diff --git a/samples/snippets/src/main/java/com/example/storage/bucket/GetEncryptionEnforcementConfig.java b/samples/snippets/src/main/java/com/example/storage/bucket/GetEncryptionEnforcementConfig.java
new file mode 100644
index 0000000000..54f9889474
--- /dev/null
+++ b/samples/snippets/src/main/java/com/example/storage/bucket/GetEncryptionEnforcementConfig.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example.storage.bucket;
+
+// [START storage_get_encryption_enforcement_config]
+
+import com.google.cloud.storage.Bucket;
+import com.google.cloud.storage.BucketInfo.CustomerManagedEncryptionEnforcementConfig;
+import com.google.cloud.storage.BucketInfo.CustomerSuppliedEncryptionEnforcementConfig;
+import com.google.cloud.storage.BucketInfo.GoogleManagedEncryptionEnforcementConfig;
+import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+
+public class GetEncryptionEnforcementConfig {
+  public static void getEncryptionEnforcementConfig(String projectId, String bucketName)
+      throws Exception {
+    // The ID of your GCP project
+    // String projectId = "your-project-id";
+
+    // The ID of your GCS bucket
+    // String bucketName = "your-unique-bucket-name";
+
+    try (Storage storage =
+        StorageOptions.newBuilder().setProjectId(projectId).build().getService()) {
+      System.out.println(
+          "\n--- Getting Encryption Enforcement Policy for bucket " + bucketName + " ---");
+
+      Bucket bucket = storage.get(bucketName);
+
+      if (bucket == null) {
+        System.out.println("Bucket " + bucketName + " not found.");
+        return;
+      }
+
+      System.out.println("Bucket Name: " + bucket.getName());
+
+      GoogleManagedEncryptionEnforcementConfig gmekConfig =
+          bucket.getGoogleManagedEncryptionEnforcementConfig();
+      CustomerManagedEncryptionEnforcementConfig cmekConfig =
+          bucket.getCustomerManagedEncryptionEnforcementConfig();
+      CustomerSuppliedEncryptionEnforcementConfig csekConfig =
+          bucket.getCustomerSuppliedEncryptionEnforcementConfig();
+
+      System.out.println(
+          "  GMEK Enforcement: "
+              + (gmekConfig != null
+                  ? String.format(
+                      "Mode: %s, Effective Time: %s",
+                      gmekConfig.getRestrictionMode(), gmekConfig.getEffectiveTime())
+                  : "NOT SET (Default)"));
+      System.out.println(
+          "  CMEK Enforcement: "
+              + (cmekConfig != null
+                  ? String.format(
+                      "Mode: %s, Effective Time: %s",
+                      cmekConfig.getRestrictionMode(), cmekConfig.getEffectiveTime())
+                  : "NOT SET (Default)"));
+      System.out.println(
+          "  CSEK Enforcement: "
+              + (csekConfig != null
+                  ? String.format(
+                      "Mode: %s, Effective Time: %s",
+                      csekConfig.getRestrictionMode(), csekConfig.getEffectiveTime())
+                  : "NOT SET (Default)"));
+    }
+  }
+}
+// [END storage_get_encryption_enforcement_config]
diff --git a/samples/snippets/src/main/java/com/example/storage/bucket/RemoveAllEncryptionEnforcementConfig.java b/samples/snippets/src/main/java/com/example/storage/bucket/RemoveAllEncryptionEnforcementConfig.java
new file mode 100644
index 0000000000..19159b29e7
--- /dev/null
+++ b/samples/snippets/src/main/java/com/example/storage/bucket/RemoveAllEncryptionEnforcementConfig.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example.storage.bucket;
+
+// [START storage_remove_all_encryption_enforcement_config]
+
+import com.google.cloud.storage.Bucket;
+import com.google.cloud.storage.BucketInfo;
+import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+
+public class RemoveAllEncryptionEnforcementConfig {
+  public static void removeEncryptionEnforcementConfig(String projectId, String bucketName)
+      throws Exception {
+    // The ID of your GCP project
+    // String projectId = "your-project-id";
+
+    // The ID of your GCS bucket
+    // String bucketName = "your-unique-bucket-name";
+
+    try (Storage storage =
+        StorageOptions.newBuilder().setProjectId(projectId).build().getService()) {
+      Bucket bucket = storage.get(bucketName);
+      if (bucket == null) {
+        System.out.println("Bucket " + bucketName + " does not exist.");
+        return;
+      }
+      // To remove an existing policy, the corresponding field must be explicitly set to 'null'
+      // in the BucketInfo object passed to the update call.
+      BucketInfo bucketInfo =
+          bucket.toBuilder()
+              .setGoogleManagedEncryptionEnforcementConfig(null)
+              .setCustomerManagedEncryptionEnforcementConfig(null)
+              .setCustomerSuppliedEncryptionEnforcementConfig(null)
+              .build();
+
+      storage.update(bucketInfo);
+      System.out.println(
+          "Encryption enforcement policy removed from bucket "
+              + bucketName
+              + ". Bucket reverted to default behavior.");
+    }
+  }
+}
+// [END storage_remove_all_encryption_enforcement_config]
diff --git a/samples/snippets/src/main/java/com/example/storage/bucket/SetBucketEncryptionEnforcementConfig.java b/samples/snippets/src/main/java/com/example/storage/bucket/SetBucketEncryptionEnforcementConfig.java
new file mode 100644
index 0000000000..4a99ef1b82
--- /dev/null
+++ b/samples/snippets/src/main/java/com/example/storage/bucket/SetBucketEncryptionEnforcementConfig.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example.storage.bucket;
+
+// [START storage_set_encryption_enforcement_config]
+
+import com.google.cloud.storage.Bucket;
+import com.google.cloud.storage.BucketInfo;
+import com.google.cloud.storage.BucketInfo.CustomerManagedEncryptionEnforcementConfig;
+import com.google.cloud.storage.BucketInfo.CustomerSuppliedEncryptionEnforcementConfig;
+import com.google.cloud.storage.BucketInfo.EncryptionEnforcementRestrictionMode;
+import com.google.cloud.storage.BucketInfo.GoogleManagedEncryptionEnforcementConfig;
+import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+
+public class SetBucketEncryptionEnforcementConfig {
+  public static void setBucketEncryptionEnforcementConfig(String projectId, String bucketName)
+      throws Exception {
+    // The ID of your GCP project
+    // String projectId = "your-project-id";
+
+    // The ID of your GCS bucket
+    // String bucketName = "your-unique-bucket-name";
+
+    try (Storage storage =
+        StorageOptions.newBuilder().setProjectId(projectId).build().getService()) {
+
+      // Example 1: Enforce GMEK Only
+      setGmekEnforcedPolicy(storage, bucketName + "_gmek_only");
+
+      // Example 2: Enforce CMEK Only
+      setCmekEnforcedPolicy(storage, bucketName + "_cmek_only");
+
+      // Example 3: Restrict CSEK (Ransomware Protection)
+      restrictCsekPolicy(storage, bucketName + "_restrict_csek");
+    }
+  }
+
+  public static void setGmekEnforcedPolicy(Storage storage, String bucketName) {
+    GoogleManagedEncryptionEnforcementConfig gmekConfig =
+        GoogleManagedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.NOT_RESTRICTED);
+    CustomerManagedEncryptionEnforcementConfig cmekConfig =
+        CustomerManagedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.FULLY_RESTRICTED);
+    CustomerSuppliedEncryptionEnforcementConfig csekConfig =
+        CustomerSuppliedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.FULLY_RESTRICTED);
+
+    BucketInfo bucketInfo =
+        BucketInfo.newBuilder(bucketName)
+            .setGoogleManagedEncryptionEnforcementConfig(gmekConfig)
+            .setCustomerManagedEncryptionEnforcementConfig(cmekConfig)
+            .setCustomerSuppliedEncryptionEnforcementConfig(csekConfig)
+            .build();
+
+    Bucket bucket = storage.create(bucketInfo);
+    System.out.println(
+        "Bucket " + bucket.getName() + " created with GMEK-only enforcement policy.");
+  }
+
+  public static void setCmekEnforcedPolicy(Storage storage, String bucketName) {
+    GoogleManagedEncryptionEnforcementConfig gmekConfig =
+        GoogleManagedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.FULLY_RESTRICTED);
+    CustomerManagedEncryptionEnforcementConfig cmekConfig =
+        CustomerManagedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.NOT_RESTRICTED);
+    CustomerSuppliedEncryptionEnforcementConfig csekConfig =
+        CustomerSuppliedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.FULLY_RESTRICTED);
+
+    BucketInfo bucketInfo =
+        BucketInfo.newBuilder(bucketName)
+            .setGoogleManagedEncryptionEnforcementConfig(gmekConfig)
+            .setCustomerManagedEncryptionEnforcementConfig(cmekConfig)
+            .setCustomerSuppliedEncryptionEnforcementConfig(csekConfig)
+            .build();
+
+    Bucket bucket = storage.create(bucketInfo);
+    System.out.println(
+        "Bucket " + bucket.getName() + " created with CMEK-only enforcement policy.");
+  }
+
+  public static void restrictCsekPolicy(Storage storage, String bucketName) {
+    CustomerSuppliedEncryptionEnforcementConfig csekConfig =
+        CustomerSuppliedEncryptionEnforcementConfig.of(
+            EncryptionEnforcementRestrictionMode.FULLY_RESTRICTED);
+
+    BucketInfo bucketInfo =
+        BucketInfo.newBuilder(bucketName)
+            .setCustomerSuppliedEncryptionEnforcementConfig(csekConfig)
+            .build();
+
+    Bucket bucket = storage.create(bucketInfo);
+    System.out.println("Bucket " + bucket.getName() + " created with a policy to restrict CSEK.");
+  }
+}
+// [END storage_set_encryption_enforcement_config]