Seven NDA Red Flags Every Legal Team Should Flag Before Signing

Non-disclosure agreements are the most routinely signed contracts in corporate practice, and the least carefully read. The standard NDA template provides a false sense of comfort: because the structure is familiar, reviewers skip past provisions that, in specific contexts, create significant exposure. In our analysis of 12,000 NDAs reviewed through the Clauseflint platform -- drawn from M&A processes, vendor onboarding, partnership negotiations, and employment contexts -- seven clause patterns surface disproportionately in disputes and post-signing complications. This is not a theoretical list. These are patterns that actually cause problems.

Red Flag 1: Absence of a Residuals Clause -- or Its Presence Without a Cap

A residuals clause permits a party to use information retained in unaided memory after reviewing disclosed confidential information. When a residuals clause is absent entirely from a mutual NDA, the receiving party is theoretically prohibited from using knowledge gained from the disclosure in its ordinary business -- a standard that cannot realistically be enforced but creates ongoing legal ambiguity. When a residuals clause is present but unbounded (no subject matter restriction, no time limit on what qualifies as "unaided memory"), it can effectively swallow the confidentiality obligation for sophisticated receiving parties who will argue that all of the disclosed information is now "retained in unaided memory."

The flag to look for: residuals clauses that define "unaided memory" without excluding notes, summaries, or contemporaneous records. In our corpus, 23% of NDAs containing residuals clauses had definitions that could plausibly be read to cover summarized notes.

Red Flag 2: Overly Broad Definition of Confidential Information

Definitions of confidential information that cover "all information disclosed" without qualification create two distinct problems. First, they are difficult to enforce because they include obviously non-confidential information, which courts have at times used to question the enforceability of the confidentiality obligation as a whole. Second, they place an unrealistic burden on the receiving party to track what was and was not disclosed in the relationship, which creates compliance risk in organizations where the disclosed information touched multiple teams.

The specific pattern to flag: definitions that include oral disclosures without a follow-up written confirmation requirement, and that extend to information that is "generally related to" the disclosed subject matter rather than information "specifically designated as" confidential. The former is standard. The latter is overreach.

Red Flag 3: Asymmetric Obligations in a Nominally Mutual NDA

Many "mutual" NDAs are mutual in name only. The confidentiality obligations are symmetrical, but the exceptions, the permitted use provisions, and the return-of-information obligations are drafted to favor one party. We see this pattern frequently in NDAs proposed by larger counterparties: the NDA is styled as mutual, but the disclosing party's exceptions (prior knowledge, independent development, public domain) are defined broadly while the receiving party's exceptions are defined narrowly or subject to higher evidentiary standards.

The line-by-line check: in a mutual NDA, each material obligation should be tested for symmetry. If the exceptions to the confidentiality obligation are defined differently for the two parties, that asymmetry is intentional and should be flagged for negotiation or accepted consciously.

Red Flag 4: Indefinite Term With No Sunset on Confidentiality Obligations

NDAs with no defined confidentiality period -- or with confidentiality obligations that survive termination of the NDA in perpetuity -- create long-tail compliance obligations that are difficult to manage at scale. For organizations that sign hundreds of NDAs per year, a perpetual confidentiality obligation means maintaining records of every disclosure indefinitely, tracking every use of information received under every agreement, and managing the accumulated compliance burden of obligations with no natural expiry.

Market standard for most commercial contexts is a two- to five-year confidentiality period post-termination of the NDA. Carve-outs for trade secrets -- which carry indefinite protection under the Defend Trade Secrets Act and equivalent state laws -- are appropriate. Extending the same indefinite standard to all disclosed information is not market standard and should be negotiated down. In our corpus, 18% of NDAs had confidentiality obligations that survived termination without a defined end date and without limiting the extended obligation to trade secrets.

Red Flag 5: Return-or-Destroy Provisions That Do Not Address Electronic Copies

Legacy NDA templates require return or destruction of confidential information upon request or termination, but do not specifically address electronic copies, backups, or information retained in cloud storage or collaboration tools. This creates a compliance gap that is practically significant: an organization that has shared an NDA-governed document via a cloud collaboration platform, or that has processed the information through its standard backup systems, cannot fully comply with a return-or-destroy obligation that predates modern information storage architecture.

The specific provision to look for: return-or-destroy clauses that require "all copies" to be returned or destroyed without carving out (1) information retained in routine IT backups that cannot be selectively deleted, and (2) information retained in compliance with legal hold or regulatory retention requirements. Without these carve-outs, the receiving party is in a state of permanent technical non-compliance with agreements that cover any information processed through standard enterprise IT infrastructure.

Red Flag 6: Non-Solicitation Provisions Embedded Without Disclosure

A meaningful minority of NDAs -- 9% of the NDAs in our corpus -- contain non-solicitation provisions restricting the parties' ability to hire each other's employees. These provisions are often embedded in the definitions section or the "permitted use" section rather than appearing as a separate, labeled provision. When a party signs an NDA without specific attention to a non-solicitation clause, it may later find that it has contractually restricted its ability to recruit a person it met during the transaction or partnership context that prompted the NDA.

Non-solicitation provisions in NDAs warrant specific attention because they are frequently not negotiated or disclosed as a material term at signing. The party proposing the NDA often presents it as administrative paperwork; the embedded non-solicitation creates a binding restriction that may not be discovered until a hiring decision triggers a dispute. Flag any employment-related restriction in an NDA regardless of where it appears in the document structure.

Red Flag 7: Dispute Resolution Provisions That Override the NDA's Governing Law

Some NDAs contain governing law provisions (Delaware law, New York law) and separately contain dispute resolution provisions (mandatory arbitration in a specific venue, or consent to exclusive jurisdiction in a court that does not match the governing law state). The mismatch creates procedural complications: which forum applies the governing law? Does the arbitration provision cover breach of confidentiality, or only certain categories of dispute?

This pattern appears most frequently in NDAs where a template confidentiality agreement has been combined with a boilerplate arbitration clause from a different source document. The provisions are internally inconsistent. Courts and arbitrators generally resolve the inconsistency, but the resolution may not favor the party that did not draft the NDA, and the dispute itself creates cost that a well-drafted agreement would have avoided.

What to Do With These Flags

None of these patterns is automatically disqualifying. An indefinite confidentiality obligation may be acceptable in the context of a disclosure involving genuine trade secrets. An unbounded residuals clause may be negotiable. Asymmetric obligations in a mutual NDA may reflect legitimate business reasons that can be acknowledged and addressed.

The function of a flag is not to reject the agreement -- it is to ensure that the provision is reviewed consciously rather than overlooked. When we surface these patterns in Clauseflint's NDA review output, we present them as risk items with the relevant provision text, the applicable risk category, and a plain-language explanation of the potential exposure. The attorney makes the call. That is the correct division of labor.

If your team reviews a high volume of NDAs and wants to see how structured extraction would change your review workflow, we would be glad to demonstrate the platform on a representative sample. Reach out at [email protected] or request access to Clauseflint.