Non-Disclosure Agreements

Key NDA Clauses Explained

Deep dives into the seven clauses that matter most in every NDA — including the hidden ones.

The Seven Clauses That Define an NDA

Every NDA has the same basic architecture. Understanding these seven clauses lets you evaluate any NDA quickly and identify the ones that require negotiation.

1. Definition of Confidential Information

This clause defines what is actually protected. The scope ranges from narrow (specific categories listed explicitly) to extremely broad ("all information shared in any form").

Narrow definition (better for you as receiving party):

"Confidential Information means technical specifications, source code, financial projections, and customer lists that are marked 'Confidential' at the time of disclosure."

Broad definition (riskier):

"Confidential Information means any and all information disclosed by either party in any form, including information that is not marked as confidential."

What to watch for: Broad definitions can inadvertently cover public conversations, industry knowledge you already possessed, or information you independently developed.

2. Standard Exclusions

A well-drafted NDA excludes information that should not be covered by confidentiality obligations. There are five standard exclusions you should always verify are present:

Public domain information — Information that is or becomes publicly available through no fault of the receiving party
Prior knowledge — Information the receiving party already knew before signing the NDA
Independent development — Information the receiving party develops independently, without use of the disclosed information
Third-party disclosure — Information received from a third party who was not under confidentiality obligations
Legal compulsion — Information required to be disclosed by law, court order, or government regulation (with notice to the disclosing party when possible)

If any of these are missing, add them to your negotiation list.

3. Obligations of the Receiving Party

This clause specifies what you must do (and not do) with confidential information. Standard obligations include: not disclosing to third parties, using information only for the stated purpose, using reasonable care to protect it, and limiting access to those who need to know.

Red flag: "Reasonable care" is standard. "The same care as your own most sensitive information" is also reasonable. "Absolute security" is not a reasonable standard and creates unlimited liability.

4. Term and Survival

The term is how long the NDA is in effect. The survival clause specifies which obligations continue after the NDA terminates.

Typical term: 2-3 years for general discussions; 5 years for more sensitive information.

What to watch for: Perpetual confidentiality obligations. Some NDAs state that confidentiality obligations "survive indefinitely" or have no end date. This is problematic because:

You cannot predict what information you will need to reference years from now
Business needs change and old confidentiality obligations can restrict legitimate activities
Courts sometimes refuse to enforce perpetual obligations

A reasonable compromise: confidentiality obligations survive termination for 3-5 years for most information, with trade secrets surviving longer or indefinitely.

5. Return or Destruction of Materials

Upon termination (or on request), the receiving party must return or destroy all confidential materials. In practice, this is difficult to enforce for digital information.

Practical standard: Return physical materials, delete digital copies from personal devices, confirm in writing that destruction is complete.

6. Remedies

What happens if someone breaches the NDA? Most NDAs specify:

Injunctive relief — The disclosing party can go to court to immediately stop the breach, without needing to prove damages first. This is standard and reasonable.
Damages — The breaching party pays actual losses caused by the breach.
Liquidated damages — A pre-set damage amount per breach. Watch for these — "$50,000 per breach" clauses can be disproportionate.

7. Hidden Non-Compete and Non-Solicitation Clauses

This is the most dangerous hidden element in NDAs. Some NDAs include language like:

"During the term of this Agreement and for two (2) years thereafter, Receiving Party agrees not to engage in any business competitive with Disclosing Party."

This is a non-compete agreement embedded in what appears to be a simple confidentiality document. It is not standard. It is not acceptable in most NDAs.

What to do: If you find this language, flag it explicitly. Say: "This appears to include a non-compete provision. That is outside the scope of an NDA and needs to be a separate conversation." Do not sign an NDA with non-compete language unless you have reviewed it as a standalone non-compete agreement.

Example

markdown

// NDA clause checklist validator
interface NDAChecklist {
  hasStandardExclusions: {
    publicDomain: boolean;
    priorKnowledge: boolean;
    independentDevelopment: boolean;
    thirdPartyDisclosure: boolean;
    legalCompulsion: boolean;
  };
  termYears: number | 'perpetual';
  hasLiquidatedDamages: boolean;
  hasHiddenNonCompete: boolean;
  hasHiddenIPAssignment: boolean;
  confidentialDefinitionScope: 'narrow' | 'medium' | 'broad';
}

function evaluateNDA(checklist: NDAChecklist): { score: number; issues: string[] } {
  const issues: string[] = [];
  let score = 100;

  const exclusions = checklist.hasStandardExclusions;
  if (!exclusions.publicDomain) { issues.push('Missing: public domain exclusion'); score -= 10; }
  if (!exclusions.priorKnowledge) { issues.push('Missing: prior knowledge exclusion'); score -= 15; }
  if (!exclusions.independentDevelopment) { issues.push('Missing: independent development exclusion'); score -= 15; }
  if (!exclusions.thirdPartyDisclosure) { issues.push('Missing: third-party disclosure exclusion'); score -= 10; }
  if (!exclusions.legalCompulsion) { issues.push('Missing: legal compulsion exclusion'); score -= 5; }

  if (checklist.termYears === 'perpetual') { issues.push('Red flag: perpetual confidentiality obligation'); score -= 20; }
  if (checklist.hasLiquidatedDamages) { issues.push('Review: liquidated damages clause — check amounts'); score -= 5; }
  if (checklist.hasHiddenNonCompete) { issues.push('STOP: Hidden non-compete found — do not sign as-is'); score -= 40; }
  if (checklist.hasHiddenIPAssignment) { issues.push('STOP: Hidden IP assignment found — do not sign as-is'); score -= 40; }
  if (checklist.confidentialDefinitionScope === 'broad') { issues.push('Negotiate: narrow the definition of confidential information'); score -= 10; }

  return { score: Math.max(0, score), issues };
}

Try it yourself — MARKDOWN

// NDA clause checklist validator
interface NDAChecklist {
  hasStandardExclusions: {
    publicDomain: boolean;
    priorKnowledge: boolean;
    independentDevelopment: boolean;
    thirdPartyDisclosure: boolean;
    legalCompulsion: boolean;
  };
  termYears: number | 'perpetual';
  hasLiquidatedDamages: boolean;
  hasHiddenNonCompete: boolean;
  hasHiddenIPAssignment: boolean;
  confidentialDefinitionScope: 'narrow' | 'medium' | 'broad';
}

function evaluateNDA(checklist: NDAChecklist): { score: number; issues: string[] } {
  const issues: string[] = [];
  let score = 100;

if (checklist.termYears === 'perpetual') { issues.push('Red flag: perpetual confidentiality obligation'); score -= 20; }
  if (checklist.hasLiquidatedDamages) { issues.push('Review: liquidated damages clause — check amounts'); score -= 5; }
  if (checklist.hasHiddenNonCompete) { issues.push('STOP: Hidden non-compete found — do not sign as-is'); score -= 40; }
  if (checklist.hasHiddenIPAssignment) { issues.push('STOP: Hidden IP assignment found — do not sign as-is'); score -= 40; }
  if (checklist.confidentialDefinitionScope === 'broad') { issues.push('Negotiate: narrow the definition of confidential information'); score -= 10; }

return { score: Math.max(0, score), issues };
}