When you actually need an NDA
A Non-Disclosure Agreement is a contract that creates a legal duty of confidence around specified information. The right time to sign one is whenever you are about to share information that would damage your business if it leaked, and where the receiving party is not already bound by an equivalent duty.
The most common scenarios:
- Investor and acquirer discussions - before the data room opens and financials cross.
- M&A and joint venture talks - before exchanging customer lists, pricing, or strategic plans.
- Hiring senior staff or contractors - alongside the employment contract or before a paid trial.
- Freelancer and agency engagements - when sharing access to product roadmaps, source code, brand assets or client data.
- Supplier and manufacturer briefings - to protect designs, specifications and pricing.
- Pre-sales conversations with prospects - particularly in regulated sectors where you need to share architectural detail.
When you don't need one
Don't default to demanding an NDA from every counterparty. They add friction, slow deals down, and can signal distrust. Skip the NDA when:
- The information is already public. Confidentiality cannot attach to public-domain material.
- The recipient is already under a duty of confidence. Solicitors, accountants and bank relationship managers all owe professional duties.
- You're sharing genuinely high-level pitch material. Most VCs will refuse to sign one early - the deal flow is too high.
- Employees handling the information. Employment contracts already include confidentiality clauses; a separate NDA is rarely needed.
Mutual vs one-way
A mutual NDA binds both parties to keep each other's confidential information secret. It's the right structure when both sides will share sensitive material - partnership negotiations, M&A discussions, technology evaluations between two product companies.
A one-way NDA only binds the recipient. Use it when information flows in one direction: a candidate accessing your systems during a paid trial, an investor reviewing financials, a supplier receiving product specifications. One-way agreements are easier to sign quickly because the disclosing party has nothing to gain from negotiation.
The clauses that matter most
Most NDA disputes hinge on a small number of clauses. Get these right and the rest is largely boilerplate.
Definition of Confidential Information
Too narrow and you can't enforce. Too broad and a court may strike it down as restraint of trade. The best definitions describe the categories of information (financial, technical, customer, strategic) and reference any markings used (e.g. "information marked Confidential or that ought reasonably to be understood as confidential").
Standard exclusions
Five carve-outs are universal: information already in the public domain, information already known to the recipient before disclosure, information lawfully obtained from a third party without restriction, information independently developed by the recipient, and disclosures required by law or competent regulator.
Term
Two to five years for ordinary commercial information; perpetual for trade secrets defined under the Trade Secrets (Enforcement, etc.) Regulations 2018 (UK) or the Defend Trade Secrets Act 2016 (US). A perpetual NDA over ordinary information may be unenforceable as restraint of trade.
Whistleblowing carve-out
An NDA cannot lawfully prevent protected disclosures under the Public Interest Disclosure Act 1998 (UK), the EU Whistleblower Directive 2019/1937, or the US Speak Out Act 2022. The Employment Rights Act 2025 also prohibits NDAs that prevent disclosure of sexual harassment. Include the carve-out explicitly - courts have voided NDAs that try to prevent these disclosures.
Return or destruction on termination
Recipient must return or destroy materials and certify in writing. Increasingly important for digital materials - data on personal devices and cloud accounts - where forensic deletion is non-trivial.
Common mistakes that make NDAs unenforceable
- Defining everything as confidential. If the contract says "all information shared is confidential", courts will look for some way to narrow it. A defined-categories approach holds up better.
- Indefinite term over ordinary information. Restraint of trade.
- No carve-out for whistleblowing or sexual-harassment disclosure. The clause as a whole may be void.
- Penalty clauses dressed as liquidated damages. A genuine pre-estimate of loss is enforceable; a punitive clause is not (Cavendish Square Holding BV v Makdessi [2015] UKSC 67).
- No governing law or jurisdiction clause. Cross-border NDAs without a venue clause are expensive to enforce.
Enforceability across borders
A well-drafted NDA specifies which country's courts have exclusive jurisdiction and which law applies. UK judgments are enforceable in many common-law jurisdictions; EU NDAs benefit from Brussels Ia (Regulation 1215/2012) within the EU. US enforcement is state-by-state and turns on the chosen forum.
For high-value secrets that may need international enforcement, add an arbitration clause (LCIA, ICC or AAA depending on the parties) so the resulting award benefits from the New York Convention. Lexara's NDA generator applies the right governing law and jurisdiction clause based on the country you select, and the clause library includes ready-to-use confidentiality language for each jurisdiction.