A well-drafted NDA is one of the most important documents in business. It protects trade secrets, client data, proprietary processes, and competitive intelligence. But a poorly drafted NDA does something worse than nothing — it creates a false sense of security while leaving your information exposed.
These ten mistakes appear in NDAs across every industry, from technology startups to established enterprises. Each one weakens enforceability, creates legal risk, or both.
1. Using Catch-All Confidentiality Definitions
The foundation of every NDA is its definition of confidential information. When that definition tries to cover "everything," it effectively covers nothing.
What goes wrong:
"Confidential Information means any and all information, data, or materials shared between the parties in any form."
Courts apply a reasonableness standard. A definition this broad forces a judge to decide what you meant, and judges consistently rule against vague language. The other side's attorney will argue that routine business information — meeting schedules, public product details, general industry knowledge — was never intended to be confidential, and the entire definition collapses.
What to do instead: List specific categories. Source code, financial projections, customer lists, pricing models, product roadmaps, and supplier terms are all concrete enough for a court to enforce. Add a catch-all only as a supplement: "and any other information designated as confidential in writing at the time of disclosure."
2. Omitting Standard Exclusions
An NDA without exclusions is an NDA that restricts legitimate business activity. Courts view this as unreasonable, and unreasonable agreements get thrown out.
Every enforceable NDA must exclude information that:
- Was already publicly available through no fault of the receiving party
- Was already known to the receiving party before disclosure
- Was independently developed without reference to the disclosed information
- Was received from a third party not bound by confidentiality obligations
Without the independent development exclusion, a receiving party could face a breach claim for building something similar through their own research. This is particularly dangerous in software and technology where parallel development is common.
3. Choosing the Wrong NDA Type
Using a mutual NDA when only one party is disclosing creates ambiguity about who is actually at risk. Using a one-way NDA when both parties share information leaves one side unprotected.
When to use each:
- One-way (unilateral): Hiring contractors, sharing information with vendors, disclosing to potential investors. One party discloses, the other receives.
- Mutual: Joint ventures, co-development projects, merger discussions, partnership explorations. Both parties share sensitive information.
The wrong type does not automatically invalidate the NDA, but it gives the breaching party's attorney an argument. In a mutual NDA where only one side disclosed, the other side can claim the agreement contemplated balanced exchange and the one-sided disclosures fall outside its scope.
4. No Remedies or Enforcement Clause
Defining what is confidential means nothing if the NDA does not address what happens when someone breaches it. Many NDAs create an obligation — "the Receiving Party shall maintain confidentiality" — without specifying consequences.
The most important remedy for confidentiality breaches is injunctive relief. Monetary damages are difficult to calculate for information leaks and take months or years to recover through litigation. Injunctive relief lets you get a court order to stop ongoing disclosure immediately.
Include this language: An acknowledgment that breach may cause irreparable harm, entitlement to seek injunctive relief without proving monetary damages, and a waiver of any bond requirement.
5. Unreasonable or Missing Duration
An NDA with no end date creates perpetual obligations that courts in most jurisdictions consider unreasonable for general business information. An NDA with a duration that is too short may expire before the information loses its competitive value.
Guidelines:
- General business information (pricing, marketing plans, operational data): 2 to 5 years
- Technical specifications and product designs: 3 to 5 years
- Trade secrets: indefinite, as long as the information qualifies under applicable law
- Customer and employee data: often governed by privacy regulations regardless of NDA terms
Tie the clock to each disclosure, not the agreement signing date. Information shared in month twelve of a two-year relationship deserves the same protection period as information shared on day one.
6. Forgetting Non-Solicitation Provisions
If you share client lists, employee information, or vendor relationships under an NDA, a standalone confidentiality obligation may not prevent the receiving party from using that knowledge to poach your people or clients.
Consider adding a targeted non-solicitation clause that restricts the receiving party from directly soliciting employees or clients they learned about through the confidential disclosure. Keep it narrow — courts are far more likely to enforce non-solicitation provisions that are limited in scope, duration (typically 12 to 24 months), and geography.
7. No Obligation to Return or Destroy Materials
When the NDA expires or the business relationship ends, what happens to the confidential information the receiving party holds? Without a return-or-destroy clause, they can retain copies indefinitely.
Include provisions requiring:
- Return or destruction of all confidential materials within a specified timeframe (typically 10 to 30 days)
- Written certification of destruction
- An exception for copies retained solely for legal compliance or regulatory audit purposes
- Continued confidentiality obligations for any retained copies
This matters especially for digital information, where copies proliferate across email archives, shared drives, and backup systems.
8. Ignoring Jurisdiction and Governing Law
When parties in different states or countries sign an NDA, which law governs disputes? Which court has jurisdiction? An NDA that does not address these questions forces expensive preliminary litigation just to determine where the case will be heard.
Specify:
- Governing law — the state or country whose laws will interpret the agreement
- Jurisdiction — the courts where disputes will be filed
- Whether disputes require arbitration, mediation, or proceed directly to litigation
Choose a jurisdiction whose courts have strong trade secret protections and a track record of enforcing NDAs. Delaware, New York, and California are common choices in the United States, each with different strengths.
9. No Provision for Permitted Disclosures
Even the strongest confidentiality obligation must yield to legal requirements. An NDA that does not address compelled disclosure — subpoenas, court orders, regulatory investigations — puts the receiving party in an impossible position: comply with the law and breach the NDA, or comply with the NDA and break the law.
Include a permitted-disclosure clause that allows disclosure when required by law, provided the receiving party:
- Gives prompt written notice to the disclosing party (unless notice is prohibited by the legal process)
- Cooperates with the disclosing party's efforts to obtain a protective order
- Discloses only the minimum information required by the legal obligation
This protects the receiving party's ability to comply with legal obligations while giving the disclosing party an opportunity to protect their information.
10. Using a Generic Template Without Customization
The most expensive NDA mistake is also the most common: downloading a template and using it without modification. Generic templates are drafted for generic situations. Your business relationships, information types, and risk profile are not generic.
At minimum, customize:
- The definition of confidential information to reflect what you actually share
- The NDA type (mutual vs. one-way) to match the information flow
- Duration based on how long the information retains competitive value
- Jurisdiction to match where the parties operate
- Remedies appropriate to the potential harm of a breach
A template is a starting point. Treating it as a finished product is how businesses end up with NDAs that fail when they matter most.
Protect Your Information the Right Way
Every NDA mistake on this list shares a common cause: insufficient attention during drafting. The cost of getting an NDA right — investing time in clear definitions, proper exclusions, and enforceable terms — is a fraction of the cost of litigation when a poorly drafted agreement fails.