Module 1 of 6 — NDA Drafting Masterclass

What an NDA Actually Does

Reading module · approx 12 min

An NDA is not a lock. It is a key that creates legal access to consequences. Understanding this distinction — protection through contractual obligation rather than through property right — is the foundation of every drafting decision in this course.

A non-disclosure agreement imposes a contractual duty on the receiving party not to disclose and not to use information that the disclosing party designates as confidential. That is all it does. It does not make the information secret. It does not prevent disclosure. It creates an obligation that, if breached, entitles the disclosing party to legal remedies.

This matters because lawyers and clients frequently treat the NDA as if signing it creates a force field around the information. It does not. Once information is shared, it is shared. The NDA is a deterrent and a remedy mechanism, not a technical access control.

The three structural types

Every NDA falls into one of three structural categories. Getting the structure right is the first drafting decision, and it has downstream consequences for how the obligations, carve-outs, and remedies are framed.

Unilateral (one-way)

One party discloses; the other receives. Only the receiving party has obligations. Used when the information flow is genuinely one-directional — a founder sharing a business plan with a prospective investor, an employer sharing trade secrets with a new hire, a company sharing source code with an external developer.

Unilateral NDAs are often the right structure but are frequently upgraded to bilateral by the receiving party's lawyers as a negotiating position. You should resist this upgrade unless the receiving party genuinely has confidential information to protect. A unilateral NDA imposes fewer obligations overall; a bilateral NDA imposes equal obligations on both sides, which may not reflect commercial reality.

Bilateral (mutual)

Both parties disclose and both receive. Each party is simultaneously disclosing party and receiving party. Used in genuine two-way information exchanges — M&A due diligence, joint venture discussions, technology partnerships where each party shares proprietary methods. The typical bilateral NDA contains symmetric obligations: whatever the duty imposed on Party A as recipient of Party B's information is the same duty imposed on Party B as recipient of Party A's information.

The risk in bilateral NDAs is that the symmetric structure may not fit asymmetric commercial reality. If one party is sharing its entire source code and the other is sharing only a high-level roadmap, symmetric obligations are misleading. The better approach is to vary the obligations — either by defining confidential information differently for each party, or by adding a schedule of the specific information each party is sharing.

Multilateral

Three or more parties. Used in consortium arrangements, multi-party due diligence, and large infrastructure transactions where multiple bidders, advisors, and data room administrators are involved. Multilateral NDAs are procedurally complex and structurally fragile — enforcement between any two parties requires identifying which information originated from which party. In practice, most multilateral situations are better served by two or more bilateral NDAs than by a single multilateral instrument.

What an NDA does not do

Four things an NDA cannot accomplish, regardless of how well it is drafted:

It cannot protect information that is already public. If the information is in the public domain before or after it is shared, the NDA is ineffective as to that information. This is not a failure of drafting; it is a logical limit of confidentiality obligations. Carve-outs for public domain information are standard, not aggressive.
It cannot prevent a recipient from remembering. Human memory is not regulable by contract. What a person remembers from a meeting — as distinct from documents, notes, and data they took away — is practically unenforceable. The residuals clause problem (covered in Module 2) arises precisely from this limitation.
It cannot substitute for intellectual property protection. An NDA does not give the disclosing party a patent, copyright, or trademark over the disclosed information. If the information is disclosed and the recipient subsequently creates something using it, the NDA provides a breach of contract claim, not an IP claim. For genuinely valuable technical information, IP registration and the NDA should run in parallel, not as alternatives.
It cannot prevent disclosure compelled by law. A court order, regulatory demand, or statutory obligation that requires disclosure will override the NDA. The NDA can impose procedural obligations on the receiving party before they comply with compelled disclosure — notice, opportunity to seek a protective order — but it cannot prevent the disclosure itself. Module 3 covers the compelled disclosure clause in detail.

NDA versus confidentiality clause

A standalone NDA and a confidentiality clause within a larger agreement serve the same function but have different procedural implications. A confidentiality clause in a Master Service Agreement, employment contract, or shareholder agreement is easier to manage — it forms part of a single document, the term is typically tied to the main agreement, and disputes are resolved under the dispute mechanism of the main contract.

A standalone NDA is appropriate when the parties are not yet ready to commit to a main agreement — preliminary discussions, exploratory due diligence — and when the confidentiality obligation needs to survive independently of any subsequent commercial relationship. The standalone NDA also allows for a longer, more detailed treatment of confidentiality than is appropriate in a schedule to a commercial agreement.

Common misconception Founders frequently believe that having someone sign an NDA before a pitch means the investor cannot invest in a competing company or share the pitch with their partners. Neither is true. A standard NDA prohibits disclosure of specific confidential information and its use for purposes other than evaluating the transaction. It does not prohibit the recipient from drawing on general knowledge, investing in the sector, or discussing the general concept with colleagues — only sharing the specific confidential information disclosed. If you want non-compete or non-circumvention obligations, those are separate provisions with different enforceability questions under Indian law.

When not to use a standalone NDA

Three situations where a standalone NDA is not the right instrument:

First, when the information is already protected by implied confidentiality. The duty of confidentiality can arise by law without a contract in certain relationships — solicitor-client, doctor-patient, banker-customer. For information shared within such a relationship, an NDA adds limited value and may create confusion about the source of the obligation.

Second, when the primary concern is competitive use rather than disclosure. If what you are worried about is the counterparty using your information to compete with you, you need a non-compete clause, not an NDA. NDAs prohibit disclosure and use for the stated purpose. They do not prohibit the recipient from building a competing product using knowledge they independently develop, or from hiring your employees, or from approaching your customers — unless those specific restrictions are expressly drafted in.

Third, when the commercial context makes confidentiality unenforceable as a practical matter. If you are sharing a business model that is obvious, a price list that will be known to the market anyway, or technical information that is independently discoverable, an NDA creates paperwork without practical protection. Enforcing an NDA requires showing what was disclosed, that it was confidential, and that the breach caused loss. If any of those elements is weak, the NDA provides the appearance of protection without the substance.

The contract law foundation

An NDA is a contract. It is governed by the Indian Contract Act, 1872, and all the standard contract requirements apply: offer, acceptance, consideration, capacity, free consent, and lawful object. If you have not already completed the Verbatra Course 1 on Indian Contract Law Essentials, the key points for NDA purposes are these.

Consideration is required for a binding NDA. In most commercial NDAs, the consideration is the mutual exchange of information, or — in a unilateral NDA — the disclosing party's agreement to share information in exchange for the receiving party's confidentiality obligation. This is adequate consideration. An NDA that imposes obligations on one party in exchange for nothing at all faces enforceability risk, though in practice the consideration element is rarely litigated in commercial NDA disputes.

Section 27 of the Contract Act voids agreements in restraint of trade. This section is discussed in detail in Module 4 in the context of perpetual NDAs. The short version: an NDA that prevents a receiving party from ever using skills or knowledge gained during the relationship may cross the line from confidentiality into restraint of trade. The distinction between protecting specific confidential information and restricting general professional activity is the boundary that careful drafting must maintain.

Module 2 covers the most important — and most frequently badly drafted — clause in any NDA: the definition of confidential information. That definition shapes everything else in the agreement.