Insights

SME & Founders

How to Use an NDA Properly (and When Not To)

Vanessa ChallessPublished 30 June 20265 min read
Illustration representing SME & Founders — Bonsai Law

NDAs — non-disclosure agreements, also called confidentiality agreements — are one of the most used and most misunderstood documents in business. Here is how to use them properly, and when they do not actually help you.

What an NDA Does

An NDA is a contract. The party receiving confidential information promises not to disclose it to third parties and not to use it for purposes other than those specified in the agreement. If they breach that promise, you have a contractual claim against them. That is valuable — but only if the information is properly defined, the obligations are clear, and you can prove a breach.

The Key Provisions

  • Definition of confidential information. This is the most important clause in the NDA. If the definition is too narrow, information you thought was covered may not be. If it is too broad — "all information shared between the parties" — it may be unenforceable and can create awkward obligations around publicly available information. A good definition: information that is marked as confidential, or which a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.
  • Permitted purposes. For what purpose can the recipient use the confidential information? An NDA shared before a potential business acquisition should limit use to evaluating that acquisition — not to competing with you or approaching your customers.
  • Permitted disclosures. The recipient needs to share information with their advisors, employees, and potentially lenders or investors. The NDA should permit disclosure to those who need to know, on the condition that they are bound by equivalent confidentiality obligations.
  • Duration. How long do the confidentiality obligations last? Indefinite NDAs are hard to enforce and may be unreasonable for genuinely commercial information. A defined period — two to five years — is more practical. For trade secrets, longer or indefinite obligations may be appropriate.
  • Return and destruction of information. When the process ends, can you require the recipient to return or destroy your confidential information? This is often included but rarely enforced — it is difficult to verify compliance and practically impossible to destroy information held in email systems. It is nonetheless worth including.

Mutual vs One-Way NDAs

A mutual NDA imposes confidentiality obligations on both parties — useful where each party is sharing sensitive information with the other. A one-way NDA protects only one party's information. Match the structure to the situation.

When an NDA Does Not Help You

  • When the information is already public. An NDA cannot protect information that is in the public domain. Once confidential information is public — through a leak, a patent application, or simply being widely known in your sector — the NDA has no practical effect.
  • When you cannot prove what was disclosed. If a dispute arises about what was shared and when, you need to be able to prove it. Keep records of what information you shared, with whom, and when. Mark documents as confidential. Send a follow-up email confirming verbal disclosures.
  • When the counterparty has no assets. An NDA gives you a contractual right to sue for breach. If the counterparty has no assets, a judgment against them is worthless.
  • When the relationship is with a competitor. Sharing detailed business information with a direct competitor under an NDA carries risk regardless of the document. The NDA makes disclosure a breach of contract — but it does not prevent the information from influencing how the competitor runs their business. Be careful about what you actually share.

Bonsai Law drafts and reviews NDAs and confidentiality agreements for businesses across the UK. The right NDA protects you; the wrong one gives false confidence — we can tell the difference.

Related reading