How to Write an NDA (2026): The Complete Non-Disclosure Agreement Guide

A Non-Disclosure Agreement is a legal contract creating an enforceable duty of confidence between the parties that sign it. That sentence compresses a surprising amount of work. The duty is enforceable — meaning breach gives rise to legal remedies. The duty is contractual — it exists because the parties agreed to it, separate from whatever default rules the law would otherwise apply. And the duty is about confidence — the expectation that information disclosed for one purpose will not be used or re-disclosed for another. When you cut through the boilerplate, everything in a well-drafted NDA supports those three functions.

The thing an NDA does not do, and is often confused with, is prevent disclosure. You cannot sign a contract and make information un-leak-able. What you can do is shift the economics: make the cost of breach — damages, injunctive relief, attorneys’ fees, reputational damage to the breaching party — high enough that the breach does not happen, or if it does, that you have a viable remedy. An NDA is a deterrent backed by a cause of action. The stronger the deterrent and the cleaner the cause of action, the better the NDA is doing its job.

In 2026, NDAs also do a specific structural job that has become more important year by year: they are the primary remaining tool for protecting post-engagement confidentiality in jurisdictions that have restricted or banned non-compete agreements. California has banned employee non-competes for decades under Business & Professions Code Section 16600. Minnesota, North Dakota, and Oklahoma have broad bans. Washington, Illinois, Massachusetts, Virginia, Colorado, and a growing list of others impose income thresholds and notice requirements. The FTC’s 2024 rule that would have banned non-competes federally was vacated by the Fifth Circuit in 2024 and the FTC formally dismissed its appeal in September 2025 — but the FTC has been clear it will continue pursuing non-competes case-by-case under Section 5 of the FTC Act. In every jurisdiction where non-competes are restricted, NDAs are what remains.

That structural shift makes the drafting harder, not easier. When a non-compete was available, the NDA’s job was narrow: protect specific confidential information. When the NDA is the only restraint available, there is pressure to draft it broadly enough to cover anything the former employee might do that competes with you — and that broad drafting is exactly what the FTC flagged in its 2024 final rule commentary as creating a de facto non-compete subject to challenge. The practical discipline, covered in detail in Section 12, is to keep the NDA drafted as an NDA: focused on confidential information, not on general post-engagement employability.

A complete commercial NDA in 2026 has roughly thirteen sections. Some templates can skip one or two (an interview NDA typically omits standstill, for example). Most can’t skip any of the core structural sections. Here is the anatomy, with what each section actually does:

1. Parties and effective date. Who is signing, what they are (individual, LLC, corporation), where they are based, and as of when. Missing or imprecise party identification is the fastest way to make an NDA unenforceable — courts will not guess at which of three affiliated entities you meant.

2. Definition of confidential information. The category of information the NDA actually protects. The classic formulation is information “marked confidential at disclosure, or that a reasonable person would understand to be confidential under the circumstances.” The test for good drafting is whether the definition is broad enough to cover everything you actually want protected and specific enough that a court can tell on a motion what’s in and what’s out.

3. Confidentiality obligations. What the receiving party has to do: use the information only for the stated purpose, not disclose it without consent, protect it with at least reasonable care. This is where the NDA either has teeth or doesn’t. Weak obligations paired with aggressive carve-outs are a common pattern in counterparty-drafted NDAs.

4. Exclusions and carve-outs. Information not covered even if it technically fits the definition: already public, independently developed, lawfully received from a third party, already known. These are standard and enforceable; eliminating them creates unenforceability risk, not protection.

5. DTSA whistleblower notice. Required in US employee and contractor NDAs to preserve statutory exemplary damages and attorneys’ fees under the Defend Trade Secrets Act. Section 4 of this guide covers the mechanics.

6. Protected-disclosure carve-outs. Silenced No More, Speak Out, whistleblower, and NLRA protections. In the United States, these are not optional — they’re required by law in at least a dozen states and federally for certain claim categories. Section 5 of this guide covers the mechanics.

7. Return or destruction of confidential information. What happens at the end: return originals and copies, destroy copies, or either at the disclosing party’s option. The practical middle ground (either-at-option) is most common; the operational realism exception (backup copies subject to ordinary retention) has become standard.

8. Residuals clause (if any). Whether the receiving party can use general concepts retained in employee memory. This is the most-fought-over clause in partnership and M&A diligence. Section 7 of this guide covers negotiation.

9. Term and survival. How long the confidentiality obligation lasts. A typical two-tier structure: fixed term (usually two to five years) for general confidential information, perpetual for anything that qualifies as a trade secret under applicable law.

10. Injunctive relief acknowledgment. Recognition that breach may cause irreparable harm and that the non-breaching party may seek a temporary restraining order or preliminary injunction without posting bond. This matters operationally: when a former employee is about to misuse your customer list, you need a TRO within 48 hours, not a year-long arbitration.

11. Context-specific provisions. Standstill (M&A), non-solicit (employee/contractor/mutual partnership), IP assignment (employment and contracting), liquidated damages (if the breach is quantifiable and symmetrical).

12. Governing law and dispute resolution. Which jurisdiction’s law applies, where disputes go, and whether arbitration is required. Hybrid structures (arbitration for merits, court for injunctive relief) are now standard.

13. Boilerplate and miscellaneous. Entire agreement, amendment, severability, assignment, no-license, no-warranty, counterparts. Rarely read; regularly decisive in litigation. The severability clause in particular determines whether one invalid provision kills the whole contract.

This anatomy is what the generator builds. The specific combinations and language vary by template (mutual, one-way, employee, contractor, M&A, investor, interview) and jurisdiction, but every well-drafted NDA addresses each of these thirteen areas explicitly or by deliberate reference.

The earliest structural decision in any NDA is direction. One-way (unilateral) NDAs have a single disclosing party and a single receiving party; only the receiving party has confidentiality obligations. Mutual (bilateral) NDAs have both parties disclosing and both parties receiving, with symmetric obligations. This choice seems procedural, but it changes almost every downstream clause.

One-way NDAs are legally stronger for the disclosing party. The drafting party gets to resolve every ambiguity in its favor, and there is no countervailing negotiation pressure to weaken obligations or expand carve-outs. Use a one-way NDA when only your side is genuinely sharing sensitive information: a contractor building a feature, an interviewee seeing your roadmap, an employee joining your company. In all of these, the information flow is fundamentally one-directional, and a mutual NDA would create symmetric obligations on a non-existent information stream — drafting that looks balanced but accomplishes nothing.

Mutual NDAs are faster to negotiate and politically easier. Neither party is asking the other for something it won’t give. Mutual NDAs are the default for partnership discussions, M&A diligence, joint-venture evaluation, and any situation where both sides will expose sensitive information as part of evaluating the relationship. The cost is the drafting has to work in both directions — the “Recipient” and “Discloser” labels are usually replaced with “Party A” and “Party B,” and obligations are framed in terms of each party’s role when acting as a discloser or receiver at any given moment.

The generator defaults to mutual for partnership, transaction, and investor contexts and to one-way for employment, contractor, and interview contexts. You can override, but the default captures the common case: disclosing-receiving is symmetric in business evaluations and asymmetric in employment relationships. The one edge case worth flagging is a mutual partnership NDA where the parties’ information flows are genuinely unequal — a large enterprise evaluating a small startup’s technology will share much less than it receives. In that scenario, either ask for a one-way, or accept that the mutual NDA is doing political work more than legal work.

If you are drafting an NDA for a US employee or contractor who will be exposed to trade-secret information — and almost every employee and contractor at a meaningful commercial company is, by some definition — the single most valuable thing you can do is include the Defend Trade Secrets Act whistleblower notice required by 18 U.S.C. Section 1833(b). The provision is short, the inclusion is cheap, and the cost of omitting it is substantial.

The DTSA was enacted in 2016 to create a federal civil cause of action for trade-secret misappropriation. It supplements rather than preempts state trade-secret law (almost every state has enacted a version of the Uniform Trade Secrets Act). Among its remedies are actual damages, unjust enrichment, injunctive relief, and — importantly — exemplary damages of up to double actual damages plus reasonable attorneys’ fees in cases of willful and malicious misappropriation. These exemplary remedies are not available under most state UTSA analogs at the same level.

Section 1833(b) of the DTSA does two things. First, it creates an immunity: individuals cannot be held civilly or criminally liable under any federal or state trade-secret law for disclosing a trade secret either in confidence to a government official or attorney for the purpose of reporting or investigating a suspected violation of law, or in a sealed filing in a lawsuit. Second, and this is the drafting trap, it conditions an employer’s access to exemplary damages and attorneys’ fees on whether the employer provided notice of that immunity in the NDA or other instrument governing the employee’s use of trade secrets. No notice, no exemplary damages, no fee recovery — even in a clear-cut willful misappropriation case.

The notice language is prescribed, and it should appear near the confidentiality obligations rather than buried in a signature page. The generator auto-injects the notice whenever the template is employee or contractor and the jurisdiction includes DTSA coverage. If you are reviewing a pre-2016 NDA form or a form that was copied from a non-US template, check for this notice first — it is the most common single drafting error in US employment NDAs and the one with the clearest downside.

A related question that sometimes arises: does the notice have to appear in every instrument, or is it enough to include it once? The safest answer, and the one most careful employers follow, is to include the notice in every agreement with an employee or contractor that covers use of confidential information or trade secrets — offer letters with confidentiality provisions, standalone NDAs, invention assignment agreements, separation agreements. Some employers include the notice in a single standalone acknowledgment that cross-references all other agreements. The courts have not settled whether that cross-reference structure satisfies the statute, so the belt-and-suspenders approach is to include the notice in each.

Between 2022 and 2026, the rules governing what an NDA can and cannot prevent an employee from disclosing changed more than they had in the preceding thirty years. If you are drafting an employee, contractor, interview, or settlement NDA and you have not updated your template since 2022, the template is almost certainly unenforceable in specific, important ways.

The federal Speak Out Act, enacted in December 2022, voids pre-dispute NDAs and non-disparagement clauses as to claims of sexual assault and sexual harassment. It applies to agreements entered into on or after enactment, and it does not matter whether the agreement is signed by an employee, a contractor, a business partner, or a customer — if the clause purports to prevent disclosure of a sexual assault or sexual harassment claim that arose before the dispute was in a formal posture, the clause is unenforceable. The companion Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act, enacted in March 2022, similarly voids pre-dispute arbitration clauses as to those claim categories at the claimant’s election.

California’s Silenced No More Act (SB 331), effective January 1, 2022, went further at the state level. It voids any provision in an employment, settlement, or separation agreement that prevents the disclosure of “an act that the employee has reasonable cause to believe is unlawful.” In practice, that covers workplace harassment, discrimination, and retaliation based on any characteristic protected under the California Fair Employment and Housing Act — race, sex, sexual orientation, gender identity, national origin, religion, age, disability, and a long list of others. Violating provisions are void as a matter of public policy. An NDA that does not expressly carve out protected disclosures risks being treated as though the carve-out were implied, which opens the door to broader challenges to the rest of the document.

New York’s S.5870 (effective November 17, 2023) applies to employment agreements and requires that any confidentiality provision in a settlement of a harassment, discrimination, or retaliation claim be at the employee’s request, with a 21-day consideration period and 7-day revocation period. Washington, New Jersey, Illinois, Oregon, Hawaii, and a growing list of others have similar structures. The variations in scope matter — some cover only sex-related claims, others cover all protected-class claims, some reach only settlement agreements, others reach all employment NDAs — but the direction of movement is uniform: pre-dispute NDAs cannot silence protected disclosures.

The drafting response is a standard block of carve-out language, typically placed right after the confidentiality obligations, that affirmatively states the agreement does not prohibit the employee from: reporting possible violations of law to government agencies; participating in agency investigations; discussing or disclosing conduct the employee reasonably believes to be unlawful harassment, discrimination, or retaliation; engaging in protected NLRA Section 7 concerted activity; and exercising any right that cannot be waived by contract. The generator includes this block with appropriate tailoring for each jurisdiction. The cost of including it is essentially zero; the cost of omitting it is partial or total unenforceability in a dozen jurisdictions.

The exclusions section of an NDA defines information not covered by the confidentiality obligation even though it would technically fit the definition of confidential information. The four standard carve-outs are nearly universal, and a drafter’s instinct — if you are the disclosing party — might be to leave them out or narrow them. That instinct is usually wrong. The carve-outs exist because courts will not enforce absolute confidentiality obligations against information the recipient could not have kept secret even if they tried. Including them doesn’t weaken enforceability; it strengthens it.

Publicly available information. Information that is or becomes generally available to the public through no breach of this Agreement by the Recipient. The carve-out is necessary because the Recipient cannot un-know information that is in the news, on the Discloser’s website, or in a court filing. Without this carve-out, the Recipient is in breach the moment they read the paper.

Independently developed information. Information the Recipient developed without reference to the Discloser’s confidential information. This carve-out requires the Recipient to be able to demonstrate independent development by contemporaneous written records — which is a meaningful burden. It prevents the Recipient from being sued for eventually developing similar technology or reaching similar conclusions, while giving the Discloser a real tool to contest bad-faith “independent development” claims. Drop this carve-out and you are effectively saying the Recipient can never develop anything similar even through a genuinely clean room; no sophisticated counterparty will sign.

Information rightfully received from a third party. Information the Recipient receives from someone else who was not under a duty of confidentiality. Again, the Recipient can’t be held to keep secret something a third party lawfully told them. The standard formulation requires that the third party had no duty of confidentiality and no restriction on disclosure, which protects against laundering through a third party.

Information required to be disclosed by law. The Recipient can’t refuse to comply with a subpoena or regulatory order. The question is how to handle such a disclosure to preserve the Discloser’s position: prompt notice to the Discloser where legally permitted, so the Discloser can seek a protective order; cooperation with the Discloser’s efforts to limit the scope; disclosure limited to what is actually required. The generator includes this structure.

There is a fifth carve-out sometimes included: information disclosed with the Discloser’s prior written consent. This one is optional and mostly serves as belt-and-suspenders; if the Discloser consented to the disclosure in writing, the Recipient is not breaching. Including it doesn’t cost anything.

The drafting discipline worth flagging: be wary of carve-outs that invert the relationship. A common hostile draft includes a carve-out for “information independently developed by the Recipient or known to the Recipient at the time of disclosure, whether or not documented.” The “whether or not documented” language turns the carve-out into a license — any time the Recipient wants to use your information, they can claim post-hoc they already knew it. The standard formulation requires contemporaneous written records of prior knowledge and independent development, because documentation is the evidentiary substance of the carve-out.

Nothing else in a commercial NDA generates as much negotiation pain as the residuals clause. Large strategic counterparties — Microsoft, Google, Amazon, major venture funds, Fortune 500 acquirers — almost universally require them in partnership diligence and M&A evaluation. Smaller parties resist them. The negotiation is almost always asymmetric, and the outcome is almost always a compromise on scope rather than existence.

A residuals clause permits the receiving party to use information that is retained in the unaided memory of employees who were exposed to the confidential information, provided the employees do not intentionally memorize the information for that purpose. The economic logic from the recipient’s perspective is real: if Google’s Search engineers look at a startup’s confidential algorithm proposal under an NDA and later work on Search improvements, Google does not want to have to prove that every line of code those engineers wrote afterward was untainted. The residuals clause insulates against accidental contamination.

The economic logic from the startup’s perspective is equally real: a broad residuals clause can effectively gut the NDA. If any information an engineer remembers is fair game for use, the NDA provides essentially no protection for conceptual or strategic information — only for specific implementation details the engineer would have to look up.

The practical negotiation resolves along three dimensions. First, scope of what counts as residuals: “general ideas, concepts, know-how, and techniques” (narrow, recipient-friendly) versus “any information retained in unaided memory” (broad, recipient-very-friendly). Second, exclusions: the narrow formulation typically excludes specific implementation details, source code, customer and prospect lists, financial information, and anything specifically marked or identified as highly confidential. Third, license scope: the residuals clause should expressly disclaim granting any patent, copyright, or trademark license, which prevents the recipient from using residuals as a backdoor to IP rights.

A workable narrow residuals clause typically reads along these lines: the Recipient may use general ideas, concepts, know-how, and techniques relating to the Purpose that are retained in the unaided memory of persons who have had access to Confidential Information (“Residuals”), provided that this provision does not grant any license under any patent, copyright, or other intellectual property right, and does not apply to specific implementation details, source code, customer or prospect lists, financial information, or any information intentionally memorized for the purpose of this Section. That language is deliberately narrower than what large strategics originally propose, and large strategics will generally accept it when the exclusions are reasonable and when the drafting does not try to make “unaided memory” functionally impossible to claim.

The negotiation rule of thumb: if you are the smaller party and the counterparty insists on residuals, accept narrow residuals with strong exclusions. If you are the larger party, propose narrow residuals with the exclusions already in your first draft — you’re going to end up there anyway, and signaling reasonableness early speeds up the diligence timeline. The generator offers three presets (none, narrow, broad), defaults to none, and should be moved to narrow only when the counterparty genuinely requires it.

How long should an NDA last? The question is easy to ask and interesting to answer, because the correct answer for commercial information is almost always different from the correct answer for trade secrets.

For commercial confidential information generally, a fixed term of two to five years is the common range. Three years is the most common single choice in venture and M&A contexts. Shorter terms (one or two years) are sometimes requested by counterparties to reduce exposure; longer terms (five or seven years) are sometimes requested for information that retains commercial value over a longer horizon. The economic test is how long the information actually has value before it either becomes public or becomes commercially irrelevant. Roadmaps have short half-lives; customer lists and pricing have medium ones; proprietary processes and manufacturing techniques can have long ones.

For trade secrets specifically, the correct term is perpetual — not the duration of the fixed NDA term, but “for so long as the information remains a trade secret under applicable law.” Trade-secret law itself protects information for as long as it retains independent economic value from not being generally known and the holder takes reasonable steps to keep it secret. An NDA term of three years, applied to a trade secret, does not extinguish the trade-secret duty at year three — but it does signal that the discloser stopped treating the information as confidential. Courts and arbitrators have held, in at least one important line of cases, that expiration of the NDA term is evidence that the trade-secret duty has lapsed.

The two-tier structure resolves this cleanly. The NDA specifies a fixed term for general confidential information (commonly three years), and separately specifies that obligations with respect to information that qualifies as a trade secret under applicable law continue for as long as the information remains a trade secret. This structure preserves trade-secret duration while giving the counterparty the finite-duration commitment they typically want for garden-variety confidential information.

One additional subtlety worth naming: the NDA should distinguish between the term of the agreement (how long new disclosures are covered) and the survival of obligations with respect to already-disclosed information (how long the duty continues after the agreement ends). Modern NDAs typically frame survival as a period running from the date of each disclosure rather than from the date the agreement terminates, which ensures late-disclosed information gets the full contractual protection period.

After the Fifth Circuit vacated the FTC’s non-compete rule in Ryan v. FTC (2024) and the FTC dismissed its appeal in September 2025, the nationwide non-compete ban proposed in 2024 is effectively dead. What survived is the state-by-state regulatory landscape, which has been tightening independently and which matters for NDA drafting even though NDAs are not non-competes.

The straightforward bans: California (Business & Professions Code Section 16600), Minnesota (Stat. 181.988), North Dakota (NDCC 9-08-06), and Oklahoma (15 Okla. Stat. Section 219A) broadly prohibit post-employment non-competes, with narrow exceptions (typically sale-of-business and partnership dissolution). Within these jurisdictions, the only enforceable post-employment restraint on most employees is a confidentiality obligation limited to actually confidential information.

The income-threshold states: Washington (RCW 49.62) limits non-competes to employees earning above an annually adjusted threshold (currently around $120,000); Illinois (820 ILCS 90, the Freedom to Work Act) sets a threshold of $75,000 for employees and $45,000 for independent contractors; Massachusetts (M.G.L. c. 149, Section 24L) caps duration and requires garden-leave consideration; Virginia (Code Section 40.1-28.7:8) applies the ban only to “low-wage employees”; Colorado (C.R.S. 8-2-113) limits enforceability to highly compensated workers. In each of these states, NDAs remain enforceable for their classic purpose, but an NDA drafted as a de facto non-compete runs into the same scrutiny a non-compete does.

That FTC scrutiny, post-Ryan, has not gone away — the FTC has announced it will pursue non-competes case-by-case under Section 5 of the FTC Act as an unfair method of competition. The 2024 rule’s commentary flagged specific NDA patterns the FTC considers problematic: information definitions that reach any information the employee might use in the industry; term durations materially longer than the commercial life of the information; geographic or industry-wide scope that functions identically to a non-compete. The FTC’s 2025 enforcement actions (Gateway Services, the healthcare letters) have been focused on non-competes directly rather than on NDAs drafted as non-competes, but the agency’s position is clear.

The practical drafting discipline for 2026 employee NDAs: keep the information definition tied to actually confidential information (marked, identified, or reasonably understood to be confidential), keep the term reasonable (three years is a safe default), keep the geographic and industry scope unrestricted (the NDA covers information, not employability), include all the statutorily required carve-outs (DTSA, Silenced No More, Speak Out, NLRA), and avoid any clause that functionally prevents the employee from taking a job in the industry. The generator’s scorecard tests for these patterns and flags overbroad definitions as FTC de-facto non-compete risk.

Almost every clause in an NDA is there for the case where nothing goes wrong. The injunctive-relief clause is there for the case where something does. If a former employee is about to email your customer list to your competitor, damages are not the remedy you need; you need a court order, within hours, preventing the disclosure. The injunctive-relief clause is the lever that makes that order significantly easier to get.

To obtain a preliminary injunction in US federal court (the standard is similar in state courts and common-law jurisdictions), the movant typically has to show: (1) a likelihood of success on the merits; (2) a threat of irreparable harm; (3) that the balance of equities favors the movant; and (4) that the injunction serves the public interest. The requirement that bites most often in NDA cases is the irreparable harm prong — because monetary damages are the default remedy, a movant has to affirmatively establish that monetary damages are inadequate.

The injunctive-relief clause does direct work on this prong. It contains an express acknowledgment by the parties that breach of the NDA would cause irreparable harm for which monetary damages would be inadequate. Courts are not bound by such acknowledgments — the irreparable-harm determination is ultimately for the court — but the acknowledgment creates a strong presumption, and it shifts the burden to the breaching party to explain why monetary damages would actually be adequate. In a time-pressured TRO hearing, that presumption can be decisive.

The standard additional language provides that the non-breaching party may seek injunctive relief without posting bond and without proving actual damages, in addition to any other remedies available at law or in equity. The bond waiver matters because some jurisdictions require the movant to post a bond equal to the potential damages from an erroneous injunction, which in a commercial dispute can be material. The “without proving actual damages” language clarifies that equitable relief is not conditioned on a damages showing. Whether courts enforce these provisions rigidly varies, but their presence helps in every jurisdiction.

One drafting note: if the NDA also has an arbitration clause, the injunctive-relief clause should expressly carve out the right to seek injunctive relief in court (a hybrid structure, covered in Section 11). Otherwise the arbitration clause controls, and arbitration is much too slow for a true injunctive emergency. The generator constructs hybrid clauses by default when arbitration is selected.

Whether to require arbitration of NDA disputes is a strategic choice with predictable tradeoffs. Arbitration is faster and cheaper than litigation for routine disputes, keeps the proceedings confidential (which matters when the dispute is itself about confidential information), and produces awards that are broadly enforceable internationally under the New York Convention. Arbitration is worse than litigation for emergency injunctive relief, often lacks meaningful appellate review, and can produce compromise awards that a judge might not.

The structure that has emerged as standard in sophisticated NDA drafting is hybrid: a broad arbitration clause for damages and substantive disputes, paired with an express carve-out permitting either party to seek temporary or preliminary injunctive relief in court without breaching the arbitration commitment. This hybrid captures both advantages — arbitral efficiency on the merits, judicial speed on the injunction — without being internally inconsistent. Most arbitration bodies (AAA, JAMS, ICC) explicitly contemplate this structure, and courts enforce both sides of it.

The 2022 federal Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act created a specific carve-out that must appear in any employee or contractor NDA with an arbitration clause: at the claimant’s election, claims for sexual assault or sexual harassment covered by the Act are not subject to pre-dispute arbitration. The statute voids the arbitration provision as to those claims without invalidating the rest of the agreement, but prudent drafting includes the carve-out expressly so the document accurately represents what is enforceable. The generator auto-injects the carve-out when employee or contractor templates are selected with arbitration.

The selection of arbitration body matters operationally. AAA and JAMS are the US workhorses; their commercial rules are well-tested, their arbitrator rosters are substantive, and their administrative costs are predictable. ICC is the international choice for cross-border disputes; its arbitration is expensive but the awards carry the most weight internationally. LCIA is the London counterpart; SIAC is Singapore’s, widely used in Asia. The seat of arbitration controls procedural law; the most common US seat is New York (under the FAA), and the most common international seat is Switzerland, London, or Singapore. For a US NDA between US parties, AAA in New York or California is the workhorse default.

A secondary choice worth naming: single arbitrator versus three-arbitrator panel. Single arbitrator is faster and cheaper; three-arbitrator is more expensive but reduces the risk of a single outlier decision. The threshold at which parties typically move from single to panel is around $500,000 in claim amount, though some bodies (AAA Commercial Rules) set procedural defaults.

For most commercial contracts, Delaware is the default governing law because of the Chancery Court’s expertise and predictability. For NDAs, Delaware is not the automatic default. The choice of law depends on where the parties are, what information is involved, and what enforceability rules you want to apply.

For a US-US NDA between business entities, the options in practice are: the state of incorporation of the disclosing party (most protective of the discloser when that state has strong trade-secret law); the state where the receiving party is located (simplest for enforcement if breach occurs there); the state of Delaware (predictable, commercially experienced); and US federal law (for DTSA-focused agreements where the enforcement will be in federal court). Each has specific tradeoffs.

California’s choice of law is worth understanding specifically because it is the exception that matters most often. Under California Labor Code Section 925, California courts will not enforce choice-of-law or choice-of-venue clauses that deprive a California-based employee of California’s substantive employment protections, which include Section 16600’s non-compete prohibition and SB 331’s Silenced No More protections. Drafting around this is not reliable: California employees get California employment law, regardless of what the NDA says. The implication is that employee NDAs for California-based employees should be drafted to California standards in the first place.

The UK and EU analogs have their own peculiarities. UK common-law “breach of confidence” doctrine is a powerful tool that predates statutory trade-secret law and continues to apply independently of any NDA; an NDA supplements rather than replaces it. The EU Trade Secrets Directive (Directive (EU) 2016/943) establishes a harmonized EU-wide trade-secret regime. GDPR interacts with NDAs when the information includes personal data, requiring separate consideration under Article 6 lawful-basis analysis and Article 28 processor obligations.

For NDAs between US and non-US parties, the most common structure is: governing law of the stronger party’s jurisdiction (often delaware or New York for US), arbitration in a neutral seat (New York, London, or Singapore), and an express carve-out for court-ordered injunctive relief in any jurisdiction where the breach occurs. This structure balances enforceability across the parties’ home jurisdictions. It is the default the generator applies for international templates.

The theory above is useful if you are drafting NDAs once or twice a year; it is nearly useless if you are drafting them weekly for a growing business. This section is the operational workflow — what to actually do when a prospect asks for an NDA on Tuesday and you have a Thursday pitch.

Step 1 (5 minutes): Identify the template. Is it a partnership discussion with a potential customer? Mutual partnership NDA. Is it an engineer you’re hiring? Employee NDA with DTSA notice, Silenced No More, Speak Out, and IP assignment. Is it a fund’s technical due diligence team? Mutual NDA with narrow residuals and standstill. The template decision determines the next ten decisions. Get it wrong and you are rewriting from scratch.

Step 2 (5 minutes): Fill in the parties and effective date. Full legal entity names, entity types, addresses, and the effective date. Reference the counterparty’s incorporation documents or LinkedIn for entity type verification; the cost of getting this wrong is higher than the cost of a minute of verification.

Step 3 (10 minutes): Write the purpose statement. One or two sentences that describe exactly what the Recipient is allowed to use the information for. “Evaluating a potential acquisition of Party A by Party B” is specific and good. “Business purposes” is vague and bad. The purpose statement is the limit on what the Recipient can do with the information — make it narrow enough to bind, wide enough to cover the actual use case.

Step 4 (5 minutes): Select information categories. What kinds of confidential information will actually be exchanged? Technical, business, financial, customer, personnel, source code, marketing. Select the categories that fit; don’t over-select. An NDA that covers “all information of any kind” triggers the overbreadth concern flagged in Section 9.

Step 5 (5 minutes): Set the term and carve-outs. Three years for the fixed term, perpetual for trade secrets, all four standard carve-outs on. If the counterparty requests shorter term, the counterargument is the information’s commercial life; if they request fewer carve-outs, they are asking for something most sophisticated counterparties will not sign.

Step 6 (10 minutes): Set the context-specific clauses. DTSA notice (employee/contractor + US), Silenced No More and Speak Out (employee/contractor/interview), residuals (only if the counterparty insists), standstill (M&A), non-solicit (partnership and M&A), IP assignment (employment). The scorecard flags what you’re missing.

Step 7 (5 minutes): Jurisdiction and dispute resolution. Governing law based on where the parties are and where enforcement is most likely; arbitration with injunctive carve-out if you prefer private proceedings, courts otherwise; seat and body appropriate to the contracting parties.

Step 8 (5 minutes): Run the scorecard. The generator produces a live compliance scorecard that flags missing DTSA notice, missing protected-disclosure carve-outs, overbroad information definitions, missing injunctive-relief language, and jurisdiction-specific mismatches. Fix the failures. The target is 100%; below 90% usually indicates a structural issue.

Step 9 (5 minutes): Export and send. Download as PDF (for wet-ink or e-signature), Markdown (for version control), JSON (for re-opening the same config later), or HTML (for web use). Save the JSON configuration alongside the agreement so the next revision starts from the same baseline.

Total elapsed time: under an hour for a complete, jurisdictionally-tailored, compliance-scored NDA. The generator shortcuts every step; without it, the same work is a half-day with a template library and careful reading. The discipline to save configurations and reuse them is what turns the hour into ten minutes once you have three or four well-tuned templates for your common scenarios.

The one piece of advice this workflow does not capture: for any NDA signed with a counterparty that could reasonably be expected to litigate — a departing senior employee, a large strategic acquirer, a fund you’ve shared trade secrets with — have a lawyer review the draft before signing. The generator produces a strong baseline; a lawyer adds context-specific judgment about whether the baseline is enough for your particular situation. The compound cost of a bad NDA, measured in lost cases you should have won, is orders of magnitude higher than the cost of a two-hour review.