Why NDAs deserve more attention than they get

Most people treat an NDA as a formality — something you sign quickly before getting to the real business conversation. In most cases, that instinct is correct: a well-drafted mutual NDA between commercial parties rarely leads to litigation. But a poorly drafted one can create problems that are genuinely difficult to resolve, and some NDA provisions are systematically unfavourable in ways that founders consistently miss.

The definition of confidential information

The scope of what counts as "confidential information" determines everything else in the NDA. An overly broad definition — "all information disclosed in connection with the relationship" — effectively makes every email and conversation subject to the NDA. An overly narrow definition may fail to protect the information you actually care about.

A workable definition covers: information marked as confidential at the time of disclosure; and information that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure. The second limb is important because you cannot always label everything in advance.

Check the exclusions carefully. Standard exclusions for information that is already publicly known, independently developed, or received from a third party without restriction are legitimate and necessary. An NDA that has no exclusions will be difficult to enforce, because courts will not prevent someone from using information they can prove they developed independently.

Purpose limitation

An NDA without a defined purpose is either too broad or too vague. The receiving party should be permitted to use confidential information only for a specific stated purpose — evaluating a potential partnership, discussing a transaction, a specific project. Without a purpose clause, the scope of permitted use is unclear, and enforcement becomes harder.

Liability for indirect damages

Some NDAs hold the breaching party liable for all direct, indirect, and consequential damages. This sounds reasonable — the injured party wants full compensation — but from the perspective of the party signing, unlimited consequential liability for an NDA breach is disproportionate. A cap on aggregate liability (e.g., €100,000 or the value of the contemplated transaction) is standard market practice for commercial NDAs.

Carve out from the cap any liability arising from wilful misconduct or the deliberate misuse of confidential information for competitive purposes. Those situations warrant uncapped liability.

The confidentiality period

NDAs with no specified confidentiality period — or with a perpetual obligation — are often unenforceable in practice, even if technically valid. Courts in many jurisdictions look unfavourably on perpetual confidentiality obligations for commercial information that loses sensitivity over time. A period of 2–5 years from the date of disclosure, or 2–3 years after the end of the relationship, is standard.

Electronic signatures

NDAs are routinely signed electronically. In the EU, the eIDAS Regulation establishes a framework for electronic signatures, with qualified electronic signatures (QES) having the same legal effect as handwritten signatures. For most commercial NDAs, a simple electronic signature (DocuSign, Adobe Sign, or equivalent) is sufficient — the parties are consenting to a civil obligation, not executing a deed or notarial instrument. Confirm this is acceptable under the governing law of the NDA before relying on it.

Governing law

Match the governing law to the jurisdiction where you would realistically seek enforcement. An NDA governed by English law between two Ukrainian parties is theoretically valid but practically inconvenient to enforce. If both parties are in the same jurisdiction, use that jurisdiction's law. For cross-border NDAs, English law is a common neutral choice for European commercial parties.