Set client-side encryption as the default mode for new emails, events, and files on mobile

What’s changing 

Admins can now set client-side encryption (CSE) to be on by default on Android and iOS for: 
  • Newly drafted Gmail messages and replies 
  • Newly created Google Calendar events 
  • Newly uploaded Google Drive files

Client-side encryption in Gmail

Admins can now set client-side encryption as the default mode for users on both web and mobile that regularly handle sensitive data. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Each new email, event and uploaded file on mobile is automatically client-side encrypted with customer managed keys meaning the user is compliant with their org’s policy from the outset. For organizations with strict regulatory or sovereignty requirements, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data while on the go. 

For more information, check out our original announcement.

Getting started

Rollout pace


  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.