Set client-side encryption as the default mode for new emails, events, and files on mobile

What’s changing 

Admins can now set client-side encryption (CSE) to be on by default on Android and iOS for: 
Newly drafted Gmail messages and replies Newly created Google Calendar events Newly uploaded Google Drive files
Client-side encryption in Gmail
Admins can now set client-side encryption as the default mode for users on both web and mobile that regularly handle sensitive data. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Each new email, event and uploaded file on mobile is automatically client-side encrypted with customer managed keys meaning the user is compliant with their org’s policy from the outset. For organizations with strict regulatory or sovereignty requirements, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data while on the go. 
For more information, check out our original announcement.

Getting started

Admins: This feature will be OFF by default and can be configured at an OU level. Visit the Help Center to learn more about client-side encryption.End users: Use our Help Center to learn more about working with encrypted files in Drive, Docs, Sheets & Slides.

Rollout pace

Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on February 29, 2024


Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.