NDA (non-disclosure agreement): meaning, templates and legal enforceability

You’re about to share something that could make or break a business, and the fear of it being copied keeps you awake at night. A non-disclosure agreement can stop that, but most NDAs fail because they’re vague, overbroad, or unsupported by proof. This UK focused guide gives clear, practical steps: when to use a mutual vs one way NDA, what courts actually enforce under the Trade Secrets (Enforcement) Regulations 2018, how to preserve evidence (metadata matters), and the exact short deadlines and behaviours that decide whether you get an injunction, a settlement, or nothing at all. Where valuable trade secrets or urgent disclosure risks are involved, tailored advice from an IP or commercial law solicitor can be essential.

Quick answer: What is an NDA and why use one?

Use an NDA only when disclosing non public information would cause real commercial harm and you can preserve evidence within 48–72 hours.

An NDA is a contract that restricts how specific confidential information can be used and shared. It only works if the information is clearly defined and genuinely confidential.

When to use one:

• Keep negotiations private. Use for M&A, investment pitches, and sensitive deals.
• Protect trade secrets. Use for formulas, source code, customer lists, pricing models.
• Control prototypes and plans. Use when sharing prototypes, marketing plans, or pricing that could be copied.

When NOT to rely on an NDA:

• If you cannot realistically prove misuse.
• For public or easily reverse engineered information.
• For early or high level conversations (too vague to enforce).

A short, purpose limited NDA (for example, a 60 day evaluation clause) beats a broad, indefinite one every time

What types of NDA exist?

Choose the NDA type based on who discloses the most information and the real risk of misuse.

One-way NDA (unilateral)

• What it is: One party discloses; the other must keep the information confidential.
• Use it for: Pitches, hires, suppliers, early investor discussions.
• Practical tip: Keep it short and purpose-limited (e.g. 60 days) to increase acceptance.
• Example: A startup shares an investor deck under a 60-day NDA. The investor agrees because the scope is narrow and time limited.
• Why it matters: Investors often refuse broad NDAs. A narrow one protects you without killing the deal.

Mutual NDA (bilateral)

• What it is: Both parties share confidential information and owe each other duties.
• Use it for: Partnerships, joint development, M&A due diligence.
• Practical tip: Limit categories and align obligations (same scope, same duration).
• Example: Two software companies exploring a joint product sign a mutual NDA covering technical specs and customer data for two years.
• Why it matters: Balanced obligations reduce friction and make collaboration more likely.

Hybrid NDA

• What it is: Both parties disclose, but one side carries higher risk; protections are asymmetrical.
• Use it for: Licensing, supplier relationships, or where core IP is shared.
• Practical tip: Strengthen remedies (return, destruction, injunctions) for the higher-risk discloser.
• Example: A supplier shares prototype schematics with a manufacturer under an NDA that gives stronger remedies and longer protection to the supplier.
• Why it matters: Tailored protection reflects real risk without overloading the other party.

When should a business or individual use an NDA?

Use an NDA when a leak would cost customers, contracts, or a competitive edge.

Typical scenarios include:

• Protecting trade secrets. Use for formulas, source code, customer lists, pricing models.
• Keeping negotiations private. Use for M&A, investment pitches, and sensitive commercial talks.
• Controlling prototypes and plans. Use when sharing prototypes, marketing plans, or pricing that could be copied.

When NOT to rely on an NDA

• For early or high level conversations. Vague, conceptual talks are hard to enforce.
• For public or easily reverse engineered information. NDAs cannot make public facts secret.
• If you cannot realistically prove misuse. Don’t sign or rely on an NDA if you lack logs, originals, or access records.

What can an NDA legally cover and what it cannot?

An NDA should only try to protect clearly defined, non public information that would cause real commercial harm if disclosed.

Can lawfully cover:

• Non public technical data. Formulas; source code; engineering drawings.
• Customer and commercial lists. Customer lists; supplier terms; pricing models.
• Restrictions on use. “For evaluation only”; limits on copying, sharing, or reverse engineering.
• Return and destruction obligations. Requirements to return or destroy materials and certify deletion.
• Confidential process and know how. Internal processes and non obvious methods that have commercial value.

Cannot lawfully cover:

• Information already public. Public domain facts or information the recipient already knew.
• Overbroad secrecy for trivial facts. Vague, catch all confidentiality that lacks specific categories or time limits.
• Blanket restraints on lawful activity. Broad bans on future employment or lawful business activity that are unreasonable.
• Protected whistleblowing or statutory disclosures. NDAs cannot prevent reporting to regulators or protected disclosures.

Practical examples:

• Covered: A supplier’s prototype schematics and assembly process shared under an NDA with a 2 year confidentiality period.
• Not covered: A public press release or a product feature that is obvious from reverse engineering.
• Borderline: A clause trying to stop an ex employee from working in the same industry; courts may treat this as an unlawful restraint unless narrowly drafted.

How do you draft an effective NDA: clauses to include

Draft the NDA to protect clearly defined non public information for a limited purpose and time so the agreement is enforceable and negotiation friendly.

1. Parties and purpose: state who and why.
   Example language: “This Agreement is between X and Y for the evaluation of a licensing opportunity.”
2. Precise definition of confidential information: itemise categories and give examples; expressly exclude public information.
   Example language: “Confidential Information means technical specifications; source code; customer lists; pricing models; and other non public materials disclosed in writing or marked confidential.”
3. Duration: set a reasonable time or tie confidentiality to the life of the secret.
   Example language: “Confidentiality obligations continue for 2 years from disclosure, or for the life of any trade secret, whichever is longer.”
4. Permitted disclosures: carve out legal obligations, professional advisers, and protected whistleblowing.
   Example language: “Recipient may disclose to its legal and financial advisers provided they are bound by confidentiality; nothing prevents disclosures required by law or protected whistleblowing.”
5. Obligations: non use, non disclosure, and return/destruction with certification.
   Example language: “Recipient will use Confidential Information only for the Purpose, will not disclose it, and will return or destroy materials on request and certify destruction.”
6. Remedies: injunctive relief, damages, and delivery up; include interim measures.
   Example language: “Discloser is entitled to injunctive relief and damages; the parties agree that monetary damages may be inadequate.”
7. Governing law and jurisdiction: specify the applicable law and forum.
   Example language: “This Agreement is governed by the laws of England and Wales and the parties submit to the exclusive jurisdiction of its courts.”
8. Signatures and acceptance: include execution methods and email acceptance if used.
   Example language: “This Agreement may be executed electronically; email confirmation from an authorised signatory constitutes acceptance.”

How are NDA breaches enforced and what remedies are available?

Seek urgent preservation and clear evidence first. Courts act fast and metadata usually decides credibility.

Common remedies:

• Damages: monetary compensation for loss; requires proof of actual loss or lost profits.
• Account of profits: disgorgement of gains from deliberate misuse; rare and fact specific.
• Delivery up and destruction: court can order return or secure destruction of confidential materials.
• Interim measures: freezing orders, expedited disclosure, or preservation orders while the case proceeds.
• Injunctions: court order to stop further disclosure; used when there is clear, ongoing harm and immediate risk.

Case law:
In Douglas v Hello! Ltd [2001] QB 967, the Court of Appeal refused an interim injunction, holding that damages would be an adequate remedy and the balance of convenience favoured publication.

Practical reality:
Courts prefer settlement and mediation where possible. To obtain urgent relief you must show immediate risk, strong evidence of misuse, and that damages would be an inadequate remedy.

What happens in practice: delays, settlements, and common defence tactics:

1. Insurance gaps: many commercial policies exclude NDA disputes; check cover before litigating.
2. Lowball settlement offers: early offers aim to avoid full disclosure of the defendant’s documents.
3. Redaction and selective production: heavy redactions can slow the claimant and obscure the defendant’s position.
4. Delay as a defence: defendants stall discovery to raise claimant costs; expect repeated procedural applications and redactions.
5. Independent development defence: defendants claim they developed the idea independently; timestamps, commit histories, and server logs are decisive.

Evidence and proof that matter:

• Narrow drafting helps enforcement. Specific categories, short durations, and clear permitted uses make injunctions and remedies more likely.
• Security posture matters. Courts ask whether the claimant took reasonable steps to keep the secret; weak internal controls undermine claims even with a signed NDA.
• Metadata beats screenshots. Server logs, version control commits, original file timestamps, and chain of custody records are far more persuasive than images or copied text.

FAQs

What is an NDA and does it stop whistleblowing? An NDA is a contract to keep specified information secret. It cannot lawfully prevent protected whistleblowing or statutory disclosures.

Can I use a free non-disclosure agreement template? Yes for low risk talks, but tailor the definition, purpose, and duration. Replace blanket phrases with categories.

Is an oral NDA enforceable? Rarely on its own. Corroborating evidence (emails, witnesses, logs) is needed.

How long should confidentiality last? As long as the information remains secret and commercially valuable, typically 2–5 years for commercial info; trade secrets may be protected while secret.

If I only have a WhatsApp screenshot, is that enough? It helps but is weak alone. Preserve originals, request device logs, and document chain of custody.

What if the other side claims independent development? You’ll need timestamps, commit histories, and access logs to rebut that defence.

Will my insurer cover an NDA dispute? Often not; check policy exclusions for commercial disputes.

This guide explains practical UK realities and refers to contract law and the Trade Secrets (Enforcement) Regulations 2018. It is not legal advice. For urgent injunctions, trade secret claims, or high value disputes, consult a solicitor.

Precise narrow NDAs combined with rapid preservation and forensic evidence increase the chance of injunctive relief or meaningful settlement; instruct specialist counsel early to document steps, limit disclosure, and preserve leverage so commercial harm is minimised and remedies remain available.

NEXT STEPS:

• Preserve evidence: secure originals, metadata, server logs, and version control histories within 48–72 hours.
• Limit further disclosure: stop sharing, restrict access, and issue a preservation/cease and desist letter.
• Get specialist advice: have an IP or commercial disputes solicitor review the NDA and advise on urgent interim relief.