A non-disclosure agreement (NDA) is one of the most common contracts UK businesses encounter — and one of the most frequently signed without careful review. Before you sign any NDA, understanding these seven key clauses can prevent you from accepting obligations you did not intend to take on.
Definition of Confidential Information
The scope of what counts as "confidential information" is the most important clause in any NDA. A well-drafted definition covers specific categories — trade secrets, business plans, customer lists, technical data. An overly broad definition, such as "all information disclosed in any form", creates obligations to protect information you may not even recognise as confidential.
Look for: a clear list of categories; a mechanism for marking or designating information as confidential; and language that excludes information that becomes public through no fault of yours.
Carve-outs for Non-Confidential Information
A legitimate NDA should exclude from the confidentiality obligation information that:
- was already in the public domain when disclosed
— was already known to you before disclosure
— you independently developed without reference to the confidential information
— was disclosed to you by a third party who had the right to disclose it
If the NDA lacks these carve-outs, you could be bound to keep secret information you had legitimate access to before the NDA was signed.
Duration of Confidentiality Obligations
How long must you keep the information confidential? Many NDAs specify a period — commonly two to five years. Some NDAs impose perpetual obligations, which UK courts may find unenforceable for general commercial information (though perpetual obligations for genuine trade secrets are more defensible).
Also consider: does the obligation survive termination of the NDA? If so, is that period proportionate to the sensitivity of the information?
Mutual vs. One-Sided Obligations
A mutual NDA imposes confidentiality obligations on both parties. A unilateral NDA binds only the receiving party.
Unilateral NDAs are standard in some contexts — job applications, investor pitches, early supplier discussions where only one party is sharing sensitive information. But if both parties are sharing proprietary information, a one-sided NDA is unfair and potentially a red flag about the other party's commercial intentions.
Permitted Disclosures
Most NDAs allow disclosure where required by law, court order, or regulatory requirement — for example, responding to a Financial Conduct Authority request. Check that the NDA requires you to give notice before compelled disclosure where legally permissible, but does not attempt to prevent legally compelled disclosure entirely.
Also check: can you share the information with employees or professional advisers who need it? The NDA should permit disclosure on a need-to-know basis, subject to equivalent confidentiality obligations.
Return or Destruction of Confidential Information
On termination or on request, are you required to return or certify destruction of confidential information? This is reasonable for tangible materials but can be operationally complex for digital information stored in backups or archived emails.
Check whether the NDA acknowledges the practical limits of digital data destruction, and whether there is a reasonable timeframe for compliance.
Remedies and Jurisdiction
Many NDAs include provisions agreeing in advance that breach would cause irreparable harm justifying an injunction. While such clauses are common, courts retain discretion and will not automatically grant an injunction on this basis.
Check the governing law and jurisdiction clause. If you are a UK business, the NDA should be governed by English law (or Scots law if appropriate) with disputes resolved in England and Wales. A jurisdiction clause in a foreign territory adds cost and complexity if a dispute arises.
Ready to check your NDA against all seven of these points automatically?
Review your NDA free with Arbiter →