.Run("Legacy Management With Rules", func(t *testing.T) {
-
-		a := &ACL{
-			ID:    "root",
-			Type:  ACLTokenTypeManagement,
-			Name:  "management",
-			Rules: "operator = \"write\"",
-		}
-
-		token := a.Convert()
-
-		policyIDs := token.PolicyIDs()
-		require.Len(t, policyIDs, 0)
-
-		embedded := token.EmbeddedPolicy()
-		require.NotNil(t, embedded)
-		require.Equal(t, ACLPolicyGlobalManagement, embedded.Rules)
-	})
-
 	t.Run("No Policies", func(t *testing.T) {
 
 		token := &ACLToken{}