What to Look for in an NDA: Key Clauses and Warning Signs

Non-disclosure agreements land in your inbox constantly — before job interviews, vendor calls, partnership discussions, and consulting engagements. Most people sign them without reading them. That's a mistake. An NDA isn't just a formality; it's a legally binding contract with real consequences for violation. Knowing what to look for means you can sign confidently or push back where it counts.

This guide focuses on the specific language and clauses you need to examine in any NDA, with plain-English explanations of what each clause means and what makes it problematic.

The Definition Clause: Where NDA Problems Start

The definition of "confidential information" is the most important section of any NDA and the most common source of disputes. You need to read it carefully, not skim it.

A well-drafted definition of confidential information should:

• List specific categories of information that are covered (e.g., financial data, technical specifications, customer lists)
• Require that written information be marked "Confidential" at the time of disclosure
• Require that oral disclosures be confirmed in writing within a reasonable period (usually 30 days)
• Be specific enough that you can actually identify what's covered

Red flag language: "All information disclosed by either party" or "any information, whether written or oral, relating to the disclosing party's business." This kind of sweeping definition is almost impossible to comply with because you can't track what you knew, when, and from whom.

Standard Exclusions: Non-Negotiable Carve-Outs

Every legitimate NDA includes standard exclusions from the confidentiality obligation. If an NDA is missing these, it's either poorly drafted or intentionally overreaching. The standard exclusions are:

• Public domain information: Information that is or becomes publicly available through no fault of the receiving party
• Prior knowledge: Information already known to the receiving party before disclosure
• Independent development: Information independently developed without using the confidential information
• Lawful third-party receipt: Information received from a third party who had the right to disclose it
• Legal compulsion: Information required to be disclosed by law, regulation, or court order

If the NDA lacks any of these exclusions, request that they be added before signing. A missing exclusion — particularly the legal compulsion carve-out — could put you in an impossible position where you're contractually obligated to violate a court order.

Permitted Purpose: The Use Restriction

NDAs should restrict use of confidential information to a specific, defined purpose. This is sometimes called the "permitted purpose" clause. It answers the question: why are you receiving this information, and what can you do with it?

Weak NDAs either omit the permitted purpose entirely or define it so broadly as to be meaningless ("in connection with the parties' business relationship"). A strong NDA defines the purpose narrowly: "solely for the purpose of evaluating a potential acquisition of Company X" or "solely for the purpose of providing software development services under SOW #3."

A defined permitted purpose protects you because it limits what you can be accused of misusing. Without one, the disclosing party can claim that any use of the information was unauthorized.

Duration: How Long Does the Obligation Last?

NDAs have two relevant time periods that are often confused:

• Term of the agreement: How long the overall relationship lasts (often tied to an underlying engagement)
• Confidentiality obligation period: How long you must keep information confidential after disclosure or after the agreement ends

For ordinary business information, a confidentiality obligation of 2–5 years is standard. For genuine trade secrets, perpetual confidentiality obligations are common and often legally enforceable. For general project information, indefinite or perpetual obligations are overreaching.

Watch for NDAs where the confidentiality period restarts with each new disclosure. Under those terms, if you're in an ongoing relationship, you could be perpetually bound even if the base term ends.

One-Way vs. Mutual: The Asymmetry Problem

In a mutual NDA, both parties exchange confidential information and both are bound to protect it equally. In a one-way NDA, only one party discloses (and is protected) while the other is solely bound.

One-way NDAs are fine when the disclosure relationship is genuinely one-directional — for example, you're receiving information from a potential employer to evaluate a job offer. They become problematic when you're sharing significant proprietary information of your own and the agreement provides no reciprocal protection.

If you're entering a situation where you'll be sharing your own sensitive information (pricing models, source code, client lists), insist on mutual confidentiality obligations before signing a one-way NDA.

Remedies and Injunctive Relief

Most NDAs include a clause stating that breach will cause irreparable harm and entitle the non-breaching party to seek injunctive relief without posting a bond. This is standard and not inherently alarming — NDA breaches often involve ongoing disclosure that courts will stop with an injunction.

What to watch for are liquidated damages clauses that impose fixed, pre-specified dollar amounts per breach. These can be enforced without proof of actual damages and can create substantial financial exposure. If a liquidated damages clause is present, make sure the amounts are proportionate to the realistic harm from disclosure — not figures that function as a penalty.

Return or Destruction of Information

Many NDAs require the receiving party to return or certify destruction of all confidential information upon request or at the end of the relationship. In practice, this clause is difficult to comply with fully — email threads, backups, and notes may contain confidential information spread across many systems.

Before agreeing to a strict return-or-destroy obligation, consider whether compliance is actually achievable given your systems and workflow. If not, negotiate language that addresses "reasonable efforts" to return or destroy information, with standard exceptions for legally required retention and routine backup systems.

Seven-Point NDA Review Checklist

• Is the definition of confidential information specific and manageable?
• Are all five standard exclusions present?
• Is the permitted purpose clearly and narrowly defined?
• Is the confidentiality period reasonable for the type of information?
• Is the one-way/mutual structure appropriate for the actual relationship?
• Are any liquidated damages proportionate?
• Is the return-or-destroy obligation achievable?