diff --git a/docs/devops/END_TO_END_ENCRYPTION_ROADMAP.md b/docs/devops/END_TO_END_ENCRYPTION_ROADMAP.md
index a92a77c6..c7fa952a 100644
--- a/docs/devops/END_TO_END_ENCRYPTION_ROADMAP.md
+++ b/docs/devops/END_TO_END_ENCRYPTION_ROADMAP.md
@@ -1,7 +1,7 @@
 # ByteLyst — End-to-End Encryption Implementation Roadmap
 
 > **Purpose:** Phased implementation plan for encryption across the ByteLyst ecosystem.  
-> **Status:** Phase 1 + Phase 2 (Sprint 3) COMPLETE — 6 product backends encrypted  
+> **Status:** Phase 1 + Sprint 3 + Sprint 4.1/4.2 COMPLETE — 6 backends + native SDKs  
 > **Author:** AI Architecture Review  
 > **Last updated:** 2026-07-12  
 > **Design doc:** [`END_TO_END_ENCRYPTION_DESIGN.md`](END_TO_END_ENCRYPTION_DESIGN.md)
@@ -280,48 +280,23 @@ Week 1-2     Week 3-4     Week 5-6     Week 7-8     Week 9-10    Week 11-14
 
 #### 4.1 Swift Platform SDK — `BLFieldEncrypt`
 
-- [ ] **4.1.1** Create `Sources/BLFieldEncrypt.swift` in `packages/swift-platform-sdk/`
-
-  ```swift
-  import CryptoKit
-
-  public struct BLFieldEncrypt {
-      /// Encrypt a string field with AES-256-GCM
-      public static func encrypt(_ plaintext: String, key: SymmetricKey) -> EncryptedField
-      /// Decrypt an encrypted field
-      public static func decrypt(_ field: EncryptedField, key: SymmetricKey) -> String?
-      /// Check if a JSON value is an encrypted field
-      public static func isEncrypted(_ value: Any) -> Bool
-  }
-
-  public struct EncryptedField: Codable {
-      public let __encrypted: Bool  // always true
-      public let v: Int             // version
-      public let alg: String        // "aes-256-gcm"
-      public let ct: String         // ciphertext (base64)
-      public let iv: String         // IV (hex)
-      public let tag: String        // auth tag (hex)
-      public let dekId: String      // DEK identifier
-  }
-  ```
-
+- [x] **4.1.1** Create `Sources/BLFieldEncrypt.swift` in `packages/swift-platform-sdk/`
+  - `BLEncryptedField` Codable struct + `BLFieldEncrypt` enum (CryptoKit AES-256-GCM)
+  - encrypt/decrypt, AAD support, generateKey, keyFromHex, isEncrypted
+  - Data hex helpers (hexString, init?(hexString:))
 - [ ] **4.1.2** Key derivation from Keychain-stored secret
-- [ ] **4.1.3** Unit tests (XCTest)
+- [x] **4.1.3** Unit tests (XCTest) — 22 tests in BLFieldEncryptTests.swift
 
 **Commit:** `feat(swift-sdk): add BLFieldEncrypt for client-side AES-256-GCM encryption`
 
 #### 4.2 Kotlin Platform SDK — `BLFieldEncrypt`
 
-- [ ] **4.2.1** Create `src/main/.../BLFieldEncrypt.kt` in `packages/kotlin-platform-sdk/`
-  ```kotlin
-  object BLFieldEncrypt {
-      fun encrypt(plaintext: String, key: SecretKeySpec): EncryptedField
-      fun decrypt(field: EncryptedField, key: SecretKeySpec): String?
-      fun isEncrypted(value: Any?): Boolean
-  }
-  ```
+- [x] **4.2.1** Create `src/main/.../BLFieldEncrypt.kt` in `packages/kotlin-platform-sdk/`
+  - `BLEncryptedField` data class + `BLFieldEncrypt` object (javax.crypto AES-256-GCM)
+  - encrypt/decrypt, AAD support, generateKey, keyFromHex, isEncrypted
+  - ByteArray/String hex extension functions
 - [ ] **4.2.2** Key derivation from BLSecureStore
-- [ ] **4.2.3** Unit tests (JUnit5)
+- [x] **4.2.3** Unit tests (JUnit5) — 21/21 passing in BLFieldEncryptTest.kt
 
 **Commit:** `feat(kotlin-sdk): add BLFieldEncrypt for client-side AES-256-GCM encryption`