Can attendees share the QR code for AI interpretation with unauthorized people?

With standard generic QR codes, yes. A QR code is simply a link encoded as an image. Anyone who receives it — by photo, screenshot, or forwarded message — can open it. Nubart addresses this with LWAC-protected access cards, where the code binds to the first device that activates it and cannot be used on any other device.

What is LWAC and how does it protect conference interpretation?

LWAC (Lightweight Access Control) is a technology patented by Nubart in the EU and US. It binds a QR-code access token to the specific device that first activates it. If a user tries to share their active link with a third party, the system detects the device mismatch and denies access. No registration or personal data is required from listeners.

Do all events need LWAC-protected access for AI interpretation?

No. For public conferences, trade fairs, or educational events, a standard QR code is often the simplest and most practical solution. LWAC is recommended for events where confidentiality matters: board meetings, investor presentations, product launches, or any internal event where sensitive business information is discussed.

Rosa Sala

CEO of Nubart

The Security Gap Nobody Talks About in AI Interpretation

A QR code displayed at a conference, representing the security risk of open listener access in AI interpretation events.

Your NDA is signed. Your DPA is carefully reviewed. But the front door to your event may still be wide open.

Picture this: your company is holding a strategy conference. The agenda covers next year's product roadmap, a pending acquisition, and pricing decisions that aren't public yet. You've done everything right — you vetted your AI interpretation provider, reviewed their data processing agreement, confirmed that their servers are located in the EU, and made sure they won't use your content to train their models. Your legal team is satisfied.

What you didn't notice is that one of the attendees forwarded their active access link via Signal to a colleague who wasn't on the guest list. Someone who was never in the room is now listening to everything — in real time, translated into their language.

They didn't hack your cloud. They just walked through the front door you left unlocked.

Due Diligence, Interrupted

When companies evaluate AI interpretation platforms for sensitive events, the due diligence checklist tends to look the same:

Does the provider sign an NDA?
Is there a Data Processing Agreement (DPA)?
Are servers located within the EU?
Will speech content be used to train AI models?
Are transcriptions and translations deleted immediately after processing?
Are speaker names and email addresses kept confidential?

These are legitimate questions. But they all focus on what happens to data after it enters the system — and overlook a more elementary risk: who can get into the system in the first place. Security teams often protect the content pipeline, but forget that access control is its own security layer entirely.

The Open Door Disguised as Convenience

The problem with making access frictionless is that it becomes frictionless for everyone.

In many AI interpretation platforms, listener access works through a QR code or a shared link. In most listener-access systems, the QR code simply encodes a link. Anyone holding a phone can photograph it. Anyone who receives that link, whether by accident, by carelessness, or by design, can open it. An employee might share it in a WhatsApp group or post it on social media without a second thought. In a basic QR-link setup, there's no built-in identity check: No way to know whether the person listening is a registered delegate or a competitor sitting at their desk on the other side of the world.

The only tool needed is already in everyone's pocket. It takes about five seconds and a messaging app.

Some providers have recognized this and added a passcode layer. But a passcode shared with legitimate attendees can be forwarded just as easily as the QR code itself — it's a second secret, with the same weakness as the first.

Others have opted for email or phone number verification: attendees must submit their contact details and confirm access via a code sent to them. This sounds more robust, but it replaces a confidentiality problem with a privacy problem. For events involving executives, investors, or external stakeholders, many organizations are understandably reluctant to hand over a list of sensitive email addresses or phone numbers to a third-party platform.

Locking the Right Door

To be clear: for public conferences, trade fairs, or educational events, open access is often entirely appropriate. In those situations, a standard QR code is the simplest and most practical solution — and Nubart offers exactly that. The issue arises specifically when access itself is part of what needs protecting.

For those events, Nubart's approach draws on technology that has been in production for years across our audio guide platform, Nubart GUIDE.

We offer physical access cards with QR codes protected by LWAC (Lightweight Access Control), a technology developed by Nubart and internationally protected with granted patents. Device-binding as a concept is not new — but Nubart's patented method achieves it without any registration, login, or personal data from the listener, through a specific combination of techniques that make it work reliably across the wide variety of devices and browsers found at real-world events. An LWAC code binds to the specific device that first activates it. If a user then attempts to share their active access link with a third party, the system detects the device mismatch and denies access. The stream cannot travel — it stays where it was first activated.

Crucially, LWAC requires no registration, no email address, and no personal data from listeners. Access is anonymous, frictionless for legitimate attendees, and closed to anyone who shouldn't be there.

No system is entirely immune to a determined bad actor. But LWAC raises the bar significantly — turning a trivial five-second leak into something that requires deliberate, coordinated effort.

LWAC cards are available with custom branding or as a print-your-own option for events at short notice.

The Takeaway

AI interpretation providers — including Nubart — rightly invest in infrastructure security, GDPR compliance, and data minimization. These things matter. But a chain is only as strong as its weakest link, and for many platforms, that weakest link is the QR code sitting on the conference table.

Before signing the next NDA or reviewing the next DPA, ask yourself one final question: if somebody forwards the access link right now, what exactly stops an outsider from listening in?

Nubart TRANSLATE offers both standard and LWAC-protected listener access. Contact us to discuss which setup is right for your next event.