Terms that weren’t included in oneNDA and why.

The below provisions were excluded from oneNDA following in-depth discussion with the community that co-created oneNDA. The below explains the rationale behind why they were excluded.

Note that this document is not intended to be legal advice on the application of these provisions.

Clauses that didn’t make the cut:

Including multiple parties

oneNDA is currently drafted as a quadripartite agreement but can be varied so it's bilateral or trilateral. This will cover the vast majority of cases where oneNDA will be used. Expanding it for use by more parties will however be considered for future iterations.

Derived information is confidential information

This is a given. If a Receiver simply creates another form of the confidential information, the information doesn’t stop being confidential.

Variable effective date

Including the effective date as a variable would be potentially confusing for business users and hamper their ability to self-serve. As drafted, the definition of confidential information is broad enough to protect all confidential information disclosed in connection with the “Purpose”, regardless of when it is disclosed.

Permitted Receivers must not use CI other than as per NDA

This is already covered in oneNDA as it provides that a Permitted Receiver must “have agreed to keep [the confidential information] confidential and restrict its use to the same extent that the Receiver has”


The below ‘Notice’ provisions were considered by excluded:

   -All notices must be made in writing and delivered personally
    -All notices must be made in writing and delivered by next day courier
    -All notices must be made in writing and delivered by post
    -All notices must be made in writing and delivered by fax
    -A notice will be effective when the other party receives it
    -A notice will be effective 5 days after it’s been posted
    -A notice will be effective one working day after it’s been emailed or faxed

This because they are not appropriate in today’s world where most interactions happen via electronic means. It is also not proportionate to the needs of oneNDA.

No warranty

Warranting the accuracy of the information provided is not implied by law or otherwise and therefore, there is no reason to explicitly exclude it.


Most agreements are e-signed so this is obsolete in today’s world.

Proprietary software code is confidential forever

The scope of this NDA is to cover instances where two parties are entering into high level conversations to establish whether they want to enter into a commercial relationship. Exposing your source code would require a different type of NDA so this is out of scope. We are however considering how we can expand oneNDA to include further use-cases as part of future iterations.

Personal data is confidential forever

Any personal data shared under an NDA will be subject to the same confidentiality period as the rest of the confidential information and there’s no reason it should be treated differently. Any additional contractual safeguards for the protection of personal data required by applicable data protection legislation should be dealt with under a separate agreement.

Trade secrets are confidential forever

There is little use in including a provision on trade secrets specifically as they are broadly covered in the definition of confidential information and are inherently afforded protection under IP laws.

Returning Confidential Information to the Discloser if requested

This was potentially useful when confidential information was shared in hard copy but in today’s world, most information is shared digitally so this is impractical / obsolete.

Destruction certificate

As above, oneNDA also provides for the parties being able to retain copies in back-up systems or to meet their legal or regulatory obligations.

Consent for disclosure if change of control

Information remains protected even if the Discloser’s acquiring competitor did have access to it because it can only be shared or used in connection with the “Purpose”. Moreover, the purpose of oneNDA is to facilitate general commercial discussions. If extremely sensitive information is being shared then the parties should use a more suitable NDA.


The law around penalty clauses is complex and they can be held to be invalid if not carefully drafted to reflect the specific circumstances. Given this, and the fact that a party which discloses confidential information can sue for any loss it suffers as a result of an unauthorised disclosure, a penalty clause is probably unlikely to be relevant for the situations where oneNDA will be used.


A party which discloses confidential information can sue for any loss it suffers as a result of an unauthorised disclosure. This is probably sufficient in the circumstances in which it is envisaged oneNDA will be used.

Personal data must be excluded

This is unnecessary and inappropriate for an NDA. NDAs are designed to ensure information remains confidential. If that information includes personal data, then that personal data will remain confidential in line with the NDA. As above, obligations relating to the treatment and safeguarding of personal data in line with applicable data protection laws should be dealt with in separate agreement.

Compliance with Data Protection Laws

Any obligations relating to compliance with data protection laws should be addressed in a separate agreement.

Each party retains ownership of their own confidential information

This is a given anyway. Calling it out explicitly adds no value.

No obligation to commit

The NDA doesn't create an obligation on either party to buy from the other and this is a given - calling it out explicitly adds no value.

Generating own ideas

Each party can continue to generate their own ideas which might be competitive to the Discloser's confidential information. This is a given anyway. Calling it out explicitly adds no value.


Neither party is precluded from participating in transactions or discussions involving the other party or any other person. This is a given anyway. Calling it out explicitly adds no value.


The Receiver may use ‘residual’ information (e.g. information retained in unaided memory), including to develop competitive products. Residuals clauses serve to protect the Receiver from the risk that information disclosed by the Discloser prevents them from competing. This won’t be suitable in all circumstances (particularly due to the potential for abuse by the Receiver) and has therefore been excluded from this iteration.


It’s very unlikely that a term of the NDA will be found illegal, unenforceable or invalid but even if it is, the inclusion of the severability clause will not oblige the court to treat it as such.

Non-contractual obligations

Non-contractual obligations: this clause tells us that disputes relating to any non-contractual obligations arising out of the agreement will be heard in a specific jurisdiction. oneNDA states that “all disputes” will be heard in the Jurisdiction, which is broad enough to cover disputes relating to non-contractual obligations. Therefore it’s not necessary to specifically call this out.