What Is an NDA? When You Need One and When You Don't

Non-disclosure agreements — NDAs — are one of the most commonly signed legal documents in business. Employees sign them at hiring. Founders sign them before investor meetings. Vendors sign them before seeing proprietary systems. They've become routine. But routine doesn't mean well-understood: most people who sign NDAs have only a vague sense of what they're agreeing to.

What an NDA Actually Does

An NDA creates a legal obligation on the receiving party not to disclose certain information to third parties and not to use it for purposes outside the relationship. In exchange, the disclosing party shares information they would otherwise keep secret. The agreement doesn't itself create the confidentiality obligation (information shared without any agreement has limited protection under trade secret law) — it creates a clear, contractual basis for a lawsuit if the obligation is violated.

A well-drafted NDA defines: what information is confidential, what the receiving party can and cannot do with it, how long the obligation lasts, and what exceptions apply. Standard exceptions include information that's already publicly known, information the receiving party can prove they already had, and information they receive from an independent third party without a confidentiality obligation.

Mutual vs Unilateral NDAs

A mutual (or bilateral) NDA imposes obligations on both parties: each agrees to keep the other's information confidential. These are appropriate when both parties are sharing sensitive information — two companies exploring a merger, for example, or two founders evaluating a co-founding relationship.

A unilateral (or one-way) NDA imposes obligations only on the receiving party: you're receiving my confidential information and agreeing to protect it. These are standard when the disclosure is one-directional: employer to employee, startup to investor, client to service provider (in some contexts).

Unilateral NDAs are often presented by the party with more leverage (employer, large company seeking a vendor) and are not inherently unfair — but the receiving party should understand they're signing a one-sided obligation.

What an NDA Can Protect

NDAs are particularly effective for protecting: trade secrets (manufacturing processes, algorithms, formulas, customer lists, pricing strategies), business plans and financial information, proprietary software or technology, product development roadmaps, and customer or supplier relationships. Trade secrets have additional protection under the Defend Trade Secrets Act (DTSA), a federal statute, and state trade secret laws — but the NDA creates an independent contractual claim that may be easier to prove and allows for clearer remedies.

What an NDA Cannot Protect

NDAs cannot protect information that is already publicly available. Once information enters the public domain — through a press release, a published patent application, a news article — it cannot be reclaimed by an NDA.

NDAs cannot prevent employees from reporting legal violations to government agencies. The SEC's whistleblower program, OSHA complaints, and EEOC charges cannot be prohibited by NDA — and any NDA that purports to do so is unenforceable and potentially exposes the drafter to liability. Recent guidance from the SEC and the NLRB has made this increasingly clear.

NDAs cannot protect general skills, knowledge, and experience that employees naturally accumulate in a job. Courts distinguish between a company's specific trade secrets (which NDAs can protect) and the general professional competence an employee develops (which belongs to the employee and cannot be restricted). An NDA that tries to prevent a former employee from using any knowledge they gained on the job will be narrowed or voided.

NDAs also cannot protect information that isn't actually kept secret. If you share your "confidential" business information with dozens of people without restriction, a court is unlikely to find it was a trade secret worth protecting regardless of what your NDA says.

Red Flags in NDAs

Be cautious of NDAs with no time limit — a perpetual confidentiality obligation is unusual outside of specific narrow categories (trade secrets, medical information) and may be unenforceable or unduly burdensome. Be cautious of NDAs that define confidential information so broadly that they effectively cover everything — "all information I receive in any form" is often unenforceable for vagueness.

Also watch for NDAs that include non-compete or non-solicitation provisions buried in the confidentiality agreement. A document titled "Non-Disclosure Agreement" that also contains a 2-year restriction on working for competitors is more than an NDA, and the restrictive covenant provisions have different enforceability standards.

Enforceability Limits

NDAs are contracts and are enforced by contract remedies: injunctions (court orders preventing disclosure) and money damages. Getting an injunction is urgent-action litigation and can be extremely expensive. Courts are also increasingly skeptical of NDAs used to suppress information about workplace misconduct — several states have enacted laws limiting NDA enforceability in the context of sexual harassment and discrimination settlements.

Understanding what a non-compete agreement and a non-disclosure agreement actually protect — and their limits — is the starting point for using them effectively and recognizing when one is being misused.