What Should Be Included in a Mutual NDA?

Written By Josh Bykowski

Before a partnership conversation, a vendor demo, or a funding discussion — someone will almost certainly produce an NDA. In commercial and startup contexts, that's often a mutual NDA, meaning both sides agree to protect each other's information. The question is: what actually needs to be in it?

This guide walks through the essential terms, what to watch for when reviewing a counterparty's draft, and when it's worth getting a lawyer involved rather than relying on a template.

Mutual vs. One-Way: A Quick Distinction

A one-way (unilateral) NDA protects only one party's information. A mutual NDA creates confidentiality obligations in both directions — each party is simultaneously disclosing and receiving confidential information. Mutual NDAs are standard in startup partnerships, commercial negotiations, vendor relationships, and any context where both sides have material information to protect.

If you're sharing something valuable and you've been asked to sign a one-way NDA, it's entirely reasonable to request mutuality.

The Eight Clauses That Matter Most

1. Definition of Confidential Information

The most consequential clause in any NDA. A well-drafted definition is broad enough to capture what's actually being shared — including oral disclosures, prototypes, and know-how — without being so vague it's unenforceable. Pay close attention to carve-outs: information that the recipient claims is "already known" or "independently developed" should be subject to the burden of proof.

2. Obligations of the Receiving Party

This clause defines what the recipient must and must not do with your information: maintain confidentiality, use it solely for the agreed purpose, restrict internal access to those who genuinely need to know, and implement appropriate security measures.

3. Permitted Purpose

Defines precisely why information is being shared. This clause should be narrow and specific. An NDA without a clearly defined purpose can become an inadvertent licence for the other party to use your confidential information in ways you never contemplated.

4. Standard Exclusions

These carve-outs are reasonable and you should expect them: information already in the public domain, information the recipient can show it independently developed, and information received from a third party without restriction. The key is that these exclusions should be narrow, and the evidential burden should sit with the recipient.

5. Term and Survival

Two timeframes to negotiate: the disclosure period (how long the agreement governs new disclosures) and the survival period (how long confidentiality obligations persist after the agreement ends). Two to five years is typical for commercial information; trade secrets may warrant longer or indefinite protection.

6. Return or Destruction of Materials

If the relationship doesn't proceed, what happens to your information? The NDA should require the return or certified destruction of all confidential materials within a defined period, with confirmation in writing.

7. Injunctive Relief

Damages alone are rarely adequate for a confidentiality breach — the harm is often difficult to quantify and some disclosures cannot be undone. This clause confirms that the disclosing party may seek injunctive or other equitable relief to prevent or stop a breach, without needing to prove financial loss.

8. Governing Law and Jurisdiction

Which jurisdiction's law applies and where disputes will be resolved. For cross-border relationships, this choice has significant practical consequences. Select a jurisdiction where you can realistically enforce your rights.

Startup-Specific Considerations

Investor conversations: Most professional investors will decline to sign an NDA at early pitch stages — this is industry standard and pushing for one can work against you. Once due diligence begins, however, a mutual NDA covering financials, technical architecture, and customer data is appropriate and expected.

Co-founder and early hire discussions: Preliminary conversations with potential co-founders or senior early hires often involve sharing your core concept, technology, and commercial strategy. A mutual NDA is sensible protection, particularly where the other party has adjacent expertise that could make them a competitor.

Technology and IP-intensive businesses: If your competitive advantage is a product, algorithm, dataset, or proprietary methodology, the definition of confidential information requires careful drafting. Make sure it covers source code, technical documentation, internal processes, and know-how — not just formal registered IP.

Broad non-use clauses in counterparty NDAs: This is the risk most startups underestimate. If a larger company sends you an NDA with an expansively drafted non-use clause, you may inadvertently restrict your own product development. Read these clauses carefully before signing.

Commercial Use Cases

In vendor, supplier, or distribution relationships, mutual NDAs sit at the foundation of the broader commercial arrangement. Several additional considerations apply:

  • Data and regulatory compliance: If the relationship involves personal data or regulated information, the NDA must work alongside — not substitute for — appropriate data processing agreements. Understand which legal instrument governs which obligations.

  • Permitted disclosures: Commercial parties often need to share information with advisers, lenders, or regulators. The NDA should accommodate these disclosures provided the recipients are bound by equivalent confidentiality obligations.

  • Cumulative NDA obligations: If you're in simultaneous discussions with multiple parties in the same sector, audit the cumulative effect of your NDA obligations. Overlapping non-use clauses can create unintended restrictions on your commercial freedom.

Template NDA or Draft From Scratch?

ScenarioApproachLow-stakes early conversationA well-reviewed standard template is usually proportionate.Sharing valuable IP or trade secretsBespoke drafting. The definition of confidential information must be precise.Counterparty has sent their own NDALegal review before signing. Standard-looking documents often contain one-sided provisions.Cross-border transactionLocal law advice is essential — enforceability varies significantly.NDA as precursor to a larger dealDraft with the full transaction in mind. Misaligned definitions cause problems downstream.

Red Flags in Any NDA

  • No defined permitted purpose

  • Non-compete or non-solicit provisions buried in the confidentiality clause

  • Indefinite obligations on general commercial information

  • No injunctive relief provision

  • Unilateral amendment rights

  • No return or destruction obligation on termination

  • Confidentiality exceptions drafted so broadly they swallow the rule

Novel Law NDA Services

Novel Law offers focused NDA drafting and review for startups and commercial businesses. Whether you need a clean mutual NDA drafted from scratch, a marked-up review of a counterparty's document, or support through negotiation, we provide commercially-minded advice without the overhead of a large firm.

Services include: mutual NDA drafting · counterparty NDA review · template review and redlines · negotiation support · startup confidentiality frameworks · cross-border NDA advice

Josh Bykowski
Next

Trademark Enforcement in Focus: Lessons from Lululemon v. Costco