Comparing NDAs: The Clauses That Change Most Often
NDAs are the most common contract type in legal practice. Lawyers at busy firms see hundreds per year. They are short, usually 3-6 pages. They look boilerplate. Many organizations have a standard form that gets sent out with minimal customization and returned with what appears to be minimal markup.
That apparent simplicity is the problem. Because NDAs are short and familiar, reviewers move fast. There is less text, so the eye skips ahead. Changes between drafts are often single-word edits or short clause additions that don't trigger the same scrutiny as a rewritten indemnification section in a master service agreement. But a single-word change in a 4-page NDA can be as consequential as a paragraph-level rewrite in a longer contract. When the definition of "Confidential Information" quietly expands to include your client's trade secrets, or when a non-solicitation clause appears in what was supposed to be a straightforward mutual NDA, the brevity of the document works against you.
This post covers the seven clauses in NDAs that change most frequently between drafts, what those changes typically look like, and what to watch for when comparing versions.
1. Definition of Confidential Information
This is the most frequently negotiated clause in any NDA, and the one where changes have the widest impact. The definition of "Confidential Information" controls the scope of every obligation in the agreement: what must be kept confidential, what can be used, what must be returned or destroyed, and what triggers a breach.
Common changes between drafts include broadening the scope from "written materials marked as confidential" to "all information disclosed in any form, whether or not marked." That shift eliminates the marking requirement and dramatically expands what the receiving party must protect. Other frequent edits add or remove specific categories: trade secrets, financial data, customer lists, business plans, source code, algorithms. Each addition is a scope expansion. Each removal is a protection gap.
The change to watch for most carefully is the "residuals" clause. A residuals clause permits the receiving party to use any information retained in the unaided memory of its personnel. If this clause appears in a revised draft that didn't originally contain one, it is a material weakening of the NDA's protection. Residuals clauses are difficult to enforce against because they create an exception based on what someone remembers, which is inherently unverifiable.
Also check the exclusions. Standard exclusions (information already public, independently developed, received from a third party without restriction) are expected. But watch for expanded exclusions that effectively carve out categories of information the disclosing party intended to protect.
2. Term and duration
NDAs involve two distinct time periods, and changes to either one are material. The term is how long the NDA is in effect (the period during which the parties will exchange confidential information). The survival period is how long the confidentiality obligation continues after the NDA terminates.
The most common change is reducing the survival period. A move from 5 years to 2 years means confidential information disclosed near the end of the term has only 2 years of protection after the NDA ends. For trade secrets or long-lived competitive information, that may be inadequate.
A subtler but equally important change involves when the clock starts. "Three years from the date of disclosure" and "three years from the effective date" sound similar but can produce very different outcomes. If the NDA has a 2-year term and confidential information is disclosed in month 23, "three years from the effective date" gives that disclosure only 1 year of protection. "Three years from the date of disclosure" gives it the full 3 years. The difference between these two formulations can shorten actual protection by years, and it's a change that's easy to miss because both versions contain the words "three years."
Watch also for changes to automatic renewal. An NDA that auto-renews for successive 1-year terms unless terminated with 30 days' notice creates a very different relationship than one with a fixed 2-year term and no renewal.
3. Permitted disclosures and exceptions
Who can the receiving party share confidential information with? The answer to this question defines the practical boundary of confidentiality, and it changes frequently between drafts.
A typical starting point is "employees with a need to know." Common expansions include contractors, affiliates, professional advisors (lawyers and accountants), and sub-processors. Each category added to the permitted recipients list is a material expansion of the confidentiality commitment. "Employees with a need to know" might mean 10 people. "Employees, contractors, affiliates, and advisors" might mean 200.
Two additions warrant particular scrutiny. "Potential investors" or "potential acquirers" as permitted recipients means your client's confidential information can be shared in the context of fundraising or M&A due diligence by the other party. That may be acceptable, but it's a significant expansion that should be a conscious decision, not something that slips through in a redline.
Check whether the receiving party's obligations extend to its permitted recipients. There is a meaningful difference between "the receiving party shall ensure its representatives comply with this agreement" (the receiving party is responsible for its people) and "the receiving party shall inform its representatives of the confidential nature of the information" (the receiving party tells them, but is not liable if they breach). The second formulation shifts responsibility away from the receiving party.
4. Non-solicitation and non-compete provisions
Non-solicitation and non-compete clauses sometimes appear in NDAs as additional covenants. When they do, they deserve careful attention because they are not core NDA provisions. Their presence in an NDA (rather than in a separate agreement) can catch reviewers off guard.
The first thing to check is whether the clause was in the original draft at all. A non-solicitation clause that appears for the first time in the counterparty's markup is a material addition to the agreement. It transforms the NDA from a confidentiality agreement into a document that also restricts hiring and business relationships.
If non-solicitation was already present, watch for scope expansions. A change from "shall not solicit for employment any employee of the other party" to "shall not solicit or hire any employee, contractor, or consultant" broadens the restriction considerably. Duration changes are equally important: 12 months vs. 24 months is a significant difference in competitive impact. And check the trigger: does the restriction apply during the NDA term only, or does it survive termination?
A non-compete clause buried in an NDA is particularly important to catch. Non-competes restrict what business the receiving party can engage in, and they raise enforceability issues that vary significantly by jurisdiction. A non-compete tucked into the "Additional Covenants" section of what looks like a routine NDA can create obligations that the signing party did not expect and may not have reviewed with the same scrutiny they would give a standalone non-compete agreement.
5. Return and destruction of information
What happens to confidential information when the NDA ends? The return-and-destruction clause governs this, and the changes between drafts can significantly affect the disclosing party's ability to control its information after the relationship concludes.
The most common change is from "return or destroy at the disclosing party's election" to "destroy." Eliminating the return option means the disclosing party cannot get its materials back. It can only receive confirmation that they were destroyed. For physical materials or proprietary datasets, the difference matters.
Watch for added exceptions. "Except for copies retained pursuant to legal hold obligations" is reasonable. "Except for copies retained in archival or backup systems in the ordinary course of business" is much broader and can effectively permit indefinite retention of confidential information in systems the receiving party controls. Similarly, "except for copies retained by legal counsel for compliance purposes" creates an open-ended exception.
The certification requirement also changes between drafts. Some NDAs require a written officer's certificate confirming destruction. Others require only that destruction occur "promptly." Others have no certification requirement at all. Without certification, the disclosing party has no verification mechanism. Without a deadline, "promptly" is undefined and difficult to enforce.
6. Remedies and indemnification
The remedies clause determines what happens when the NDA is breached, and changes to it can render the entire agreement less enforceable in practice. This is the section that most directly affects the disclosing party's ability to respond to a breach.
The most consequential change is the removal or weakening of injunctive relief language. Many NDAs include a provision stating that breach would cause irreparable harm and that the disclosing party is entitled to injunctive relief without the need to post bond. If this language is removed or qualified ("the disclosing party may seek injunctive relief" instead of "shall be entitled to injunctive relief"), the disclosing party's ability to obtain an emergency court order to stop ongoing disclosure is weakened.
Watch for the addition of indemnification obligations. If the counterparty adds a requirement that the disclosing party indemnify the receiving party for losses arising from inaccurate representations about the confidential information, this shifts risk to the disclosing party in ways that may not be appropriate for a confidentiality agreement.
Limitation of liability is another frequent change. A cap on damages for NDA breach (for example, limiting liability to the fees paid under the NDA, which for a standalone NDA is often zero) can make the agreement effectively unenforceable from a damages perspective. Changes to governing law and jurisdiction are also material: they determine where a breach claim can be filed and under what legal framework.
7. Mutual vs. unilateral obligations
This is not a single clause but a structural characteristic of the entire NDA. A mutual NDA applies the same obligations to both parties. A unilateral NDA protects only one party's information. The change from one to the other can happen explicitly (the header changes from "Mutual" to "Unilateral") or, more dangerously, implicitly through asymmetric edits to specific provisions.
The implicit version is harder to catch. The NDA still says "Mutual Non-Disclosure Agreement" at the top. But the definition of "Confidential Information" has been edited so that Party A's confidential information includes "all information disclosed in any form" while Party B's is limited to "written information marked as confidential." Or the permitted use provision allows Party A to use Party B's information for "any lawful business purpose" while Party B can use Party A's information only for "evaluating a potential business relationship."
To catch this, compare the obligations applied to each party separately. Read each operative clause and ask: does this provision apply equally to both sides? If the NDA uses "Disclosing Party" and "Receiving Party" consistently, it's likely symmetric. If some clauses reference specific party names instead of the role-based definitions, check whether the obligations differ.
How to compare NDAs effectively
NDAs are short enough that a full review is always feasible. The question is not whether you have time to review every change, but whether your process ensures you actually do.
Don't rely on length as a proxy for risk. NDA changes are often single-word edits with material impact. "Employees" becoming "employees, contractors, and affiliates" in a permitted disclosures clause is three words that triple the number of people who can access your client's information. A comparison tool that highlights every change, not just the ones the other side chose to track, is the baseline.
Use a comparison tool that shows every difference. Track Changes records only the edits made while tracking was enabled. If the counterparty turned off tracking, reformatted the document, or accepted and re-edited changes, the Track Changes record is incomplete. An independent comparison against the previous version catches everything, regardless of what was tracked. For NDAs, this takes seconds.
Start with definitions. The definition of Confidential Information, Representatives, and any other defined terms controls the meaning of everything that follows. Review definitions first. Then trace each changed definition through the clauses that reference it.
Check for additions, not just modifications. A non-solicitation clause that was not in your draft, a residuals clause added to the confidentiality definition, an arbitration provision in the dispute resolution section. New clauses in an NDA represent entirely new obligations, and they are easier to overlook than modifications to existing text because there is nothing to compare them against.
Always compare the final execution copy. Before signing, compare the clean execution version against the last agreed draft. The final clean copy should be identical to the agreed version. If it isn't, you need to know before the signature page is signed.
The bottom line
NDAs get less scrutiny than they deserve. They are short, they look standard, and most of the time the changes between drafts are minor. But "most of the time" is not a standard any lawyer should accept. The seven clauses covered here are where NDA changes concentrate, and each one can materially alter the agreement's scope, duration, enforceability, or balance.
The fix is straightforward: compare every NDA version independently, review definitions before operative clauses, and check for structural asymmetry in agreements labeled "mutual." These steps take minutes. They cost nothing. And the first time they catch a residuals clause or a non-solicitation provision that wasn't in your original draft, they justify every second.
If you want a comparison tool that catches every change in an NDA, including the ones that Track Changes missed, try Clausul. NDAs are short enough that the comparison takes seconds and the output is immediately reviewable.
Frequently asked questions
What is the most important clause to check when comparing NDA versions?
The definition of Confidential Information. It controls the scope of the entire agreement. Every obligation in the NDA (non-disclosure, permitted use, return and destruction, remedies) applies to whatever falls within this definition. A change that broadens the definition expands all of those obligations. A change that narrows it reduces protection for the disclosing party. Because the definition is referenced throughout the document, a single edit here has the widest impact of any change in the NDA. Review it first, and trace its effect through every clause that references "Confidential Information."
How long should an NDA confidentiality obligation last?
There is no single correct answer. Industry norms vary: 2-3 years is common for general commercial NDAs, 5 years is typical for technology or financial information, and indefinite duration is standard for trade secrets. The key is to distinguish between the NDA term (how long the parties will exchange information) and the survival period (how long the confidentiality obligation continues after the NDA ends). A 2-year NDA with 5-year survival means confidentiality obligations last up to 7 years from the effective date. Watch for changes that shorten the survival period or that change when the clock starts running (from date of disclosure vs. from termination of the agreement).
Can a mutual NDA have unilateral obligations?
Yes, and it happens more often than most lawyers expect. A mutual NDA uses symmetric language ("each party," "the disclosing party," "the receiving party") to apply the same obligations to both sides. But if the definition of Confidential Information is broader for one party than the other, or if the permitted use provisions are asymmetric, or if certain obligations only apply to one named party, the NDA is mutual in form but unilateral in substance. This is one of the subtlest changes to watch for in a comparison: the header still says "Mutual Non-Disclosure Agreement" while the operative clauses have been edited to favor one side.
Should I compare NDAs even if they seem standard?
Yes. "Standard" NDAs are exactly where material changes hide. Because NDAs are short and familiar, reviewers move through them quickly. A single-word change in a 4-page NDA represents a much larger percentage of the agreement than the same change in a 40-page MSA. The perceived simplicity of NDAs reduces scrutiny, which is precisely why changes to them are more likely to be missed. At minimum, run a comparison against the previous version rather than relying on Track Changes alone. If the NDA genuinely has no material changes, the comparison takes seconds to confirm. If it does, you just caught something you might have missed.
What is a residuals clause in an NDA?
A residuals clause permits the receiving party to use any information retained in the unaided memory of its personnel after the NDA expires or after they stop working with the confidential information. In practice, this means that anything an employee or contractor remembers (without referring to documents or notes) can be used freely, even if it was originally disclosed as confidential. Residuals clauses significantly weaken the protection of an NDA because they create an exception based on human memory, which is inherently difficult to verify or enforce. If a residuals clause appears in a revised NDA that did not originally contain one, it is a material change that warrants careful attention.