Back to Blog
Checklists

NDA Review Checklist: What to Look For in 2026

February 12, 20269 min readBy ContractScan Team

Why NDA Review Matters More Than You Think


Non-disclosure agreements are often treated as routine paperwork — something to sign quickly so the "real" business conversation can begin. This casual attitude is a mistake. NDAs are legally binding contracts that can significantly impact your business operations, intellectual property, and legal exposure.


A poorly drafted or one-sided NDA can prevent you from using information you developed independently, obligate you to protect information that is already public, create liability for accidental disclosures by third parties, or restrict your ability to work with competitors even after the relationship ends.


This checklist covers everything you need to review before signing an NDA.


Mutual vs. One-Way NDAs


The first thing to determine is whether the NDA is mutual or one-way.


Mutual NDA (bilateral): Both parties agree to protect each other's confidential information. This is appropriate when both sides will share sensitive information — for example, during partnership discussions, merger due diligence, or joint venture planning.


One-way NDA (unilateral): Only one party (the recipient) has obligations. The disclosing party can share the recipient's information freely. This is appropriate when information flows in only one direction — for example, when a company shares proprietary data with a potential vendor.


Red flag: If both parties will share confidential information, but the NDA is one-way, push for a mutual agreement. One-sided NDAs in mutual information-sharing scenarios indicate a power imbalance the other party is trying to exploit.


The 12-Point NDA Review Checklist


1. Definition of Confidential Information


The definition determines what is protected. Review it for:


  • Breadth: Is it narrowly tailored to the information actually being shared, or does it cover "any and all information" regardless of form? Overly broad definitions create compliance burdens.
  • Marking requirements: Must confidential information be marked as "confidential" to be protected? If so, verbal disclosures should have a follow-up written confirmation requirement.
  • Categories: Does it specify categories (technical data, business plans, customer lists, financial information) or use catch-all language?

    • 2. Exclusions from Confidentiality


    Standard exclusions should include:


  • Information that is or becomes publicly available through no fault of the recipient
  • Information the recipient already knew before the disclosure
  • Information independently developed by the recipient without reference to confidential information
  • Information received from a third party who had the right to disclose it

    • Red flag: Missing exclusions, particularly for independently developed information. Without this exclusion, the disclosing party could claim that work you created on your own infringes their confidentiality rights.


    3. Permitted Disclosures


    The NDA should allow disclosure to:


  • Employees who need to know and are bound by confidentiality obligations
  • Professional advisors (lawyers, accountants) bound by professional duties
  • Subcontractors, if applicable, who sign comparable NDAs
  • Government authorities when legally compelled (with notice to the disclosing party)

    • 4. Residuals Clause


    Some NDAs include a "residuals" clause that permits the recipient to use ideas, concepts, and know-how retained in the unaided memory of their personnel. This is particularly common in technology contexts.


    Impact: A residuals clause significantly limits the practical protection of an NDA. If an engineer reviews your proprietary algorithm and remembers how it works, the residuals clause may allow their employer to build a competing product based on that memory.


    5. Term and Duration


    NDAs have two time components:


  • Disclosure period: How long can parties share confidential information? This might be a fixed period (e.g., 1 year) or tied to the duration of a business relationship.
  • Confidentiality period: How long must confidential information be protected after the disclosure period ends? Common periods range from 2-5 years. Trade secrets should be protected indefinitely (or as long as they remain trade secrets).

    • Red flag: Perpetual confidentiality obligations for non-trade-secret information. While trade secrets warrant indefinite protection, requiring perpetual confidentiality for ordinary business information is unreasonable.


    6. Return or Destruction of Information


    Upon termination, the NDA should specify:


  • Whether confidential information must be returned, destroyed, or both
  • Whether the recipient must certify destruction in writing
  • Exceptions for archival copies retained by legal or compliance teams
  • Exceptions for information in automated backup systems

    • 7. Non-Solicitation Provisions


    Some NDAs include provisions restricting the recipient from soliciting the disclosing party's employees or customers. These go beyond standard confidentiality protections.


    Red flag: Broad non-solicitation clauses in what should be a simple NDA. If the other party wants non-solicitation protections, those should be negotiated separately with appropriate consideration.


    8. Non-Compete Provisions


    Similar to non-solicitation, some NDAs embed non-compete restrictions preventing the recipient from engaging in competing activities.


    Red flag: Any non-compete language in an NDA. Non-competes significantly restrict business operations and should never be hidden in a confidentiality agreement. They deserve standalone negotiation.


    9. Intellectual Property Rights


    The NDA should clarify:


  • No transfer of IP rights through the disclosure of confidential information
  • Each party retains ownership of their pre-existing IP
  • No license rights are granted except as explicitly stated

    • Red flag: Language suggesting that disclosure of confidential information grants any IP rights or licenses to the recipient.


    10. Remedies for Breach


    Standard NDA remedy provisions include:


  • Acknowledgment that monetary damages may be inadequate for breach
  • Right to seek injunctive relief (court orders to stop further disclosure)
  • Right to pursue monetary damages
  • Whether the breaching party must pay the other's attorney fees

    • 11. Governing Law and Jurisdiction


    Like any contract, the NDA should specify:


  • Which state or country's laws govern interpretation
  • Where disputes will be resolved
  • Whether disputes will be litigated or arbitrated

    • 12. Miscellaneous Provisions


    Review standard boilerplate for surprises:


  • Entire agreement clause: Confirms the NDA supersedes all prior discussions about confidentiality
  • Amendment requirements: Changes should require written agreement signed by both parties
  • Assignment: Can the NDA be transferred to another party?
  • Severability: If one provision is unenforceable, do the remaining provisions survive?

    • Common NDA Pitfalls for Small Businesses


    Signing one-way NDAs when sharing information both ways. If you share your pricing, customer information, or business plans during discussions, a one-way NDA that only protects the other party's information leaves yours exposed.


    Accepting overly broad definitions without exclusions. If the definition of confidential information includes "any information provided in any form," and there are no standard exclusions, you could be restricted from using publicly available information.


    Ignoring the confidentiality period. A five-year confidentiality obligation means you must maintain information security controls for five years after the relationship ends. Consider whether that is operationally feasible.


    Not tracking NDA expirations. If the disclosure period expires but you continue sharing information, new disclosures may not be protected. Track NDA dates and renew before expiration.


    How to Negotiate Better NDA Terms


    When reviewing an NDA, focus your negotiation energy on the highest-impact issues:


    1. Ensure mutual obligations if both parties will share information.

    2. Add standard exclusions if they are missing.

    3. Remove or narrow non-compete and non-solicitation provisions.

    4. Set a reasonable confidentiality period — 2-3 years for most business information.

    5. Clarify IP ownership — ensure no rights transfer through disclosure.


    For routine NDAs, these five changes address the most common imbalances. For high-stakes situations involving trade secrets, major partnerships, or M&A due diligence, consider engaging legal counsel.


    Using AI to Review NDAs Faster


    NDAs are ideal candidates for AI review because they follow predictable structures and contain a finite set of standard provisions. ContractScan can analyze an NDA in under 60 seconds, flagging:


  • Whether the NDA is mutual or one-way
  • Missing standard exclusions
  • Unusual or restrictive provisions
  • Embedded non-compete or non-solicitation language
  • Term and duration issues
  • Deviations from market-standard NDA terms

    • Upload your next NDA to ContractScan and get a complete analysis before your next meeting.

    Ready to Review Your Next Contract?

    Upload any contract and get a complete AI analysis in under 60 seconds.

    Start Free

    Related Articles

    Guides

    What Is AI Contract Review? A Complete Guide for 2026

    Checklists

    How to Review a Contract: 10-Point Checklist for 2026

    Risk Management

    Contract Risk Assessment: Identifying Red Flags Before You Sign