diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 1356355158..15c626f004 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Move the forcing of clear text encoding to the `ActiveRecord::Encryption::Encryptor`.
+
+    Fixes #42699.
+
+    *J Smith*
+
 *   `partial_inserts` is now disabled by default in new apps.
 
     This will be the default for new apps in Rails 7. To opt in:
diff --git a/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb b/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb
index 2765d2b8f3..00b007b02a 100644
--- a/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb
+++ b/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb
@@ -31,8 +31,6 @@ module ActiveRecord
       end
 
       def serialize(value)
-        value = force_encoding_if_needed(value)
-
         if serialize_with_oldest?
           serialize_with_oldest(value)
         else
@@ -51,18 +49,6 @@ module ActiveRecord
       end
 
       private
-        def force_encoding_if_needed(value)
-          if deterministic? && forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
-            value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
-          else
-            value
-          end
-        end
-
-        def forced_encoding_for_deterministic_encryption
-          ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
-        end
-
         def previous_schemes_including_clean_text
           previous_schemes.including((clean_text_scheme if support_unencrypted_data?)).compact
         end
diff --git a/activerecord/lib/active_record/encryption/encryptor.rb b/activerecord/lib/active_record/encryption/encryptor.rb
index 15acf1fdae..5e4b7a331e 100644
--- a/activerecord/lib/active_record/encryption/encryptor.rb
+++ b/activerecord/lib/active_record/encryption/encryptor.rb
@@ -32,6 +32,8 @@ module ActiveRecord
       #   +Cipher+-specific options that will be passed to the Cipher configured in
       #   +ActiveRecord::Encryption.cipher+
       def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
+        clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]
+
         validate_payload_type(clear_text)
         serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
       end
@@ -136,6 +138,18 @@ module ActiveRecord
             uncompressed_data.force_encoding(data.encoding)
           end
         end
+
+        def force_encoding_if_needed(value)
+          if forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
+            value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
+          else
+            value
+          end
+        end
+
+        def forced_encoding_for_deterministic_encryption
+          ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
+        end
     end
   end
 end