NDA Enforcement: What Happens When Someone Breaks It?
How are NDAs enforced in practice? Learn about injunctions, damages, burden of proof, and what actually happens when a confidentiality agreement is breached.
A common question about NDAs is: are they actually enforceable?
The short answer is yes — but enforcement is more complex than most people realise. Understanding how NDAs are enforced, what remedies are available, and what the disclosing party must prove is essential for anyone who signs or drafts confidentiality agreements.
The enforcement reality
Most NDA breaches never reach a courtroom. The enforcement process typically follows a progression:
1. Discovery of the breach
2. Cease-and-desist letter
3. Negotiated resolution
4. Litigation (injunction and/or damages)
5. Court judgment
The vast majority of cases settle before litigation. The cost, time, and uncertainty of court proceedings motivate both parties to find a resolution.
What the disclosing party must prove
To enforce an NDA, the disclosing party must prove:
1. A valid NDA existed: The agreement was properly signed, or an enforceable oral or implied agreement existed
2. The information was confidential: It met the definition in the agreement or qualifies for trade secret protection
3. The information was disclosed to the receiving party: There is evidence that the receiving party had access
4. The receiving party breached: They used or disclosed the information in a way that violates the agreement
5. Damages resulted (for monetary claims): The breach caused measurable harm
The burden problem
In practice, proving these elements is difficult. The disclosing party must:
- Identify exactly what information was disclosed and when
- Show that the information was not already public or independently known
- Provide evidence of the breach — often difficult when the breach involves intangible information
- Quantify damages — which may be speculative for information that was never commercialised
This burden is why many NDA enforcement cases focus on injunctions rather than damages.
Remedies available for NDA breach
Injunctive relief (court order)
An injunction is a court order requiring the receiving party to stop using or disclosing confidential information. It is the most common remedy for NDA breaches.
Temporary restraining order (TRO): Immediate relief (typically 10-14 days) granted without full hearing when the disclosing party can show irreparable harm.
Preliminary injunction: Longer-term relief (until trial) granted after a hearing where the disclosing party shows likelihood of success on the merits and irreparable harm.
Permanent injunction: Final relief after trial, permanently prohibiting the use or disclosure of confidential information.
Most NDAs include a clause stating that "money damages are insufficient" and that the disclosing party is "entitled to injunctive relief." This language helps the disclosing party meet the irreparable harm requirement.
Monetary damages
Damages compensate the disclosing party for losses caused by the breach:
Actual damages: Direct losses from the breach, such as lost profits, lost business value, or costs of remediating the breach.
Disgorgement of profits: The receiving party's profits from using the confidential information. Common in cases where the breach generated revenue for the receiving party.
Liquidated damages: A predetermined amount specified in the NDA. Rare in NDAs — most courts require liquidated damages to be a reasonable estimate of actual harm, which is difficult to predict for confidentiality breaches.
Specific performance
A court order requiring the receiving party to take specific actions — returning materials, deleting files, or certifying compliance. Usually combined with injunctive relief.
Defences to NDA enforcement
The receiving party can raise several defences:
No valid agreement
The NDA was not properly signed, the terms are too vague to enforce, or consideration was lacking.
Information was not confidential
The information was already public, was independently developed, or did not meet the NDA's definition of confidential information.
No breach
The receiving party used the information only as permitted under the NDA or for the authorised purpose.
Statute of limitations
The time period for bringing a claim has expired (typically 3-6 years depending on jurisdiction).
Unconscionability
The NDA is so one-sided or unreasonable that a court should not enforce it.
Public policy
Enforcing the NDA would violate public policy — for example, preventing whistleblower reporting or suppressing evidence of illegal activity.
Practical considerations
Cost of enforcement
NDA litigation is expensive. A typical enforcement action costs:
- Cease-and-desist letter: €500-2,000
- Temporary restraining order: €5,000-15,000
- Preliminary injunction hearing: €10,000-40,000
- Full trial: €50,000-200,000+
For small businesses and individuals, the cost of enforcement often exceeds the value of the information at stake.
Speed matters
Injunctive relief requires swift action. Delays of weeks or months undermine the argument that the harm is irreparable and urgent.
Evidence preservation
The disclosing party must preserve evidence of the breach — emails, documents, witness statements, digital forensics. Failing to preserve evidence can doom an enforcement action.
How to strengthen NDA enforceability
For the disclosing party
1. Define confidential information clearly: Vague definitions are harder to enforce
2. Mark documents as confidential: Written marking creates clear evidence
3. Maintain disclosure records: Track what was shared, when, and with whom
4. Include injunctive relief language: Explicitly state that breach causes irreparable harm
5. Specify governing law and jurisdiction: Avoid disputes over where to sue
6. Use NDAShield to review your own NDA: Ensure it includes enforceable provisions
For the receiving party
1. Maintain independent development records: Document your independent work
2. Limit access to need-to-know: Reduce the risk of accidental disclosure
3. Follow return/destruction procedures: Comply with contractual obligations promptly
4. Train employees: Ensure everyone understands their obligations
5. Document authorised use: Show that your use was consistent with the NDA
International enforcement
Enforcing NDAs across borders adds complexity:
Choice of law: The NDA specifies which country's law governs. Courts may apply their own procedural rules even when applying foreign law.
Jurisdiction: The NDA specifies where disputes are heard. Enforcing a judgment from one country's courts in another country requires additional legal processes.
Hague Convention: For trade secret misappropriation, the Hague Convention on Choice of Court Agreements can facilitate cross-border enforcement — but only if both countries are signatories.
Data privacy conflicts: GDPR and other data protection laws can complicate enforcement actions that involve transferring personal data across borders as evidence.
Bottom line
NDAs are enforceable, but enforcement is not automatic. The disclosing party must prove the breach, the harm, and the validity of the agreement — all while managing significant legal costs and practical challenges.
The best approach is prevention: a well-drafted NDA, clear marking of confidential information, documented disclosure records, and a practical understanding of what enforcement actually requires.
Before you rely on an NDA to protect valuable information, run it through AI analysis to identify weaknesses in your own agreement. A strong NDA starts with knowing what yours actually says.