The Complete Guide to NDA Review: How to Spot Hidden Risks Before You Sign
A comprehensive guide to reviewing NDAs — covering confidentiality scope, IP clauses, termination terms, and how AI can help you flag risks in seconds.
A Non-Disclosure Agreement (NDA) is often the first legal document a founder, freelancer, or business owner signs when exploring a new relationship. Yet most people sign them without reading past the first paragraph.
That is a costly mistake.
An NDA does not just ask you to keep secrets. It defines what counts as confidential, how long your obligations last, which courts have jurisdiction, and sometimes — buried in a boilerplate clause — whether you are giving away intellectual property you did not even know you owned.
This guide walks through every section of a standard NDA, explains what each clause actually means, and shows you exactly what to look for before you sign.
Why NDAs matter more than most people realise
NDAs are the most signed legal agreement in business. They show up in investor pitches, partnership talks, freelance contracts, employee onboarding, and software evaluations. Unlike a complex M&A agreement or a financing round term sheet, NDAs look simple — often just two to five pages.
That simplicity is deceptive.
A poorly structured NDA can:
- Lock you into confidentiality obligations that last years longer than the business relationship
- Define confidential information so broadly that your everyday business operations become a breach
- Assign ownership of your pre-existing intellectual property to the other party
- Subject you to jurisdiction in a foreign court thousands of miles away
- Include non-solicit or non-compete provisions disguised as confidentiality clauses
Understanding what you are signing is not just good practice. It is a fundamental business skill.
Section 1: Definition of confidential information
This is the most important clause in any NDA. It defines exactly what information is protected.
Narrow definitions (favourable to the receiving party)
A well-drafted NDA limits confidential information to:
- Information marked as confidential in writing at the time of disclosure
- Information that would reasonably be considered confidential given the context
- Specific categories (financial data, technical specifications, customer lists)
Broad definitions (favourable to the disclosing party)
A dangerous NDA defines confidential information as:
- "All information disclosed in connection with this agreement"
- "Any and all materials, data, or knowledge shared between parties"
- No requirement for written marking or identification
What to watch for
The broader the definition, the greater your risk of accidental breach. If confidential information is defined without boundaries, everything you discuss, share, or reference could be covered — including information you already knew or developed independently.
A common compromise is "all information marked confidential or that would reasonably be understood as confidential given the nature of the disclosure."
Section 2: Exclusions from confidential information
Every NDA should exclude certain categories of information from confidentiality obligations. Standard exclusions include:
1. Information that is or becomes publicly available through no fault of the receiving party
2. Information the receiving party already knew before disclosure (with written records)
3. Information independently developed by the receiving party without use of confidential materials
4. Information received from a third party without restriction
The independent development exclusion
This is critically important for technology companies. Without it, you could be prevented from building your own product if a potential partner shared something similar during discussions.
If the NDA lacks an independent development exclusion, you may need to maintain burdensous records to prove you did not use their confidential information.
The "known before" exclusion
Some NDAs require you to prove prior knowledge with written records dated before the disclosure period. That is reasonable — but make sure you can actually produce those records before you need them.
Section 3: Confidentiality obligations
This section sets the standard of care for protecting confidential information. Look for:
Reasonable care standard
Most NDAs require the receiving party to use "the same degree of care" they use for their own confidential information. This is standard and generally acceptable.
Strict liability standard
NDAs that hold you strictly liable for any disclosure — even accidental — shift enormous risk to you. If someone hacks your systems or an employee makes a mistake, you are automatically in breach.
Permitted disclosures
The NDA should allow disclosures to:
- Employees and contractors who need to know (with confidentiality obligations)
- Professional advisors (lawyers, accountants) on a need-to-know basis
- Regulatory bodies as required by law
- Courts or tribunals under legal compulsion
Section 4: Term and duration
NDA terms vary dramatically depending on the context.
Perpetual NDAs
Some NDAs impose confidentiality obligations that never expire. While trade secrets can legally remain protected indefinitely under most laws, labelling ordinary business information as confidential forever creates practical problems.
Fixed-term NDAs
Most well-drafted NDAs impose confidentiality obligations for a defined period — typically 2-5 years after disclosure. For trade secrets, a separate perpetual obligation may apply.
What to negotiate
- Standard business information: 2-3 years from disclosure
- Trade secrets: Perpetual or until they enter the public domain
- Review obligations: 1-2 years after termination
The term should match the sensitivity of the information. A one-year NDA for a pilot project makes sense. A five-year NDA for a strategic partnership may be reasonable. A perpetual NDA for an initial introductory call does not.
Section 5: Intellectual property clauses
This is where hidden risks live.
Many NDAs include IP provisions that seem innocuous but can transfer ownership of your work product. Watch for:
Assignment of improvements
Clauses stating that "improvements, modifications, or derivative works" based on confidential information belong to the disclosing party. In a software context, this could mean your engineering team inadvertently assigns new features or products.
Residual rights clauses
These allow the receiving party to retain and use "residual knowledge" — information retained in the memory of employees. While common in the software industry, these clauses are controversial and not recognised in all jurisdictions.
Joint ownership
Some NDAs claim joint ownership of any intellectual property created during the discussion period. This sounds fair but creates practical problems — neither party can licence or enforce the IP without the other's consent.
Practical advice
If there is any chance you will create IP during the NDA period (proposals, designs, code samples, business plans), ensure the NDA explicitly states that your pre-existing IP remains yours and that new IP created during discussions belongs to its creator unless a separate written agreement assigns it.
Section 6: Non-solicitation and non-compete clauses
Some NDAs sneak in non-solicit or non-compete provisions. These limit your ability to hire the other party's employees or compete in their market.
NDAs are meant to protect information, not restrict competition. If you see these clauses, treat them as separate agreements that require separate consideration and clear limits on geography, duration, and scope.
Section 7: Return or destruction of materials
At the end of the NDA term (or upon request), you are typically required to return or destroy confidential materials.
Practical considerations
- How much time do you have to comply? 5 business days is standard. 24 hours is aggressive.
- Do you need to certify destruction in writing? This is common.
- Are backups included? Most NDAs allow retention of automated backups for a limited period.
- What about electronic communications? Deleting emails containing confidential information can be technically difficult. Some NDAs explicitly exclude archived communications from the destruction requirement.
Section 8: Governing law and jurisdiction
This determines which country's laws interpret the agreement and where disputes are heard.
Common scenarios
- Your jurisdiction: Ideal for you — you know the legal system, language, and costs
- Their jurisdiction: Potentially expensive and inconvenient — you may need to hire local counsel
- Neutral jurisdiction: Common in international agreements (English law and London courts, New York law and NYC courts)
Risk assessment
If you are a Polish startup signing an NDA governed by Delaware law with exclusive jurisdiction in Delaware courts, a dispute over a €10,000 contract could cost €50,000 in legal fees before you even present your case.
Negotiate for your home jurisdiction or a neutral arbitration venue for smaller-value relationships.
Section 9: Remedies for breach
Most NDAs state that money damages are insufficient and that the disclosing party is entitled to injunctive relief (a court order stopping the breach).
This is standard and generally acceptable. What matters more is what the NDA says about:
- Irreparable harm presumptions: Some NDAs presume that any breach causes irreparable harm, shifting the burden to you to prove otherwise
- Bond requirements: Courts typically require a bond for injunctions. Some NDAs waive this requirement
- Liquidated damages: Rare in NDAs but worth watching for
Using AI to review NDAs faster
Reviewing an NDA manually takes 30-60 minutes for an experienced professional — and much longer if you are not a lawyer. That is where NDA analysis tools like NDAShield come in.
AI-powered NDA analysis can:
- Scan a 10-page NDA in under 60 seconds
- Flag high-risk clauses with specific reasoning
- Assign a Burn Score so you can prioritise which terms to negotiate
- Generate redline-ready edits you can share with the other party
- Produce negotiation email snippets with plain-language rationale
The technology does not replace legal advice — but it dramatically reduces the time and effort needed to understand what you are signing.
Final checklist before signing an NDA
Before you sign any NDA, ask these questions:
1. Do I understand exactly what information is covered as confidential?
2. Are there clear exclusions for information I already know or develop independently?
3. How long do my obligations last — and is that period reasonable?
4. Does the NDA include IP assignment clauses I have not noticed?
5. What jurisdiction governs the agreement — and can I afford a dispute there?
6. Are there non-solicit or non-compete provisions hidden in the text?
7. Do I have a practical process for returning or destroying materials when the agreement ends?
8. Have I run the document through an AI analysis tool to catch anything I missed?
An NDA is a tool for collaboration, not a trap. Understanding what you are signing ensures it stays that way.