If your organization uses Microsoft Teams with transcription enabled, every meeting may be generating biometric liabilities you never anticipated. On February 5, 2026, five Illinois residents filed a class action lawsuit against Microsoft, alleging that Teams' real-time transcription feature illegally collects and stores voiceprints without obtaining consent. The case, Basich et al. v. Microsoft Corporation, targets a feature used by hundreds of millions of people daily—and it doesn't just threaten Microsoft.
It threatens you—the employer who deployed it.
The Basich v. Microsoft Lawsuit: What's Alleged
The complaint centers on a Teams feature that most organizations treat as routine: live transcription. When a meeting organizer enables transcription, Teams creates a real-time written record with speaker attributions and timestamps. To identify who said what, the system uses a process called diarization—analyzing each speaker's unique vocal characteristics including pitch, tone, and timbre.
As Windows Central reported, the plaintiffs allege this process creates "voiceprints"—biometric identifiers expressly protected under BIPA. The complaint claims Microsoft never told users this was happening, never explained how the data would be used or stored, and never obtained anyone's written consent.
The class covers all Illinois residents who participated in Teams meetings with transcription enabled from March 1, 2021 to the present. With Microsoft Teams boasting 360 million monthly active users and 93% of Fortune 100 companies running communications through the platform, the potential exposure is staggering.
Why Employers Can't Treat This as Microsoft's Problem
The instinctive reaction from most employers will be to assume the lawsuit targets Microsoft alone. That assumption, according to legal experts, is dangerous. As the SGR Law analysis of the case warns, experience in BIPA litigation has shown that lawsuits against technology vendors are frequently the precursor to lawsuits against the organizations that deploy them.
Illinois courts have established that multiple entities can be held liable for the same biometric data collection. An organization that selects, licenses, or encourages the use of an AI meeting tool may be viewed as having authorized that collection. Employers can be drawn into BIPA litigation in several ways:
- Direct deployment: Your IT department enabled Teams transcription company-wide. You chose the tool, configured it, and rolled it out.
- Passive authorization: Employees activate transcription during meetings involving Illinois residents, and no company policy prohibits it.
- Benefiting from collection: Your organization relies on transcription data for meeting minutes, performance reviews, or project documentation.
This co-liability framework is not theoretical. As one legal analysis noted, employers that deploy AI notetaking tools face BIPA exposure even when headquartered outside Illinois—if any meeting participant is physically located in the state.
The Consent Gap No Enterprise Platform Has Solved
What makes the Microsoft Teams case particularly alarming for enterprise IT is a revealing detail in Microsoft's own documentation. Microsoft actually has a separate, opt-in voice enrollment feature called Intelliframe, where users provide explicit consent through a voice capture wizard and can delete their data at any time. Microsoft's own documentation states that Intelliframe "recognition features cannot be used in the state of Illinois."
The lawsuit explicitly excludes Intelliframe users from the class. It targets the default diarization that runs automatically whenever any meeting organizer enables transcription—without any enrollment or consent from other participants. In other words, Microsoft built a compliant system for one feature and a non-compliant system for another, and the non-compliant one is the default.
This pattern extends beyond Microsoft. As HR Executive reported, a single virtual meeting that includes employees, customers, or candidates in multiple jurisdictions can trigger overlapping and sometimes inconsistent consent obligations. Most employers have not fully mapped these requirements.
Beyond Teams: The Full Landscape of Enterprise AI Transcription Risk
Microsoft Teams is not alone. The BIPA litigation wave now encompasses multiple AI meeting platforms. As we covered in our analysis of the BIPA lawsuit wave hitting AI meeting bots, Fireflies.AI faces two separate class actions (Cruz v. Fireflies.AI and Fricker v. Fireflies.AI), and Otter.ai is defending consolidated litigation in the Northern District of California.
The common thread across every lawsuit is the same: speaker diarization—the feature that tells you "who said what"—works by creating voice embeddings. These are mathematical representations of unique vocal characteristics, stored and processed on cloud servers. Under BIPA, this constitutes collection of biometric identifiers, which triggers strict notice, consent, and retention requirements.
The Fireflies.ai privacy policy and Otter.ai's privacy policy both describe speaker recognition features—but neither provides the specific written disclosures BIPA demands. And critically, consent from the account holder who enables the bot is insufficient for all other meeting participants whose voices are being processed.
The Multiplier Effect: Why BIPA Damages Escalate Fast
BIPA's damage structure creates an escalation dynamic that enterprise organizations urgently need to understand. In 2023, the Illinois Supreme Court held in Cothron v. White Castle System, Inc. that BIPA claims accrue each and every time biometric data is unlawfully collected or transmitted—not just the first time.
Applied to AI transcription, this means every meeting where transcription is enabled potentially generates a separate violation for every participant whose voiceprint is captured. A team of ten people holding daily standup meetings could generate thousands of individual violations within a single year. At $1,000 to $5,000 per violation, the financial exposure becomes existential.
BIPA has already produced some of the largest privacy settlements in history. Meta paid $1.4 billion to settle the Texas biometric privacy case in 2024. Facebook settled an Illinois BIPA case for $650 million. These numbers are not outliers—they reflect the mathematical reality of per-violation statutory damages applied at scale.
The Wiretap Dimension: A Second Layer of Exposure
BIPA is not the only legal risk. AI meeting tools face simultaneous liability under federal and state wiretap statutes. As we detailed in our article on AI meeting bots and wiretap law in all-party consent states, approximately a dozen states require all participants to consent to the recording of a conversation. The Otter.ai litigation, now before Judge Lee in the Northern District of California, will produce the first federal test of whether wiretap statutes reach AI bots that join video calls.
For employers, this creates compound legal exposure. A single meeting with participants in California and Illinois can simultaneously trigger BIPA violations (for voiceprint collection without consent) and California Invasion of Privacy Act violations (for recording without all-party consent). The Goodwin Law analysis of AI transcription risks warns that exposure includes class action litigation, statutory computer fraud claims, and even criminal penalties in the most egregious cases.
What Employers Must Do Now
The legal landscape has changed. AI transcription tools are no longer a pure productivity play—they are a compliance liability that demands immediate action. Here's what enterprise organizations should prioritize:
1. Audit Your AI Transcription Footprint
Identify every AI tool in your organization that records, transcribes, or attributes speech to individual speakers. This includes not just third-party tools like Otter.ai and Fireflies, but built-in features in enterprise platforms like Microsoft Teams, Zoom AI Companion, and Google Meet transcription.
2. Map Your Jurisdictional Exposure
Determine whether any meeting participants are located in Illinois, California, Texas, Washington, or other states with biometric privacy or all-party consent requirements. A single remote employee in Chicago can transform a routine standup into a BIPA event.
3. Implement Consent Frameworks
Build a robust consent process that notifies all participants and obtains informed written consent before any transcription or speaker identification occurs. Generic terms-of-service click-throughs do not satisfy BIPA's stringent requirements.
4. Disable High-Risk Features
Consider disabling speaker diarization and voice recognition features for meetings involving participants in jurisdictions with biometric privacy laws. If you don't need attributed transcripts, don't generate the voiceprints required to produce them.
5. Evaluate On-Device Alternatives
The most effective way to eliminate biometric privacy liability entirely is to remove the cloud from the equation. When transcription happens on-device, no voiceprint data is transmitted to, stored on, or processed by third-party servers. No third-party collection means no BIPA violation.
Why On-Device Transcription Is the Only Complete Solution
Every compliance framework—consent notices, retention policies, vendor audits—is an attempt to manage a risk that exists because of a fundamental architectural decision: sending voice data to a cloud server. Change the architecture, and the risk disappears.
Basil AI processes all transcription and speaker identification directly on your iPhone or Mac using Apple's on-device Speech Recognition. Your voice never leaves your device. There are no cloud servers to store voiceprints, no third-party databases to breach, and no biometric data collection to trigger BIPA.
This isn't privacy by policy—it's privacy by architecture. When the processing happens locally, there is no third party involved in the collection. BIPA, CIPA, and wiretap statutes all regulate the interception or collection of data by another entity. On-device processing removes that entity from the equation entirely.
Transcription Without Biometric Liability
Basil AI processes everything on your device. No cloud servers. No voiceprint databases. No BIPA exposure. Just private, accurate meeting notes.
The Bottom Line
The Basich v. Microsoft Teams lawsuit is not an isolated incident—it's the latest front in a legal reckoning that is reshaping how organizations must think about AI meeting tools. The Otter.ai litigation, the Fireflies BIPA class actions, and now the Microsoft Teams case all point to a single, unavoidable conclusion: cloud-based AI transcription with speaker identification creates biometric liabilities that extend beyond the vendor to every organization that deploys the tool.
Employers cannot outsource this risk to their SaaS vendor. They cannot assume that enterprise-grade platforms are automatically compliant. And they cannot wait for courts to define the boundaries before taking action.
The safest path forward is also the simplest: keep voice data on the device where it belongs.