How To Write an NDA (Non‑Disclosure Agreement)

Sharing your best ideas with potential partners, investors or contractors is exciting - but it also comes with risk. A Non‑Disclosure Agreement (NDA) helps you open up the conversation without giving away your crown jewels.

If you’re wondering how to write an NDA that actually holds up under UK law, you’re in the right place. Below, we’ll walk through when to use NDAs, how to draft one step‑by‑step, the essential clauses to include, and the common mistakes to avoid so you’re protected from day one.

What Is An NDA And When Should A UK Business Use One?

An NDA is a legally binding contract that protects confidential information you disclose in a commercial discussion or project. In simple terms, it sets out what information is secret, who can see it, how it can be used, and what happens if someone leaks it.

Under UK law, confidentiality can be protected by contract and by the common law duty of confidence. The Trade Secrets (Enforcement, etc.) Regulations 2018 also give businesses specific remedies where “trade secrets” are misused. An NDA brings these protections together in writing so expectations are crystal clear - and enforceable.

Typical situations where small businesses use NDAs include:

• Pitching to customers, suppliers or investors and needing to share pricing, product roadmaps or financials
• Exploring a joint venture, distribution, licensing or white‑label arrangement
• Hiring contractors or freelancers who’ll access source code, customer lists or manufacturing processes
• Sharing specs with manufacturers or agencies before you’ve finalised terms
• Early M&A or due diligence conversations

As a rule of thumb: if disclosure would cause harm if it got into the wrong hands, put an NDA in place before you share.

Unilateral vs Mutual NDAs

In a unilateral NDA, only one party discloses confidential information (and the other promises to keep it confidential). In a mutual NDA, both sides will be sharing sensitive information and agree to protect each other’s disclosures.

If you expect a two‑way exchange, a Mutual NDA usually keeps things balanced and avoids renegotiating later. If only your business is disclosing, a one‑way Non‑Disclosure Agreement is typically enough.

How To Write An NDA: A Step‑By‑Step Guide

You don’t need to reinvent the wheel, but you do need an NDA that matches your situation and UK legal requirements. Here’s a practical process to follow.

1) Define The Purpose Clearly

Start by stating why the information is being shared (for example, “to evaluate a potential distribution agreement for Product X”). This “Permitted Purpose” narrows how the recipient can use your information and makes over‑broad use easier to police.

2) Identify The Parties (Including Affiliates)

Name the disclosing and receiving entities correctly, including company numbers where relevant. Decide whether “affiliates” (group companies) are covered and whether they can receive information - if so, the NDA should require they’re bound by the same obligations.

3) Describe Confidential Information

Use a broad but sensible definition that covers information disclosed in writing, orally or through access (e.g., demos, site visits). Many NDAs also include a practical requirement to mark documents “Confidential” where possible, but still protect unmarked disclosures made in circumstances importing confidentiality (UK law recognises this).

4) Set Out Recipient Obligations

Spell out how the recipient must protect the information: keep it confidential, use it only for the Permitted Purpose, restrict access to people who need to know, and apply security safeguards. If data includes personal data, consider whether you also need a Data Processing Agreement.

5) Include Practical Carve‑Outs

Every NDA should exclude information that’s already public, already known to the recipient on a non‑confidential basis, independently developed, or legally required to be disclosed (e.g., by court order or regulator) - with a duty to notify you where lawful.

6) Decide On Term And Survival

In the UK, it’s common to set a fixed confidentiality period (e.g., 2–5 years), with trade secrets protected for as long as they remain trade secrets. Be explicit about how long obligations last after discussions end.

7) Plan For Return/Destruction

Require the recipient to return or securely destroy confidential materials on request or when discussions end. Allow for standard backups and legal record‑keeping to be retained, provided they remain confidential.

8) Add Remedies And Enforcement

Make clear that damages may not be sufficient and you’re entitled to injunctive relief (i.e., court orders to stop misuse). State governing law and jurisdiction - typically the laws of England and Wales and the English courts, unless you have a reason to choose otherwise.

9) Consider Execution Method

Most NDAs work as simple contracts, but a unilateral NDA with no consideration can be executed as a deed to ensure enforceability. If you’re signing as a deed, follow the formalities and think about e‑signing. For more on this, see our guidance on executing contracts and deeds.

10) Keep It Proportionate

Don’t overreach. Courts are more likely to uphold a well‑targeted NDA that protects genuine confidential information for a reasonable period than one that tries to control everything forever.

Finally, test your draft against your real workflow. If you need to share information with advisers, contractors or potential sub‑suppliers, the NDA should allow that - subject to those third parties being bound by obligations at least as strict as the NDA.

Essential NDA Clauses Under UK Law

While every deal is different, these core clauses appear in most effective NDAs and protect you under UK law.

• Definitions: A clear definition of “Confidential Information”, “Permitted Purpose”, and “Representatives” (employees, officers, advisers, contractors) avoids ambiguity.
• Confidentiality Obligations: Use only for the Permitted Purpose; keep information confidential; apply no less than reasonable care; limit disclosure to need‑to‑know people bound by confidentiality.
• Security Measures: Reasonable technical and organisational measures appropriate to the sensitivity of the information. If personal data is involved, align with the UK GDPR and Data Protection Act 2018 and pair with a Privacy Policy for customer‑facing data practices.
• Exclusions: Public information; already known; independently developed; lawfully obtained from a third party; disclosures required by law or a regulator (with notice and cooperation where lawful).
• Non‑Disclosure And Non‑Use: Explicitly bar reverse engineering, decompiling or analysing samples or software unless authorised for the Permitted Purpose.
• Return/Destruction: On request or at end of discussions; confirm destruction in writing if asked; allow for routine backups to be retained confidentially.
• IP Ownership And No Licence: State that disclosure doesn’t transfer intellectual property rights and no licence is granted (unless you are granting a limited evaluation licence).
• Non‑Circumvention (Optional): In deals involving introductions (e.g., investors, suppliers), consider a focused Non‑Circumvention Clause preventing the recipient from bypassing you to deal directly with your contacts for a limited period.
• Whistleblowing And Legal Rights: Carve out protected disclosures under the Public Interest Disclosure Act 1998 and similar rights. NDAs cannot (and should not) silence lawful whistleblowing.
• Term And Survival: State a sensible time limit for confidentiality (often 2–5 years) while allowing trade secrets to remain protected indefinitely.
• Remedies: Right to seek injunctive relief and other equitable remedies, without needing to prove special damage, in addition to damages.
• Governing Law And Jurisdiction: Typically England and Wales; consider where the other party is based and enforcement practicalities.
• Boilerplate: Entire agreement, variations in writing, assignment limits, severance, notices, and counterparts to smooth enforcement.

Common UK Pitfalls And How To Avoid Them

NDAs are often signed quickly. Here are the usual traps that catch small businesses - and how to sidestep them.

• Overly Vague Purpose: If the Permitted Purpose is “any business relationship we might consider”, a recipient could argue broad use. Keep it specific to the discussion at hand, and update or re‑paper if the relationship evolves.
• Unenforceable Duration: “Forever” can look unreasonable for general commercial information. Use a reasonable period and protect genuine trade secrets indefinitely.
• No Consideration In One‑Way NDAs: If only one party promises confidentiality, ensure there’s consideration (e.g., “in consideration of being given access to the Information…”) or execute as a deed with the correct formalities.
• Missing Carve‑Outs: Without standard exclusions, a recipient may resist signing or later claim the NDA is unfair. Balanced carve‑outs make the NDA more acceptable and defensible.
• Data Protection Gaps: If personal data is shared, an NDA alone won’t cover UK GDPR duties. Put a proper Data Processing Agreement in place where one party processes personal data for the other, and ensure security obligations align.
• IP Ownership Assumptions: NDAs don’t transfer IP. If you’re engaging a developer or designer, cover ownership separately with an IP Assignment or insert clear ownership provisions in the main services contract.
• Trying To Ban Competition: NDAs protect secrecy, not competition. Over‑broad non‑compete language can be unenforceable or deter sign‑off. Keep any non‑compete out of the NDA and address competitive restrictions (if justified) in the main commercial agreement, tailored to UK restraint rules.
• Not Controlling Sub‑Recipients: If the recipient can pass your information to contractors without restrictions, risk skyrockets. Require sub‑recipients to be bound by obligations at least as strict as the NDA, in writing.
• Wrong Jurisdiction: If you pick a distant court, enforcing your rights gets expensive. For UK small businesses, English law and courts are usually the pragmatic choice.
• Signing Mistakes: The wrong entity or signature block (e.g., an individual signs when you meant the company) can create enforceability issues. Check names, titles and authority carefully, and review whether you should be executing as a deed for unilateral arrangements.

Do NDAs Replace Other Protections?

Short answer: no. NDAs are one piece of a broader protection strategy. Consider these complementary steps so your business is fully covered.

• Contractual Foundations: Once you move beyond early talks, switch to a robust commercial agreement (e.g., supply, distribution, development). If you’re hiring a freelancer, the NDA should sit alongside a clear Contractor Agreement or Consulting Agreement that covers IP ownership, deliverables, payment and liability.
• Employment Confidentiality: Employees should be bound by confidentiality and IP provisions in their Employment Contract, with tailored post‑termination restrictions where appropriate.
• IP Registration: An NDA won’t stop someone independently developing a similar brand. Protect your brand with a UK Trade Mark and consider registered designs or patents where applicable.
• Ownership Clarity: When contractors or collaborators create materials, code or content for you, ensure ownership is transferred using an IP Assignment (or the main contract includes an assignment clause).
• Introductions And Deal Flow: If your value lies in introducing investors, customers or suppliers, a targeted Non‑Circumvention Clause can stop a counterparty going around you for a reasonable period.
• Data Compliance: Where personal data is involved, align your NDA and operations with UK GDPR. That typically means using a proper Data Processing Agreement when needed and keeping your public‑facing Privacy Policy up to date.

Think of your NDA as the front door lock - essential, but even stronger when combined with solid windows (IP registration), a sturdy fence (commercial contracts) and good neighbourhood watch (internal processes and training).

Example NDA Scenario

Imagine you’re exploring a technology partnership. You’ll demo your platform, share APIs and discuss joint go‑to‑market plans. You sign a Mutual NDA, limit use to “evaluating a potential integration”, allow disclosures to each other’s employees and professional advisers under equivalent obligations, include a 3‑year confidentiality period, and reserve the right to seek injunctions for leaks. You also ensure any prototype code or documentation later shared under a pilot is covered by your pilot agreement, which deals with IP ownership, liability caps and termination. If personal data is processed, you pair the NDA with a DPA.

When To Get Legal Help

Templates can be a good starting point, but the stakes vary. If you’re pitching to a major customer, considering investment, or sharing sensitive technical know‑how, it’s worth having a lawyer tailor your NDA to the deal and your risk profile. Small tweaks - like the right purpose wording, a sensible duration, or adding a non‑circumvention obligation - can make a big difference to enforceability and outcomes.

Key Takeaways

• An NDA protects sensitive information you share in business discussions. In the UK, it works alongside the duty of confidence and the Trade Secrets Regulations to keep your know‑how secure.
• Choose the right format for your situation: a one‑way NDA if only you’re disclosing information or a Mutual NDA if both sides will share.
• When writing an NDA, define a clear Permitted Purpose, set practical confidentiality obligations, include standard exclusions, decide on a sensible duration, and cover return/destruction, remedies, and governing law.
• A unilateral NDA with weak consideration may need to be executed as a deed - double‑check names, authority and signing formalities when executing contracts and deeds.
• Don’t forget data protection: if personal data is shared, pair your NDA with a Data Processing Agreement and make sure your public‑facing Privacy Policy is accurate.
• NDAs don’t replace other protections. Secure IP ownership with an IP Assignment, protect your brand with a Trade Mark, and use appropriate services contracts as talks progress.
• A well‑tailored NDA is more likely to be signed and enforced than an over‑broad one. If you’re unsure, have a lawyer review or prepare your Non‑Disclosure Agreement before you disclose anything valuable.

If you’d like help preparing an NDA tailored to your business, you can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.