Dem folgenden Text liegt ein Handout zugrunde, dass ich meinen Studenten in meinem Kurs „Transactional Drafting for LL.M. students“ an der Maurer Law School, IU Bloomington zum besseren Verständnis von Non-Disclosure Agreements mit an die Hand gegeben habe. Vielleicht nützt er ja dem einen oder anderen.
A. Preliminary Remarks – How to Handle this Document
In the following, I would like to share with you some thoughts on Non-Disclosure Agreements (NDAs) on the basis what we have discussed in class. In my opinion, it is not possible to say in an abstract manner whether an NDA – like any other contract – is drafted well or badly. It depends on whether the specific document serves its specific purpose, in particular the interest of your client. The following considerations may help you drafting the NDA in accordance with the interests of your client.
B. General Remarks on NDAs
NDAs can have different forms. They can either be stand-alone agreements or contained in a clause of a larger contract. They can be unilateral, i.e. there is just one disclosing party and one receiving party, or they can be bilateral, i.e. both parties can be disclosing and receiving party. Besides, you may find additional provisions on non-competition or non-solicitation. The parties may want to sign an NDA in view of a specific business project or with regard to their future business cooperation in general.
NDAs are typically signed at the very beginning of a business relationship. At this stage, the parties are generally very enthusiastic. Their interest is to begin the negotiations of the business deal as soon as possible, rather than loosing time negotiating ‘the perfect NDA’. Be aware of this, and do not become the deal breaker at such early stage unless it is necessary. Take for instance into account how important the confidential information is for the business model of your client (e.g. patents compared to just general accounting figures).
C. Analyzing the Diverging Interests in NDAs
In unilateral NDAs, the disclosing party generally is interested in a far-reaching protection of information to be disclosed. This can be achieved in the following ways:
- The definition of the term ‘confidential information’ is drafted in a clear and comprehensive manner.
- Information disclosed by third parties connected to the disclosing party (in particular affiliate companies) is protected as well, and third parties are directly entitled to claim damages if a confidentiality breach occurs.
- Third parties on the side of the receiving party (employees, affiliate companies, advisors, and sub-contractors) agree to be bound by the confidentiality obligations, or their conduct is at least attributed to the receiving party.
- The group of persons entitled to receive confidential information is clearly limited, and any passing of confidential information to other persons requires the express (written) consent of the disclosing party.
- The NDA provides for prompt and effective remedies if the receiving party (or a person whose conduct is attributable to the receiving party) breaches its obligations under the NDA.
The interests of the receiving party are contrary. Most importantly, the receiving party seeks to limit the scope of the term ‘confidential information’. This can be done in several ways. For instance, the information can be limited to a specific item (e.g. a document); or the only such information is considered “confidential” that is clearly marked as confidential. A clear definition of the term will most likely also be in the best interest of the receiving party, as this creates legal certainty. However, an ambiguous definition – and thus uncertainty – makes it more difficult for the disclosing party to enforce an alleged breach. Thus, in a dispute ambiguity might actually favor the receiving party. Nevertheless, ambiguity contains many risks for the receiving party. Therefore, when drafting an NDA, the receiving party should seek clarity.
In bilateral NDAs, the parties’ interests are typically balanced because either party can be disclosing and receiving party. Only where one party is clearly more likely to be the disclosing party or where the confidential information of one party is more valuable, the interests may shift. Both parties should have an interest in an NDA that works in practice, so that all persons receive the information which they need to perfect the deal without unnecessary bureaucratic hurdles that will delay the process.
D. Drafting Considerations
Based on the foregoing interest analysis, the following points should be taken into consideration when drafting or reviewing an NDA.
1. Defining the Project
If the NDA is used for a specific project and not just the general cooperation of the parties, it makes sense to define the term ‘Project’, as this term will most likely be used in the following provisions concerning the confidentiality obligations, the permitted disclosure to third parties, as well as the term of the agreement. Although it may be difficult to describe the project specifically at the early stage when the NDA is drafted, please take reasonable care when doing so. A generic definition will provide the judge with discretion to decide whether the use of information was permitted or not.
2. Defining Confidential Information
The definition of the term ‘Confidential Information’ should be drafted as clearly as possible. Consider the following points:
- Form of the information (e.g. written documents, drawings, electronic data, oral information, or business know-how);
- Way of disclosure (e.g. intentional handover by disclosing party, information incidentally transmitted, or mere observations of the receiving party at the premises of the disclosing party);
- Requirement to mark information as ‘confidential’;
- Including the existence of the ‘Project’ and the NDA are considered ‘Confidential Information’, too.
Often, the definition is drafted in a comprehensive manner (‘“Confidential Information” means all information …’), and the abovementioned points are merely considered non-exhaustive examples (‘including but not limited to’) for the general principle. This is a reasonable solution. However, avoid a definition that merely uses the word ‘includes’ (e.g. ‘“Confidential Information” includes …’). It creates ambiguity as to the general principle.
3. Confidentiality Obligation
Often, the NDA will state a general obligation to hold Confidential Information in confidence, to withhold it from third parties, and to use it only where necessary for the purposes of the Project. Furthermore, some NDA oblige the parties to maintain reasonable safety measures ensuring confidentiality. Consider the following points:
- What is the relation between the general confidentiality obligation and the duty to maintain reasonable safety measures? Has the receiving party breached the NDA if Confidential Information is disclosed to the public despite reasonable safety measures?
- Is the general confidentiality obligation fault based or is it strict?
- Who is entitled to receive Confidential Information and who is a third party? Consider the following groups of persons: management of the receiving party, employees participating in the Project, other employees of the receiving party, affiliate companies, external advisors with special confidentiality duties (attorneys), other external advisors.
- What steps must be undertaken before Confidential Information may be disclosed to third parties? Consider e.g. written consent of the disclosing party or concluding a separate NDA.
The NDA might become impracticable if the receiving party’s personnel involved in the Project is included in the group of third parties and if the procedural hurdles for disclosing information to this group of persons are too high. Most likely, the parties will then ignore the NDA, a factor that may be taken into account by courts in later potential legal disputes.
Typically, NDAs contain exceptions from confidentiality for information that is already known to the Receiving Party, that is publicly available, that is rightfully received from a third party, that is developed independently by the receiving party, or that that the receiving party is required to disclose as a matter of law.
The exception can be drafted a) as exception from “confidential information” as part of the definition b) as exception from the confidentiality obligation, or c) as exception from the NDA’s scope of application. I personally prefer solution a), solution c) should be avoided because it’s meaning is unclear.
What is essential is to clarify the burden of proof. Compare the following examples:
“Confidential Information” means any information […] and that is a) not publicly available at the time the Agreement is signed […].”
“Confidential Information” means any information […] unless it is a) publicly available at the time the Agreement is signed […].”
In the first example, the definition contains several cumulative requirements that have to be met in order to consider information ‘Confidential Information’. Based on the ‘principle eo incumbit probation qui dicit, non qui negat’ it is arguable the claimant would have to prove that the information was not publicly available, while in the second example the defendant would have to prove the contrary. To avoid any doubt, it should be stated clearly in the NDA who bears the burden of proof for the exceptions. Bear in mind: it will be almost impossible for the disclosing party to prove that information was not somewhere available.
The following points should be furthermore considered:
- What point in time is decisive for finding that information was available?
- Are there notification requirements for the receiving party?
- Where the receiving party invokes a legal obligation to disclose, should the applicable law be specified further?
- Should the receiving party be obliged to seek all available legal remedies against court orders to disclose?
5. Remedies, Dispute Resolution and Applicable Law
It is essential for the disclosing party that it has prompt and effective remedies if a confidentiality breach occurs. If damages are the only remedy available to the disclosing party, it has to account for the economic loss it has suffered as consequence of the breach. This may be difficult or even impossible to prove, and only after years of litigation. Which remedies are available largely depends on the applicable law and on which courts have jurisdiction. Common law countries may be hesitant to order injunctive relief / specific performance. A penalty or liquidated damages are probably the most effective remedy, however, there are restrictions in some countries (e.g. Germany). Thus, it is essential that you seek the assistance of a foreign legal counsel if you agree to foreign law or jurisdiction.
Although arbitration often is an efficient means of dispute resolution, I am hesitant to include arbitration clauses in NDAs. It takes time until an arbitration tribunal is constituted, and the defendant can delay the proceedings. Therefore, other options should be considered.
6. No Representations or Warranties as to Accuracy of Confidential Information
Many NDAs contain a clause that the disclosing party neither represents nor warrants that the disclosed Confidential Information is correct. The purpose is to avoid the disclosing party’s (pre-contractual) liability for information disclosed before the envisaged business deal (e.g. a share purchase agreement) is concluded. This liability for information on which the receiving party relied is then exclusively governed by the business deal.
If you include such provisions, be aware that you draft them in accordance with the legal language of the applicable law. The combination of ‘Representations & Warranties’ implies a common law background. A court in a civil law country most likely will interpret the provision as it was intended. To exclude doubt, you could for instance refer to the legal terms of the applicable law in brackets (e.g. ‘The disclosing party neither represents nor warrants the accuracy of the Confidential Information (keine Zusicherung oder Garantie der Richtigkeit)’).
7. Term of the NDA and Obligations at the End
The NDA should state its term. The confidentiality obligation should survive the end of the term, and a termination should have no effect on it.
The NDA should also state rules on what has to happen with disclosed Confidential Information (e.g. return or deletion). Be aware that statutory rules might oblige the receiving party to keep records e.g. for tax purposes for a certain time.
8. Third Parties
Consider if it makes sense to entitle third parties to seek remedies if there is a confidentiality breach (so-called third-party beneficiaries). If you wish to do so, check if and under what conditions the applicable contract law acknowledges third-party beneficiaries.
While it may be possible to include third-party beneficiaries, this will most certainly not be the case for obligors. It is a general principle of contract law that a contracts does not create obligations for third parties (so-called ‘pacta tertiis’-rule). A confidentiality breach by a third party may however be attributed to the receiving party (see also supra D.3). Or third parties explicitly agree to be bound. Make sure what you want to achieve and draft accordingly. Consider the following provision: ‘The Parties agree that employees and advisors are bound by the confidentiality obligation stated in section X above.’ Although a court might interpret this provision as a rule on attribution, it could also consider it invalid.
9. Ownership and Intellectual Property
The NDA should contain rules on ownership of Confidential Information where reasonable. Also, it should clarify that disclosure of information does not entail the granting of a license with regarding to the Confidential Information.
10. Non-Competition and Non-Solicitation
If the receiving party has close contact to essential employees and customer data of the disclosing party, a non-solicitation clause is reasonable. If you want to include a non-competition clause, check applicable unfair competition and anti-trust laws first.
 See also Stark, Drafting Contracts, 2nd ed., Aspen 2013, chap. 23.5.