What Is an NDA and When Does Your Business Need One?

Non-disclosure agreements — commonly called NDAs — are among the most frequently signed legal documents in the business world. They appear at nearly every stage of business life: when two companies discuss a potential partnership, when an employer brings on a new employee, when a startup shares its business plan with a potential investor, when a vendor is given access to confidential systems, or when a company is being acquired and the buyer needs to review confidential financial information. Despite their ubiquity, NDAs are widely misunderstood, often poorly drafted, and sometimes signed in situations where they provide very little real protection.

What Is an NDA?

A non-disclosure agreement is a contract in which one or more parties agrees to keep certain information confidential and to use it only for specified purposes. The party that discloses confidential information is typically called the disclosing party. The party that receives the information and agrees to keep it confidential is the receiving party. In a mutual NDA, both parties agree to keep each other’s information confidential, which is appropriate when both sides will be sharing proprietary information in the course of their discussions.

The core legal effect of an NDA is to create a contractual obligation of confidentiality. If the receiving party breaches the NDA by disclosing confidential information to unauthorized parties or using it for unauthorized purposes, the disclosing party can sue for breach of contract and seek damages, injunctive relief to stop ongoing misuse, or both. An NDA also interacts with trade secret law: information that qualifies as a trade secret is protected by law even without an NDA, but having an NDA in place can strengthen a trade secret claim by demonstrating that the information was shared under conditions that imposed a duty of confidentiality.

One-Way vs Mutual NDAs

The most important structural choice in drafting an NDA is whether it will be one-directional or mutual. A one-way NDA protects one party’s information: the receiving party agrees to keep the disclosing party’s information confidential, but the disclosing party has no corresponding obligation. This structure is appropriate when information flows primarily in one direction — for example, when a startup shares its business plan with a potential investor, or when an employer shares proprietary processes with a new employee.

A mutual NDA protects both parties’ information: each party is simultaneously a disclosing party and a receiving party, and both agree to hold the other’s information in confidence. Mutual NDAs are appropriate in negotiated business relationships where both sides are sharing sensitive information — for example, in discussions about a potential partnership, joint venture, or business combination. Many parties reflexively request a mutual NDA even in situations where the information flow is largely one-directional; while this is not necessarily harmful, it creates obligations for the disclosing party that may be unnecessary.

What Makes Information Confidential Under an NDA?

A well-drafted NDA defines what information qualifies as confidential and is therefore protected by the agreement. The definition can be broad or narrow, and the scope of the definition significantly affects what the NDA actually protects. A broad definition might cover all non-public information disclosed in connection with a business relationship, regardless of whether it is marked as confidential or communicated orally. A narrower definition might require that information be specifically identified as confidential at the time of disclosure, which is more predictable but may fail to protect information shared informally.

Standard exclusions from the definition of confidential information appear in virtually every NDA. Information that is already in the public domain when it is disclosed is typically excluded, as is information that later becomes public through no fault of the receiving party. Information that the receiving party already knew before the disclosure is excluded. Information that the receiving party independently develops without reference to the disclosing party’s confidential information is excluded. And information that the receiving party receives from a third party without any obligation of confidentiality is excluded. These exclusions are reasonable and should not be read as loopholes — they reflect genuine categories of information that an NDA should not be expected to protect.

Duration: How Long Does an NDA Last?

Most NDAs specify a term — the period during which the confidentiality obligation applies. The appropriate term depends on the nature of the information and the relationship. NDAs governing employment relationships sometimes provide that confidentiality obligations survive termination of employment indefinitely. Business negotiation NDAs typically have terms of one to five years. NDAs involving trade secrets should ideally protect the secrets for as long as they remain secret, which can be longer than a fixed term.

Courts sometimes decline to enforce NDA provisions that impose perpetual confidentiality obligations for non-trade-secret information, viewing them as unreasonably burdensome. A reasonable term that corresponds to the commercial life of the information being protected is more likely to be enforced than a perpetual obligation.

Standard Provisions in a Well-Drafted NDA

Beyond the definition of confidential information and the duration of the obligation, a well-drafted NDA includes several important provisions. A permitted use provision specifies the limited purposes for which the receiving party may use the confidential information — typically, evaluating or implementing the specific business relationship for which the information was shared. A need-to-know limitation restricts disclosure within the receiving party’s organization to employees, contractors, and advisors who genuinely need the information for the permitted purpose and who are themselves bound by confidentiality obligations. A return-or-destroy provision requires the receiving party to return or destroy all confidential materials at the end of the relationship or upon request.

Most NDAs also include a provision addressing disclosures required by law. If a government agency, court, or regulatory body orders the receiving party to produce confidential information, the NDA should specify that the receiving party must notify the disclosing party as promptly as possible before making the disclosure, give the disclosing party an opportunity to seek a protective order, and disclose only what is legally required. Finally, most NDAs specify that breach of the confidentiality obligation may cause irreparable harm that cannot be adequately compensated by money damages, and that injunctive relief is an appropriate remedy. This provision matters because courts are more likely to issue an injunction if the NDA specifically contemplates it.

When Are NDAs Most Useful?

NDAs are most valuable when the information being shared is genuinely proprietary and not easily reverse-engineered or discovered independently, when the relationship between the parties is commercial and the receiving party has a legitimate business reason to respect the agreement, and when the parties are identifiable and located in jurisdictions where courts will enforce the agreement. In these circumstances, an NDA creates a meaningful legal backstop that deters misuse and provides remedies if misuse occurs.

NDAs are less useful — or even counterproductive — in some contexts. Many venture capital investors refuse to sign NDAs before hearing a startup’s pitch, reasoning that they see hundreds of pitches and cannot agree to confidentiality restrictions that would complicate their ability to invest in similar companies. Trying to insist on an NDA in this context can signal naivety and may damage the relationship before it has a chance to develop. Similarly, NDAs provide limited protection for information that is already widely known, for ideas that lack truly proprietary content, or against sophisticated bad actors who are willing to breach the agreement knowing that the cost of litigation exceeds the value of pursuing them.

NDAs and Trade Secret Law

An NDA is not the only — or even the primary — protection for confidential business information. Trade secret law protects information that has commercial value and is kept secret through reasonable measures. The Defend Trade Secrets Act, enacted in 2016, creates a federal cause of action for trade secret misappropriation and provides powerful remedies including seizure orders and exemplary damages. Most states have adopted the Uniform Trade Secrets Act, providing parallel state law protection.

Trade secret protection is broader than NDA protection in some respects: it can protect against misappropriation even by parties who are not in a contractual relationship with the trade secret owner. But it requires that the owner maintain reasonable measures to protect the secrecy of the information — and an NDA is one of the most important measures a business can take. Sharing sensitive information without an NDA can be cited as evidence that the information was not kept secret through reasonable measures, potentially undermining a trade secret claim.

An NDA is an important tool in any business owner’s legal toolkit, but it is a starting point, not a complete solution. A thoughtfully drafted NDA that is tailored to the specific information being shared and the nature of the relationship, combined with sound business practices for limiting access to sensitive information, provides meaningful protection for your most valuable proprietary assets.