Colorado AI Meeting Recording Laws (2026)

Colorado uses a dual-statute framework to regulate recording. Telephone wiretapping falls under Colo. Rev. Stat. § 18-9-303, while in-person eavesdropping is governed by § 18-9-304. Both statutes follow one-party consent, meaning one participant in a conversation may record without the knowledge of the others. But Colorado's treatment of AI meeting tools is more complex than many one-party consent states, because the state has enacted some of the nation's most significant AI-specific legislation.

The Colorado Artificial Intelligence Act (SB 24-205) and the Colorado Privacy Act (CPA) create additional compliance layers that affect how AI recording tools collect, process, and store meeting data. Understanding Colorado's recording laws requires looking beyond the wiretapping statutes alone.

Colorado's Recording Consent Framework

Telephone Wiretapping: § 18-9-303

Colo. Rev. Stat. § 18-9-303 prohibits wiretapping telephone, telegraph, or electronic communications without the consent of at least one party to the conversation. The statute covers the interception of any communication transmitted via wire or electronic means.

Under § 18-9-303, it is a criminal offense to "knowingly overhear, read, take, copy, or record any telephone or telegraph communication" without the consent of a party to the communication. The law also prohibits aiding, authorizing, or permitting another person to wiretap.

This statute applies directly to AI meeting recording tools that capture audio from phone calls, VoIP conversations, and virtual meetings conducted over electronic communication platforms.

In-Person Eavesdropping: § 18-9-304

Colo. Rev. Stat. § 18-9-304 separately prohibits eavesdropping on private in-person conversations. A person commits eavesdropping when they "knowingly overhear or record a conversation or discussion of two or more persons" without the consent of at least one party, in a private place where the conversation is not intended to be overheard.

The key distinction from § 18-9-303 is the requirement of a "private place." In-person conversations held in public areas where others can naturally overhear them are not protected under this statute. For virtual meetings, however, the expectation of privacy is generally present, and courts would likely apply § 18-9-303 (the telephone/electronic wiretapping statute) rather than the in-person eavesdropping provision.

One-Party Consent in Practice

Colorado's one-party consent rule means that any participant in a conversation may legally record it without notifying the other parties. This applies to phone calls, virtual meetings, and in-person discussions (subject to the private-place requirement of § 18-9-304). The consenting party must be an actual participant in the communication, not a third party who has merely gained access.

Interaction with Federal Law

Federal wiretapping law under 18 U.S.C. § 2511 also follows one-party consent, creating consistency for Colorado-based recordings. For interstate calls involving all-party consent states, the stricter state's law may apply. Colorado users recording calls with California, Florida, or Illinois participants should consider obtaining consent from all parties.

How Colorado Law Applies to AI Meeting Recorders

The Consent Analysis

When a Colorado-based meeting participant activates an AI recording tool like Otter.ai, Fireflies.ai, or Zoom AI Companion, that participant provides the one-party consent required under § 18-9-303. The participant is a party to the communication, and they have consented to the recording. The statute does not require the consenting party to personally operate the recording equipment; it requires only that a party to the communication has consented.

This means the human user's activation of the AI tool satisfies Colorado's wiretapping statute for virtual meetings. The analysis parallels other one-party consent states.

The AI Bot's Legal Status

Colorado's statutes do not define "party" in a way that includes or excludes AI systems. AI meeting bots that appear as named participants in a meeting (such as "Fireflies.ai Notetaker") raise the question of whether they are parties, tools of a party, or unauthorized third parties.

Under prevailing legal analysis, the AI bot functions as a tool or agent of the consenting participant. The bot does not independently participate in the conversation; it records and processes audio on behalf of the human user who authorized it. As long as a human participant consented to the recording, Colorado's one-party consent requirement is met. No Colorado court has ruled directly on this question as of April 2026.

Auto-Join Features and Consent Gaps

The most legally problematic scenario involves AI tools that auto-join meetings from calendar data without explicit per-meeting authorization. If a tool scrapes a user's calendar and joins a meeting autonomously, the question is whether the user's general authorization of the tool constitutes "consent" for each individual recording.

A conservative reading of Colorado law suggests that consent should be specific to each communication. Blanket authorization via account settings or calendar integration may not satisfy the statute if the user is not aware that a specific meeting is being recorded. The ongoing In re Otter.AI Privacy Litigation in California addresses similar auto-join allegations, though under California's stricter all-party consent framework.

Colorado's AI-Specific Legislation

Colorado AI Act (SB 24-205)

Colorado enacted SB 24-205 on May 17, 2024, becoming only the second U.S. state to pass comprehensive AI consumer protection legislation. The law's effective date was delayed from February 1, 2026, to June 30, 2026, during a special legislative session in August 2025.

The AI Act regulates "high-risk AI systems," defined as systems that make or are a substantial factor in making consequential decisions with material legal or similarly significant effects on consumers. While AI meeting recording tools are not the law's primary target, the Act creates obligations that may apply to how these tools process and use recorded data.

Key requirements relevant to AI meeting tools:

• Disclosure obligations: Deployers must inform consumers when they are interacting with an AI system, particularly when the AI contributes to consequential decisions
• Risk management: Developers and deployers of high-risk systems must implement risk management programs and conduct annual impact assessments
• Profiling opt-out: Consumers have the right to opt out of AI-driven profiling that produces legal or similarly significant effects
• Algorithmic discrimination: Both developers and deployers must take reasonable care to prevent algorithmic discrimination based on protected characteristics

For AI meeting tools, the disclosure requirement is most directly relevant. If a tool's AI analysis of recorded meetings contributes to consequential decisions (such as employee evaluations or hiring decisions), the Colorado AI Act's protections would apply.

Colorado Privacy Act (CPA)

The Colorado Privacy Act, effective July 1, 2023, grants consumers rights over their personal data and imposes obligations on businesses that collect it. The CPA gives Colorado residents the right to access, correct, delete, and opt out of the sale of their personal data, as well as opt out of targeted advertising and certain forms of profiling.

AI meeting tools that record, transcribe, and store conversations involving Colorado residents collect personal data subject to the CPA. Compliance requires providing clear privacy notices, honoring opt-out requests, and limiting data collection to what is reasonably necessary.

The CPA is enforced exclusively by the Colorado Attorney General. There is no private right of action, but the AG has the authority to treat violations as unfair trade practices under Colorado's Consumer Protection Act.

Popular AI Meeting Tools and Colorado Compliance

Tool	How It Records	Colorado Compliance Notes
Otter.ai	Bot joins meeting as participant	One-party consent satisfied by participant activation; CPA data practices obligations apply
Fireflies.ai	Bot joins meeting; calendar integration	Same one-party consent framework; auto-join requires participant awareness
Zoom AI Companion	Built into Zoom platform	Host activation provides consent; notification banner displayed to all participants
Microsoft Copilot	Integrated into Teams	Activated by participant; Teams recording indicator provides notice
Google Gemini in Meet	Native to Google Meet	Participant activation satisfies consent; meeting notification shown
Fathom	Records locally on host's device	Host's local recording provides strong one-party consent position

Under Colorado's recording statutes, all these tools are compliant when activated by a meeting participant. The additional compliance layer comes from the CPA and (as of June 30, 2026) the Colorado AI Act, which govern how the data is collected, stored, processed, and used after recording.

Penalties for Violations

Criminal Penalties

Colorado's dual-statute structure creates different penalty levels for telephone wiretapping and in-person eavesdropping.

Violation	Statute	Classification	Jail/Prison	Fine
Telephone wiretapping	§ 18-9-303	Class 6 felony	12 to 18 months	$1,000 to $100,000
Cordless phone wiretapping	§ 18-9-303(4)	Class 2 misdemeanor	Up to 120 days	Up to $750
In-person eavesdropping	§ 18-9-304	Class 2 misdemeanor	Up to 120 days	Up to $750
Using illegally obtained info	§ 18-9-303	Class 6 felony	12 to 18 months	$1,000 to $100,000

The felony classification for telephone wiretapping makes Colorado's penalties significantly more severe than many one-party consent states. Using or disclosing information obtained through illegal wiretapping, where the person knows or has reason to know the information was illegally obtained, is also a Class 6 felony.

Civil Remedies

Under Colo. Rev. Stat. § 13-21-128, victims of unlawful recording may bring civil actions and recover actual damages or statutory damages of up to $10,000 per incident, whichever is greater. Courts may also award punitive damages in cases involving intentional harm, blackmail, or repeated violations. Injunctive relief is available to prevent further distribution of illegally obtained recordings.

Colorado AI Act Enforcement

Violations of the Colorado AI Act (effective June 30, 2026) constitute unfair trade practices under the Colorado Consumer Protection Act. The Colorado Attorney General has exclusive enforcement authority. Companies that comply with NIST or ISO risk management frameworks may assert an affirmative defense.

Employer and Workplace Considerations

Recording Policies for Colorado Employers

Colorado employers may use AI meeting recording tools under the one-party consent framework, provided a meeting participant activates the tool. Best practices include establishing written recording policies, notifying employees about the use of AI tools (even though not legally required under the wiretapping statute), and addressing cross-state considerations for remote workers.

The Colorado AI Act adds a layer of obligation for employers using AI tools in employment decisions. If AI-generated meeting transcripts or analyses are used to evaluate employee performance, make promotion decisions, or inform disciplinary actions, the employer may need to comply with the AI Act's disclosure, risk assessment, and non-discrimination requirements.

CPA Data Minimization

Under the Colorado Privacy Act, employers and AI tool providers should collect only the personal data reasonably necessary for the stated purpose of the recording. Retaining meeting recordings indefinitely, using them for purposes beyond the original intent, or sharing them with unauthorized third parties may violate the CPA.

HIPAA in Colorado Healthcare Settings

Healthcare organizations in Colorado must comply with HIPAA when AI meeting tools capture protected health information. This requires a Business Associate Agreement with the tool provider, encryption of data in transit and at rest, and assurance that recorded PHI is not used for AI model training without proper de-identification.

Colorado's strong healthcare sector, including major hospital systems and research institutions along the Front Range, makes HIPAA compliance a significant consideration for any workplace AI recording deployment.

Multi-State Workforce Considerations

Colorado employers with remote workers in all-party consent states (California, Florida, Illinois, and others) must obtain consent from all participants when those workers join recorded meetings. Colorado's one-party consent rule protects the employer for in-state recordings, but it does not override the recording laws of other states where participants are located.

Cross-State Considerations

Colorado's one-party consent framework applies to communications originating in Colorado. For cross-state communications, the general principle is that the most restrictive applicable law governs. An AI recording activated by a Colorado participant on a call with a California participant may need to comply with California's all-party consent requirements.

Some courts have applied the law of the state where the recording party is located, which would favor Colorado's less restrictive rule. Others have applied the law of the recorded party's state, which could require all-party consent. The uncertainty in this area makes it prudent for Colorado-based users to disclose AI recording when participants from all-party consent states are on the call.

This article provides general legal information about Colorado recording laws as they apply to AI meeting tools. Laws and their interpretations can change, and the Colorado AI Act takes effect on June 30, 2026. Consult an attorney for advice specific to your situation.