Non-disclosure agreements (NDAs) are everywhere. You might encounter them when you're in early-stage discussions with a potential business partner, when you're interviewing for a new role, or when you're pitching for investment. They're designed to protect confidential information, but they can also trap you if you're not careful. Here's a practical checklist of ten things to look at before you sign any NDA.
1. Scope of confidential information
The most important part of an NDA is the definition of what counts as "confidential information." A good definition is specific: it covers business plans, financial data, customer lists, product designs, trade secrets. A bad definition is vague: it says "any information" or "all information." The problem with vague definitions is that they can sweep in information that was already public, or that the other party already knew. Check whether the definition includes a time limit (information created after a certain date) or a qualifier (information marked confidential or identified as such). The narrower and more specific the definition, the better.
2. Mutual vs one-way
An NDA can be mutual (both parties are promising to keep each other's information confidential) or one-way (only one party is promising confidentiality). One-way NDAs are common when you're pitching something to an investor or a potential partner — they want to hear your idea but you're protecting your confidential information. That's fine, but understand which direction it goes. If you're the only one bound by confidentiality and the other party can freely share your information, that's a significant imbalance. If that's the case, at least make sure the definition of confidential information is very narrow, so you're only protecting truly sensitive material.
3. Duration of the obligation
NDAs almost always have a time limit. You're not bound to keep information confidential forever. Standard durations are two to five years from the date of disclosure. Some NDAs have different durations for different categories of information — trade secrets might be protected for seven years, while business information might only be three. Check whether the obligation expires when you sign or when the relationship ends. For example, if you're in employment discussions and you sign an NDA, does it last for three years from when you sign it, or three years from when you either join or don't join the company? The latter is better for you.
4. Permitted disclosures
No absolute NDA makes sense. You need to be able to disclose confidential information to your lawyers, your accountant, or your board of directors. A good NDA carves out these necessary disclosures, either explicitly or by building in carve-outs for people who have a "need to know." Check whether you can disclose to: your legal team, your financial advisors, your board, your employees, and your other business partners. If the NDA requires you to keep information confidential from your own lawyer, it's too restrictive. If it requires you to get permission to disclose to your accountant, it's impractical.
5. Public domain exclusion
Information that's already public shouldn't be covered by an NDA. Check whether the agreement has a "public domain" exclusion. It should say something like: "Information is not confidential if it was already publicly available before the disclosure, or becomes publicly available through no breach of this agreement." This protects you from accidentally breaching the NDA because information that was confidential later became public. If there's no public domain exclusion, you could technically be in breach even if you didn't cause the information to leak.
6. Prior knowledge and independent development
You might already know something that the other party discloses as confidential. Or you might independently develop something similar to their confidential information. A good NDA has a carve-out for information you already knew or could have independently developed without access to their confidential information. This is called the "prior knowledge" and "independent development" exception. Without this, you could theoretically be in breach of the NDA even if you arrived at the same conclusion independently.
7. Remedies and injunctions
NDAs almost always say that breach will cause "irreparable harm" to the other party and that they can seek an injunction (a court order preventing you from doing something) to stop the breach. That's standard and generally fair. But some NDAs go further and say they can seek an injunction without having to prove that damages wouldn't be an adequate remedy, or that they can get an injunction without posting a bond (security money). Read this section. If it's extremely one-sided — giving the other party automatic injunction rights without normal court processes — that's worth noting.
8. Return or destruction of information
Most NDAs require you to return or destroy confidential information at the end of the relationship. That's reasonable, but check whether it applies to all information or just the originals. Some NDAs say you can keep one copy for your legal archives. If the NDA requires destruction of all copies, including emails and backup copies, that could be impractical. Also check whether the obligation applies indefinitely or just during the confidentiality period. If it says you have to destroy information five years after disclosure, but the confidentiality obligation lasts for ten years, that creates a tension in the contract.
9. Legal requirements and court orders
There should be a carve-out allowing you to disclose confidential information if you're legally required to (for example, by a court order or regulatory investigation). Without this, an NDA could theoretically prevent you from complying with the law. Check the clause says you can disclose if required by law, and ideally that you'll try to give the other party notice so they have a chance to seek a protective order. This is a critical protection.
10. Territory and governing law
Check what jurisdiction the NDA is governed by. A UK-governed NDA is familiar to UK courts. A US-governed NDA might have different rules about confidentiality, breach, and damages. Also check the territory — is the confidentiality obligation worldwide or limited to specific countries? For most purposes, this shouldn't matter much, but it's worth understanding. If you're working internationally, you might prefer an NDA governed by English law because that's what you're familiar with.
The bigger picture
Most NDAs are reasonable documents, but they're written to favour the disclosing party (the one sharing the confidential information). Your job in reviewing an NDA is to understand: What information am I bound to protect? For how long? What can I do with it? What happens if I breach it? If those answers are reasonable and limited, you can sign with confidence. If they're vague, indefinite, or extremely one-sided, push back before you sign.
Need help reviewing an NDA before you sign? Our NDA review service walks through these exact points and flags any clauses that are unusually restrictive or worth negotiating.