What is an NDA (non-disclosure agreement)?

Published Monday 22 June 2026

Table of contents

• What is an NDA?
• When do businesses use NDAs?
• Types of NDAs
• What to include in an NDA
• UK law and NDA restrictions
• What happens if someone breaches an NDA?
• Common NDA mistakes to avoid
• Keep your financial records organised with Xero
• FAQs on NDAs

Key takeaways

• A non-disclosure agreement (NDA) is a legally binding contract that protects sensitive business information from being shared without permission. You can use one whenever confidential details change hands.
• UK law now limits how NDAs can be used. The Victims and Prisoners Act 2024 and the Employment Rights Act 2025 prevent NDAs from silencing reports of criminal conduct, harassment, or discrimination.
• Every NDA should clearly define what counts as confidential information, who is bound by it, how long it lasts, and what happens if someone breaks the terms.
• Getting professional legal advice before signing or issuing an NDA helps you avoid costly mistakes such as overly broad definitions or unenforceable clauses.

What is an NDA?

When you share sensitive information with another person or business, you need a way to keep it protected. A non-disclosure agreement (NDA) does exactly that.

A non-disclosure agreement (NDA), also called a confidentiality agreement, is a legally binding contract between 2 or more parties. It sets out what information must be kept confidential and what happens if someone shares it without permission.

NDAs can cover a wide range of sensitive details. These include trade secrets, financial records, customer lists, product designs, business strategies, and intellectual property such as trade marks.

You'll come across NDAs at many stages of running a business, from hiring staff to exploring partnerships or seeking investment. They give you a clear, enforceable way to control who sees your most valuable information.

When do businesses use NDAs?

NDAs are useful in any situation where confidential information needs to be shared with someone outside your immediate team. Here are some of the most common scenarios for small businesses.

Employee onboarding

When you bring on new team members, they often gain access to client data, pricing structures, and internal processes. An NDA signed during onboarding makes it clear that this information stays confidential, both during their employment and after they leave.

Business partnerships

Exploring a joint venture or collaboration usually means sharing financials, customer insights, or operational plans. An NDA protects both sides while you work out whether the partnership is a good fit.

Mergers and acquisitions

If you're buying a business or selling your business, due diligence involves opening your books to the other party. An NDA ensures that sensitive details don't leak if the deal falls through.

Supplier relationships

Working with suppliers sometimes means sharing product specifications, manufacturing processes, or pricing models. An NDA stops a supplier from passing those details to your competitors.

Investor discussions

When you find investors for your business, you'll need to share financial projections, growth plans, and other commercially sensitive data. An NDA gives you confidence that your information won't be used against you.

Research and development projects

If you're developing a new product or service with external collaborators, an NDA protects your ideas and innovations before they reach the market. This is especially helpful if you haven't yet filed for patent or trade mark protection.

Types of NDAs

Not every situation calls for the same type of NDA. The right one depends on who is sharing information and how the information flows between the parties.

Unilateral (one-way) NDA

A unilateral NDA protects information shared by 1 party only. For example, you might ask a freelance developer to sign one before giving them access to your proprietary software code. The obligation to keep information confidential falls entirely on the receiving party.

Mutual (two-way) NDA

A mutual NDA protects both parties equally. This is common when 2 businesses explore a partnership and both share sensitive information. Each side agrees not to disclose the other's confidential details.

Multilateral NDA

A multilateral NDA involves 3 or more parties. Instead of each pair signing a separate agreement, everyone signs 1 document. This can save time and reduce paperwork when multiple businesses collaborate on a project.

What to include in an NDA

A well-drafted NDA clearly sets out the terms so that all parties understand their obligations. Here are the key components to include.

• Parties involved: Name every individual or business bound by the agreement, including their registered addresses.
• Definition of confidential information: Spell out exactly what counts as confidential. Vague definitions can make the NDA harder to enforce.
• Exclusions from confidentiality: Identify information that isn't covered, such as details already in the public domain or independently developed by the receiving party.
• Permitted uses of information: State how the receiving party is allowed to use the confidential information and whether they can share it with specific third parties, such as legal advisers.
• Time period: Set a clear start and end date for the confidentiality obligations. This might range from 1 year to 5 years, depending on the nature of the information.
• Consequences of breach: Outline what happens if someone breaks the agreement, including potential legal action, financial damages, or injunctions.

UK law and NDA restrictions

While NDAs are a valuable tool for protecting business information, UK law places important limits on how they can be used. You should be aware of these restrictions before drafting or signing any agreement.

Victims and Prisoners Act 2024

Section 17 of the Victims and Prisoners Act 2024 introduced significant changes for NDAs signed on or after 1 October 2025. Any NDA clause that prevents someone from disclosing information about criminal conduct is now unenforceable. This means you cannot use an NDA to stop someone reporting a crime.

Employment Rights Act 2025

The Employment Rights Act 2025 goes further in the workplace. It voids any NDA clause that prevents workers from raising allegations of harassment or discrimination. If you include such a clause in an employment-related NDA, it will have no legal effect.

Whistleblowing protection

The Public Interest Disclosure Act protects employees who report wrongdoing at work. An NDA cannot override these protections. If a worker has a genuine concern about illegal activity, health and safety risks, or environmental damage, they have a legal right to speak up.

Reporting to regulators and police

No NDA can prevent anyone from reporting concerns to a regulator such as HMRC, the Financial Conduct Authority, or the Information Commissioner's Office. Similarly, NDAs cannot stop someone from cooperating with a police investigation.

Solicitors Regulation Authority guidance

The Solicitors Regulation Authority (SRA) updated its guidance on NDAs in August 2024. Solicitors must now ensure that NDAs they draft or advise on comply with current legislation. They must also make sure clients understand that NDAs cannot be used to prevent lawful disclosures, including disclosures about data protection concerns.

What happens if someone breaches an NDA?

Breaking an NDA is a serious matter, but it's typically handled as a civil issue rather than a criminal one. Here's what you can expect if someone breaches the terms.

The most common remedy is a breach of contract claim. You can take the other party to court to recover financial damages caused by the disclosure. This might include lost revenue, damage to your competitive position, or costs associated with the breach.

In urgent cases, you can apply for a court injunction. This is a legal order that stops the other party from sharing or continuing to share your confidential information. Injunctions can be granted quickly when there's a risk of immediate harm.

If the NDA is linked to an employment contract, a breach could also lead to disciplinary action or termination. The specific consequences should be set out clearly in the agreement itself.

Common NDA mistakes to avoid

A poorly drafted NDA can be difficult or even impossible to enforce. Here are the most common pitfalls to watch out for.

• Using overly broad definitions: If the definition of confidential information is too vague, a court may decide it's unreasonable and refuse to enforce it. Be specific about what's covered.
• Setting unrealistic time periods: Choosing an indefinite or excessively long confidentiality period can make the agreement unenforceable. Pick a time frame that reflects how long the information genuinely needs protection.
• Covering publicly available information: You can't protect information that's already in the public domain. Make sure your NDA excludes details that are widely known or easily discoverable.
• Drafting ambiguous clauses: Vague language, missing clauses, or contradictory terms can all weaken your NDA. Clear, precise wording reduces the risk of disputes.
• Skipping legal advice: Using a generic template without professional review can leave gaps in your protection. A solicitor can tailor the NDA to your specific situation and ensure it complies with current UK law.

Keep your financial records organised with Xero

NDAs often come into play when you're sharing financial information, whether that's during a funding round, a business sale, or a new partnership. Having your accounts organised and up to date makes these processes smoother and more professional.

Xero's cloud-based accounting software helps you keep your financial records accurate and accessible. You can share reports, invoices, and cash flow summaries with confidence, knowing your data is well-organised and ready for due diligence. Get one month free.

FAQs on NDAs

Here are answers to frequently asked questions about NDAs.

How long does an NDA last?

Most NDAs last between 1 and 5 years, but some include perpetual clauses for trade secrets that never lose their value. Courts may challenge unusually long or vague time periods, so it's worth getting legal advice on what's reasonable for your situation.

What is the difference between an NDA and a confidentiality agreement?

There is no difference. An NDA and a confidentiality agreement are 2 names for the same type of legal contract. Both create a binding obligation to keep specified information private.

Can you share NDA-protected information with your accountant?

It depends on the terms of your NDA. Many agreements include a clause allowing you to share information with professional advisers such as accountants and solicitors, provided they also agree to keep it confidential.

What happens when an NDA expires?

Once an NDA reaches its end date, the confidentiality obligations stop, and both parties are free to use the previously protected information. If you need ongoing protection after expiry, you can negotiate a new agreement or include a renewal clause in the original NDA.

When should a small business not use an NDA?

Skip the NDA if the information you're sharing is already publicly available or if the agreement would create friction in an early-stage business conversation. NDAs work best when genuine trade secrets, proprietary data, or financial details are at stake.