How to Write an NDA: Step-by-Step Guide for Enforceable Agreements
- Last Updated: Feb 06, 2026
- 15 min read
- Arpita Chakravorty
The $500K Mistake That Changes How You Should Think About NDAs
A tech founder recently shared a story that reveals why most DIY NDAs fail silently. She crafted what seemed like an airtight agreement with a potential investor using a template she found online. Six months later, the investor funded a competitor with strikingly similar technology—information only disclosed during confidential meetings.
When she consulted a lawyer about enforcement, the verdict was devastating: her NDA was technically unenforceable because she’d defined “Confidential Information” so broadly that it included information the investor could reasonably obtain independently.
Courts won’t enforce agreements that are overly restrictive or vague.
This is the paradox of NDA writing: the agreements people think are strongest are often the weakest in court. The real skill isn’t filling blanks in a template—it’s knowing how to structure and draft clauses so an NDA actually holds up when tested.
So how do you actually write an NDA that protects your business instead of creating false comfort?
How to Write an NDA: A Practical Framework
Writing an NDA is not about copying a template—it’s about structuring clauses so the agreement is clear, enforceable, and workable in real business situations.
A strong NDA follows a predictable drafting sequence. Writing clauses in this order ensures clarity and reduces negotiation friction.
Step 1: Identify the Parties and Purpose
Start by clearly naming who is bound by the agreement and why information is being shared.
Specify:
- Legal names of both entities or individuals
- Addresses or incorporation details if relevant
- Who is the Disclosing Party and who is the Receiving Party
- The purpose of discussions or collaboration
Example purpose language:
“The parties wish to evaluate a potential business relationship and may disclose confidential information in connection with these discussions.”
Clarity here prevents disputes over who is responsible in case of breach.
Understand the Purpose of NDA and how it protects sensitive business information while enabling safe collaboration and negotiations between parties.
Step 2: Define Confidential Information Carefully
This is the most critical drafting step.
Avoid vague definitions such as:
“All information shared during discussions.”
Instead, describe categories of protected information, such as:
- Technical information
- Product plans
- Financial data
- Customer information
- Business strategies
- Proprietary processes
Then explicitly exclude information that cannot legally be protected:
- Information already public
- Information already known to the receiving party
- Independently developed information
- Information legally obtained from third parties
Without exclusions, NDAs risk becoming unenforceable.
Step 3: Specify Obligations of the Receiving Party
Next, define how confidential information must be protected.
The standard enforceable obligation is:
“Receiving Party shall use commercially reasonable care to protect Confidential Information.”
This means the recipient must protect the information with the same level of care used for its own sensitive information.
Avoid unrealistic standards that courts may reject as excessive.
Step 4: Define Permitted Disclosures
Business operations require limited sharing.
Your NDA should allow disclosure:
- To employees or contractors on a need-to-know basis
- To professional advisors such as lawyers and accountants
- When disclosure is legally required
Requiring confidentiality commitments from internal recipients preserves protection while allowing normal operations.
Step 5: Set Duration of Confidentiality
Confidentiality cannot reasonably last forever for normal business data.
Typical terms:
- 2–5 years for commercial information
- Longer protection for trade secrets
State clearly when obligations begin and end.
Example:
“Confidentiality obligations survive for three years from disclosure.”
Step 6: Define Remedies for Breach
Explain what happens if confidentiality is violated.
Rather than relying only on lawsuits, agreements typically allow:
- Injunctive relief
- Monetary damages
- Negotiated remedies
- Cease-and-desist actions
Balanced enforcement language improves agreement acceptance.
Step 7: Add Standard Legal Clauses
Finally, include standard contract provisions such as:
- Governing law and jurisdiction
- No license or ownership transfer
- Return or destruction of information
- Amendment and assignment terms
These clauses prevent technical disputes later.
Step 8: Review for Practicality Before Signing
Before finalizing the NDA, check:
- Are definitions clear and realistic?
- Can both sides comply operationally?
- Are obligations enforceable?
- Does the term align with business needs?
If an NDA is impractical to follow, it is unlikely to protect you when needed.
Once the core clauses are drafted, the next question is structural: should the agreement protect one party’s information or both?
Unilateral vs. Mutual NDAs: Choosing the Right Structure
Once you’ve drafted the core clauses, the next decision is structural: should the NDA protect only one party’s information or both?
The answer depends not on legal preference but on how information flows between the parties.
A unilateral NDA protects information disclosed by only one party. The receiving party agrees to maintain confidentiality, while the disclosing party carries no equivalent obligation.
This structure works well when disclosure flows primarily in one direction, such as:
- Employee or contractor onboarding
- Vendor engagements
- Investor pitches using standard investor NDAs
- Situations where only one side shares sensitive data
A mutual NDA, by contrast, protects both parties. Each side agrees to safeguard the other’s confidential information.
This format is common in:
- Partnership or collaboration discussions
- Joint ventures
- Technology or product integrations
- Commercial negotiations where both sides share proprietary information
However, mutual NDAs introduce complexity. Both parties must align on definitions, care standards, and disclosure rights. Negotiations often slow down when each side tries to adjust protections to its advantage.
A Practical Decision Rule
- Use a unilateral NDA when only one party is meaningfully disclosing sensitive information.
- Use a mutual NDA when both sides are likely to exchange proprietary or strategic information.
- If the situation is unclear, starting with a mutual NDA often signals cooperation and avoids renegotiating structure later.
In practice, the best NDA structure is simply the one that reflects how information will actually flow between the parties.
But even a perfectly structured NDA can miss modern risks if clauses don’t evolve with how information is used today.
But even a perfectly structured NDA can miss modern risks if clauses don’t evolve with how information is used today.
Learn when to use a Mutual vs Unilateral NDA to ensure confidentiality obligations match how sensitive information flows between parties.
The Modern Risk: AI and Data Protection
Traditional NDA templates were written for a world where confidential information was shared between people—not absorbed into AI systems.
Today, that assumption no longer holds.
A vendor, partner, or service provider may receive your customer data, pricing models, or product roadmap under an NDA. That same information could then be used—intentionally or unintentionally—to train internal AI tools or machine learning models.
At that point, your confidential information may become embedded in systems that generate outputs across multiple users or clients. Whether this constitutes an NDA breach remains legally unsettled, as courts are still catching up to AI-driven data usage.
The Practical Fix
Modern NDAs increasingly include language restricting AI training use, such as:
“Receiving Party shall not use Confidential Information to train, fine-tune, or otherwise develop machine learning models or artificial intelligence systems without Disclosing Party’s prior written consent.”
This clause does not block legitimate collaboration—it simply ensures sensitive data is not reused in ways never contemplated when traditional NDA templates were created.
Before sending an NDA for signature, it’s worth running one final quality check.
Before You Send: The Pre-Flight Checklist
- Rewrite the definition of Confidential Information in 25 words. If you can’t summarize it plainly, it’s too vague.
- List the four exclusions explicitly. Don’t assume courts will read them in.
- Choose your care standard: commercially reasonable or best efforts? Pick one and stick with it.
- State the term clearly. “This obligation survives for 3 years from disclosure” removes ambiguity.
- Identify permitted disclosures. Lawyers, regulators, and employees—be specific.
- Add the AI clause if data security matters to your business.
Once your NDA is properly drafted, the next challenge is making sure it actually gets followed.
Your Next Step
Writing an effective NDA requires understanding that templates are starting points, not finished products. The strategic decisions—what to protect, for how long, and under what standard—must reflect your organization’s actual risk profile.
But once NDAs begin to scale across departments and partners, the real challenge shifts from “How do I write one?” to “How do I track obligations and ensure compliance across all of them?”
This is where structured contract compliance frameworks—and modern Contract Lifecycle Management platforms such as Sirion—become critical. These systems help organizations centralize agreements, track confidentiality obligations, monitor expiration dates, and maintain visibility across thousands of contracts.
Discover why teams rely on the Most efficient CLM software for Managing NDAs and Vendor Agreements to centralize contracts, track obligations, and maintain compliance at scale.
A practical starting point is documenting your current NDAs: who signed them, what information is protected, when obligations expire, and what disclosures are permitted.
The difference between an NDA that sits forgotten in a folder and one that actually protects your business often comes down to the difference between simply writing contracts and actively managing them.
FAQs: Common Questions About Writing NDAs
Can I write my own NDA and have it be legally binding?
Yes, if it follows the six pillars above. What makes it binding is clarity and mutual assent—both parties understanding what they're agreeing to. However, "legally binding" doesn't mean "enforceable." Courts have discretion to refuse enforcement if the agreement is unconscionable, overly vague, or against public policy. A $100 template is better than a homemade agreement with vague definitions, but a $500 attorney review catches nuances that templates miss.
Should NDAs be notarized?
No. Notarization proves identity, not enforceability. Some jurisdictions require it for certain documents (like real estate), but NDAs are contracts, not notarizable documents. A signature suffices. Digital signatures via DocuSign or Adobe Sign are legally binding under the ESIGN Act.
What if someone breaches my NDA?
Enforcement is harder than most people think. Proving breach requires showing:
(1) A valid NDA exists
(2) Information was confidential
(3) The other party disclosed it
(4) You suffered damages.
The last part is critical—if you can't quantify harm, courts won't award money damages. A cease-and-desist letter is often your first move, followed by negotiation. Litigation is expensive and uncertain; most breaches settle quietly before trial.
