Beginning today, client-side encryption for Gmail is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. For customers currently enrolled in the beta, your experience will not change.
Workspace already encrypts data at rest and in transit by using secure-by-design cryptographic libraries. Client-side encryption takes existing encryption capabilities to the next level by ensuring that customers have sole control over their encryption keys—and thus complete control over access to their data.
- This feature will be OFF by default and can be enabled at the domain, OU, and Group levels (Admin console > Security > Access and data control > Client-side encryption).
- Visit the Help Center to learn more about setting up client-side encryption for your organization and Google Vault support for client-side encrypted emails.
- End users: Once enabled by your Workspace admin, to add client-side encryption to any message, click the lock icon and select additional encryption, and compose your message and add attachments as normal.
- Rapid and Scheduled Release domains: Available now.
- Available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers
- Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers
- Not available to users with personal Google Accounts
- Workspace Blog: Google Workspace expands data privacy controls to Gmail and Calendar with client-side encryption
- Google Admin Help: About client-side encryption
- Google Admin Help: Gmail only: Set up your organization for client-side encryption
- Workspace Updates Blog: Google Vault support for client-side encrypted emails