What to Look For in an NDA: Key Clauses, Red Flags, and Negotiation Tips

Non-disclosure agreements are among the most frequently signed legal documents in business — and among the most poorly read. Founders sign them before every investor meeting. Employees sign them on day one. Vendors sign them before a procurement conversation. The pace and frequency of NDA signing encourages a dangerous casualness about their terms.

The details of an NDA determine what you can and cannot do with information you receive, how long those restrictions last, who bears the legal exposure if confidentiality is breached, and what remedies are available if the other party discloses your information. A poorly negotiated NDA can expose you to injunctions, damage claims, and restrictions on your own future work.

This guide covers what to look for in every NDA, which provisions to negotiate, and which clauses signal an unfair agreement.

The Basic Structure of an NDA

Non-disclosure agreements typically contain:

1. Definition of Confidential Information — What is covered
2. Obligations of the receiving party — What you must do to protect it
3. Permitted disclosures and exclusions — What is not protected
4. Term and duration — How long the obligations last
5. Return or destruction — What happens to information when the relationship ends
6. Remedies — What happens if either party breaches
7. Mutual vs. one-sided — Whether both parties or only one is bound

Mutual vs. One-Way NDAs

A mutual NDA binds both parties: each protects the other's confidential information under the same terms. A one-way NDA binds only the receiving party.

One-way NDAs are common and appropriate in specific contexts — a vendor receiving your proprietary pricing data, a job applicant being told about an unannounced product. But a one-way NDA used in a context where both parties are genuinely sharing sensitive information is a signal of an imbalanced negotiating posture.

What to check: Does the NDA's direction match the actual information flow? If you are sharing information AND receiving information, ask for mutual obligations.

The Definition of Confidential Information: The Most Important Clause

How "Confidential Information" is defined controls everything else in the NDA. A broad definition gives the disclosing party extensive protection. A narrow definition leaves gaps.

Broad Definition (Favors Discloser)

"Confidential Information means all information disclosed by Discloser to Recipient in any form, whether oral, written, electronic, or visual, including but not limited to financial data, technical specifications, business strategies, customer lists, and trade secrets, whether or not marked as confidential."

Everything the disclosing party shares is confidential, whether marked or not.

Narrow Definition (Favors Recipient)

"Confidential Information means only written information marked 'CONFIDENTIAL' at the time of disclosure, or oral information designated as confidential at the time of disclosure and summarized in writing within five business days."

Protects only what is explicitly labeled — leaving oral conversations and unmarked documents unprotected.

What to negotiate:

• As the receiving party: push for a narrow definition. Marking requirements force the disclosing party to identify what it actually considers sensitive.
• As the disclosing party: push for the broader definition. You cannot always mark everything in real-time conversations.
• The middle ground: "including but not limited to" language with a categories list, plus a catch-all for information that should reasonably be understood as confidential given the context.

Standard Exclusions

Every well-drafted NDA should exclude from the definition of Confidential Information any information that:

• Is already publicly available through no fault of the receiving party
• Was already known to the receiving party before disclosure
• Is independently developed by the receiving party without reference to the disclosed information
• Is lawfully received from a third party without confidentiality obligations

If these exclusions are missing, the receiving party could technically be bound to keep confidential information that is published in the newspaper. That is not enforceable, but litigating unenforceability is expensive.

Obligations of the Receiving Party

After the definition, the NDA specifies what the receiving party must do with confidential information. Standard obligations:

• Use Confidential Information only for the stated purpose of the relationship (the "permitted purpose")
• Protect it with the same standard of care used to protect your own confidential information, but not less than reasonable care
• Disclose only to personnel or contractors who need it for the permitted purpose and who are bound by equivalent confidentiality obligations
• Not copy, reproduce, or modify it except as necessary

The "Permitted Purpose" Is Critical

If the NDA defines the permitted purpose narrowly, you can only use the disclosed information for that specific purpose — even if you would like to use it for related but distinct purposes.

Example: An NDA signed to evaluate a potential acquisition defines the permitted purpose as "evaluating a potential acquisition of Company X." If the acquisition does not proceed, you cannot use the information learned during diligence to build a competitive product — even if you would have discovered that information independently.

Read the permitted purpose carefully and ensure it matches your actual intent for the engagement.

Term and Duration

NDAs have two overlapping time concepts that are frequently confused:

Term: How long the NDA relationship lasts (i.e., how long can disclosures be made under it)

Duration of confidentiality obligations: How long after disclosure must the receiving party keep information confidential

These can differ significantly. An NDA might have a 2-year term (disclosures can be made for 2 years) but a 5-year duration of confidentiality (the receiving party must protect everything disclosed for 5 years from the date of disclosure, even if the term expires).

What Duration Is Reasonable?

• Commercial NDAs (vendor, partnership): 2-3 years is market standard
• M&A and investment NDAs: 3-5 years is common, given the sensitivity of financial and strategic information
• Employment NDAs: Often indefinite for trade secrets (consistent with trade secret law); 1-3 years for other confidential information
• Perpetual duration for all confidential information: Red flag — overly long obligations may not be enforceable in some jurisdictions and are difficult to operationally manage

What Happens to Trade Secrets?

Many NDAs distinguish between "Confidential Information" and "Trade Secrets." Trade secrets can legitimately be protected indefinitely under applicable trade secret law, even after an NDA expires. If the NDA is silent on this distinction, trade secret protection may continue regardless of the stated term — which is generally appropriate.

Permitted Disclosures

Beyond the receiving party's own obligations, the NDA should specify when disclosure is permitted despite the general prohibition:

• Legal compulsion: If a court order or government agency requires disclosure, the receiving party typically must notify the disclosing party in advance so it can seek a protective order
• Advisors and representatives: Lawyers, accountants, and other professional advisors who need to review the information
• Need-to-know employees: Personnel who need the information to fulfill the permitted purpose

The "Legal Compulsion" Clause Matters

A well-drafted legal compulsion clause requires the receiving party to:

1. Promptly notify the disclosing party upon receiving a subpoena or legal demand
2. Cooperate with the disclosing party's efforts to obtain a protective order
3. Disclose only the minimum information required by law

A poorly drafted clause (or a missing clause) allows disclosure without notice, removing the disclosing party's opportunity to protect its information through judicial process.

Return or Destruction of Confidential Information

When the relationship ends, what happens to confidential information the receiving party holds? The NDA should specify:

• Whether the receiving party must return, destroy, or certify destruction of confidential information
• The timeframe for doing so
• What happens to notes, analyses, and derivatives of the confidential information (often excluded from return/destruction requirements because they are difficult to separate from the receiving party's own work product)
• Whether electronic backup copies are addressed (often a carve-out — deleting every backup is impractical)

Practical note: For M&A due diligence situations, the return/destruction obligation is particularly important. If the acquisition does not close, you want clear obligations around the destruction of the target company's financial and operational data you reviewed.

Remedies and Injunctive Relief

What happens when the NDA is breached? Standard NDA remedies clauses include:

• Acknowledgment of irreparable harm: The receiving party acknowledges that breach would cause irreparable harm that money cannot adequately compensate
• Injunctive relief: The disclosing party is entitled to seek injunctive relief without posting a bond
• Attorney's fees: The breaching party pays attorney's fees in enforcement actions

The injunctive relief clause is significant. It means the disclosing party can go to court for an emergency order stopping disclosure without having to first prove damages — and without posting the bond normally required for injunctions. This is appropriate for trade secret protection but can be aggressive in standard commercial NDAs.

Red Flags: Signals of an Unfair NDA

No exclusions for public information: An NDA without standard exclusions (public domain, prior knowledge, independent development) is either drafted by someone who does not know what they are doing or is attempting to bind you to unenforceable terms in hopes you will not know the difference.

One-way obligations in a mutual sharing context: If both parties are sharing sensitive information but the NDA only protects one party's disclosures, demand mutual obligations.

Perpetual duration with no trade secret distinction: Confidentiality obligations that last forever for all information (not just trade secrets) are hard to enforce, impractical to manage, and signal a lack of sophistication in the drafter.

Extremely broad definition of Confidential Information combined with no marking requirement: Creates practical impossibility — the receiving party cannot know with certainty what is and is not covered.

No permitted purpose defined: If the NDA does not specify why information is being shared and what it can be used for, the disclosing party can later argue any use was unauthorized.

Liquidated damages provisions for breach: Unusual in standard commercial NDAs; more common in employment contexts. High liquidated damages for disclosure can be used as a weapon even for minor technical breaches.

Analyzing NDAs at Scale

The NDA Analyzer can extract all key provisions from an NDA instantly — definition of confidential information, term, duration, mutual vs. one-way obligations, exclusions, remedies, and governing law — with citations to the exact clause location. For legal teams reviewing dozens of NDAs per week, or procurement teams managing vendor relationships, AI analysis reduces NDA review time from 30+ minutes per document to under 5 minutes.

NDA Review Checklist

• [ ] Is the NDA mutual or one-way, and does that match the information flow?
• [ ] How is Confidential Information defined — broad or narrow?
• [ ] Are the standard exclusions present (public domain, prior knowledge, independent development, legal compulsion)?
• [ ] What is the permitted purpose — does it match your intent?
• [ ] What is the term vs. the duration of confidentiality obligations?
• [ ] Is there a distinction between Confidential Information and Trade Secrets?
• [ ] What are the permitted disclosure situations?
• [ ] Does the legal compulsion clause require notice to the disclosing party?
• [ ] What happens to information upon termination?
• [ ] Does the injunctive relief clause seem proportionate to the risk?
• [ ] Is governing law appropriate for both parties?

Key NDA Terms to Know

• NDA: Non-disclosure agreement — the agreement form itself
• Confidentiality Clause: The specific provision requiring information to be kept secret
• Governing Law: Which state's or country's law applies to interpret and enforce the agreement
• Indemnification: Obligation to compensate the other party for losses caused by breach

---

Use the NDA Analyzer to instantly extract and summarize every key clause in any NDA — no legal background required.