Gmail client-side encryption (CSE) is now available for Google Workspace customers Enterprise Plus, Education Plus and Education Standard. 
The feature was first introduced to Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar beta) from last year. Once enabled, Gmail CSE ensures that any sensitive data sent as part of the email body and attachments (including embedded images) will be unreadable and encrypted before reaching Google's servers.
It is also important to note that the email header (subject, time stamps and recipient lists) will not be encrypted.
“Client-side encryption takes this encryption capability to a higher level by ensuring that customers have sole control of their encryption keys, and thus full control over who has access to their data,” he says Google.
"Starting today, users will be able to send and receive messages email or create meeting events with colleagues and external parties, knowing that their sensitive data (including embedded images and attachments) has been encrypted before reaching Google's servers. As customers retain control of the encryption keys and the identity management service to access those keys, sensitive data will not be able to be decrypted by Google and other external entities.”
