Contracts & Agreements Guide

What to look for in an NDA before signing

A non-disclosure agreement looks simple: agree not to share what you learn. In practice, NDAs vary significantly in what they define as confidential, how long the obligation lasts, what you're permitted to disclose and to whom, and what the other party can do if they believe you've violated it. A poorly reviewed NDA can prohibit you from discussing work you did independently, obligate you to maintain secrecy indefinitely, or expose you to injunctive relief in any jurisdiction the other party chooses. Understanding what to look for — before you sign — is the most efficient investment you can make in an NDA review.

Review your NDA with AI Analyze multiple agreements

Definition of 'confidential information'

The definition of confidential information is the most important clause in an NDA. Everything else — duration, permitted disclosures, remedies — operates on whatever falls within this definition. A definition that's too broad or too vague creates obligations you can't practically honor.

Definitions that cover everything the disclosing party designates

Some NDAs define confidential information as 'anything the disclosing party marks confidential or identifies as confidential at the time of disclosure.' This requires you to track every designation, and in practice means the disclosing party can unilaterally expand what you're bound to protect simply by labeling it. More balanced definitions enumerate categories of information (financial data, customer lists, product roadmaps, source code) and include a reasonableness standard.

Definitions that include oral disclosures without follow-up confirmation

NDAs that include verbal statements as confidential information — without requiring the disclosing party to confirm in writing within a set period — create obligations around conversations you can't document. If a meeting happened six months ago and a disclosure occurred then, you may have no record of what was disclosed or when. Reasonable NDAs either exclude oral disclosures entirely or require written confirmation of the confidential nature of verbal disclosures within 30 days.

Definitions with no carve-outs for publicly available information

Standard NDA definitions exclude information that: (1) was already in your possession before the disclosure; (2) is or becomes publicly available through no breach of the agreement; (3) you received independently from a third party without restriction; or (4) you developed independently without reference to the confidential information. An NDA missing one or more of these standard carve-outs creates obligations that could apply to information you already knew or that becomes public.

Definitions that include the existence of the relationship itself

Some NDAs define confidential information to include the existence of the discussions or the NDA itself — you can't even confirm that you've signed an NDA with this party. This is common in M&A contexts where it's standard and reasonable. In most other contexts — vendor relationships, employment, partnerships — requiring confidentiality about the existence of a business relationship is unusual and can create awkward obligations when the relationship becomes publicly apparent.

Scope: mutual vs. one-sided

Who is bound by the NDA, and whose information is protected, defines the power balance of the agreement. Most NDAs are either mutual (both parties share and protect information) or unilateral (one party discloses, one party protects). The structure should match the actual situation.

One-sided NDAs in bilateral disclosure situations

If both parties are sharing sensitive information — in a partnership discussion, a joint development project, or an acquisition where both parties disclose financials — a one-sided NDA that only protects one party's information creates an asymmetric obligation. The party not protected by the NDA shares information with no contractual protection. In these situations, a mutual NDA (MDA) is more appropriate. Watch for NDAs labeled as 'mutual' that are actually one-sided in their operative language.

Mutual NDAs in clearly one-sided situations

Conversely, if only one party is genuinely disclosing sensitive information — a company sharing its product roadmap with a vendor, or an employer sharing proprietary process information with a contractor — a mutual NDA may give the counterparty unexpected protections they don't need. This is typically less problematic than the reverse, but it's worth understanding what you're agreeing to protect in the 'mutual' direction.

Scope that extends to affiliates without limit

Some NDAs extend the obligation to affiliates, subsidiaries, or related entities without defining the scope. If the other party is part of a large corporate group, you may be obligated to protect information on behalf of dozens of entities you've never interacted with. A reasonable NDA either limits protection to the named party or defines 'affiliate' specifically and ties obligations to the specific information those affiliates share.

Permitted disclosures

NDAs define circumstances where you're permitted to disclose confidential information. Overly restrictive permitted disclosure clauses can create compliance problems with your existing legal obligations.

No carve-out for legally compelled disclosure

If you're subpoenaed or otherwise legally required to disclose information covered by an NDA, you need to be able to comply with the legal compulsion without breaching the agreement. Standard NDAs permit legally compelled disclosure, typically requiring you to give the disclosing party prompt notice so they can seek a protective order. An NDA with no legally-compelled-disclosure carve-out could create a conflict between your contractual obligation and a court order.

Restrictions on disclosure to your own lawyers and advisors

To get advice on an agreement or a transaction, you may need to share confidential information with your attorneys, accountants, or financial advisors. A reasonable NDA permits disclosure to professional advisors who are themselves bound by confidentiality obligations. An NDA that requires the other party's written consent before you can share information with your own counsel creates a practical problem: you can't get legal advice on the agreement without potentially breaching it.

Restrictions that conflict with reporting obligations

Employees at public companies, regulated entities, or organizations with compliance obligations may have affirmative reporting duties — to their compliance department, to regulators, or to auditors. An NDA signed with a vendor or partner that conflicts with these obligations creates a real compliance risk. Some NDAs include explicit carve-outs for regulatory disclosures; if yours doesn't, and your role involves compliance reporting, this is worth flagging.

Need-to-know limitations on employees and contractors

Reasonable NDAs permit disclosure to employees and contractors who need to know the information to do their jobs, provided they're bound by similar confidentiality obligations. An NDA that requires individual written approval for each person who accesses the information creates operational burdens — particularly for organizations where confidential information may need to reach multiple teams. Check whether the NDA's internal disclosure provisions are workable for how your organization actually operates.

Term and duration

How long confidentiality obligations last matters as much as what they cover. Obligations that run indefinitely create permanent constraints; obligations that are too short may not protect the disclosing party's legitimate interests.

Indefinite or perpetual confidentiality obligations

NDAs that require confidentiality 'in perpetuity' or 'indefinitely' without a defined end date create obligations that never terminate. For trade secrets — which themselves enjoy protection for as long as they remain secret — perpetual confidentiality obligations may be legally defensible and commercially reasonable. For other categories of business information (financial projections, product roadmaps, customer lists) that change over time and lose commercial sensitivity, perpetual obligations go beyond what's necessary. A defined term of two to five years is typical for commercial NDAs; longer terms are appropriate for highly sensitive technical information.

Short terms that leave the disclosing party exposed

On the other end, some NDAs have very short terms — 12 months from the date of disclosure, for example — that may not adequately protect genuinely sensitive information. If you're the disclosing party, a one-year term on a business plan, a product roadmap, or customer data may leave you exposed once the term ends. What you protect should drive the term you negotiate.

Different terms for different types of information

A well-drafted NDA can specify different confidentiality periods for different categories of information — shorter terms for business and financial information, longer or perpetual terms for technical know-how and trade secrets. If the NDA treats all information identically with a single term, it may be appropriate for one category but not another. Consider whether the information you'll be sharing or receiving falls into multiple categories with genuinely different sensitivity timeframes.

Remedies and enforcement

What happens if the NDA is breached defines the real-world consequences of signing. Overly aggressive remedy provisions can give the other party disproportionate leverage.

Automatic injunctive relief without a bond requirement

Many NDAs include clauses stating that any breach will cause 'irreparable harm' entitling the other party to seek injunctive relief without posting a bond. These provisions can make it significantly easier for the other party to obtain an emergency court order restraining your actions pending a full hearing — even in cases where the alleged breach is disputed. Courts aren't required to follow NDA terms on injunctive relief, but a signed acknowledgment of irreparable harm is persuasive. Combined with a choice-of-forum clause requiring litigation in an inconvenient jurisdiction, this can be used as a pressure tactic.

Liquidated damages provisions at fixed amounts

Some NDAs specify fixed financial penalties per breach or per disclosure. Liquidated damages provisions are generally enforceable when they represent a reasonable estimate of actual damages at the time of contracting — damages that would otherwise be difficult to quantify. Fixed per-breach penalties that are disproportionate to the commercial value of the information, or that could aggregate rapidly across multiple technical disclosures, can create extreme financial exposure relative to the actual harm.

Attorneys' fees provisions that favor only one party

Some NDAs include one-sided attorneys' fees provisions: if the disclosing party prevails in an enforcement action, it recovers fees; if the receiving party prevails, it doesn't. This asymmetry makes the receiving party bear all litigation cost risk, which can discourage legitimate defenses even where the alleged breach is dubious or the NDA clause at issue is unenforceable.

Forum selection clauses in inconvenient jurisdictions

NDAs frequently specify the jurisdiction where disputes must be litigated. A choice-of-forum clause requiring litigation in a state where you have no physical presence, no attorneys, and no connection to the dispute creates significant practical burdens if you need to defend yourself. This is particularly problematic for individuals or small companies signing NDAs with large organizations that have established litigation resources in the specified forum.

How to review an NDA before signing

A structured NDA review takes 20–30 minutes if you know what to look for. Start with the clauses that have the most practical impact.

Read the definition of confidential information first

This defines the scope of everything else. Check for the four standard carve-outs (prior possession, public availability, independent development, third-party disclosure), check whether oral disclosures are included, and check whether the definition requires a designation process or covers 'anything the other party considers confidential.'

Confirm the mutual vs. one-sided structure matches the situation

If both parties are sharing information, the NDA should be mutual. If only one party is sharing, a one-sided NDA is appropriate — but check which direction it runs and confirm it matches the actual flow of information.

Check the term and whether it differs by information category

For most commercial NDAs, two to five years is typical. Longer for technical know-how; shorter for time-sensitive business information. Perpetual terms warrant closer scrutiny.

Check the permitted disclosures for legal and regulatory conflicts

Verify that you can disclose to your own legal counsel and advisors, and that a legally-compelled-disclosure carve-out exists. If your role involves compliance or regulatory reporting, check whether those obligations create a conflict with the NDA's restrictions.

Understand the remedies and forum selection

Check whether injunctive relief is pre-stipulated, what the damages provisions look like, and where disputes must be litigated. Asymmetric remedies and inconvenient forum clauses are negotiating points, particularly for individuals and smaller organizations.

What are the most important things to check in an NDA?+

The definition of confidential information (what you're obligated to protect and what's excluded), the mutual vs. one-sided structure (does it match who's actually sharing information), the term (how long your obligations last), the permitted disclosures (can you share with your attorneys, comply with legal compulsion), and the remedies (injunctive relief provisions, liquidated damages, forum selection). These five areas determine the practical scope and risk of the agreement.

What's the difference between a mutual NDA and a one-sided NDA?+

A mutual NDA (sometimes called an MNDA or MDA) binds both parties to protect each other's confidential information — appropriate when both parties are disclosing sensitive information. A one-sided NDA (unilateral NDA) binds only the receiving party — appropriate when only one party is disclosing. The structure should match the actual information flow. An NDA labeled 'mutual' may be one-sided in its operative terms, so read the definitions of 'disclosing party' and 'receiving party' carefully.

How long should an NDA last?+

Most commercial NDAs specify two to five years for general business information. Technical know-how, trade secrets, and highly proprietary technical information may warrant longer terms or perpetual protection — trade secrets in particular derive their protection from continued secrecy, so perpetual NDA terms for those categories are commercially rational. Financial projections, business plans, and customer lists typically lose commercial sensitivity over time; perpetual terms for those categories are more aggressive than necessary. A well-drafted NDA can specify different terms for different information categories.

Can I negotiate an NDA?+

Yes, and it's common to do so for specific clauses — particularly the definition of confidential information, the term, the permitted disclosures, and any overly aggressive remedy provisions. The other party's responsiveness to negotiation depends on the context: a counterparty with more leverage (a large enterprise offering vendor access) may be less flexible than one with less leverage (a startup seeking a partnership). Standard requests — like adding standard carve-outs to the confidential information definition, or narrowing an indefinite term to five years — are rarely deal-breakers. If specific clauses create genuine compliance conflicts with your existing obligations, these should be raised before signing, not after.

What happens if I violate an NDA?+

Consequences depend on the NDA's terms and jurisdiction. Typical remedies: the injured party can seek actual damages (quantifiable financial harm from the disclosure), injunctive relief (a court order preventing further disclosure), and in some cases attorneys' fees and liquidated damages if the NDA specifies them. NDAs that include 'irreparable harm' acknowledgments and automatic injunctive relief clauses can make it easier for the other party to obtain emergency court orders. Practical outcomes often depend more on the commercial relationship and the actual harm caused than on the NDA's formal remedies.

How can AI help review an NDA?+

AI-assisted NDA review extracts the key provisions — confidential information definition, carve-outs, term, permitted disclosures, remedies, forum selection — and flags clauses that deviate from standard practice or create unusual obligations. The output identifies which sections warrant attention and explains in plain language why each flagged clause is notable. This is useful for quickly identifying the high-priority areas in a dense document before deciding whether to sign, request changes, or seek legal counsel. AI review is informational — for significant concerns, or for NDAs that will govern substantial commercial relationships, an attorney familiar with your jurisdiction is the appropriate resource.

Continue exploring