← Back to Articles

Your company uses AI meeting transcription tools. A lawsuit lands. You call your insurer. They point to a new exclusion on your policy and deny the claim.

This scenario is no longer hypothetical. In early 2026, the Insurance Services Office (ISO) introduced two new optional endorsements—CG 40 47 and CG 40 48—that allow insurers to explicitly exclude claims arising from generative AI outputs from standard commercial general liability (CGL) policies. With ISO forms underpinning roughly 82% of U.S. property and casualty policies, these exclusions are expected to spread rapidly across the industry.

Meanwhile, the lawsuits are already here. More than 200 active legal cases involving AI and machine learning are working through the court system, spanning privacy liability, data bias, discrimination, and regulatory non-compliance. AI meeting transcription tools are ground zero for many of these disputes.

200+ Active legal cases involving AI liability working through courts in 2026

The New Insurance Exclusions, Explained

For years, AI-related risks lived in what the insurance industry calls “silent coverage”—traditional liability policies didn’t explicitly mention AI, so claims might have been covered by default. That era is over.

The new ISO endorsements create two distinct carve-outs:

As the International Association of Privacy Professionals (IAPP) reported, insurance industry experts acknowledge significant confusion about where AI-related claims fit within existing coverage frameworks. Holland & Knight partner Thomas Bentz noted that there are coverage gaps that “don’t fit nicely into either program”—neither traditional general liability nor cyber insurance.

Key Risk: If your carrier attaches CG 40 47 at your next CGL renewal, all AI-related claims under your general liability policy are excluded. Many companies won’t discover this until they file a claim.

The Lawsuit Wave Hitting AI Meeting Tools

These insurance exclusions arrive at precisely the worst moment for organizations relying on cloud-based AI meeting tools. A wave of class action litigation is targeting the biggest names in the industry.

Otter.ai: Four Consolidated Lawsuits

The consolidated case In re Otter.AI Privacy Litigation bundles four separate suits filed between August and September 2025. The original plaintiff, Justin Brewer, alleges his February 2025 sales call was recorded because another participant had OtterPilot running—Brewer wasn’t an Otter user, never accepted any terms of service, and had no opportunity to decline. As NPR reported, the service has processed over a billion meetings and the complaint alleges systematic recording without participant consent.

The damages framework is severe: ECPA provides $10,000 per violation or $100 per day; California’s Invasion of Privacy Act allows $5,000 per violation; and BIPA carries $1,000 for negligent and $5,000 for intentional violations. As we detailed in our analysis of the Otter.ai federal hearing and its implications, this litigation could reshape how the entire AI notetaking industry operates.

Fireflies.ai: BIPA Class Action

In December 2025, Illinois resident Katelin Cruz filed a class action against Fireflies.AI after her voice was recorded during a nonprofit meeting. The complaint alleges that Fireflies’ speaker recognition feature creates voiceprints—biometric identifiers under Illinois law—without providing required written notice or obtaining consent. The plaintiff seeks statutory damages of $1,000 per negligent violation and $5,000 per reckless or intentional violation.

The Employer Liability Problem

Here’s where the insurance gap becomes critical: liability isn’t limited to the AI vendors themselves. As employment law firm Littler Mendelson warned in its February 2026 analysis, organizations that deploy or enable AI notetakers in meetings involving participants in states like Illinois can find themselves drawn into the same legal territory as the vendors. The tools create legal exposure across seven distinct risk areas: consent, biometrics, accuracy, discrimination, attorney-client privilege, data retention, and confidentiality.

82% Of U.S. property & casualty policies use ISO standard forms—where AI exclusions now live

Why Your Existing Coverage Probably Won’t Help

Companies facing AI meeting tool lawsuits might assume cyber insurance will fill the gap left by CGL exclusions. The reality is more complicated.

Cyber insurance was built for data breaches, ransomware, and business interruption—not for the novel liability scenarios created by AI transcription tools. When an AI bot records a conversation without consent, uses voiceprints without BIPA-compliant notice, or feeds meeting recordings into training models, the resulting claims may fall between traditional coverage categories.

The insurance industry is actively wrestling with this problem. According to Gallagher Re’s Q1 2026 Global InsurTech Report, 95.2% of all insurtech funding in Q1 2026 was directed toward AI-focused companies—a sign that the market recognizes AI liability as an enormous emerging risk. New carriers like Armilla and Testudo are building standalone AI liability products, but these are still nascent and expensive.

Major carriers including AIG and W.R. Berkley have sought regulatory clearance for AI-specific exclusions in management liability and directors & officers policies, extending the coverage gap beyond CGL into the D&O and E&O lines that executives rely on for personal protection.

The Real Cost: What’s at Stake

Consider the exposure math for a mid-size company using cloud AI meeting tools across its organization:

Now imagine your CGL insurer has attached the CG 40 47 exclusion. Your cyber policy doesn’t clearly cover consent-based recording violations. Your D&O policy has its own AI exclusion. The company is paying the full cost of defense and any settlement out of pocket.

As EPIC Insurance Brokers noted, the inconsistency and uncertainty in federal and state laws around AI transcription tools “could easily lead to inconsistency and uncertainty in your insurance risk transfer.” They advise firms to closely review their corporate governance insurance policies to ensure proper coverage—guidance that has become even more urgent with the new ISO exclusions.

For more on how the regulatory landscape is converging to create compound risk for companies using cloud AI meeting tools, see our article on wiretap law and all-party consent requirements.

The Three-Part Test: Is Your Organization Exposed?

Every organization using AI meeting tools should ask three questions immediately:

1. Does Your CGL Policy Now Exclude AI?

Request a copy of your latest CGL declarations page and endorsement schedule. Look specifically for CG 40 47, CG 40 48, or any carrier-specific AI exclusion language. Hamilton Insurance Group, for instance, has adopted language excluding claims “based upon, arising out of, or in any way involving” generative AI. If your renewal is approaching, this is the time to negotiate.

2. Does Your Cyber Policy Cover AI Consent Violations?

Most cyber policies were written for breach-driven losses. Review whether your policy specifically addresses consent-based recording violations, biometric data collection claims, or regulatory investigations under BIPA, ECPA, or GDPR Article 5. If the policy language is silent on AI, assume it may not cover you.

3. Which AI Tools Are Actually Running in Your Meetings?

Review Otter.ai’s privacy policy, Fireflies.ai’s privacy policy, and any other AI meeting tool your employees use. Determine whether the tools collect biometric data, how long recordings are retained, and whether meeting content is used for AI training. Remember that shadow AI adoption means employees may be using tools IT has never approved—and each unauthorized tool multiplies your uninsured risk.

Why On-Device Processing Eliminates the Risk

The entire insurance liability problem traces back to a single architectural decision: sending meeting audio to the cloud.

When a cloud AI meeting tool records your conversation, it creates a chain of liability touchpoints: data is intercepted, transmitted to third-party servers, processed by external models, stored indefinitely, and potentially used for AI training. Each step creates a separate legal exposure—wiretap violations, BIPA claims, GDPR non-compliance, privilege waiver—and each of those exposures now falls squarely in the zone that insurance companies are racing to exclude from coverage.

On-device processing eliminates every one of these touchpoints. When transcription runs entirely on your iPhone or Mac:

Apple’s own approach validates this architecture. As Apple states on its privacy page, Apple Intelligence is “designed to protect your privacy at every step” through on-device processing, keeping personal information local rather than sending it to external servers. Basil AI builds on this same foundation, using Apple’s Speech Recognition framework to process audio entirely on-device.

The result: there is no AI-related liability to insure against, because there is no cloud processing to generate the claims in the first place. No data leaves your control. No vendor stores your conversations. No training pipeline touches your content. The risk simply does not exist.

The Privacy Advantage: With Basil AI, your meeting data never leaves your device. There are no servers to breach, no recordings to subpoena, and no third-party data processing to trigger the very lawsuits that insurers are now refusing to cover. You can’t be sued for a data practice that doesn’t exist.

What to Do Now

The convergence of new insurance exclusions and accelerating AI litigation creates an urgent action window for every organization:

  1. Audit your insurance policies before renewal. Request endorsement schedules and look for CG 40 47, CG 40 48, or carrier-specific AI exclusion language. If exclusions are present, negotiate or seek affirmative AI coverage through standalone products.
  2. Inventory all AI meeting tools in use. Include shadow AI tools that employees may have adopted without IT approval. Each tool represents a separate liability vector.
  3. Assess your consent framework. If you operate in California, Illinois, Florida, or any other all-party consent state, verify that every AI meeting tool obtains documented consent from all participants before recording begins.
  4. Evaluate on-device alternatives. Tools that process audio locally—like Basil AI—eliminate the cloud data flow that creates both the legal liability and the insurance coverage gap. When no data leaves the device, there is nothing for insurers to exclude and nothing for plaintiffs to sue over.
  5. Brief your leadership team. Directors and officers need to understand that their personal D&O coverage may also contain new AI exclusions. The governance decisions they make about AI tool deployment directly affect their personal exposure.

The insurance industry’s message is unmistakable: AI-related liability is a risk they no longer want to carry on their books. For companies that keep sending meeting audio to the cloud, that means paying for lawsuits out of pocket. For companies that keep their data on-device, the risk simply doesn’t arise.

Keep Your Meeting Data Where Insurers Can’t Exclude It

Basil AI processes everything on-device. No cloud. No servers. No liability. No insurance exclusion problem.

Download on the App Store Download on the Mac App Store