HomeInsightsAI Strategy
AI Strategy · 9 min read

That AI notetaker in your meetings could be a legal problem. Here is what to know.

AI notetakers that silently join your video calls and transcribe everything have become enormously popular and genuinely useful, and in 2026 they also became a real legal risk, with class-action lawsuits targeting tools like Otter and Fireflies over recording meetings without proper consent. In roughly a dozen states, the law requires every person on a call to consent to being recorded, and simply having a recording bot visible in the participant list does not count as consent. The fix is simple and costs nothing: get clear agreement to record before the recording starts. Here is exactly what the risk is and how to keep using these tools safely.

AI notetakers have become one of the most quietly transformative business tools of the past couple of years. You add one to a video call, it silently records and transcribes the whole conversation, and afterward you get a clean summary, a searchable transcript, and a list of action items, all without anyone taking a note by hand. They save real time and they have spread fast, to the point where it is now common for one or more of these bots to sit in on meetings as a matter of routine, often without anyone thinking twice about it.

That thoughtlessness is exactly where the problem has crept in. Recording a conversation, even a business one, is legally regulated, and in 2026 that regulation collided with the casual ubiquity of AI notetakers in the form of real lawsuits. The issue is not that these tools are bad or that you should stop using them, they remain genuinely useful, but that recording people without proper consent can break the law, and the convenience of a bot that just quietly records everything has led a lot of businesses into doing exactly that without realising it. This article explains the risk, why it is suddenly live, how consent law actually works, and the simple, free steps to keep using AI notetakers safely.

The five-second answer

AI notetakers record and transcribe your meetings, and recording people is legally regulated: in roughly a dozen states, including California, Illinois, Florida, Pennsylvania, Massachusetts, and Washington, the law requires all parties to consent to being recorded, and 2026 lawsuits against tools like Otter and Fireflies are testing this. Crucially, a recording bot merely being visible in the participant list does not count as legal consent, which requires informed agreement. The fix is simple and free: before recording starts, clearly tell everyone the meeting is being recorded and transcribed by AI and get their agreement, and turn the notetaker off for confidential or sensitive conversations. Keep using these useful tools, just get proper consent first, which protects your business at no cost.

The risk you may not know about

The core risk is straightforward once stated: an AI notetaker records the conversation, recording people is legally regulated, and recording someone without the consent the law requires can expose your business to legal liability. Most people never think of adding a notetaker to a call as recording someone in the legal sense, because it feels like a productivity feature rather than surveillance, but legally that is exactly what it is, and the law that governs recording conversations applies regardless of how convenient or well-intentioned the tool is. The gap between how casual the action feels and how regulated it actually is, is where businesses get caught.

What makes this particularly easy to stumble into is that AI notetakers are designed to be frictionless, joining calls quietly and recording automatically, which is precisely the behaviour that leads to recording people who never clearly agreed to it. The tool's convenience is, in this one respect, the source of the risk, because it removes the natural pause where you might have asked whether everyone is okay with being recorded. A bot that silently starts transcribing the moment the meeting begins can capture a whole conversation before anyone has consented to anything, which is the exact situation the law is concerned with.

This has moved from a theoretical concern to a live one because the sheer prevalence of these tools means it is now happening constantly, and the legal system has taken notice. The risk is not that using an AI notetaker is inherently illegal, it plainly is not when done properly, but that using one carelessly, recording people without proper consent, can break real laws with real penalties. Understanding that distinction, between the tool being fine and careless use of it being risky, is the key to continuing to enjoy the benefit while avoiding the liability, and it is entirely manageable once you know it exists.

The lawsuits driving this

The reason this became urgent in 2026 is a wave of actual litigation. Otter, one of the most popular AI notetakers, faces a federal class-action lawsuit claiming its notetaker recorded meetings without the consent of all parties, with a key hearing on its motion to dismiss scheduled for mid-July 2026. Separately, Fireflies, another widely used tool, faces a suit in Illinois under that state's biometric privacy law over its speaker-recognition feature, on the theory that the voiceprints such a feature uses are biometric identifiers the law specifically protects. These are not fringe cases, they target mainstream tools that huge numbers of businesses use.

The significance for a small business is not the specific fate of these particular cases but what they represent, which is that recording without proper consent, exactly what a carelessly-used AI notetaker does, is now being actively litigated and treated as a genuine legal violation. Whatever the outcomes, the lawsuits have put a spotlight on a practice that had spread quietly and unexamined, and they signal that regulators, courts, and plaintiffs are willing to treat improper AI recording as the legal issue it always technically was. The era of assuming nobody would ever care that your bot recorded a call without asking is ending.

It is worth noting that much of the legal exposure falls on the businesses using these tools, not only on the tool makers, which is the part that should focus a small business owner's attention. When your business runs a meeting and records the participants without proper consent, your business is the one that recorded them, and the responsibility for having obtained consent is largely yours, not the software vendor's. So the lawsuits against the tool makers are a warning sign for every business that uses the tools, because the underlying legal duty to record people only with their consent rests on whoever is doing the recording, which in your meetings is you.

How consent law actually works

The legal landscape here has an important structure worth understanding. In the United States, recording laws vary by state, and while some states require only that one party to a conversation consent, roughly a dozen states require all-party consent, meaning every single person on the call must agree to being recorded. These all-party-consent states include large and common ones like California, Illinois, Florida, Pennsylvania, Massachusetts, and Washington, which means that for any meeting involving participants in those places, everyone needs to have consented, and a single non-consenting participant can make the recording unlawful.

The crucial detail, and the one that trips businesses up, is what counts as consent, because it is more than mere awareness. No jurisdiction currently treats the visible presence of a recording bot in the participant list as sufficient legal notice or consent, so the common assumption that people can see the bot, so they have effectively agreed does not hold up. Genuine consent requires informed agreement: a participant must actually understand that the meeting is being recorded, and ideally how the recording will be used, who will have access, and how long it will be kept, rather than merely having had the theoretical opportunity to notice a bot in the corner of their screen.

For a business, the practical upshot of this structure is a simple safe rule that sidesteps all the jurisdictional complexity: get clear, informed, all-party consent before recording, every time. Because your meetings may include people in all-party-consent states, and because you often cannot be sure where every participant is, the safe and simple approach is to treat every meeting as if all-party consent is required and to obtain it explicitly, which keeps you compliant everywhere without needing to track the specific law for each participant. The complexity of the underlying law argues for the simplicity of always getting clear consent, rather than trying to figure out case by case whether you can get away with less.

Where the exposure is highest

While every business using AI notetakers should get consent, the exposure is highest in a few identifiable situations worth extra care about. Meetings with people outside your own organisation, clients, prospects, partners, vendors, carry more risk than purely internal ones, because external participants have not agreed to your internal norms and are more likely to object or to be in a jurisdiction with strict consent laws, and recording them without clear agreement is exactly the scenario the lawsuits concern. Client and customer calls in particular deserve deliberate consent every time.

Conversations touching sensitive or confidential subjects are the second high-exposure area, and here the right move is often not to record at all. Meetings involving legal matters, confidential business information, personal or medical details, or anything where a participant would reasonably expect privacy carry heightened risk and heightened stakes if a recording is mishandled or made without consent, and the sensible practice is to turn the notetaker off for such conversations rather than relying on consent alone. The convenience of a transcript is rarely worth the risk when the subject matter is genuinely sensitive.

A further consideration is what happens to the recordings and transcripts once made, because the legal issues do not end at consent. Recordings of conversations are data, and they carry the same responsibilities as other sensitive business data around storage, access, and retention, which connects to the broader data and coverage questions we discussed in our pieces on the EU AI Act and the AI insurance coverage gap. A business that records meetings should think not only about consent to record but about handling the resulting recordings responsibly, since a trove of transcribed conversations is exactly the kind of data whose mishandling creates its own problems.

How to use them safely

The central safe practice is simple, free, and defeats almost all of the risk: before an AI notetaker starts recording, clearly tell everyone on the call that the meeting is being recorded and transcribed by AI, and get their agreement. This can be a brief spoken statement at the start of the meeting, a note in the invitation, or both, and the key is that it happens before recording and that it gives participants a genuine, informed chance to agree or object rather than merely presenting them with a bot already running. Making this a consistent habit, on every meeting, removes the guesswork and keeps you compliant regardless of who is on the call.

Alongside universal consent, build in the judgment to turn the notetaker off when it does not belong. For confidential, legally sensitive, or personal conversations, the safe practice is simply not to record, accepting that the convenience of a transcript is not worth the risk in those cases, and being ready to disable the tool when a meeting turns to sensitive matters even if it started routinely. Respecting anyone who objects to being recorded is part of this too, since consent that cannot be refused is not really consent, and a participant's discomfort should be honoured rather than overridden.

Finally, treat the recordings and transcripts these tools produce as the sensitive business data they are, storing them securely, limiting access appropriately, and not keeping them longer than you need, which protects both the people recorded and your business. Put together, these practices, always get informed consent before recording, turn the tool off for sensitive conversations, respect objections, and handle the data responsibly, let you keep all the genuine productivity benefit of AI notetakers while shedding almost all of the legal risk. If you want help setting sensible internal rules for AI tools like these across your business, that kind of practical governance is exactly what our €49 audit can help establish.

The bottom line

AI notetakers are genuinely useful and worth continuing to use, but their frictionless convenience has quietly led many businesses into a real legal risk: recording people without the consent the law requires. In roughly a dozen states, including large ones like California and Illinois, recording requires all parties to agree, and 2026 lawsuits against popular tools like Otter and Fireflies have made clear that improper AI recording is being treated as the genuine legal violation it always technically was, with much of the exposure falling on the businesses doing the recording rather than only the tool makers.

The reassuring part is that the fix is simple and costs nothing. Before an AI notetaker starts recording, clearly tell everyone and get their agreement, treat every meeting as if all-party consent is required so you are covered everywhere, turn the tool off for confidential or sensitive conversations, respect anyone who objects, and handle the resulting recordings as the sensitive data they are. Do that consistently and you keep every bit of the productivity these tools offer while shedding almost all of the legal risk. The point is not to fear AI notetakers or abandon them, but to use them the way the law has always required recording to be done, with the clear, informed consent of the people being recorded, which is both good practice and simple courtesy.

Want sensible internal rules for AI tools like notetakers across your business? Start with the €49 audit

Sources

Quick answers

Common questions.

Want this in your business?

The €49 audit shows you exactly which automations would pay back fastest in your specific operation.

€49 entryFull AI audit + strategy call included

Reserve your auditNo commitment. No contracts. Just clarity.