Quick answer. Yes — and as of 2026, more than ever. All RCS messages are encrypted in transit (TLS) as they move between devices, carriers, and platforms. On top of that, person-to-person RCS chats are now end-to-end encrypted: the GSMA defined cross-platform E2EE in Universal Profile 3.0 (March 2025) using the Messaging Layer Security protocol, and Apple turned it on by default (in beta) in iOS 26.5 on May 11, 2026, matching the end-to-end encryption Google Messages has offered for years. Business (A2P) RCS is encrypted in transit but processed by the sending platform, so it is not end-to-end encrypted.
The distinction matters. For private conversations between two people, E2EE means only the sender and recipient can read the contents — not Apple, Google, or the carrier. For business messaging, the brand’s platform necessarily processes the message to send it, render analytics, and route fallback, so A2P RCS relies on strong transport encryption rather than end-to-end encryption. That’s the same model every business channel uses (SMS, email, WhatsApp Business).
For brands, the takeaway is to treat RCS like any professional channel: it’s well-secured in transit and far more trustworthy than plain SMS thanks to verified senders, but it isn’t a vault for secrets — don’t send full card numbers or sensitive data you wouldn’t put in any business message.
Key facts
- Transit encryption (TLS) protects all RCS messages in motion.
- P2P E2EE: GSMA Universal Profile 3.0 (March 2025) via MLS; Apple enabled cross-platform E2EE by default in beta with iOS 26.5 (May 11, 2026); Google Messages has supported E2EE for years.
- A2P/business RCS is transport-encrypted and platform-processed — not end-to-end encrypted.