A technology company entered a potential partnership discussion with a larger industry player. Before sharing technical details, they signed the larger company's standard mutual NDA. Three months later—partnership discussions having failed—the larger company launched a product bearing striking similarity to the technology company's proprietary approach. When the technology company sought legal recourse, their lawyers discovered that the NDA's definition of "Confidential Information" excluded any information that could be "independently developed"—and the larger company claimed exactly that defence.
The NDA had looked standard. The terms seemed reasonable. But subtle drafting choices created gaps that rendered the protection largely illusory. This scenario illustrates why NDA drafting and review requires more attention than these "routine" agreements typically receive.
NDA Fundamentals: Understanding the Basics
Types of NDAs
Unilateral (One-Way) NDAs
One party (the Discloser) shares confidential information; the other party (the Recipient) agrees to protect it. Common in:
- Employment contexts (employee receives company confidential information)
- Vendor evaluations (potential vendor receives specifications)
- Investment discussions (company shares financials with potential investors)
Mutual (Bilateral) NDAs
Both parties may share and receive confidential information, and both are bound by confidentiality obligations. Common in:
- Partnership discussions
- Joint venture exploration
- M&A due diligence (at initial stages)
- Technology collaborations
Multilateral NDAs
Three or more parties in a single agreement—less common but used in consortium arrangements or multi-party transactions.
Key NDA Provisions
Every NDA should address these fundamental elements:
| Provision | Purpose | Key Considerations |
|---|---|---|
| Definition of Confidential Information | Specifies what is protected | Broad enough to cover intended disclosures; clear enough to be enforceable |
| Obligations of Receiving Party | Defines how information must be protected | Standard of care; permitted uses; disclosure limitations |
| Exceptions/Carve-Outs | Identifies what isn't protected | Prior knowledge; independent development; public information |
| Term and Survival | Duration of obligations | Agreement term; confidentiality survival period |
| Permitted Disclosures | Who can access the information | Employees; advisors; affiliates; subcontractors |
| Return/Destruction | What happens when relationship ends | Return requirements; destruction certification; retention carve-outs |
| Remedies | Consequences of breach | Injunctive relief; damages; indemnification |
Critical NDA Provisions: What to Watch For
Definition of Confidential Information
The definition determines what the NDA actually protects:
Broad Definition (Discloser-Favourable)
"Confidential Information means any and all information, in any form, disclosed by Discloser to Recipient, including but not limited to technical data, trade secrets, business plans, customer information, financial information, and any other proprietary information."
Narrow Definition (Recipient-Favourable)
"Confidential Information means only information that is: (a) disclosed in writing; (b) marked 'Confidential' at time of disclosure; and (c) identified in Schedule A as constituting Confidential Information."
Balanced Approach
"Confidential Information means information disclosed by either party that: (a) if in written or electronic form, is marked confidential at time of disclosure; or (b) if disclosed orally, is identified as confidential at time of disclosure and summarised in writing within 10 business days."
Red Flags
- Marking requirements that you may not consistently satisfy
- Definitions so narrow that key disclosures won't be covered
- Definitions so broad that compliance becomes impossible
Standard Exceptions
Most NDAs exclude certain information from protection:
Public Information: Information that becomes publicly available other than through breach.
Prior Knowledge: Information the Recipient already possessed before disclosure.
Independent Development: Information the Recipient independently develops without using Confidential Information.
Third-Party Disclosure: Information received from a third party without confidentiality restrictions.
Legal Compulsion: Required disclosure under law, regulation, or court order (typically with notice to Discloser).
Watch For
- Independent development exceptions that allow the Recipient to develop similar technology and claim independence
- Third-party exceptions that don't require the third party to have legitimate rights to disclose
- Public information exceptions that include information publicly available due to Recipient's actions
Use Restrictions
How can the Recipient use the information?
Purpose Limitation: "Recipient may use Confidential Information solely for the purpose of evaluating a potential business relationship with Discloser."
Red Flags
- Purposes defined so broadly that almost any use is permitted
- No restrictions on internal dissemination
- Rights to create derivative works or incorporate into Recipient's products
Term and Survival
How long do obligations last?
Agreement Term: The period during which information may be disclosed.
Survival Period: How long confidentiality obligations continue after the agreement ends.
Typical Ranges
| Information Type | Typical Survival | Rationale |
|---|---|---|
| General business information | 2-3 years | Information becomes stale |
| Technical information | 3-5 years | Technology evolves |
| Trade secrets | Perpetual (or as long as secret) | Protection lasts as long as secrecy maintained |
Red Flags
- Short survival periods for information with long-term value
- Perpetual obligations for non-trade-secret information (unreasonable burden)
- Automatic termination upon any specified event without survival
Permitted Disclosures
Who can the Recipient share information with?
Typical Permitted Recipients
- Employees with need to know
- Professional advisors (lawyers, accountants) bound by professional duty
- Affiliates (controlled entities)
- Subcontractors (often requires consent or separate NDA)
Red Flags
- Unlimited sharing with "representatives" without definition
- No requirement for recipients to be bound by confidentiality
- Affiliate definitions that include entities you don't control
Common NDA Pitfalls
Asymmetric Mutual NDAs
The agreement is labelled "mutual" but the obligations aren't balanced:
- Different definition scopes for each party's information
- Different permitted uses
- Different remedies available
- Different term lengths
Solution: Compare provisions as they apply to each party; ensure genuine mutuality.
Residuals Clauses
A "residuals" or "residual knowledge" clause permits the Recipient to use information retained in the unaided memory of its personnel:
"Nothing in this Agreement shall prevent Recipient from using Residual Knowledge, meaning general knowledge, skills, and experience retained in the unaided memories of Recipient's personnel who have had access to Confidential Information."
This essentially allows the Recipient's employees to walk away with your confidential information legally usable—defeating much of the NDA's purpose.
Inadequate Remedies
NDAs often include provisions acknowledging that monetary damages may be inadequate and that injunctive relief is appropriate. But watch for:
- Limitations on injunctive relief availability
- Damage caps that make breach economically rational
- Provisions requiring the Discloser to prove actual damages (difficult for confidentiality breaches)
Efficient NDA Management
The NDA Volume Challenge
Active businesses sign dozens or hundreds of NDAs annually. Managing this volume requires:
Standardisation: Develop and use standard NDA forms that reflect your organisation's balanced position. Reduces negotiation time and ensures consistent protection.
Playbook Development: Create clear guidelines for which deviations from standard terms are acceptable, which require escalation, and which are unacceptable.
Tracking and Compliance: Maintain records of NDA obligations, expiration dates, and return/destruction requirements.
AI-Assisted NDA Review
Modern contract intelligence platforms transform NDA management:
Automated Term Extraction: AI identifies and extracts key provisions from incoming NDAs—definition scope, term length, exceptions, use restrictions—enabling rapid comparison against your standards.
Risk Flagging: AI identifies provisions that deviate significantly from market norms or your organisation's requirements, prioritising items for negotiation attention.
Obligation Tracking: Post-execution, AI tracks ongoing obligations—confidentiality periods, return requirements, reporting obligations—alerting when action is required.
RUNO's NDA Intelligence Tools
RUNO's Contract Intelligence platform includes specialised NDA capabilities:
NDA Template Generator: Generate customised NDAs reflecting your organisation's standard position, with clear drafting that reduces negotiation cycles.
Incoming NDA Analyzer: Upload counterparty NDAs for automated analysis against your playbook. AI identifies deviations, flags risks, and suggests negotiation points.
Term Comparison: Side-by-side comparison of your terms against counterparty proposals, with automatic identification of substantive differences.
Portfolio Management: Track all executed NDAs with automatic extraction of key dates, obligations, and expiration—ensuring compliance and enabling efficient portfolio management.
Conclusion: NDAs Deserve More Attention
The technology company that lost its proprietary approach to a competitor learned an expensive lesson: NDAs that look routine may contain gaps that render them ineffective. The time invested in careful NDA drafting and review is minimal compared to the cost of inadequate protection.
In a business environment where confidential information is often an organisation's most valuable asset, treating NDAs as routine paperwork is a risk few can afford.
Explore RUNO's NDA Intelligence Tools or request a demonstration to see efficient NDA management in action.