When is an NDA legally required?

NDAs are rarely legally required — they are a protective measure you choose to use. However, they become practically essential whenever you share confidential business information with someone who is not bound by a fiduciary duty. In industries like healthcare and finance, regulatory requirements may effectively mandate NDAs for certain data sharing.

What is the difference between a mutual and unilateral NDA?

A unilateral (one-way) NDA protects only one party's confidential information — the disclosing party. A mutual (two-way) NDA protects both parties' information simultaneously. Use a mutual NDA when both parties will share sensitive information (business partnerships, merger discussions, joint ventures). Use a unilateral NDA when only you are disclosing (hiring a contractor, pitching to investors, sharing with vendors).

How long should an NDA last?

The standard duration is 2 to 5 years for general business information. Trade secrets should be protected indefinitely (or 'for as long as the information qualifies as a trade secret'). Short-term projects may only need 1 to 2 years. The duration should match how long the information remains commercially valuable.

Can an NDA be enforced if the other party is in a different state or country?

Yes, but enforcement depends on the governing law clause in your NDA. Always specify which jurisdiction's laws apply and where disputes will be resolved. For cross-border NDAs, choose a jurisdiction with strong IP and contract enforcement. Most US courts will enforce NDAs governed by another state's law, as long as the chosen jurisdiction has a reasonable connection to the agreement.

What makes an NDA unenforceable?

Common reasons an NDA is thrown out: overly broad definitions of confidential information (claiming 'everything discussed' is confidential), unreasonable duration (20 years for general business info), no consideration (nothing exchanged in return for the confidentiality promise), information that is already public, or attempting to prevent someone from reporting illegal activity.

Do I need a separate NDA for each person I share information with?

Not necessarily. You can use a standard NDA template and customize it for each recipient — the parties, specific information being shared, and duration may differ. However, each person must sign their own copy. Group NDAs (one agreement signed by multiple unrelated parties) are generally weaker because each signer's obligations are harder to enforce individually.

NDA Essentials: When You Need One and What It Must Include

You are about to share your business plan with a potential partner. Or hire a contractor who will access your customer database. Or pitch your product to an investor who also funds your competitors.

In each case, the question is the same: how do you share what you need to share without losing control of your most valuable information?

The answer is a non-disclosure agreement. Here is when you actually need one, what it must include to be enforceable, and the mistakes that make NDAs worthless.

When You Actually Need an NDA

Not every conversation requires an NDA. Overusing them signals distrust and slows down business relationships. But underusing them exposes your most valuable assets.

You need an NDA when:

Hiring contractors or freelancers who will access internal systems, client data, or proprietary processes
Discussing partnerships where both parties share business strategies, pricing, or customer information
Pitching to investors who may fund competing companies in the same space
Engaging vendors who will handle your data, integrate with your systems, or learn your operations
Exploring mergers or acquisitions where due diligence requires opening your books
Sharing trade secrets — proprietary formulas, algorithms, processes, or methods

You probably do not need an NDA when:

Having a general introductory call about potential collaboration
Sharing information that is already publicly available
Working with employees who have confidentiality clauses in their employment contracts
Discussing ideas at a high level without revealing implementation details

The 7 Clauses Every NDA Must Include

An NDA is only as strong as its clauses. Miss one, and a court may find the entire agreement unenforceable — or, worse, your information may leak with no legal recourse.

1. Definition of Confidential Information

This is the most important clause in any NDA, and the most commonly botched.

Do not write: "All information shared between the parties is confidential."

Do write: Specific categories of protected information:

Business plans, financial projections, and pricing strategies
Customer lists, vendor relationships, and sales data
Technical specifications, source code, and product roadmaps
Marketing strategies, research findings, and competitive analysis

The more specific your definition, the more enforceable it is. Courts routinely reject "everything is confidential" language as overbroad.

2. Exclusions from Confidentiality

Every enforceable NDA carves out information that cannot reasonably be kept confidential:

Information already known to the receiving party before disclosure
Information that becomes publicly available (not through a breach)
Information independently developed by the receiving party
Information received from a third party without confidentiality restrictions
Information required to be disclosed by law or court order

Omitting these exclusions makes your NDA look unreasonable — and gives courts a reason to void it.

3. Obligations of the Receiving Party

Spell out exactly what the receiving party must do (and must not do) with confidential information:

Use the information only for the stated purpose (evaluating a partnership, completing a project, etc.)
Not disclose to third parties without written consent
Limit internal access to employees or agents who need the information
Take reasonable security measures to protect the information
Return or destroy all copies upon termination of the agreement

4. Duration

The confidentiality period determines how long the obligations last:

General business information: 2 to 5 years
Trade secrets: Indefinite (or "for as long as the information qualifies as a trade secret under applicable law")
Project-specific information: 1 to 2 years after project completion

Avoid unreasonably long durations for general information — courts may reduce them or void the clause entirely.

5. Permitted Disclosures

Your NDA should address situations where disclosure may be necessary:

Legal compulsion — If a court or government agency requires disclosure, the receiving party must notify you first (so you can seek a protective order)
Professional advisors — Allow disclosure to attorneys and accountants who are bound by professional confidentiality
Affiliates — If the receiving party needs to share with subsidiaries or parent companies, define who qualifies

6. Remedies for Breach

What happens when someone violates the NDA? Standard remedies include:

Injunctive relief — Court orders to immediately stop the breach (critical for time-sensitive information leaks)
Monetary damages — Compensation for financial losses caused by the breach
Attorneys' fees — The breaching party pays your legal costs

Including injunctive relief is essential. By the time a monetary damages case is resolved, the information may be worthless.

7. Governing Law and Dispute Resolution

Specify:

Which jurisdiction's laws apply (governing law)
Where disputes will be resolved (courts vs. arbitration)
Which party bears the legal costs

For interstate or international NDAs, this clause prevents jurisdictional disputes that can delay enforcement by months.

Mutual vs. Unilateral: Which One Do You Need?

| Scenario | Type | Why | |----------|------|-----| | Hiring a contractor | Unilateral | Only you are sharing confidential information | | Exploring a partnership | Mutual | Both parties share sensitive business data | | Pitching to investors | Unilateral | You are disclosing; they are evaluating | | Merger due diligence | Mutual | Both companies open their books | | Vendor onboarding | Unilateral | You share data; they provide a service | | Joint venture | Mutual | Both parties contribute proprietary knowledge |

When in doubt, use a mutual NDA. It costs nothing extra and protects both sides.

3 NDA Mistakes That Make Them Unenforceable

Mistake 1: Overly Broad Definitions

Claiming "all conversations, meetings, and communications" are confidential is a red flag for courts. Judges see it as an attempt to prevent the receiving party from using their own general knowledge and skills — which is a non-compete, not an NDA.

Fix: Define specific categories. Be descriptive, not all-encompassing.

Mistake 2: No Consideration

A contract requires consideration — something of value exchanged by both parties. In a business relationship, the consideration is usually mutual: you share information, they provide services or evaluate a deal. But if you ask someone to sign an NDA without any reciprocal benefit, it may not be enforceable.

Fix: Ensure the NDA is tied to a business relationship where both parties gain something.

Mistake 3: Attempting to Silence Whistleblowers

NDAs cannot prevent someone from reporting illegal activity, workplace harassment, or regulatory violations to authorities. Courts will void any NDA that attempts to do so, and many jurisdictions have laws specifically prohibiting such provisions.

Fix: Include a carve-out for legally protected disclosures.

Create Your NDA Now

Whether you need a mutual NDA for a partnership discussion or a unilateral NDA for a contractor engagement, the essential clauses remain the same: clear definitions, reasonable duration, specific obligations, and enforceable remedies.

Generate a custom NDA with all seven essential clauses built in — jurisdiction-aware, professionally drafted, and ready to sign in minutes.