Mutual Confidentiality Agreement Template

In plain language: Identifies both parties by legal name and states the specific business purpose for which information will be shared — the reason both parties are entering the agreement.

Common mistake: Stating the purpose too broadly (e.g., 'any future business') rather than the specific transaction. An overly broad purpose can extend protections beyond what either party intended and create obligations that outlast the relevant relationship.

In plain language: Specifies exactly what types of information are covered — the broader and more precise this definition, the stronger the protection. It should include written, oral, electronic, and visual disclosures.

Common mistake: Requiring confidential information to be marked 'CONFIDENTIAL' in writing to qualify. Oral disclosures are common in business discussions, and a marking requirement leaves them unprotected unless a written summary is provided within a set follow-up period.

In plain language: The core operative clause — each party promises to keep the other's confidential information secret and to use it only for the stated purpose, applying at least the same care they apply to their own confidential information (and no less than reasonable care).

Common mistake: Omitting the non-use obligation and only prohibiting disclosure. A party that internally uses confidential information to compete — without ever disclosing it to a third party — technically complies with a disclosure-only clause while causing real harm.

In plain language: Allows each party to share confidential information with its own employees, officers, attorneys, accountants, and advisors who have a genuine need to know it for the stated purpose — and makes the disclosing party responsible for ensuring those representatives comply.

Common mistake: Failing to specify that Representatives must be bound by obligations at least as protective as the agreement itself. Without this, a party can share trade secrets with a consultant or agent who owes no independent duty of confidentiality.

In plain language: Carves out four standard categories that cannot be protected: information already public, information the receiving party already knew, information independently developed without reference to the disclosing party's data, and information lawfully received from a third party with no restriction on disclosure.

Common mistake: Drafting exclusions that are too narrow — for example, only excluding information that is 'in the public domain' without covering information that later becomes publicly available. Courts will enforce the literal text, leaving parties arguing over technicalities.

In plain language: Addresses what happens if a court or regulator requires a party to disclose the other's confidential information — typically requiring the receiving party to give prompt notice so the disclosing party can seek a protective order.

Common mistake: Omitting this clause entirely. Without it, a receiving party served with a subpoena has no contractual obligation to notify the disclosing party — who then has no opportunity to intervene and protect its trade secrets.

In plain language: Sets the duration of the agreement and each party's confidentiality obligations, and clarifies that obligations survive termination for a defined period — or indefinitely for trade secrets.

Common mistake: Setting the same fixed term for all confidential information, including trade secrets. Trade secrets have indefinite legal protection under the Defend Trade Secrets Act and equivalent statutes — a 2-year term cap effectively hands over trade secrets at expiration.

In plain language: Requires each party, upon request or at termination, to return or permanently destroy the other's confidential information — including copies in all formats — and to certify in writing that it has done so.

Common mistake: No carve-out for information retained in routine system backups or required to be kept by law. Without it, the return-or-destroy obligation is technically breached every time an automated backup runs — which courts generally find impractical to enforce.

In plain language: Acknowledges that monetary damages may be inadequate for an NDA breach and expressly authorizes the disclosing party to seek an injunction without posting a bond — removing a procedural hurdle that could delay emergency court relief.

Common mistake: Omitting this clause and relying on a general damages claim. Proving the dollar value of a trade secret disclosure is notoriously difficult — without the express injunctive-relief provision, a court may require the injured party to post a bond and demonstrate specific monetary harm before granting emergency relief.

In plain language: Specifies which jurisdiction's law governs the agreement and how disputes will be resolved — typically litigation in a named court, or arbitration for parties that prefer confidential proceedings.

Common mistake: Choosing a governing-law jurisdiction with no connection to either party's business. Courts in some states — California in particular — apply local law to disputes involving California-based employees or operations regardless of what the contract states.

A mutual confidentiality agreement — also called a bilateral NDA or mutual non-disclosure agreement — is a legally binding contract in which two parties agree to protect each other's confidential information from unauthorized disclosure and use. Unlike a one-way NDA, the obligations run in both directions: each party is simultaneously a disclosing party and a receiving party. It is typically used when both sides will share sensitive information during a business negotiation, partnership exploration, or due diligence process.

A one-way NDA protects only the disclosing party's information — the receiving party has obligations but the disclosing party does not. A mutual NDA creates symmetrical obligations: both parties are bound to protect what they receive. Use a one-way NDA when only one party is sharing sensitive data (for example, a vendor learning a client's processes). Use a mutual NDA whenever both parties will share confidential information, regardless of whether the volumes exchanged are equal.

Two to five years is the standard range for general confidential information in most business contexts. The appropriate term depends on how long the underlying negotiation is likely to run and how quickly the information will become commercially stale. Trade secrets should be covered by an indefinitely surviving obligation — not capped at the agreement's general term — because they retain legal protection for as long as they remain secret. A two-year cap on trade-secret obligations effectively surrenders protection at expiration.

A mutual confidentiality agreement is generally enforceable when it meets the basic requirements of a valid contract — offer, acceptance, and consideration (the mutual exchange of confidentiality obligations itself constitutes consideration in a bilateral NDA). Courts in the US, Canada, the UK, and the EU routinely enforce mutual NDAs. Enforceability can be weakened by an overly broad definition of confidential information, an unreasonably long term, or a governing-law clause with no connection to either party.

No. In the vast majority of jurisdictions, a mutual confidentiality agreement does not require notarization to be valid or enforceable. Both parties' wet or electronic signatures are sufficient. Notarization may be required in certain international contexts or if the agreement will be used in a jurisdiction with specific formality requirements — consult local counsel if the transaction crosses into a civil-law country where notarial acts carry greater legal significance.

The non-breaching party can pursue monetary damages for losses caused by the breach and, critically, seek injunctive relief to stop further disclosure — which is often more valuable than damages because it acts immediately. Most mutual NDAs include an express injunctive-relief clause acknowledging irreparable harm and waiving the bond requirement, which lowers the procedural burden for obtaining emergency court relief. In some jurisdictions, willful misappropriation of trade secrets can also trigger exemplary damages and attorney fee awards.

Not automatically. Information disclosed before signing is generally outside the agreement's scope. To cover pre-agreement disclosures, add a clause that expressly brings within scope any information shared between the parties on or after a specified prior date. This is particularly important when a preliminary conversation included financials or technical details before the parties formalized the relationship.

A mutual NDA binds the corporate entity and its representatives who receive information under the agreement, but it does not replace a direct employee confidentiality obligation. For robust protection, each employee who accesses the other party's information should be subject to their own employment confidentiality agreement or a separate acknowledgment. The permitted-disclosure clause in the mutual NDA should require that Representatives be bound by obligations no less restrictive than the agreement itself.

A residuals clause allows a receiving party's employees to use, in their unaided memory, information absorbed during the relationship — even after the NDA is in effect. It is a carve-out frequently pushed by large technology companies in B2B negotiations. For most businesses sharing standard commercial information, residuals clauses are relatively benign. For companies sharing source code, specific formulas, or detailed technical architecture, accepting a residuals clause significantly weakens protection and should generally be resisted or narrowly scoped.