Hi Joachim,
Thank you for your update and for the provided steps, and please sorry for the delay in our response.
Looks like when you change these encryption settings in a field, the Last Modified date for an object isn't changed, and this is why the regular pull process doesn't see the changes. For example, the same case applies when you add a new field to an object.
At the same time, the Force pull functionality re-download this object anyway and you can get your updated file.
We are going to investigate why exactly the issue is reproduced when you deploy the changed value for the encryption settings.
I will keep you updated on our progress.
Thank you for your collaboration!
Best Regards,
Kate