Google has launched a beta version of its client-side encryption for Gmail, allowing businesses to sign up to test out the feature that aims to make “sensitive data” and attachments unreadable even by Google. The company announced the beta, which Workspace admins can sign up for until January 20, in a blog post on Friday.

Once the feature is enabled and set up for a workspace’s users, they have an additional option when using Gmail on the web. By clicking on a padlock, they can choose to enable additional encryption for the message, although doing so requires giving up some features, including the ability to use emoji, a signature, and Smart Compose. Google says client-side encryption will be added to its Gmail app for Android and iOS “in an upcoming release.”

Gif showing the process of enabling client-side encryption in Gmail.

Google UI pitching the feature as a way to “comply with company policy” is a clear sign who this feature was built for.
Poison: Google

While the ability for users to encrypt messages is controlled by their administrators (which in most cases are the companies they work for), the feature is not limited to just intra-office communications. According to a Google help document, you can send encrypted emails “outside your domain,” and even to people using other email clients or providers, such as those from Microsoft or Apple, according to Google spokesperson Ross Richendrfer. This is because “CSE for Gmail is built on S/MIME, an existing standard for email,” Richendrfer explained. The edge in an email.

Google has long been working on adding more encryption to Gmail. In 2014, there were reports that it was working on end-to-end encryption for the service, though it’s worth noting that client-side encryption isn’t exactly the same. While using both means that “encryption and decryption also always happen on the source and destination devices,” Google’s implementation on the client side gives administrators control over the keys and allows them to “verify users’ encrypted files,” according to a help document from the company explaining the difference between the two forms of encryption.

At this time, the Gmail beta is limited to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers, according to Google’s blog post. That means you can’t try it out if you have a personal account or use a lower business, corporate, education, or G Suite account.

That said, given that the system currently relies on administrators using an API to upload certificates and encryption keys generated by a third-party management service, it’s probably best that it’s mostly limited to businesses with IT at this point departments. However, if you’re willing to go through that kind of hassle, you can always use PGP within Gmail (or, more realistically, sign up for a Proton Mail account, which has much more user-friendly encryption options).