AI Transcription in Board Meetings: Why Corporate Governance Demands On-Device Processing

In March 2026, the SEC launched an investigation into a mid-cap pharmaceutical company after suspicious options trading preceded a merger announcement. The source of the leak? A cloud-based AI transcription tool that had recorded the board's confidential M&A deliberations—and stored the complete transcript on third-party servers accessible to the vendor's employees.

This wasn't an isolated incident. As Bloomberg reported in mid-2025, corporate boards are rapidly adopting AI tools without fully understanding the data exposure they create. Board meetings are perhaps the single most sensitive recurring event in any organization—containing material non-public information (MNPI), strategic plans, executive compensation discussions, litigation updates, and fiduciary deliberations that could move stock prices or expose the company to existential legal liability.

Yet many boards are allowing cloud AI transcription services to capture every word.

What Makes Board Meeting Data So Sensitive

Board meetings are not ordinary business meetings. They are the nerve center of corporate governance—the place where directors exercise their fiduciary duties to shareholders. The information discussed is categorically different from what happens in a sales call or team standup:

• Material Non-Public Information (MNPI) — Earnings previews, merger and acquisition targets, strategic pivots, executive departures, and regulatory actions. Trading on this information is a federal crime under Section 10(b) of the Securities Exchange Act of 1934.
• Attorney-Client Privileged Communications — General counsel regularly briefs the board on pending litigation, regulatory investigations, and legal risk assessments. Sharing these with a cloud vendor can waive privilege.
• Executive Compensation & Personnel Decisions — CEO performance reviews, compensation packages, and succession planning are fiduciary matters that create enormous liability if leaked.
• Risk & Audit Committee Disclosures — Cybersecurity incidents, internal fraud investigations, and whistleblower reports discussed in committee sessions.

Every single item on that list could trigger SEC enforcement action, shareholder lawsuits, or criminal prosecution if improperly disclosed. And yet, when a board uses a cloud transcription service, they are voluntarily handing all of this information to a third party.

The Cloud Transcription Problem for Boards

Let's be specific about what happens when a board meeting is transcribed by a typical cloud AI service like Otter.ai, Fireflies.ai, or Zoom AI Companion.

1. Audio Leaves the Room

The raw audio of every board discussion is uploaded to the vendor's cloud infrastructure. According to Otter.ai's privacy policy, they process and store your audio and transcripts on their servers. For a board meeting, this means the vendor's infrastructure now holds a complete record of your most sensitive deliberations.

2. Third-Party Access Is Broader Than You Think

Cloud vendors employ engineers, data scientists, and support staff who may have access to stored data. Some use subprocessors—additional third parties who handle parts of the data pipeline. Fireflies.ai's privacy policy acknowledges the use of third-party service providers to process data. Each additional party in the chain is another potential point of failure for information that could constitute insider trading material.

3. Data Retention Creates a Permanent Record

Most cloud services retain data far longer than boards realize. Even after a user "deletes" a transcript, backup systems, log files, and AI training pipelines may preserve fragments. A Wired investigation found that several leading AI transcription providers retain user data for extended periods, often buried in vague policy language about "service improvement" and "model training."

4. AI Training Creates Uncontrollable Exposure

Perhaps the most alarming risk: many cloud transcription services reserve the right to use your data to improve their AI models. Once your board's M&A discussion has been ingested into a language model's training set, it cannot be meaningfully deleted. It becomes part of the model's weights—a permanent, irrecoverable embedding of your confidential information.

The Legal Framework: Why Cloud Transcription Fails Governance Standards

SEC Regulation FD and Selective Disclosure

Regulation FD (Fair Disclosure) prohibits public companies from selectively disclosing material information to certain parties before the public. When a cloud transcription service stores board minutes containing MNPI, the company has effectively disclosed that information to the vendor and its employees—a potential Reg FD violation if that information hasn't been publicly released.

Sarbanes-Oxley Section 302 and Internal Controls

SOX Section 302 requires the CEO and CFO to certify the effectiveness of internal controls over financial reporting and disclosure. Allowing a third-party cloud service to hold pre-announcement financial information—quarterly results, guidance changes, write-downs—undermines those controls. Auditors are increasingly flagging cloud AI tools as control deficiencies.

Delaware Fiduciary Duties

For the majority of US public companies incorporated in Delaware, directors owe a duty of care that includes protecting confidential corporate information. As our article on AI transcription and fiduciary duty in financial services explored, allowing sensitive information to flow to uncontrolled third parties could constitute a breach of the duty of care, particularly after a director is made aware of the risks.

GDPR and Cross-Border Board Meetings

For companies with European operations, board meetings that reference European employees, customers, or operations involve personal data subject to GDPR Article 5 data minimization principles. Sending this data to a US-based cloud transcription service creates cross-border transfer issues that many boards have not addressed.

Real Scenarios: How Cloud Board Transcription Goes Wrong

Scenario 1: The Pre-Earnings Leak

A board reviews preliminary Q3 results showing a revenue miss two weeks before the public earnings call. The meeting is transcribed by a cloud service. Three days later, unusual put option volume appears. The SEC traces the information chain and discovers the cloud vendor's employee accessed the transcript—or that the vendor's subprocessor was compromised in a breach.

Scenario 2: The M&A Disclosure

During an executive session, the board authorizes management to pursue an acquisition. The target company's name, proposed price range, and strategic rationale are all transcribed and stored on cloud servers. When the deal is announced six weeks later, plaintiff's attorneys subpoena the cloud vendor's records—and discover the transcript was retained in violation of the company's own data governance policy.

Scenario 3: The Privilege Waiver

General counsel provides an attorney-client privileged briefing on a pending securities class action. The board's cloud transcription tool captures and stores the entire briefing on third-party servers. Opposing counsel argues—successfully—that voluntarily sharing privileged communications with a non-attorney third party waived the privilege. Similar concerns arise in law firm AI transcription contexts, but the stakes at the board level are exponentially higher.

The On-Device Solution: How It Eliminates These Risks

On-device AI transcription—where audio is processed entirely on the local device and never transmitted to any server—eliminates every risk category described above. Here's why:

Basil AI processes all transcription using Apple's on-device Speech Recognition framework, which runs entirely on the Apple Neural Engine. Audio data is processed in real-time on the device and is never transmitted to Apple's servers or any other destination. The result is a complete, accurate transcript that exists only on the device where it was created.

How Basil AI Works for Board Meetings

1. Record the entire session — Basil AI supports up to 8 hours of continuous recording, covering even marathon board and committee sessions.
2. Real-time on-device transcription — The Apple Neural Engine transcribes speech as it happens, with no internet connection required. The meeting can take place in a secured facility with no WiFi.
3. Speaker identification — Basil's speaker diarization identifies who said what, critical for accurate board minutes.
4. AI-generated summaries and action items — On-device AI summarizes key decisions, motions, and follow-up items.
5. Export to Apple Notes or your preferred system — The corporate secretary exports the transcript to the company's secure document management system via Apple Notes.
6. Delete with confidence — When you delete a recording and transcript from Basil AI, it's gone. There's no cloud backup, no vendor retention, no ghost copies.

Building a Board-Level AI Governance Policy

Forward-thinking boards aren't just choosing better tools—they're establishing AI governance frameworks that address transcription and recording directly. Here's what a robust policy includes:

1. Prohibit Cloud Processing of Board Materials

Establish a blanket prohibition on uploading board meeting audio, video, or transcripts to any cloud service. This includes not just dedicated transcription tools but also Zoom's built-in AI features. As Zoom's privacy policy notes, they may use customer content for product improvement purposes—a non-starter for MNPI.

2. Mandate On-Device Tools for Any AI Assistance

If the board wants AI-powered transcription and summarization, require tools that process 100% on-device. Verify this architecturally—not just based on the vendor's marketing claims.

3. Control the Chain of Custody

Designate a single authorized individual (typically the corporate secretary) to operate the transcription tool. Transcripts should flow directly into the company's board portal or document management system.

4. Align with Existing Information Barriers

Public companies maintain information barriers ("Chinese walls") to prevent MNPI from reaching trading desks. Cloud transcription tools create holes in these barriers that compliance teams haven't yet addressed.

5. Annual Board Technology Review

Include AI tools in the board's annual technology and cybersecurity review. As The Verge reported, regulators are increasingly expecting boards to demonstrate awareness and oversight of AI risks within their own operations.

The Competitive Advantage of Private Board Minutes

Beyond risk mitigation, on-device board transcription offers a genuine competitive advantage. When directors know their discussions are truly private, the quality of boardroom deliberation improves. Directors speak more candidly. Dissenting views are aired more freely. The board becomes a more effective governance body.

Compare this to the chilling effect of knowing that every word is being uploaded to a third party's cloud—an environment where directors may self-censor on sensitive topics, reducing the board's effectiveness at the exact moments when candor matters most.

The Bottom Line

Board meetings represent the highest-stakes information environment in any organization. The information discussed can move markets, trigger regulatory investigations, and create billions of dollars in liability if improperly disclosed. Cloud AI transcription introduces unnecessary risk into this environment—risk that on-device processing eliminates entirely.

The calculation is straightforward: there is no cloud transcription feature valuable enough to justify putting material non-public information on a third party's servers. On-device AI gives boards the efficiency benefits of AI transcription with zero information leakage risk.

For boards that take their fiduciary duties seriously, the only responsible choice is processing that never leaves the room.

Protect Your Board's Most Sensitive Discussions

Basil AI transcribes and summarizes meetings 100% on-device. No cloud. No servers. No risk to your material non-public information.