Both AWS and the customer share responsibilities for client-side data encryption. AWS provides tools and services to enable encryption, but it is the customer's responsibility to implement them.