Last updated: 2026 | This article is for general information only and does not constitute legal advice. NDA requirements and enforceability vary by jurisdiction and by the nature of the information involved.
An NDA, or non-disclosure agreement, is a contract used to protect sensitive business information shared between two or more parties. Before signing one, there are five key areas to review. These include what information is protected, how long confidentiality lasts, what happens when the agreement ends, whether indemnity applies, and which disclosures are excluded.
This guide is written for founders, legal ops professionals, procurement teams, in-house counsel, and business teams who need to review NDAs quickly and confidently.
Key Takeaways
When you receive an NDA, it is easy to focus on the signature block and move on. That approach creates risk. Knowing what to look for in an NDA helps you understand what you are agreeing to protect.
It also clarifies how long protection lasts and what happens if something goes wrong.
If you are reviewing an NDA for a vendor relationship, investor discussion, hiring process, product demo, or partnership, these five clauses matter most.
For a broader framework, see The Ultimate NDA Checklist: Draft, Review & Sign NDAs with Confidence.
Need a repeatable way to review NDAs faster? Explore SpotDraft's Contract Review Checklist 2026 and contract review tools built for legal and business teams.
The definition of confidential information tells you exactly what the NDA protects. It is the foundation of the entire agreement. Everything else, including the confidentiality period, the exclusions, and the remedies, only applies to information that falls within this definition.
If the definition is too broad, the receiving party takes on unreasonable obligations. They may be required to protect information that is already public or that they developed independently. If the definition is too narrow, the disclosing party may leave important information exposed.
A strong NDA should clearly define confidential information and structure the clause in a way that supports enforceability. For a deeper breakdown of what belongs in this section, see The Ultimate Guide to NDAs: NDA Meaning, Template, Requirements, Limitations & Best Practices.
A software company sharing a product roadmap with a potential integration partner should list specific categories. These include product plans, source code, pricing models, customer data, and unreleased feature details. A definition that simply says "all business information" gives the receiving party no practical way to manage their obligations.
If you want a second checklist focused specifically on signing review, see How to Sign an NDA? (Best Practices + Tools).
These two time periods are often confused, but they are not the same.
The disclosure period is the window during which confidential information can be shared under the NDA. Once this period ends, new disclosures are no longer covered by the agreement.
The confidentiality period is how long the receiving party must protect the information that was shared. This period typically begins when the information is disclosed. It continues for a defined number of years after the NDA ends or after the last disclosure.
A two-year NDA with a three-year confidentiality period means the parties can share information for two years. Each piece of shared information must remain protected for three years from the date it was disclosed. Trade secrets may be carved out and protected indefinitely under a separate provision.
For additional context on duration, termination, and exclusions, see NDA vs. Confidentiality Agreement: Which One to Choose?.
When an NDA ends, most agreements require the receiving party to return or destroy all confidential information. This includes documents, copies, notes, and digital files.
This clause matters because it determines what happens to sensitive information once the business relationship is over. Without clear language, there is no obligation to delete or return anything.
Most modern NDAs include a carve-out for archived or backup copies that cannot be easily deleted without disrupting IT systems. This is reasonable, but the carve-out should be limited. The receiving party should still be prohibited from actively accessing or using that archived information.
Watch for language that makes the return or destruction obligation impractical or impossible to fulfill. If the NDA requires deletion of all copies within 24 hours of termination with no exceptions, that may create compliance problems.
If you need a broader reference on how termination provisions work across agreements, see Contract Terminations: The Ultimate Guide + Free Template.
Indemnity means one party agrees to cover certain losses suffered by the other party if a breach occurs. In an NDA, this typically means the breaching party will compensate the non-breaching party for damages caused by unauthorized disclosure.
Not all NDAs include indemnity language. Some rely only on injunctive relief, which is a court order requiring the breaching party to stop the harmful conduct. Others include both.
Indemnity becomes risky when it is one-sided, uncapped, or triggered by events that are difficult to control. For example, an indemnity clause covering indirect or consequential losses caused by a breach, without any liability cap, can expose a party to significant financial risk.
Injunctive relief is a remedy that stops a breach from continuing. It does not compensate for financial loss. Indemnity compensates for financial harm after the fact.
Many NDAs include both because confidential information, once disclosed, cannot be unshared. Courts often grant injunctive relief quickly in NDA cases for this reason.
For a deeper look at indemnity language, see What are Indemnification Clauses?. If the NDA also includes caps or exclusions on damages, review Limitation of Liability Clause: Everything You Need to Know.
Every well-drafted NDA includes a set of standard exclusions. These are categories of information that fall outside the confidentiality obligation, even if they would otherwise meet the definition of confidential information.
The four most common exclusions are:
Without these exclusions, the receiving party could be held liable for disclosing information they did not receive from the disclosing party. They could also face liability for using knowledge they already had. That is an unfair and unenforceable position.
For a clause-by-clause example of how these exceptions are commonly drafted in a one-way NDA, see What is a Unilateral NDA? + Free Template.
A mutual NDA applies when both parties will share confidential information with each other. Both sides take on the same confidentiality obligations. This structure is common in joint ventures, partnership discussions, and M&A due diligence.
A non-mutual NDA (also called a one-way NDA) applies when only one party will disclose confidential information. The receiving party takes on confidentiality obligations. The disclosing party does not.
This structure is common in vendor relationships, hiring processes, and investor pitches where only one side is sharing sensitive information.
The structure of the NDA changes the drafting approach. In a mutual NDA, both parties should be comfortable with the definition of confidential information, the exclusions, and the indemnity language. Both sides are bound by these terms equally.
In a non-mutual NDA, the receiving party should pay closer attention to the scope of their obligations.
For more on this distinction, compare What is Mutual NDA? Everything you need to know with What is a Unilateral NDA? + Free Template.
Watch for these issues before signing any NDA:
If you expect revisions before signing, read Contract Redlining: Definition, Benefits, & Tips for Success.
Use this checklist before signing any non-disclosure agreement:
If you want a broader pre-signature checklist for commercial agreements, see The Complete List Of Standard Clauses To Check Before Signing A Contract.
The definition of confidential information is typically the most important clause. It determines what the agreement actually protects. If this definition is unclear, too broad, or too narrow, the rest of the NDA may not function as intended.
According to the Association of Corporate Counsel, courts may invalidate or limit the scope of an NDA that is unreasonable or overly broad.
It depends on the type of information being shared. General business information is commonly protected for two to five years. Trade secrets may warrant longer or indefinite protection.
The confidentiality period should be proportionate to the sensitivity and commercial value of the information.
The standard exclusions are: information that is already publicly available, information the receiving party already knew before signing, and information the receiving party developed independently. The fourth exclusion covers information the receiving party is legally required to disclose.
Most NDAs require the receiving party to return, delete, or destroy all confidential information once the agreement ends. The confidentiality obligation may continue for a defined survival period even after the NDA itself has expired. Trade secrets may remain protected indefinitely.
Yes. Some NDAs include indemnity language that requires the breaching party to compensate the other for losses caused by unauthorized disclosure. Not all NDAs include this clause.
Where it does appear, review the scope, triggers, and any liability caps carefully.
A mutual NDA applies when both parties will share confidential information with each other. Both sides are bound by the same obligations.
A non-mutual NDA applies when only one party will disclose confidential information. Only the receiving party takes on confidentiality obligations.
For routine, low-risk NDAs, a business team with a clear review checklist can often handle the initial review. For high-value transactions, M&A discussions, or NDAs with complex indemnity or liability language, legal review is advisable. NDA enforceability also varies by jurisdiction, which is another reason to involve legal counsel when the stakes are high.
Consequences can include injunctive relief, financial damages, legal costs, reputational harm, and loss of business opportunities. For a detailed overview of how courts handle NDA breaches, see Ironclad's guide to non-disclosure agreements. For a detailed explanation, see What Happens if you Break an NDA?.
Reviewing an NDA does not have to be complicated, but knowing what to look for in an NDA requires attention to the right clauses. A well-drafted NDA clearly defines what is protected and sets a reasonable confidentiality period. It also explains what happens to shared information after termination, addresses remedies for breach, and includes standard exclusions that protect both parties.
If any of these clauses are vague, missing, or one-sided, the agreement may need revision before you sign.
For high-value or high-risk agreements, always involve qualified legal counsel. NDA enforceability depends on jurisdiction, the nature of the information, and how the agreement is drafted.
Want to streamline NDA review and redlining? Explore how SpotDraft helps legal and business teams review contracts faster, flag risk, and manage the full contract lifecycle from request to signature.
