Belgian lawyers operate under a dual regulatory framework: the Code of Professional Conduct from the Orde van Advocaten (Ordre des Avocats/Bar van Advocaten) and the GDPR requirements that apply across Europe. Together, these create one of the most demanding compliance environments for legal technology.
If you're a Belgian avocat/advocaat considering AI meeting recording, you need to understand both sets of requirements—and why most tools on the market don't meet them.
Belgian Professional Secrecy: The Foundation
Professional secrecy (geheimhoudingsplicht/devoir de réserve) is fundamental to Belgian legal practice. Article 6 of the Code of Professional Conduct states that lawyers must maintain absolute confidentiality regarding all information entrusted to them in their professional capacity.
Key principles:
- Absolute protection: Unlike some jurisdictions, Belgian professional secrecy is nearly absolute. There are very limited exceptions.
- Covers all information: Not just what clients tell you, but the fact of the relationship, case details, and even metadata.
- Extends to staff: Lawyers must ensure their employees also maintain confidentiality.
- Survives the relationship: Obligations continue even after the client relationship ends.
The Third-Party Problem
Here's where most AI meeting tools create immediate problems. When you use a cloud-based recorder like Otter.ai or Fireflies.ai:
- You're sharing client information with a third party
- That third party is not bound by professional secrecy
- The third party may be located outside Belgium or the EU
- You cannot guarantee how that party will use or protect the information
Under Belgian Bar rules, this is problematic. While there's no explicit prohibition on using technology, the obligation to maintain absolute confidentiality means you must be able to guarantee that client information stays protected.
GDPR: The Additional Layer
Belgian lawyers must also comply with GDPR, which adds another compliance layer:
Data Residency
GDPR restricts transfers of personal data outside the EU/EEA. Most US-based AI meeting tools process data on American servers. Even with Standard Contractual Clauses, this creates compliance complexity—and many Belgian firms' DPOs simply won't approve it.
Data Minimization
GDPR requires collecting only necessary data. Recording entire meetings when you only need specific points may violate this principle. You should be able to demonstrate why full recording is necessary.
Data Subject Rights
Clients have the right to access, correct, and delete their personal data. When recordings live on a third party's cloud, fulfilling these requests becomes complicated and dependent on that third party's processes.
Security Requirements
GDPR Article 32 requires appropriate security measures. For legal practices handling sensitive client data, this means encryption, access controls, and audit trails. Most consumer AI tools don't provide the level of security documentation Belgian regulators expect.
What Belgian Lawyers Should Look For
Based on guidance from Belgian Bar associations and GDPR best practices, here are the essential requirements:
1. Local-First Processing
The safest approach is processing recordings entirely on your own device or infrastructure. When data never leaves your control:
- No third party has access
- Professional secrecy is maintained
- No international data transfer concerns
- You can guarantee security measures
2. EU Data Residency (When Cloud Is Used)
For less sensitive matters where cloud processing is acceptable, ensure all data stays within the EU/EEA. This eliminates transfer concerns and aligns with Belgian regulatory expectations.
3. No AI Training on Your Data
Ensure your tool provider doesn't use your recordings to train AI models. Your clients' confidential matters should never influence systems that serve other users.
4. Complete Deletion Capability
You must be able to permanently delete recordings when matters close or clients request it. For cloud tools, verify the provider's deletion processes and get contractual guarantees.
5. Audit Trails
Maintain logs of what was recorded, when, who accessed it, and what happened to it. This demonstrates compliance with both professional secrecy and GDPR accountability requirements.
6. Client Notification
Even when recording is technically compliant, inform clients. Include recording disclosure in your engagement letters (mandateovereenkomst/contrat de mandat) and get explicit consent for sensitive matters.
Caven: Designed for Belgian Requirements
Caven was built specifically for jurisdictions like Belgium where professional secrecy and data protection are non-negotiable:
Local-First Architecture
By default, Caven records and processes meetings entirely on your device. Audio never leaves your computer. Transcription and summarization happen locally. There is no third-party access—period.
For Belgian lawyers, this means professional secrecy is maintained. You're not sharing client information with anyone outside your practice.
EU-Hosted Cloud
When you do use cloud features (Pro plans), all data is processed and stored on EU-hosted infrastructure. Your recordings never touch US servers, eliminating transfer concerns.
Bring Your Own AI
Belgian firms with enterprise AI agreements can route Caven's processing through their own infrastructure:
- Use your firm's OpenAI enterprise agreement
- Connect to Azure OpenAI instances in the Belgium West or France regions
- Run local models for completely air-gapped processing
No AI Training
Caven never uses customer recordings for AI training. Your clients' matters stay confidential.
Complete Control
Export recordings to your firm's document management system via SFTP. Delete permanently with a single action. You maintain complete control from recording to deletion.
Practical Implementation for Belgian Firms
Step 1: Update Your Engagement Letters
Add recording disclosure to your standard mandateovereenkomst. Key points to cover:
- That meetings may be recorded for documentation purposes
- How recordings are processed and stored
- Who has access
- How long recordings are kept
- How clients can request deletion
Step 2: Establish Internal Policies
Create clear guidelines for your team:
- Which types of meetings should be recorded
- When to use local vs. cloud processing
- How to handle recordings involving opposing parties
- Retention schedules aligned with Belgian legal requirements
Step 3: Involve Your DPO
If your firm has a Data Protection Officer (required under GDPR for certain processing activities), involve them in tool selection. Caven's local-first architecture typically simplifies DPO approval because data stays under your control.
Step 4: Train Your Team
Ensure all lawyers and support staff understand:
- How to use the recording tool correctly
- When recording is appropriate
- How to maintain professional secrecy in the digital context
- How to respond to client questions about recording
Comparison: Compliance for Belgian Lawyers
| Requirement | Otter.ai | Fireflies.ai | Teams Premium | Caven |
|---|---|---|---|---|
| Local-first option | ✗ | ✗ | ✗ | ✓ |
| EU data residency | ✗ | ✗ | ✓ | ✓ |
| No third-party content access | ✗ | ✗ | Partial | ✓ |
| No AI training on data | Unclear | Unclear | ✓ | ✓ |
| BYO AI infrastructure | ✗ | ✗ | ✗ | ✓ |
| Verifiable deletion | ✗ | ✗ | Partial | ✓ |
| All meeting platforms | Partial | Partial | Teams only | ✓ |
The Bottom Line
Belgian lawyers cannot afford to compromise on professional secrecy. The Orde van Advocaten's requirements, combined with GDPR, create one of Europe's strictest compliance environments for legal technology.
Most AI meeting tools simply don't meet these requirements. They process data on US servers, train AI on your content, and create third-party access to confidential communications.
Caven offers a different path: local-first processing that keeps client information under your control. For Belgian lawyers, it's not just the smart choice—it's the compliant choice.
Further reading
Ready to capture confidential meetings?
EU processing · No bots · GDPR by design · Built in Belgium