NDA Templates: What to Include and Common Mistakes to Avoid
A Non-Disclosure Agreement (NDA), also known as a confidentiality agreement, is a legally binding contract that establishes a confidential relationship between parties. Whether you're sharing a business idea with a potential partner, hiring a freelancer, or discussing proprietary technology with a vendor, an NDA protects your sensitive information from being disclosed or misused.
An NDA is not just a formality. It is the contractual layer that sits on top of underlying trade-secret law. In the United States, the federal Defend Trade Secrets Act of 2016 (DTSA) protects information as a "trade secret" only where the owner "has taken reasonable measures to keep such information secret" and the information "derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by" others (18 U.S.C. § 1839(3)). A signed NDA is one of the clearest pieces of evidence that you took those "reasonable measures."
When Do You Need an NDA?
NDAs are essential in many business situations:
- Sharing a business idea: Before pitching to investors or potential partners.
- Hiring employees or contractors: To protect trade secrets and proprietary information they'll access.
- Business negotiations: During mergers, acquisitions, or partnerships where sensitive financial data is shared.
- Client relationships: When you receive confidential client data that you must protect.
- Product development: When collaborating with external developers, designers, or manufacturers.
Types of NDAs
- Unilateral (one-way): Only one party shares confidential information, and the other agrees not to disclose it. Most common in employer-employee or client-contractor relationships.
- Mutual (two-way): Both parties share confidential information and agree to protect each other's secrets. Common in business partnerships and joint ventures.
- Multilateral: Three or more parties are involved, and at least one shares confidential information. Simplifies the process compared to multiple bilateral NDAs.
Essential Clauses Every NDA Should Include
1. Definition of Confidential Information
This is the most important clause. Clearly define what constitutes "confidential information." Be specific enough to be enforceable but broad enough to cover everything you need to protect. Include categories like trade secrets, financial data, customer lists, technical specifications, business plans, and intellectual property.
It helps to know the yardstick courts use. Under U.S. federal law, the statutory definition of a "trade secret" covers "all forms and types of financial, business, scientific, technical, economic, or engineering information" — including patterns, plans, compilations, formulas, designs, prototypes, methods, processes, and codes — provided the secrecy and economic-value tests are met (18 U.S.C. § 1839(3)). Mirroring your definition to the categories the law already recognizes makes it easier to argue that what you shared was genuinely protectable.
2. Obligations of the Receiving Party
Specify what the receiving party must and must not do with the confidential information. At minimum, they should agree to: keep the information confidential, use it only for the stated purpose, limit access to those who need to know, and take reasonable measures to prevent unauthorized disclosure.
3. Exclusions from Confidentiality
Not all information should be subject to the NDA. Standard exclusions include: information that was publicly available before disclosure, information independently developed without reference to confidential information, information received from a third party without restriction, and information that becomes public through no fault of the receiving party.
4. Duration and Term
Specify how long the NDA remains in effect and how long the confidentiality obligations last after the agreement ends. Common terms are 1–5 years, though trade secrets may warrant indefinite protection. The term of the agreement and the survival period of confidentiality obligations can differ.
5. Return or Destruction of Materials
Include a clause requiring the receiving party to return or destroy all confidential materials and copies when the NDA expires or is terminated. This includes physical documents, digital files, and any notes or summaries created from the confidential information.
6. Remedies for Breach
Specify the consequences of breaching the NDA. This typically includes the right to seek injunctive relief (a court order to stop the breach) and monetary damages. Many NDAs also include a provision acknowledging that a breach would cause irreparable harm that monetary damages alone cannot remedy.
7. Whistleblower Immunity Notice (U.S. Employee & Contractor NDAs)
This clause is frequently missing from template NDAs, and leaving it out has a concrete cost. The DTSA gives individuals immunity from trade-secret liability for disclosing a trade secret "in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney" solely to report or investigate a suspected violation of law (18 U.S.C. § 1833(b)(1)). Crucially, the statute then requires employers to flag this immunity: "An employer shall provide notice of the immunity set forth in this subsection in any contract or agreement with an employee that governs the use of a trade secret or other confidential information" (18 U.S.C. § 1833(b)(3)(A)).
The penalty for omitting the notice is specific: an employer who fails to include it "may not be awarded exemplary damages or attorney fees" in a trade-secret action against an employee who never received the notice (18 U.S.C. § 1833(b)(3)(C)). For NDA purposes, note that the same provision defines "employee" to include "any individual performing work as a contractor or consultant for an employer" (18 U.S.C. § 1833(b)(4)) — so the notice matters for freelancer and vendor NDAs, not just employment contracts. The law also lets employers satisfy the requirement by cross-referencing a separate policy document that sets out the company's reporting procedure for suspected violations of law.
How Trade-Secret Law Differs Outside the U.S.
If you share information across borders, remember that an NDA is interpreted against whatever trade-secret law applies — and the threshold for "secret" is broadly similar but not identical worldwide. In the European Union, the Trade Secrets Directive defines a trade secret using three cumulative requirements: the information is "secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question"; it "has commercial value because it is secret"; and it "has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret" (Directive (EU) 2016/943, Article 2(1)). EU member states were required to bring this into national law by 9 June 2018.
The United Kingdom adopted the same three-part test in regulation 2 of The Trade Secrets (Enforcement, etc.) Regulations 2018, which sits alongside the long-standing common-law duty of confidence. The takeaway is the same in all three systems: protection depends on the holder taking "reasonable steps" to keep the information secret — and a well-drafted NDA, combined with access controls and marking documents as confidential, is exactly the kind of reasonable step these laws expect to see.
Common Mistakes to Avoid
- Vague definitions: If "confidential information" is too broadly or vaguely defined, the NDA may be unenforceable.
- Unreasonable duration: Courts may invalidate NDAs with excessively long or perpetual terms (unless protecting trade secrets).
- Missing exclusions: Without standard exclusions, the NDA could restrict the receiving party from using information they already knew or independently discovered.
- One-size-fits-all approach: Using the same NDA template for every situation without customizing it to the specific relationship and context.
- Not specifying governing law: Always include a choice of law clause to avoid confusion about which jurisdiction's laws apply. This also determines which trade-secret regime — U.S., EU, UK, or another — will be used to interpret the agreement.
- Omitting the DTSA whistleblower notice: For U.S. agreements that govern trade secrets, leaving out the immunity notice can cost you exemplary damages and attorney fees in any later trade-secret claim against that person (18 U.S.C. § 1833(b)(3)).
- Drafting it too broadly: An NDA that effectively stops someone from working in their field at all can be challenged as an unreasonable restraint rather than a true confidentiality term. Restrict the agreement to genuinely confidential information, not a person's general skills and experience.
Create Your NDA
Protect your confidential information with a professional NDA. Use our Free NDA Generator to create a customized agreement in minutes.
This article is general information about how non-disclosure agreements and trade-secret law work, current as of its publication date. It is not legal advice, and laws differ by jurisdiction and change over time. The statutes and regulations cited above are linked to their official sources so you can read the current text yourself. For guidance on your specific situation, consult a qualified attorney in your jurisdiction.