Back

Spotlight On: Non-Disclosure Agreements

April 28, 2025


Key documents to help get deal negotiations underway.


Non-disclosure agreements, or NDAs, are often presented at or near the beginning of negotiations. NDAs are designed to address the challenge of protecting information that one party discloses to another as they work towards a deal.

NDAs are sometimes seen as a relatively standardized document, to be completed quickly with a one-size-fits-all approach to drafting. However, some key considerations for any NDA that merit careful attention are:

  • whether the NDA is unilateral or mutual;
  • how “confidential information” is defined;
  • the purpose for which the recipient of “confidential information” can use it; and
  • the term for which information must be kept confidential.

Here’s what to focus on when working with these documents.

Unilateral vs Mutual

Whether an NDA is unilateral or mutual depends on how the parties expect confidential information to be shared: whether information will flow only one way, or whether both parties will be sharing information about each other. Whoever receives confidential information (i.e. the “recipient”) takes on the burden of maintaining its confidentiality.

An NDA should only be mutual if both parties expect to share information with the other. Typically, a potential purchaser or investor is receiving confidential information from the target or seller and accordingly is the only one subject to confidentiality obligations.

However, if there is a reason both parties are conducting due diligence on each other – for example, where the purchaser is paying for all or part of the acquisition with its own shares, or in a joint venture scenario – a mutual NDA may be appropriate.

Identity of the Parties

The identity of the parties and their business activities are relevant to how an NDA operates. For example, a recipient may consider it important that it and its affiliates are not bound by terms of an NDA which would restrict their ability to conduct business activities (which may include competing with the disclosing party) even if they receive confidential information. As such, it is important to clearly define who the recipient is in an NDA. The definition of “recipient” should be specific enough to not inadvertently capture additional entities such as affiliates or representatives which will not receive confidential information and should not be subject to specific obligations such as standstills or non-solicits.

In some instances, a potential recipient may be asked by an intermediary, such as a financial advisor, to execute an NDA without knowing the identity of the target. This generally happens when simple knowledge of the target’s interest in a transaction could have an impact on its business or the price of its securities. If the name of the target is not disclosed prior to signing the NDA, the NDA should be drafted to (i) provide the recipient with the opportunity to expressly decline receiving any further confidential information following disclosure of the target’s identity, (ii) limit the recipient’s obligations under the NDA to maintaining the confidentiality of the target’s identity, and (iii) release the recipient from any restrictive obligations that would otherwise extend for the original term of the NDA, such as non-solicits.

The identity of the disclosing party is particularly important in the context of a public target. Recipients should consider the securities law implications of receiving confidential information of a public company, including insider trading and “tipping” prohibitions. The disclosing party will want to receive representations from the recipient that it and its representatives are aware of such laws. The recipient should have an internal process in place to ensure that no one with access to the confidential information trades in the relevant securities. Even if a recipient has declined to receive further confidential information as described in the paragraph above, recipients should keep in mind that knowledge of the disclosing party’s identity and interest in a transaction may by itself constitute material non-public information which restricts the ability of the recipient to trade in the disclosing party’s securities.

Definition of Confidential Information

Most NDAs use a defined term such as “Confidential Information” to capture the range of non-public information that is protected under the agreement.

Typically, the disclosing party wants the scope of the definition to be as broad as possible, especially in respect of types of information from which the provider derives economic value or that is personal information protected under privacy legislation, whether disclosed before or after the parties sign the NDA. On the other hand, the recipient may prefer to have a more narrow or specific scope, in order to minimize the recipient’s burden to keep the information confidential, and also to help the recipient clearly identify what constitutes confidential information and what does not. Parties should also consider whether any information was exchanged prior to the execution of the NDA, and draft the definition to either expressly include or exclude such information.

“Confidential Information” typically does not include information which:

  • is or becomes public through no breach of the agreement by the recipient;
  • has been independently obtained or developed by the recipient (without the use of any of the disclosing party’s confidential information);
  • was in the recipient’s possession prior to receiving it from the disclosing party; and
  • was disclosed to the recipient by a third party which is not, to the recipient’s knowledge, subject to a confidentiality obligation to the disclosing party.

Term

NDAs often specify a length of time for which confidential information must be kept confidential. This term can run for a period of months, years, or be indefinite. The recipient, which takes on the burden of maintaining the secrecy of such information, should be prepared to protect the information for the agreed period of time.

Purpose

An NDA should state the purpose for which the recipient may use the confidential information it receives. The purpose will be context specific and should typically identify the proposed transaction for which information is being shared with as much accuracy as possible at the time. The purpose should be broad enough to cover the entire process but specific enough to reduce the possibility that the disclosing party’s confidential information can be used for any unexpected objective.

When a disclosing party is a public company, NDAs will often include a standstill provision that expressly prohibits the recipient from making or participating in an unsolicited bid going forward. Such provisions will typically provide narrow carveouts for normal course market purchases; however, absent an express standstill provision, a narrowly drafted purpose provision (i.e. one that only contemplates a negotiated transaction) can effectively restrain the recipient from “going hostile” during the term of the NDA or longer.

Who Receives Confidential Information

In a transactional context, the recipient will likely need to share confidential information with a range of individuals and entities such as its lawyers, auditors, and consultants as well as financing sources, partners and board members. A recipient may also wish to be able to share limited confidential information with its stakeholders and investors to solicit additional support or investments in connection with the proposed transaction. These parties together are often referred to as “representatives”.

The definition of representatives may include a broad category – for instance, the definition may include the recipient’s shareholders generally, but information may only be shared by the recipient with specific shareholders and not the group as a whole. As recipients are frequently responsible for the conduct of their representatives under an NDA, recipients should ensure that only parties who receive confidential information will be deemed to be representatives, even if they fall under a named category.

Disclosing parties will generally try to limit the definition of representatives as there are inherent concerns with broadening the extent of disclosure beyond the immediate advisors a recipient may require, including concerns over potential collusion among bidders in an auction situation. It is important to keep the list of such permitted persons specific so both parties are clear on who may or may not receive confidential information.

Furthermore, disclosing parties may want assurances from the recipient that representatives will only receive the confidential information required to complete their duties and will keep the information secret to the same extent as the recipient promises to do in the confidentiality agreement. Recipients should be on the lookout for specific commitments to enforce compliance on the part of their representatives, and carefully consider the additional obligations and liabilities that may arise as a result.

Required Disclosure

There may be instances in which a recipient and its representatives are required by law to disclose confidential information (e.g. in the context of a court order). Parties should consider setting out the obligations of the recipient in such instances, including whether the recipient must notify the disclosing party of the disclosure requirement, which steps the recipient must take in seeking confidential treatment of the information, whether the recipient must obtain a legal opinion as to the required disclosure, and who will bear the costs (such as legal fees) of any such steps.

Non-Solicit and No-Contact Provisions

Non-solicit and no-contact provisions limit a recipient’s ability to solicit or communicate with the disclosing party’s employees, customers and suppliers.

Non-solicit provisions address the concern that recipients may poach employees with whom they come into contact in the course of a potential transaction. Disclosing parties will want this provision to be as broad as possible so no employees may be solicited by a recipient. Recipients on the other hand will want the provision to be narrower, so as to not unduly impact their normal course recruitment activities. A common middle ground is to limit non-solicits to a specific category (or categories) of employees a recipient has engaged with in connection with the proposed transaction. Non-solicits typically include customary carve-outs, whereby recipients are not prohibited from soliciting or hiring employees:

  • via a general solicitation or solicitations using executive or personnel recruiters that are not directed or encouraged to target the disclosing party’s employees;
  • who make unilateral solicitations to the recipient; or
  • who are no longer employed by the disclosing party for a specified period.

No-contact provisions seek to address a disclosing party’s concern that clients or employees will be tipped off that a transaction is underway. The recipient may wish to limit the scope of such provisions to ensure they are not prohibited from contacting customers and suppliers in the ordinary course of their own business. Recipients may also want to conduct due diligence on the disclosing party by speaking with other operators within the industry. The disclosing party on the other hand will want to ensure such communication does not disclose the potential transaction or confidential information.

Standstills

In the context of a public company, the disclosing party may wish to include a standstill provision which limits the recipient’s ability to make or participate in an unsolicited bid. A standstill often also delineates which, if any, open market purchases the recipient may be permitted to make during the standstill period. The recipient will want to keep the standstill period as short as possible and ensure it applies strictly to the recipient and not its representatives (or limit the application of the clause to its representatives over which it exercises control). Other factors that may be negotiated include:

  • whether the recipient can make an offer regarding the purchase or sale of securities or assets of the target or any of its subsidiaries to the board of directors;
  • if the recipient will be released from the standstill when the company “goes into play” (i.e. a third-party transaction is announced); and
  • most-favoured nation language (which would ideally grant the recipient the opportunity to substitute the standstill provisions in its agreement with those in another potential acquirer’s NDA, if such provisions are materially more favorable)

Destruction or Return of Information

To minimize the risk of unintended disclosure, disclosing parties will want to include mechanisms whereby the confidential information is returned to them or, more commonly in our current digital age, destroyed. Such mechanisms may be triggered by either a request from the disclosing party or by the recipient providing notice they no longer wish to proceed with a potential transaction.

Recipients may wish to include carve-outs to the obligation to return or destroy confidential information whereby copies or traces of the confidential information may remain in its records, for example in computer backup or archive files, or to comply with applicable laws or professional standards.

Injunctive Relief

Often an NDA will provide that the disclosing party may seek equitable relief (such as an injunction) against a breach or a threatened breach by the recipient. The recipient may wish to resist language allowing the disclosing party to obtain (as opposed to seek) an injunction. Parties may also wish to specify how costs will be dealt with in the event of a breach by either party.

Indemnities

Sometimes an NDA will include an obligation for the recipient to indemnify the disclosing party for losses caused by its breach of the agreement. Such provisions will increase the scope of potential exposure for the recipient. Recipients will typically want the disclosing party to rely on general principles of contract law and damages instead of indemnification.

Disclosing Confidential Information in Practice

Regardless of how carefully your NDA is drafted, enforcing the agreement and proving a breach can be a challenge. Moreover, any information leak can be difficult or impossible to contain or be compensated adequately with monetary damages. Accordingly, it can be helpful to consider some “best practices” when sharing confidential information with a potential acquirer.

Often, M&A and financing transactions involve a datasite where material information about the disclosing party is uploaded for review by the would-be acquiror or investor. Where a datasite is used, it is often good practice for the executive(s) leading the negotiations at the disclosing party to review everything in the datasite before access is granted to any third parties, to ensure that it is populated with the right documents (and only those documents).

There are also alternative approaches to share information, including:

  • uploading more sensitive information to the datasite later in the deal negotiation process (and closer to closing);
  • sending information only to specific people instead of uploading it to the datasite;
  • sharing information only between lawyers;
  • redacting or encoding certain information; and
  • sharing information in person only, in hard copy.

Disclosing parties should also be aware of any confidentiality obligations of their own that they owe to third parties.

“Personal information” and Privacy Law Considerations

Privacy laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) define “personal information” as any information about an identifiable individual. A disclosing party should consider whether any information it proposes to disclose includes personal information – employee information is a common example.

PIPEDA restricts how personal information can be disclosed and usually requires the knowledge and consent of the individual to be obtained. However, there is an exception in PIPEDA for use and disclosure of personal information by parties to a prospective business transaction, so long as:

  • an agreement is in place that requires the recipient organization to:
    • use and disclose that information solely for purposes related to the transaction,
    • protect that information by security safeguards appropriate to the sensitivity of the information, and
    • if the transaction does not proceed, return that information to the organization that disclosed it, or destroy it, within a reasonable time; and
  • the personal information is necessary:
    • to determine whether to proceed with the transaction, and
    • if the determination is made to proceed with the transaction, to complete it.

PIPEDA is one of a variety of privacy-related statutes in force in Canada. Parties should consider if any other privacy considerations apply to their transaction.

This blog post is not legal or financial advice. It is a blog which is made available by SkyLaw for informational purposes and should not be used as a substitute for professional advice from a lawyer.

This blog is subject to copyright and may not be reproduced without our permission. If you have any questions or would like further information, please contact us. We would be delighted to speak with you.

© SkyLaw . All rights reserved. SkyLaw is a registered trademark of SkyLaw Professional Corporation.