AI Meeting Notes for Board Meetings: Why Corporate Governance Demands On-Device Transcription

Board meetings are the inner sanctum of corporate decision-making. Merger discussions, executive compensation debates, strategic pivots, succession planning, pending litigation—the conversations that happen in a boardroom carry more concentrated legal and financial risk than virtually any other meeting in an organization.

So why are companies sending this audio to cloud servers they don't control?

The rush to adopt AI-powered meeting transcription has reached the C-suite, and increasingly, the boardroom itself. Directors want better minutes. General counsels want defensible records. Corporate secretaries want efficiency. But the cloud-based tools most organizations default to—Otter.ai, Fireflies, Zoom AI Companion—create a cascading chain of legal, regulatory, and fiduciary risks that most boards haven't fully considered.

What's Actually Discussed in Board Meetings

To understand the risk, consider the typical content of a board meeting:

• Material non-public information (MNPI) — Earnings projections, revenue forecasts, and strategic plans that could move stock prices
• M&A discussions — Target companies, valuation ranges, and deal timelines
• Executive compensation — CEO and officer pay packages, performance reviews, and termination discussions
• Litigation strategy — Pending lawsuits, settlement negotiations, and legal exposure assessments
• Regulatory matters — Government investigations, compliance failures, and remediation plans
• Whistleblower reports — Internal complaints, investigation findings, and disciplinary actions

Every single one of these categories carries serious legal consequences if disclosed improperly. And yet, when a board uses a cloud-based transcription tool, every word of this discussion gets uploaded, processed, stored, and potentially accessed by a third party's employees, algorithms, and infrastructure.

Fiduciary Duty and the Cloud Transcription Problem

Directors owe fiduciary duties of care and loyalty to the corporation and its shareholders. The duty of care requires directors to act with the diligence of a reasonably prudent person—which includes safeguarding confidential corporate information.

According to the SEC's guidance on corporate governance, boards must establish and maintain adequate controls over material information. Routing board deliberations through third-party cloud services raises a fundamental question: does sending insider information to servers controlled by an external vendor satisfy the duty of care?

The answer is increasingly looking like no.

In 2025, a Wall Street Journal investigation revealed that multiple AI transcription vendors had experienced unauthorized access to client audio data, including recordings from corporate strategy sessions. While no board meeting recordings were confirmed to be among the exposed data, the incidents highlighted how little control organizations have once audio leaves their premises.

The Insider Trading Dimension

Board meetings are ground zero for material non-public information. When this information is transcribed and stored in the cloud, the attack surface for insider trading violations expands dramatically.

Consider the chain of exposure with cloud transcription:

1. Audio is captured and uploaded to the vendor's cloud infrastructure
2. The transcription engine processes the audio—potentially on shared compute resources
3. The resulting transcript is stored on the vendor's servers
4. Vendor employees may have access for quality assurance, debugging, or model training
5. The data may be retained for weeks, months, or indefinitely depending on the vendor's policies
6. Government agencies or litigants may subpoena the vendor's records

Each step in this chain creates a potential vector for MNPI to reach someone who shouldn't have it. And under SEC Rule 10b-5, the company and its directors could face liability if they failed to maintain reasonable safeguards over this information.

What Cloud Transcription Vendors Actually Do With Your Data

Most boards that adopt AI transcription tools never perform due diligence on the vendor's data handling practices. When you examine the actual policies, the findings are concerning.

Otter.ai's privacy policy grants the company broad rights to use content uploaded to its platform, including for service improvement and model training. While enterprise plans may offer more restrictive terms, the default posture is permissive—and most organizations don't negotiate custom data processing agreements.

Zoom's privacy policy similarly reserves rights to use data generated through its AI Companion features. For a board meeting conducted via Zoom with AI transcription enabled, this means Zoom may process and retain the meeting's content under terms the board may not have reviewed.

As we explored in our article on AI meeting notes and SEC compliance for financial services, the regulatory implications of cloud processing extend far beyond simple data storage—they touch every aspect of information governance.

The Litigation Discovery Nightmare

Here's a scenario that should keep every general counsel awake at night: your company is sued in a securities class action. During discovery, plaintiffs' counsel subpoenas your cloud transcription vendor for all board meeting recordings and transcripts.

Suddenly, your board's private deliberations—including candid discussions about risk factors, dissenting opinions, and strategic uncertainties—are in the hands of opposing counsel. And because the vendor retained the audio and transcripts on their servers, the company may have limited ability to assert privilege or resist production.

A Reuters Legal analysis noted that courts are increasingly treating cloud-stored AI data as discoverable, particularly when the data was voluntarily shared with a third-party service provider. The attorney-client privilege that might otherwise protect board deliberations can be weakened or waived when the communication was transmitted through an external platform.

For a deeper examination of how privilege intersects with cloud AI tools, see our analysis of attorney-client privilege and on-device transcription.

On-Device Transcription: The Corporate Governance Solution

On-device AI transcription eliminates the entire chain of risk described above. When transcription happens locally—on the device itself, without any data leaving the room—the board retains complete custody and control of its deliberations.

Here's how this works with Basil AI:

• Audio never leaves the device. Basil uses Apple's on-device Speech Recognition framework to transcribe in real time, entirely on the iPhone, iPad, or Mac. No internet connection required.
• No cloud storage. Transcripts are stored locally on the device and can be exported to Apple Notes via iCloud—infrastructure the organization already controls.
• No vendor access. Basil AI has zero ability to see, access, or retrieve your transcripts. There's no server to subpoena and no employee who can review your data.
• No model training. Your board's discussions will never become training data for anyone's AI model.
• Instant, permanent deletion. Delete the transcript from your device and it's gone. No vendor retention policies, no backup tapes, no 90-day deletion windows.

For a board, this means the transcription tool operates with the same information security posture as a physical notepad—except it's faster, more accurate, and produces searchable, structured output.

Practical Implementation for Board Meetings

In-Person Board Meetings

The corporate secretary or designated note-taker opens Basil AI on their device, places it on the conference table, and starts recording. Basil captures up to 8 hours of continuous audio with real-time transcription and speaker identification. At the conclusion of the meeting, the transcript is exported to Apple Notes and shared with authorized recipients through the organization's existing secure channels.

Hybrid and Virtual Board Meetings

For boards meeting via video conference, Basil AI captures the audio output from the device. Because all processing happens on-device, the board doesn't need to enable any cloud-based AI features in Zoom, Teams, or Webex. The AI transcription bot never joins the call. No third party ever receives the audio.

Executive Sessions

Executive sessions—where independent directors meet without management present—contain some of the most sensitive board discussions. These sessions often cover CEO performance, executive terminations, and whistleblower investigations. On-device transcription ensures these discussions remain exclusively within the control of the independent directors.

Committee Meetings

Audit committee, compensation committee, and nominating committee meetings each carry their own sensitivity requirements. On-device transcription provides a consistent information security posture across all committee activities without requiring different tools or workflows for different sensitivity levels.

What Board Governance Frameworks Say

Leading corporate governance frameworks are beginning to address AI tool risk explicitly.

The National Association of Corporate Directors (NACD) has published guidance recommending that boards evaluate the data security implications of all technology tools used in board operations, with particular attention to AI-powered services that process or store meeting content.

The Business Roundtable's updated principles of corporate governance similarly emphasize that boards should maintain robust information security practices that extend to all third-party technology providers.

For organizations in regulated industries—banking, insurance, healthcare, defense—the requirements are even more stringent. Regulatory frameworks like SOX, GLBA, and ITAR impose specific obligations around the handling of sensitive corporate information that cloud transcription may violate.

The D&O Insurance Angle

Directors and officers insurance policies typically require that directors exercise reasonable care in protecting confidential corporate information. A data breach originating from a cloud transcription vendor could create coverage questions if the insurer determines that using the cloud service constituted a failure of reasonable care.

On-device transcription eliminates this exposure entirely. When no data leaves the device, there's no third-party vendor breach vector to evaluate.

Making the Case to Your Board

If you're a general counsel, corporate secretary, or CISO looking to move your board away from cloud transcription, here's a framework for the conversation:

1. Quantify the information at risk. List the categories of sensitive information discussed in a typical board meeting. Map each category to its legal protection framework (securities law, privilege, trade secrets, privacy).
2. Audit current exposure. Identify every AI tool currently touching board meeting content. Pull the privacy policy and DPA for each. Highlight concerning provisions.
3. Present the alternative. Demonstrate on-device transcription with Basil AI. Show that the functionality is equivalent or superior, with zero information security risk.
4. Frame it as fiduciary compliance. Position the switch as a governance improvement, not a technology change. The board is strengthening its information security posture in line with its duty of care.

Keep Your Board Meetings Truly Private

Basil AI processes everything on-device. No cloud. No servers. No risk to your most sensitive corporate deliberations.