NDA Compliance Checker: Is Your Agreement Enforceable?
A signed Non-Disclosure Agreement is not automatically an enforceable one. This NDA compliance checker walks through the ten legal requirements courts test most often. Courts strike down NDAs for the same handful of defects every time: vague confidentiality definitions, missing consideration, unreasonable scope or duration, and — in the United States — the absence of the whistleblower immunity notice federal law specifically requires (18 U.S.C. § 1833(b)(3)). Run your NDA against the ten checkpoints below before assuming it will hold up if a dispute reaches a judge. Check your document in minutes with the free NDA Generator — it builds a compliant confidentiality agreement covering every clause this checklist tests for, with no signup required.
Key Takeaways
- Enforceability depends on ten checkable elements, from a specific confidentiality definition to a compliant DTSA whistleblower notice under 18 U.S.C. § 1833(b)(3).
- A missing whistleblower notice blocks recovery of exemplary damages or attorney fees against an employee or contractor who never received it (18 U.S.C. § 1833(b)(3)(C)).
- Overbroad scope or duration is the most common reason courts refuse enforcement; in California, an overreaching restraint can be void outright under Cal. Bus. & Prof. Code § 16600.
- Cross-border NDAs must also satisfy the EU Trade Secrets Directive or the equivalent UK regulation, not just US trade-secret law.
- A gap on one point rarely voids the whole agreement, but it weakens the remedy tied to that gap — fix gaps by regenerating, not patching clause by clause.
What Makes an NDA Legally Enforceable in the First Place?
An NDA is enforced as a contract, so it must first clear ordinary contract-formation basics — offer, acceptance, and consideration on both sides — before a court reaches the confidentiality terms at all. On top of that, a confidentiality agreement carries its own tests: the protected information must be identifiable, the restrictions reasonable in scope and duration, and US agreements covering trade secrets must include the statutory notice Congress wrote into the Defend Trade Secrets Act (18 U.S.C. § 1833). Each test maps to a specific statute or settled doctrine — checkable without a law degree.
The 10-Point NDA Compliance Checklist
Work through your existing NDA point by point. A document that passes all ten is in solid shape; failing two or more of the structural points (1, 2, 3, or 9) puts real enforceability at risk.
1. Confidential information is specifically defined
The definition of "confidential information" must be specific enough for a court to tell what is covered. Federal trade-secret law protects only information that "derives independent economic value" from secrecy and has been the subject of "reasonable measures" to protect it (18 U.S.C. § 1839(3)). Check for listed categories — technical specs, customer lists, source code — rather than one catch-all phrase, plus standard exclusions for information already public, independently developed, or lawfully received elsewhere.
2. Both parties receive real consideration
A contract needs consideration on both sides to bind either one. For a new relationship, the exchange of confidential information plus the promise to protect it usually satisfies this. For an NDA added to an existing employee or contractor relationship, several state courts have required something more — continued employment alone is not universally treated as sufficient new consideration. Check when your NDA was signed, and, if added later, what the signer received in exchange.
3. Scope is limited to genuinely confidential information
An NDA reaching beyond real trade secrets and business information — into a person's general skills or prior experience — invites a court to treat it as an improper restraint on someone's ability to work, not a legitimate confidentiality term. Check whether your definition could be read to stop someone from using knowledge they already had, rather than information you actually disclosed.
4. Duration and survival period are reasonable
Your NDA should state both how long the agreement runs and how long confidentiality obligations survive after it ends — these can differ. Ordinary business information is commonly protected for a fixed number of years rather than indefinitely; indefinite protection is more defensible for genuine trade secrets, since that protection does not expire as long as the information stays secret. Check for a specific survival period rather than open-ended confidentiality for ordinary business information.
5. The DTSA whistleblower immunity notice is included
The Defend Trade Secrets Act immunizes individuals who disclose a trade secret in confidence to a government official or attorney solely to report a suspected legal violation — and requires employers to say so: "An employer shall provide notice of the immunity set forth in this subsection in any contract or agreement with an employee that governs the use of a trade secret" (18 U.S.C. § 1833(b)(3)(A)). "Employee" includes contractors and consultants (18 U.S.C. § 1833(b)(4)). Miss it, and the employer "may not be awarded exemplary damages or attorney fees" in a later trade-secret action against that individual (18 U.S.C. § 1833(b)(3)(C)).
6. The remedies clause covers injunctive relief and damages
An NDA without a remedies clause still permits a breach-of-contract claim, but it leaves the strongest remedy — a court order stopping an ongoing disclosure — to be argued from scratch. A well-drafted clause names injunctive relief specifically and acknowledges that a breach causes irreparable harm money alone cannot fix, which is what courts look for before granting emergency relief. Check whether injunctive relief is named explicitly, not just monetary damages.
7. Governing law and jurisdiction are specified
A choice-of-law clause tells a future court which jurisdiction's law applies — and the standard genuinely differs between US federal law, the EU Trade Secrets Directive, and UK law. For parties in different EU member states, the default rule absent a valid choice comes from the Rome I Regulation (Regulation (EC) No 593/2008). Check that your NDA names a governing law and venue; silence invites a costly fight before the real dispute is reached.
8. Non-solicitation or non-compete language does not overreach
NDAs sometimes bundle in non-solicitation or non-compete terms, and those add-ons are judged by a stricter, state-specific standard than confidentiality itself. California is the clearest example: "every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void," with narrow exceptions (Cal. Bus. & Prof. Code § 16600). Check any such language against the law where it will be enforced — some states void it outright while leaving confidentiality terms intact.
9. Signature and execution requirements are met
An unsigned NDA, or one signed by someone without authority to bind their organization, is not a contract at all. Electronic signatures satisfy this in the US under the federal E-SIGN Act, which gives them the same legal effect as a handwritten signature "solely because it is in electronic form" (15 U.S.C. § 7001). Check that both parties signed, and that a company signer had authority to bind it.
10. Cross-border NDAs meet the applicable trade-secret standard abroad
US federal law is not the only regime that matters when a counterparty is outside the United States. The EU Trade Secrets Directive protects information that is secret, has commercial value because it is secret, and has been the subject of reasonable steps to keep it secret (Directive (EU) 2016/943, Art. 2(1)); the UK adopted the same test (SI 2018/597, reg. 2). Check that your actual practices — access controls, confidentiality marking, restricted distribution — match the "reasonable steps" both regimes require.
What Happens If Your NDA Fails the Checklist?
A gap on one point rarely voids an entire NDA. Courts generally sever or narrow the defective clause rather than throw out the whole agreement — but the practical effect is the same as no protection on that point. Miss the DTSA notice and you lose exemplary damages and attorney fees against the individuals it was meant to cover; draft the scope too broadly and a court may strike the restriction, or in states like California, void it outright. Multiple structural failures compound — a vague definition, a missing notice, and an unreasonable duration together are worse than any one gap alone. The NDA Generator builds a new agreement addressing all ten points in one pass, DTSA notice included, at no cost.
NDA Compliance Checker vs. the Site's Privacy Compliance Checker Tool
The ten-point checklist above is the NDA compliance checker: it tests contract-formation basics, trade-secret law, and restraint-of-trade doctrine — the requirements specific to confidentiality agreements. Legal Policy Generator's separate Compliance Checker tool audits a different document entirely, checking privacy policies and terms of service against GDPR and CCPA/CPRA disclosure requirements. Use the checklist above to check an NDA; use the Compliance Checker tool for a privacy policy or terms page.
How to Fix a Non-Compliant NDA
The right fix depends on how many points failed. A single narrow gap — a missing DTSA notice in an otherwise sound agreement — just needs the statutory notice language added. Multiple or structural gaps are harder to patch reliably; regenerating from a current template that covers all ten points is faster and safer. For clause-by-clause drafting depth, see NDA Templates: What to Include and Common Mistakes to Avoid.
Generate a fresh, compliant NDA with the free NDA Generator — unilateral or mutual, DTSA notice built in, ready in minutes with no signup required.
Frequently Asked Questions
Can an NDA be unenforceable even if both parties signed it?
Yes. Signature satisfies only the execution requirement, not the other nine. A vague confidentiality definition, missing consideration, or an overbroad restriction can still cause a specific clause to fail even in a fully signed NDA.
Does every NDA need the DTSA whistleblower notice?
Any US agreement governing a trade secret or other confidential information with an employee, contractor, or consultant should include it. The statute defines "employee" to include contractors and consultants (18 U.S.C. § 1833(b)(4)), so freelancer and vendor NDAs are covered too.
How long can an NDA's confidentiality obligation last?
There is no single statutory limit. Ordinary business information is commonly protected for a fixed number of years rather than indefinitely; indefinite duration is more defensible for trade secrets, since that protection does not expire as long as the information stays secret. An unexplained perpetual term for ordinary business information is a common point of challenge.
Is a mutual NDA more enforceable than a unilateral one?
Enforceability does not depend on whether the NDA is mutual or unilateral — it depends on whether the ten points above are satisfied. A one-way NDA is standard and enforceable when only one party discloses information; mutual is simply the better fit when both sides share confidential information.
Can I use a free NDA template instead of running this checklist?
A generic template can satisfy some of these points and miss others, particularly the DTSA notice and jurisdiction-specific scope limits, which depend on where the parties and any dispute are located. Running an existing document through this checklist closes gaps a generic template is likely to leave open.
Related Reading
- NDA Templates: What to Include and Common Mistakes to Avoid — the clause-by-clause drafting guide
- Freelancer Contracts and Legal Documents: A Complete Guide — where NDAs fit among other documents freelancers need
- Employee Privacy Policy and HR Compliance — the related HR-side policy for teams handling employee NDAs
This article is general information about a legal topic, not legal advice for any specific situation. Laws change, jurisdictions vary, and the right answer depends on facts a generator can't see. Consult a licensed attorney in your jurisdiction for advice specific to your business.
You've now run the full NDA compliance checker. If any of the ten points came up short, fix it with the free NDA Generator — it produces a compliant unilateral or mutual confidentiality agreement, DTSA notice included, in minutes with no signup required.
Primary sources: 18 U.S.C. § 1833, DTSA whistleblower immunity (Cornell LII); 18 U.S.C. § 1839, trade secret definitions (Cornell LII); Cal. Bus. & Prof. Code § 16600 (California Legislative Information); 15 U.S.C. § 7001, ESIGN Act (Cornell LII); Directive (EU) 2016/943, EU Trade Secrets Directive (EUR-Lex); Regulation (EC) No 593/2008, Rome I (EUR-Lex); Trade Secrets (Enforcement, etc.) Regulations 2018 (UK legislation.gov.uk).