Gmail is making it easier for businesses to send encrypted emails to anyone

Google is updating Gmail to allow enterprise users to send encrypted messages to any inbox in just a few clicks. Google says it’s developed a new encryption model that, unlike the current encryption feature on Gmail, doesn’t require senders or recipients to use custom software or exchange encryption certificates. The feature is rolling out in beta starting today, and will initially be available for Google enterprise users to send encrypted emails to other Gmail users within the same organization. Google says this will expand to emails sent to any Gmail inbox “in the coming weeks,” and to inboxes from any third-party email provider “later this year.” Gmail’s current encryption feature, based on the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, can already be used to send external emails. Doing so requires the recipient to have S/MIME configured and complete multiple steps with the sender before emails can be securely exchanged, however. The new process will allow Gmail users to simply toggle on “additional encryption” in the email draft window to send an encrypted message. Non-Gmail recipients without S/MIME will then be provided a link to sign into a guest Google Workspace account to securely view and reply to the email in a restricted version of Gmail. If the recipient already has S/MIME configured then Gmail will send the message via the S/MIME process it currently uses. Emails to both business and personal Gmail accounts will be automatically decrypted in the recipient’s inbox. [Image: Here’s a demo showing how Gmail users can send encrypted emails to non-Gmail users. https://platform.theverge.com/wp-content/uploads/sites/2/2025/04/Gmail-encryption-enterprise.gif?quality=90&strip=all] The encryption provided using this new system is higher than the standard Transport Layer Security Gmail uses by default on all emails, but we should note that this isn’t technically end-to-end encryption (E2EE), even if that’s what Google is calling it. The updated capability is powered by client-side encryption, which gives workspace administrators control over encryption keys, allowing them to revoke user access and “monitor user’s encrypted files,” according to Google’s help page.