Red Flags When Reviewing an NDA
Reading module · approx 12 min
Reviewing an NDA for a client means making a series of risk assessments under time pressure. The five questions you ask first, and the seven provisions you look for in every review, are the product of knowing what actually goes wrong in Indian practice.
Five questions before you read a word
Before reading the NDA, answer these five questions. They determine which provisions are high risk in this specific situation.
- Who is disclosing what? Identify whether the NDA is unilateral or bilateral, and who is actually sharing sensitive information. In a supposed bilateral NDA where only one party is sharing anything of value, that party bears all the risk and the bilateral structure is misleading.
- What is the purpose? The purpose defines the permitted use. A purpose limited to "evaluating a potential acquisition" is much narrower than "evaluating a potential commercial relationship." Narrow purpose = more protection. Wide purpose = more operational flexibility but less restriction on the recipient.
- Is this a one-time exchange or an ongoing relationship? A one-time disclosure (a pitch, a due diligence exercise) calls for different term and survival provisions than an ongoing commercial arrangement where information is continuously exchanged.
- How sensitive is what is actually being shared? Source code, clinical data, and pricing models deserve more protection than general marketing strategy and company overviews. Calibrate the effort of negotiation to the actual sensitivity of the information.
- Who is the counterparty and what leverage does your client have? A startup signing an NDA with a large technology company has less leverage than a supplier to whom the company is functionally locked in. The leverage determines which red flags you must fix and which you negotiate but ultimately accept.
Seven red flags
1. No purpose limitation
An NDA without a purpose limitation — or with a purpose defined as "any purpose the parties may agree" — provides essentially no non-use protection. The receiving party can use the information for anything because no specific purpose has been identified as the permitted use. Add a clear, narrow purpose clause as the first mark on any NDA review.
2. Overbroad confidential information definition (for the receiving party)
If your client is the receiving party, a definition that captures "all information shared, whether or not designated as confidential, including information generally known in the industry" is a problem. The receiving party cannot know what they are bound to protect if everything is covered. Seek a definition that either requires marking or expressly excludes information that is generally known or developed by the receiving party's employees independently.
3. Residuals clause (for the disclosing party)
As covered in Module 2, a residuals clause effectively carves out everything a receiving party's employees remember. If your client is the disclosing party in a technology, pharmaceutical, or M&A context, this provision must be struck or narrowed. The residuals clause will appear in NDAs drafted by or for large technology companies as a standard provision. It is not standard for the disclosing party — it is a receiving party's attempt to limit their exposure.
4. Perpetual term without trade secret carve-out analysis
A perpetual confidentiality obligation over all information shared during a commercial relationship raises the Section 27 question. It also creates compliance problems for the receiving party — their employees cannot be expected to maintain confidentiality obligations indefinitely over general business information. For time-limited commercial NDAs, push for a specific duration. For M&A NDAs, accept perpetual obligations for trade secrets with a shorter fixed period for other confidential information.
5. Missing compelled disclosure procedure
An NDA that does not address compelled disclosure leaves the receiving party in an impossible position: breach the NDA or breach the legal demand. If the compelled disclosure clause is absent, add it. If it requires prior notice in all circumstances, add a carve-out for legally prohibited notifications. A receiving party signing an NDA without a compelled disclosure clause is taking on liability they cannot control.
6. Asymmetric remedies
Some NDAs provide the disclosing party with rights to injunction and specific performance, while limiting the receiving party to damages claims. Since in a bilateral NDA both parties are disclosing parties, asymmetric remedies are commercially unjustifiable and legally suspect. In a unilateral NDA, it may be appropriate for the disclosing party to have enhanced remedies — but only if the asymmetry reflects the actual information flow. An NDA where only Party A shares information, but Party B has unlimited access to injunctions while Party A does not, is a red flag for an NDA drafted to serve only one party's interests.
7. Auto-assignment or automatic IP transfer
Some NDAs — particularly those prepared by technology companies and large acquirers — include provisions that purport to assign to the disclosing party any intellectual property developed by the receiving party that is derived from or related to the confidential information. This goes well beyond confidentiality and creates IP transfer obligations. If such a provision appears, it requires separate analysis outside the NDA review — it has implications for the receiving party's own IP that are independent of the confidentiality obligations.
What to safely concede
Effective NDA negotiation requires knowing what not to fight over. Provisions that are commercially standard, legally sound, and carry low risk for your client should be accepted without comment. Fighting every provision wastes time, reduces trust, and causes you to lose credibility on the provisions that actually matter.
Provisions that are generally safe to accept without negotiation: the governing law (as long as it is Indian law and a reasonable jurisdiction); the standard four carve-outs to confidential information; the obligation to use reasonable care; the permitted recipient structure with the standard binding-down requirement; the arbitration clause with a court injunction carve-out; and a fixed term of two to three years for most commercial NDAs.
- Structure: Is the NDA unilateral or bilateral? Does the structure match the actual information flow?
- Purpose: Is there a clear, specific purpose clause? Is the purpose appropriately narrow?
- Definition scope: Is the definition broad-scope, marking-requirement, or hybrid? Is it appropriate for the context?
- Carve-outs: Are all four standard carve-outs present? Are they correctly worded (public domain "through no act or omission of the receiving party")?
- Residuals clause: Is there a residuals clause? If your client is the disclosing party, has it been struck or narrowed?
- Non-use obligation: Is there a separate non-use obligation, or only a non-disclosure obligation?
- Standard of care: What standard applies? Reasonable care, same as own, or best efforts?
- Term and survival: What is the agreement term? What is the confidentiality period? Do they run from execution, from each disclosure, or from termination? Is there a trade secret carve-out for perpetual protection?
- Compelled disclosure: Is there a compelled disclosure procedure with the four required elements?
- Remedies: Are injunction rights available? Is the arbitration clause coupled with a court injunction carve-out? Is there a liquidated damages clause and is it calibrated to actual likely loss?
If the NDA passes all ten checkpoints, the remaining provisions are administrative. If it fails on any of the first four (structure, purpose, definition, carve-outs) or on compelled disclosure or remedies, those are the provisions to focus negotiation on. The others are refinements.
After this course
You now have a structural understanding of how NDAs work, what their limits are, and how Indian courts approach enforcement. The next step is practice — reviewing real NDAs against the checklist above, and building the pattern recognition that comes from seeing the same provisions appear in different forms across different transactions.
Take Quiz 2 — the final assessment — to test your understanding of all six modules and earn your free certificate of completion. The advanced Quiz 3 covers edge cases and higher-stakes commercial scenarios for those who want to go further.