This article examines the emerging legal framework of encryption. It reviews the different categories of law that make up this legal framework, namely: export control laws, substantive cybercrime laws, criminal procedure laws, human rights laws, and cybersecurity laws. These laws are analysed according to which of the three regulatory subjects or targets they specifically address: the technology of encryption, the parties to encryption, or encrypted data and communications. For each category of law, illustrative examples of international and national laws are discussed. This article argues that understanding the legal framework of encryption is essential to determining how this technology is currently regulated and how these regulations can be improved. It concludes that the legal framework is the key to discerning the present state and future direction of encryption laws and policies.