When do you need an NDA — and when does it just slow things down

A non-disclosure agreement creates an enforceable obligation on a counterparty to keep specified information confidential. Done well, it produces three things: a defined scope of confidential information, a clear permitted purpose, and a remedy if the obligation is breached. The legal weight is real but bounded.

What an NDA does not do: stop a leak, replace operational security, or prevent a counterparty from competing with you. An NDA gives you a cause of action after a breach. It does not undo the breach.

The most common mistake is signing or insisting on an NDA when the underlying disclosure does not actually require one. Doing so signals that the conversation is more serious than it is, slows the counterparty's lawyer engagement, and produces an obligation neither side will actually enforce.

First: M&A diligence. Once a counterparty is reading your financials, customer list, and roadmap, the NDA is the artefact that lets the conversation go deep. Use a mutual NDA — both sides will end up disclosing.

Second: a vendor evaluation where you'll share roadmap, customer data, or unreleased product details. A one-way NDA from the vendor to you is typically appropriate.

Third: an employment relationship, where the new hire will see customer data, trade secrets, or proprietary code. An employee NDA, often packaged with an IP assignment, runs alongside the offer letter.

Investor conversations: VCs see hundreds of decks and signing an NDA for every one is impossible. Asking signals inexperience. The early conversation is supposed to be high-trust and high-signal; if you can't tell a fundable story without a legal structure around it, the story isn't ready.

Job applications: candidates don't sign NDAs to apply. The NDA comes at offer-acceptance, not at first interview. Asking earlier signals that the role will be defensive in shape.

Conference pitches, podcast invitations, journalist outreach: an NDA for an external speaking moment is almost always wrong. If the topic is genuinely sensitive, decline the invitation.

When you do use an NDA, scope it to the actual disclosure. Define the confidential information precisely. Set a finite term (2–5 years is typical). Specify a permitted purpose — one transaction, one diligence stream, not a general relationship.

Avoid the wishy-washy 'standard NDA' that floats around procurement folders. Trade-secret protections extend beyond a defined term as long as the information remains confidential; sensitive but non-trade-secret information should be time-bound.

And remember the simplest filter: the best NDA is the one neither party ever needs to enforce. If the conversation goes well, the document stays in the folder. If it goes badly, the document is your starting point — not your salvation.