An NDA is only as strong as its drafting. A poorly defined confidentiality clause, a missing remedies provision, or an ambiguous duration term can render an agreement difficult or impossible to enforce. This guide covers the nine clauses every NDA template should include and what each one needs to do.
The most important clause in any NDA. It defines the scope of what is protected. If this clause is vague, the agreement will be difficult to enforce because a court must determine what was and was not covered.
A strong definition specifies the categories of information covered, for example written materials, emails, oral communications, technical data, financial records, and trade secrets. It should also specify any exclusions, such as information that is already publicly available or that the recipient can demonstrate they knew before the relationship began.
The NDA must name all parties bound by it. In a commercial context this means the disclosing party, the receiving party, and any third parties who may access the confidential information, such as the receiving party's legal advisors, accountants, or subcontractors.
Omitting a third party who subsequently receives and misuses information creates a gap in the protection. If advisors or contractors will have access, they should be named or described as a class and bound by the same obligations.
The NDA must specify when the confidentiality obligation begins and how long it lasts. These may be different dates. The obligation typically begins when information is first shared, which may predate the signing of the formal agreement.
Duration should be proportionate to the nature of the information. Trade secrets may warrant protection for a decade or more. Operational information shared during a defined project may be adequately covered for 12 to 24 months. An unreasonably long or indefinite term may be unenforceable.
This clause defines what the receiving party is permitted to do with the information. It should specify the purpose for which the information is being shared and restrict use to that purpose only.
For example, information shared during an acquisition due diligence process should only be used for the purpose of evaluating that transaction. Using it to compete with the disclosing party would constitute a breach, provided the clause is drafted clearly enough to cover that scenario.
In limited circumstances, a party may be legally compelled to disclose information covered by an NDA, for example by a court order, a regulatory body, or a government agency. This clause acknowledges that circumstance and typically requires the receiving party to notify the disclosing party as soon as practicable before disclosing, to allow the disclosing party an opportunity to seek a protective order.
This clause protects the receiving party from being in breach of the NDA for complying with a legal obligation, while giving the disclosing party a chance to respond.
This clause specifies what the receiving party must do with the confidential information at the end of the relationship or on request. Options include returning all materials in whatever form they exist, destroying them and certifying destruction, or both.
In a world where information is stored digitally across multiple devices and cloud services, this clause needs to be practical. An obligation to destroy all copies should acknowledge that automatic backups may not be fully purged and include a reasonable best-efforts standard rather than an absolute obligation that may be technically impossible to fulfil.
This clause specifies which court has authority to resolve disputes arising under the agreement and which law governs the contract. For Australian commercial agreements this is typically the courts of a specified state or territory under Australian law.
Where parties are in different jurisdictions, the governing law and jurisdiction clauses prevent disputes about which legal system applies. In cross-border agreements, this clause is particularly important.
This clause sets out what the disclosing party is entitled to if the NDA is breached. Standard remedies include injunctive relief, to stop ongoing or threatened disclosure, and damages to compensate for loss caused by the breach.
Including an express right to seek injunctive relief is important because a court may not grant it automatically. The clause should state that a breach would cause irreparable harm that money alone cannot adequately compensate, which is the standard threshold for injunctive relief in most Australian jurisdictions.
The clause may also address how legal costs are allocated if enforcement proceedings are necessary.
This clause acknowledges that neither party is obligated to proceed with the underlying transaction or relationship. The NDA governs confidentiality only. Either party may walk away from the relationship at any point without breaching the NDA, provided they continue to honour their confidentiality obligations.
This clause is particularly important where the NDA is signed early in an exploratory relationship, such as pre-acquisition due diligence or an early-stage partnership discussion, where the parties have not yet committed to proceeding.
A well-drafted base template provides a strong starting point but should be reviewed for each relationship. The definition of confidential information, permitted use, duration, and jurisdiction clauses all need to reflect the specific context. A template used for a contractor engagement will need different parameters than one used for a potential acquisition. Legal teams using Plexus maintain approved templates that business users can customise within defined parameters, without requiring legal review on every standard request.
There is no legal difference. NDA, non-disclosure agreement, confidentiality agreement, confidential disclosure agreement, and secrecy agreement all refer to the same type of instrument. NDA and confidentiality agreement are the most commonly used terms in Australian and UK commercial practice. The choice between them is a matter of preference.
Maintaining a single approved NDA template and ensuring the business uses it consistently is an operational challenge for most in-house legal teams. The common failure modes are: business users drafting their own NDAs from a web search, legal reviewing NDAs one by one because there is no self-service option, and executed NDAs stored in personal email rather than a central repository.
Plexus solves this through contract management automation. Legal uploads the approved NDA template, configures which fields business users can modify, and sets approval rules for any variation outside those parameters. Business users generate, send, and execute NDAs without involving legal on routine requests. All executed NDAs are stored automatically with expiry tracking.
Sonnedix cut their NDA process from multiple days to 12 minutes using this approach. Read the Sonnedix case study.
Plexus lets legal teams upload approved templates and configure exactly how much the business can customise them. Routine NDA requests get handled without legal involvement. See how Plexus contract management works.