diff --git a/python/src/functions/create_archive.py b/python/src/functions/create_archive.py
index 1c2e113d..714ef921 100644
--- a/python/src/functions/create_archive.py
+++ b/python/src/functions/create_archive.py
@@ -97,5 +97,10 @@ def create_archive(
             upload_key = f"{target_key}report.zip"
             # upload the zip file to the target key
 
-            s3_client.upload_file(file.name, S3_BUCKET, upload_key)
+            s3_client.upload_file(
+                file.name,
+                S3_BUCKET,
+                upload_key,
+                ExtraArgs={"ServerSideEncryption": "AES256"},
+            )
             logger.info(f"Uploaded archive file to {upload_key}")
diff --git a/python/tests/src/lib/test_create_archive.py b/python/tests/src/lib/test_create_archive.py
index 55934bae..1bf128e1 100644
--- a/python/tests/src/lib/test_create_archive.py
+++ b/python/tests/src/lib/test_create_archive.py
@@ -30,7 +30,10 @@ def test_create_archive_creates_zip():
 
     # Assert that the file was attempted to be created
     s3_client.upload_file.assert_called_with(
-        ANY, "test_bucket", "treasuryreports/1234/5678/report.zip"
+        ANY,
+        "test_bucket",
+        "treasuryreports/1234/5678/report.zip",
+        ExtraArgs={"ServerSideEncryption": "AES256"},
     )