NDAs Explained: Mutual vs One-Way and Key Clauses

An NDA is either unilateral (one-way) or bilateral (mutual). The choice is not a formality — it determines who bears disclosure risk and who has enforcement rights.

One-way NDA: One party (the disclosing party) shares confidential information; the other (the receiving party) agrees to protect it. Classic use cases: sharing a business plan with a potential investor, disclosing a product concept to a manufacturer, or hiring a contractor who will see proprietary source code.

Mutual NDA: Both parties share confidential information with each other and both agree to protect what they receive. Use this when two companies are exploring a partnership, merger, or integration and each side needs to open the kimono. Also common in co-development agreements where both parties contribute proprietary technology.

A quick rule of thumb: if you are the only one sharing sensitive material, use a one-way NDA — it is cleaner and the obligations are easier to enforce. If the other side pushes for mutual when the information flow is one-directional, treat that as a negotiating tactic, not a technical necessity.

Courts have increasingly refused to enforce NDAs with perpetual confidentiality obligations, particularly for trade secrets that could realistically become public knowledge. At the same time, a term that is too short leaves valuable information unprotected.

Standard ranges by context:

• General business discussions (early-stage talks, vendor evaluation): 2–3 years. Most courts consider this reasonable for non-technical information.
• Software source code or product formulas: 3–5 years is defensible; some tech companies push for 5–7 years for genuinely proprietary algorithms.
• Trade secrets under the Defend Trade Secrets Act (DTSA) or state equivalents: The agreement can say "for as long as the information qualifies as a trade secret," which is legally sound because the obligation expires automatically when the information enters the public domain. This is more durable than a fixed long term.
• Employee NDAs: Courts in California, for example, will not enforce post-employment NDAs that go beyond trade secret law protections, regardless of what the agreement says. In most other US states, 2–3 years post-employment is the enforceable ceiling for most categories of information.

Practical advice: for information with a long shelf life (formulas, source code, customer lists), use trade-secret language tied to the information's legal status rather than a fixed date. For general business discussions, set a fixed 2–3 year term to keep the agreement defensible.

Carve-outs define what is not considered confidential. Without them, a receiving party could theoretically be obligated to keep secret something they already knew or that becomes public — which a court will often refuse to enforce, potentially voiding the entire clause.

Every well-drafted NDA should exclude information that:

1. Was already known to the receiving party before disclosure (provable by prior documentation)
2. Becomes publicly available through no fault of the receiving party
3. Is independently developed by the receiving party without reference to the disclosed material
4. Is received from a third party who has the right to disclose it
5. Is required to be disclosed by law or court order — but typically the receiving party must give prompt written notice so the disclosing party can seek a protective order

The fifth carve-out (legal compulsion) is often the most contested. A well-drafted version requires the receiving party to: (a) notify the disclosing party as soon as reasonably possible, (b) cooperate with any attempt to limit the scope of disclosure, and (c) disclose only the minimum required by the legal obligation.

Missing even one of the first four carve-outs is a red flag. A receiving party who signs an NDA without them is agreeing to something a court may not uphold — but will still need to litigate to escape.

An NDA is a contract, which means it needs consideration (each party must give something of value), mutual assent, and sufficiently defined terms. Courts have thrown out NDAs on each of these grounds.

Consideration: In a business-to-business NDA signed before discussions begin, the disclosure itself is typically the consideration. For employee NDAs signed after hiring, some states require additional consideration beyond continued employment — a bonus, a promotion, or access to a specific training program, for example.

Specificity of protected information: An NDA that describes confidential information only as "any information shared between the parties" is extremely broad and some courts have found such language unenforceable. The better approach is to define categories: "technical specifications, customer lists, financial projections, and source code" is defensible; "anything we ever discuss" often is not.

Reasonable scope: Courts apply a reasonableness standard. An NDA that prohibits a receiving party from ever working in the same industry (non-compete dressed as an NDA), or one that obligates them to keep publicly available information secret, will be struck down.

Governing law and jurisdiction: This clause matters more than most people realize. California's courts are notably hostile to NDAs that restrict employee mobility. Delaware is business-friendly. New York enforces well-drafted commercial NDAs consistently. Choose governing law intentionally.

These are the clauses that give one party disproportionate leverage or that signal a poorly drafted (and potentially unenforceable) document:

• No carve-outs at all: Any NDA that lacks the standard exclusions is either a template error or an intentional overreach. Do not sign without adding them.
• Perpetual term with no trade-secret qualification: "This obligation shall survive forever" on general business information is unenforceable in most jurisdictions and suggests the drafter did not know what they were doing — or did, and is hoping you do not.
• Broad non-compete language buried in the confidentiality section: Watch for language like "Recipient agrees not to use the information to compete..." That is a non-compete, not just an NDA, and triggers different enforceability rules.
• One-sided remedies: An NDA that grants the disclosing party the right to seek injunctive relief but not the receiving party (in a mutual NDA) creates asymmetric legal exposure. In a mutual NDA, injunctive relief rights should be available to both sides.
• Automatic assignment to employer: Some employee NDAs contain language assigning all intellectual property created using company information to the employer, even work done on personal time. California and a few other states have statutory limits on this, but in most states it is enforceable if you sign it.
• Missing notice provisions for compelled disclosure: If the NDA does not specify that the receiving party must notify the disclosing party before complying with a subpoena, the disclosing party loses the ability to protect itself through a court motion.