What Is an NDA? The Complete Guide for Professionals (2026)
Everything you need to know about NDAs — what they are, how they work, when you need one, and how to review them. The definitive guide.
You've probably signed an NDA at some point — when starting a job, exploring a business partnership, or working with a new client. But do you actually know what you agreed to? Most people sign NDAs without fully understanding what they are, how they work, or what the consequences of breaking one might be.
This guide covers everything you need to know about NDAs: what they are, the different types, what they should (and shouldn't) include, when you need one, and how to review them before you sign.
What Is an NDA?
An NDA — short for Non-Disclosure Agreement — is a legally binding contract in which one or more parties agree to keep certain information confidential. It creates a legal obligation to protect specified information and prevents it from being shared with third parties without consent.
NDAs go by several names: confidentiality agreement, confidential disclosure agreement (CDA), proprietary information agreement (PIA), or secrecy agreement. They all mean the same thing: someone is sharing sensitive information with you, and you're agreeing not to disclose it.
The core function of an NDA is to allow parties to share sensitive information — business plans, trade secrets, client data, financial details, technical specifications — with a legal guarantee that it won't be misused or shared.
The Two Main Types of NDAs
NDAs come in two fundamental structures, and understanding the difference matters a lot for your obligations:
Unilateral NDAs (One-Way) are the most common type. One party (the disclosing party) shares information with another (the receiving party), and only the receiving party has confidentiality obligations. This is typical in employment agreements, investor pitches, and contractor arrangements. When a company asks you to sign an NDA before a job interview, that's a unilateral NDA — you're agreeing to protect their information; they have no reciprocal obligation to you.
Mutual NDAs (Two-Way) create confidentiality obligations on both sides. Both parties agree to protect each other's information. These are common in joint ventures, partnership discussions, merger negotiations, or any situation where both sides are sharing sensitive information. A mutual NDA is more balanced — neither party can disclose the other's confidential information.
What Does an NDA Actually Cover?
Every NDA should clearly define what information is considered "confidential." This is one of the most important — and most frequently problematic — parts of any NDA.
Well-drafted NDAs define confidential information specifically: trade secrets, proprietary processes, technical data, client lists, financial projections, product roadmaps, and similar categories. Poorly drafted NDAs use broad, sweeping language that covers "any and all information disclosed" — which can create problems because it's ambiguous and potentially overreaching.
Standard NDAs also include explicit carve-outs — information that is NOT considered confidential even if it was disclosed under the agreement. Common carve-outs include:
- Information that was already publicly available at the time of disclosure
- Information the receiving party already knew independently
- Information received from a third party without confidentiality restrictions
- Information independently developed by the receiving party without using confidential information
- Information required to be disclosed by law, court order, or regulatory requirement
These carve-outs are standard and reasonable. If an NDA doesn't include them, that's a red flag.
Key NDA Clauses You Need to Understand
Beyond the definition of confidential information, several other clauses define the substance and scope of your obligations:
Duration (Term) defines how long the confidentiality obligations last. NDAs can be time-limited (1, 2, or 5 years) or perpetual (no expiration). Perpetual NDAs are common for genuine trade secrets but should be questioned for general business information. A reasonable duration for most commercial NDAs is 2-5 years. Perpetual obligations on non-trade-secret information are worth negotiating down.
Permitted Use specifies what the receiving party can do with the confidential information. The information should only be used for the specific purpose of the disclosure (evaluating a potential business deal, performing contracted work, etc.), not for any other purpose. An NDA without a clear permitted use clause is problematic — it may not prevent misuse of information for tangential purposes.
Permitted Disclosures identifies who within the receiving party can access the confidential information. Typically this includes employees and contractors who need it on a "need to know" basis, often with the requirement that those individuals are themselves bound by confidentiality obligations. Look for whether this clause is reasonable — can you share with your lawyer, accountant, or advisors as needed?
Return or Destruction of Information governs what happens to confidential materials if the agreement ends or the deal doesn't happen. Well-drafted NDAs require the receiving party to either return all confidential materials or certify their destruction within a specified period after termination.
Remedies specifies what happens if the NDA is breached. Most NDAs include provisions for injunctive relief (a court order to stop the breach immediately) and damages. Some include specific monetary penalties. The remedies clause tells you how seriously the other party takes this agreement — and how seriously you should take your obligations.
When Do You Need an NDA?
NDAs are appropriate any time sensitive information needs to be shared and both parties have a legitimate interest in keeping it confidential. Common situations include:
Employment: Employers routinely ask new employees to sign NDAs to protect trade secrets, client lists, proprietary processes, and other confidential business information. This is standard and expected. Review the scope carefully — some employment NDAs are overbroad and may attempt to restrict what you can do after leaving the company.
Business partnerships and negotiations: Before discussing a potential acquisition, joint venture, licensing deal, or strategic partnership, parties typically exchange NDAs. You can't have a meaningful discussion about whether a deal makes sense without sharing some sensitive information, and both parties need assurance that the information won't be misused if the deal doesn't happen.
Investor pitches: When pitching to investors, founders sometimes ask for an NDA before sharing detailed business plans. This is less common in early-stage venture contexts (many VCs refuse to sign NDAs at the pitch stage) but is standard in other contexts. If an investor refuses to sign any form of NDA, share only what you're comfortable with being public.
Contractor and freelance work: Clients often ask contractors to sign NDAs to protect client information, project details, and proprietary methodologies. This is standard. Review the scope — an NDA that covers client work is reasonable; one that restricts your ability to use general skills or work in your field is not.
Product development: When working with manufacturers, developers, or other partners on a new product, NDAs protect design details, technical specifications, and proprietary methods from being disclosed to competitors.
What an NDA Cannot Do
NDAs are powerful tools, but they have limits. Understanding what an NDA cannot legally do is as important as understanding what it can do.
An NDA cannot prevent you from disclosing information to regulators if required by law. If a government agency subpoenas information, a court orders disclosure, or a regulatory requirement mandates reporting, an NDA does not override that obligation. You are generally required to notify the disclosing party of a required disclosure and give them the opportunity to seek a protective order.
An NDA cannot prevent whistleblowing in most jurisdictions. The Defend Trade Secrets Act (DTSA) in the United States explicitly protects disclosures to government officials and attorneys for purposes of reporting potential violations of law. NDAs that attempt to prevent all whistleblowing are typically unenforceable to that extent.
An NDA cannot cover information that is genuinely public. Once information is publicly known, confidentiality obligations with respect to that information typically end. An NDA that attempts to keep truly public information confidential is unenforceable.
An NDA cannot be used as a tool to cover up illegal activity. Courts have consistently held that NDA clauses that attempt to prevent disclosure of illegal conduct are void as against public policy.
Red Flags to Watch for When Reviewing an NDA
Not all NDAs are reasonable. These are the specific red flags that should prompt you to push back, negotiate, or at minimum get legal advice before signing:
Overbroad definition of confidential information: If the NDA defines confidential information as "any and all information disclosed in connection with this agreement" or similar sweeping language, it's covering too much. Push for specific categories and make sure the standard carve-outs (public information, prior knowledge, independent development) are included.
Perpetual duration on non-trade-secret information: A perpetual obligation on general business information is excessive. Most business information loses its value and competitive sensitivity within a few years. Perpetual obligations should be limited to genuine trade secrets.
Hidden non-compete language: Some NDAs contain clauses that go beyond confidentiality and restrict what you can do professionally — who you can work for, what industry you can work in, or what clients you can serve. That's a non-compete, not a confidentiality provision, and it deserves separate scrutiny.
No carve-outs for legal disclosures: If the NDA doesn't explicitly permit disclosures required by law, court order, or regulation, it's dangerously overbroad. You cannot sign a contract that prevents you from complying with the law.
Disproportionate remedies: Remedies that include astronomical liquidated damages for any breach — even minor technical violations — are designed to intimidate, not protect. Reasonable remedies should be proportionate to actual harm.
Extremely broad permitted use restrictions: The NDA should allow you to share confidential information with your legal counsel, accountants, and advisors as needed. If it doesn't include these standard carve-outs, you may find yourself unable to get legal advice about the very agreement you're being asked to sign.
How to Review an NDA Before Signing
Reviewing an NDA doesn't require a law degree, but it does require systematically working through the document rather than skimming and signing.
Start with the definition of confidential information. Understand exactly what you're agreeing to protect and confirm the carve-outs are there. Then check the duration — how long will these obligations apply after the agreement ends or the relationship concludes? Next, look at permitted use and confirm the information can only be used for the stated purpose. Check whether you can share with your own advisors. Read the remedies section to understand what's at stake if there's a breach.
Finally, scan for any language that goes beyond confidentiality — restrictions on who you can work for, what you can do professionally, or what business relationships you can maintain. If any of that is present, you're reviewing a document that includes non-compete or non-solicitation provisions, not just an NDA.
AI tools like PactScout can accelerate this process significantly — uploading an NDA and getting an instant risk score and clause-by-clause breakdown lets you identify the specific issues to focus on, rather than parsing dense legal language from scratch. This is especially useful for people who review NDAs regularly and want a systematic first pass before deciding whether legal counsel is needed.
Can You Negotiate an NDA?
Yes — and you often should. NDAs are contracts, and like any contract, their terms are negotiable. How much leverage you have depends on context: a startup asking a big client to sign an NDA has less leverage than an established company with proprietary technology. But most professional counterparties expect some negotiation of NDAs.
The most commonly negotiated terms are duration (pushing perpetual to time-limited), the definition of confidential information (narrowing overbroad definitions), adding carve-outs if they're missing, and removing hidden non-compete language. Requesting changes to an NDA is not a sign of bad faith — it's due diligence.
If a counterparty refuses any negotiation of an NDA at all — particularly on clearly overbroad terms — that's useful information about how they operate.
What Happens If You Break an NDA?
Breaching an NDA can have serious consequences: injunctive relief (a court order requiring you to stop the disclosure and prevent further harm), monetary damages (compensation for actual harm caused by the breach), and in some cases specific damages defined in the contract. In situations involving trade secrets, you may also face claims under the Defend Trade Secrets Act, which provides federal remedies including exemplary damages and attorneys' fees for willful misappropriation.
The practical consequences also extend beyond legal liability: professional reputation damage, loss of business relationships, and difficulty securing future employment or contracts in your field. NDA breaches, even if not litigated, can end careers and business relationships.
The Bottom Line
An NDA is one of the most common legal documents professionals encounter — and one of the most under-reviewed. Most people sign them quickly and move on, not realizing they've just taken on significant legal obligations that could last years.
Understanding what an NDA is, what it covers, and what the red flags look like changes that dynamic. Reviewing an NDA before signing — using this guide as a framework, or using an AI tool like PactScout for a systematic analysis — takes 10 minutes and can prevent years of legal exposure. The information being protected is valuable enough for the other party to put it in a contract. Treat your signature the same way.
Don't sign your next contract blind
Upload any contract to PactScout and get instant risk scoring, clause-by-clause analysis, and negotiation suggestions — free.
Try PactScout Free