Non-disclosure agreement NDA
A contract binding recipients to keep shared information confidential; many rooms require e-signing an NDA before entry.
A non-disclosure agreement (NDA), sometimes called a confidentiality agreement, is a legally binding contract in which a party who receives sensitive information promises not to disclose it to outsiders or use it for any purpose beyond the deal at hand. In a transaction, the seller shares financials, contracts, customer data, and trade secrets with buyers, advisers, and lenders long before anything is signed. The NDA is the legal fence around that disclosure: it defines what counts as confidential, who may see it, how long the duty lasts, and what happens if it leaks. It converts a handshake about discretion into an enforceable obligation with real remedies.
How does an NDA work in a virtual data room?
In a modern deal the NDA is the gate you pass through before the data room opens. The seller or its adviser sends each prospective buyer an NDA, and only after it is signed does the room administrator grant login credentials and set permissions. Many virtual data rooms embed this step directly: an invited user must e-sign the NDA on first login before any folder becomes visible, and the platform stamps the signed copy into the audit trail as proof of acceptance.
The NDA and the room’s technical controls reinforce each other. The contract states the rules; features like access controls, watermarking, and view-only permissions enforce them. Together they let a seller open the books to several competing bidders at once while keeping each party legally and technically boxed into what they are allowed to see.
Why does the NDA matter for M&A and due diligence?
An NDA matters because due diligence forces a seller to hand rivals the exact information that could hurt the business if it escaped. Pricing, margins, key-customer lists, and product roadmaps all sit in the room. Without a signed confidentiality agreement, a bidder who walks away could use what they learned to compete, poach staff, or renegotiate. The NDA gives the seller a contractual claim if that happens, and, just as importantly, a documented basis to shut off access.
It also defines scope precisely. A good NDA names the permitted purpose (evaluating the transaction only), lists who may receive the information (the buyer’s named advisers, not the whole organisation), and sets a term, often two to five years. Where the data is unusually sensitive, parties add a clean team arrangement so that only a ring-fenced group, bound by extra handling rules, ever sees competitive detail.
What does an NDA look like in practice?
A mid-market manufacturer runs a sale process with eight interested buyers. Before anyone gets a login, each buyer e-signs a mutual NDA that names the deal, restricts use to evaluating the acquisition, limits disclosure to the buyer’s deal team and named advisers, and runs for three years. Two bidders drop out early; the seller revokes their access and, because the signed NDAs are logged, retains a clear record and continuing obligation. When one former bidder later approaches a key customer, the seller’s counsel points to the NDA’s non-use clause and the audit log of what that party viewed.
What goes wrong, and how do you evaluate NDA handling?
The frequent failures are practical, not legal. Sellers grant room access before the NDA is countersigned, rely on a template that omits a non-solicitation or non-use clause, or forget to bind the individual advisers who actually open the files. Another common gap is treating the NDA as the only control and then over-sharing; the contract deters, but access controls and staged permissions are what physically limit exposure.
When you assess a provider, check whether it can gate entry on a signed NDA automatically, store the executed copy with the audit record, and revoke access cleanly when a party exits. Our guide to granting and revoking data room access covers the workflow, and our provider reviews note which rooms build NDA acceptance into onboarding.
FAQ
Is an NDA the same as the data room’s security settings? No. The NDA is a legal contract; the data room’s permissions, watermarking, and encryption are technical enforcement. The NDA gives you a remedy if information is misused, while the platform controls limit what a signed party can view, download, or copy. Serious deals use both, since a contract alone cannot stop a screenshot and a technical control alone is not a legal claim.
Should an NDA be mutual or one-way? It depends on who shares. In a straight sale where only the seller discloses, a one-way (unilateral) NDA binding the buyer is common. In discussions where both sides exchange sensitive material, such as a merger or partnership, a mutual NDA that binds each party is standard and usually faster to agree.
How long does an NDA’s confidentiality duty last? Most deal NDAs run for two to five years after signing, though genuine trade secrets can be protected for as long as they stay secret. The term should match how long the information stays commercially sensitive; too short leaves a gap, and an unreasonably long term can be harder to enforce.