diff --git a/README.md b/README.md
index 8638463..8e4ba86 100644
--- a/README.md
+++ b/README.md
@@ -17,8 +17,10 @@ A repository of community generated Service control policies (SCPs) and referenc
 
 - [s3-us-only-buckets](s3-us-only-buckets.policy) - Allows creation of an S3 bucket only in the US EAST (us-east-1 or us-east-2) or WEST (us-west-1 or us-west-2) regions.
 
+- [ec2-encrypt-ebs](ec2-encrypt-ebs.policy) - Set enforces setting where ebs volumes are encrypted by default - to set default for account use cli command: aws ec2 enable-ebs-encryption-by-default    Not setting up a default encryption will generate a difficult to understand error.
+
 ## Reference Links
 
 - [Service Control Policies](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) - AWS Organizations - Service Control Policies Documentation
 
-- [Example Control Policies](https://github.com/awsdocs/aws-organizations-docs/blob/master/doc_source/orgs_manage_policies_example-scps.md) 
\ No newline at end of file
+- [Example Control Policies](https://github.com/awsdocs/aws-organizations-docs/blob/master/doc_source/orgs_manage_policies_example-scps.md) 
diff --git a/ec2-encrypt-ebs.policy b/ec2-encrypt-ebs.policy
new file mode 100644
index 0000000..b2b45ea
--- /dev/null
+++ b/ec2-encrypt-ebs.policy
@@ -0,0 +1,20 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "Require EC2 Encryption",
+            "Effect": "Deny",
+            "Action": [
+                "ec2:RunInstances"
+            ],
+            "Condition": {
+                "Bool": {
+                    "ec2:Encrypted": "false"
+                }
+            },
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}