Confidentiality Agreement vs NDA: The Practical Difference

A confidentiality agreement and a non-disclosure agreement (NDA) are functionally the same legal instrument under U.S. law: a binding contract that creates a duty to protect specified information. Courts read the clauses inside the document, not the title on the cover page. Standardizing both is far easier inside a contract lifecycle management program. The practical difference is convention. NDAs are most often unilateral, with one party disclosing and the other receiving. Confidentiality agreements are most often mutual, with both parties exchanging information. Beyond that, the two terms describe the same legal mechanic.

For legal teams running contract operations at scale, the more useful question is what happens to these documents after they get signed. Where do they sit? How are they routed? Which template did the business team grab from a folder? What renews and when? Those questions decide whether your NDA inventory is an asset or a liability, regardless of what the cover page says.

The legal reality: courts read clauses, not titles

The terms “non-disclosure agreement” and “confidentiality agreement” are not legally distinct categories in U.S. contract law. The Cornell Law School Legal Information Institute defines an NDA as a contract-law agreement in which “parties agree that certain information will remain confidential,” with no requirement that the document carry any particular title to be enforceable (Cornell LII, Wex). Most major contract authorities, including Bloomberg Law, treat the terms as interchangeable, with courts interpreting the substance of the obligations rather than the name on the document. The same point shows up in practitioner-facing references: Georgia Tech’s Office of General Counsel explicitly states that “Non-Disclosure Agreements (NDAs) as well as Proprietary Information Agreements (PIAs) and Confidentiality Agreements (CAs) are synonymous terms.”

The convention exists for two reasons. First, “non-disclosure agreement” became dominant in U.S. business usage after the 1990s and stuck, particularly in technology, M&A, and HR contexts. Second, “confidentiality agreement” remains common in employment matters, in mutual disclosure scenarios such as joint ventures, and in academic or research settings where the relationship is reciprocal by default.

What this means in practice: if the document is titled “NDA” but contains mutual obligations, a court will enforce mutual obligations. If the document is titled “Confidentiality Agreement” but only one party has disclosure duties, a court will enforce a unilateral obligation. The five clauses that determine enforceability live below the cover page, and we cover them later in this article.

Federal law adds a layer worth noting. Under the Defend Trade Secrets Act of 2016, 18 U.S.C. § 1836, owners of misappropriated trade secrets can bring a civil action in federal court regardless of which state’s law governs the underlying agreement, and the court can grant injunctive relief, monetary damages, and in cases of willful and malicious misappropriation, exemplary damages up to two times the damages awarded plus attorney’s fees. As the American Bar Association observes, the DTSA is layered on top of the Uniform Trade Secrets Act, which has been adopted by 48 states and the District of Columbia. Both frameworks treat the legal effect of a confidentiality clause as a function of its substance, not its label.

When to use a unilateral NDA

A unilateral NDA covers situations where only one party is sharing confidential information and only the receiving party owes a duty of secrecy. It is the most common form by volume. Typical scenarios:

  • Onboarding employees or contractors who will access trade secrets, client lists, source code, or internal financials
  • Engaging a vendor or service provider who needs to see proprietary information to do the work but will not be sharing comparable information back
  • Disclosing a patentable idea to a potential investor before filing, since under 35 U.S.C. § 102 a public disclosure starts a one-year clock that bars patent rights in the United States, and most foreign jurisdictions provide no grace period at all (Harter Secrest & Emery LLP summarizes the international position; the European Patent Convention generally does not recognize a grace period, and even Canada and South Korea require filings to occur within one year of the actual filing date rather than the priority date)
  • Permitting a factory tour, due diligence visit, or product demonstration where the disclosing party wants confirmation that observations cannot be discussed externally
  • Early-stage investor pitches where the founder is sharing financials, roadmap, or technology and the investor is not reciprocating with internal fund data

The receiving-party clause in a typical unilateral NDA reads along these lines: “The Receiving Party shall hold the Confidential Information in strict confidence, shall use it solely for the Purpose, and shall not disclose it to any third party without the prior written consent of the Disclosing Party.” That language, or close variants of it, appears in nearly every unilateral NDA in commercial use.

ENTERPRISE RISK MANAGEMENT

Building or maturing an enterprise risk program?

We work with legal and compliance leaders to design risk frameworks, governance structures, and reporting models that hold up under scrutiny.

Book a Discovery Call

For employment-context unilateral NDAs, the DTSA imposes a specific drafting requirement. Under 18 U.S.C. § 1833(b)(3), employers can recover exemplary damages and attorney’s fees against employees who misappropriate trade secrets only if the NDA includes a notice of immunity for whistleblower disclosures made in confidence to government officials or attorneys (Buchanan Ingersoll & Rooney). Employee NDAs drafted before May 2016 often lack this notice and quietly cap the employer’s recoverable remedies as a result.

When to use a mutual NDA or confidentiality agreement

A mutual NDA, also called a bilateral NDA or confidentiality agreement, applies when both parties will be sharing confidential information and both owe a duty of protection. This structure is more appropriate for relationships of substantive exchange. Typical scenarios:

  • M&A discussions where both buyer and seller are exposing financials, customer data, and operational details
  • Joint ventures, strategic partnerships, or product co-development arrangements
  • Vendor partnerships where both companies disclose pricing, customer lists, or technical specifications
  • Early-stage commercial discussions where each side is evaluating the other’s capability and willing to share enough to make that evaluation real
  • Supply chain collaboration where both manufacturer and supplier disclose specifications, processes, or pricing

Two open standards have emerged that legal teams can use as starting points or as the actual paper of record.

The Common Paper Mutual NDA, drafted by a committee of more than 45 attorneys from large enterprises, startups, Big Law firms, and boutique specialists, is one of the most adopted open-source mutual NDA templates in the U.S. market. It is freely available under a Creative Commons license and reflects the modal commercial position on most clauses. According to the Common Paper 2024 Q1 Benchmark Report, 74 percent of NDAs use a fixed-length confidentiality term, with two years being the most common selection at 56 percent of agreements.

OneNDA, launched in September 2021 by Electra Japonas (now Chief Legal Officer at Law Insider), takes the standardization argument further by publishing a single non-negotiable NDA used by more than 3,000 organizations including PwC, UBS, American Express, Bosch, Capgemini, and Sitecore. OneNDA was built on a baseline NDA from World Commerce & Contracting that applied natural language processing across roughly 2,000 NDAs to surface the most common clauses. The OneNDA committee then iterated through global in-house counsel from companies including Google, Airbus, Adidas, Barclays, Coca-Cola, and UBS, alongside drafters from A&O Shearman, Ashurst, Linklaters, and Slaughter & May. The premise is consequential. As the OneNDA team has documented publicly, less than 1 percent of NDAs are ever litigated, and the original initiative discovered that NDA review represented 63 percent of one law firm’s workload but only 7 percent of its revenue. Standardizing the document type that produces the most volume and the least judgment-driven legal value is the highest-leverage move available to most contract operations.

Bloomberg Law also publishes a market-standard mutual confidentiality agreement sample form with annotated commentary that legal teams can use as a reference for definitions, mutual obligations, compelled disclosure, return of materials, and injunctive relief.

In a mutual NDA, the obligation language flips both directions. Each party is described as both Disclosing Party and Receiving Party with respect to information shared. The exclusions, term, and remedies apply equally on both sides.

Where CDAs fit (and why pharma, biotech, and academic teams use them)

A Confidential Disclosure Agreement, or CDA, is functionally identical to an NDA. The terms are interchangeable in U.S. legal practice. CDAs are more common in three contexts.

Pharmaceutical and biotech transactions, where the convention dates back decades. A typical CDA in pharma covers compound disclosures, clinical data sharing, manufacturing processes, and regulatory submissions. Most large pharmaceutical contracting teams default to “CDA” terminology even when the obligations are bilateral.

University and research institution transactions, where technology transfer offices use CDA conventions when sharing or receiving proprietary research with industry sponsors. The University of Pittsburgh Office of Sponsored Programs defines a CDA as “a legal agreement between a minimum of two parties which outlines information the parties wish to share with one another for certain evaluation purposes, but wish to restrict from wider use and dissemination” and treats the document type as interchangeable with NDAs and secrecy agreements. Stanford and SLAC National Accelerator Laboratory note as a matter of institutional policy that they generally do not sign confidentiality agreements because the university operates as an open research environment, and individual faculty members must seek separate institutional approval before binding themselves. Georgia Tech maintains separate templates labeled NDA-In, NDA-Out, and Mutual NDA, all sitting under the broader CDA umbrella. Most R1 institutions follow comparable structures.

International and Commonwealth jurisdictions, where Australia, Canada, the United Kingdom, and parts of Asia use “confidentiality agreement” or “CDA” more commonly than “NDA” in business usage.

If counterparties from these industries or geographies send a CDA rather than an NDA, treat it identically. Read the clauses, not the cover. The legal effect is the same.

The five clauses that matter more than the cover page

What determines enforceability and risk allocation is what is inside the document. Five clauses do most of the work.

CLM ADVISORY

Evaluating or implementing a CLM platform?

We've guided legal departments through selection, implementation, and adoption — without the vendor bias. Let's talk about where you are and what you actually need.

Book a Discovery Call

Definition of Confidential Information. This clause specifies what the agreement protects. A weak definition uses generic language that courts can interpret narrowly. A strong definition lists categories such as financial information, customer lists, trade secrets, technical specifications, source code, business strategy, and pricing, and includes language capturing information that is “reasonably understood as confidential due to its nature and the circumstances of its disclosure.” The Common Paper Mutual NDA uses this dual approach as its standard. The DTSA’s statutory definition of a trade secret at 18 U.S.C. § 1839(3) provides a useful boundary for what categories deserve maximum protection: information that derives independent economic value from not being generally known and that is the subject of reasonable measures to keep it secret.

Term and survival. This clause specifies how long the duty of confidentiality lasts. Most commercial NDAs use two to five years. Trade secret information often has perpetual or unlimited terms because trade secret protection itself depends on continued secrecy. Some agreements include a survival clause that extends specific obligations past the agreement’s expiration. As noted earlier, Common Paper benchmark data shows two years as the modal term in commercial mutual NDAs, with perpetual terms reserved primarily for trade secret carve-outs.

Permitted use and purpose. This clause restricts how the receiving party can use the confidential information. A clean clause defines a specific Purpose, for example, “evaluating a potential commercial relationship between the parties,” and prohibits any other use. Without a permitted-use clause, a counterparty can argue the information was shared for any business purpose, which weakens enforcement. As UB Greensfelder has observed, courts regularly refuse to uphold NDAs that “overreach, such as those that cover public information or function as a disguised non-compete,” and a tightly drafted purpose clause is one of the structural defenses against that risk.

Carve-outs and exclusions. This clause defines what is not covered. The standard exclusions are information that was already public, information the receiving party already had, information independently developed without reference to the disclosed information, and information lawfully received from a third party with no duty of confidentiality. Most U.S. courts will read these in even if not stated, but stating them removes ambiguity. Some industries also negotiate a residuals clause, which permits parties to use information they happen to remember without reference to written notes. Common Paper’s committee notes that residuals clauses are contentious and do not appear in their default Mutual NDA, since they create an explicit exception that can swallow the rule.

Governing law and remedies. This clause specifies which state’s law governs the agreement and what remedies are available for breach. The remedy clause typically includes the right to seek injunctive relief, since monetary damages alone are often insufficient when confidential information has been disclosed. Including injunctive relief language makes it easier to obtain a temporary restraining order without having to first prove dollar damages. Under the DTSA, federal courts can enter injunctions to prevent actual or threatened misappropriation, can in extraordinary circumstances issue ex parte seizure orders to recover stolen trade secret material, and as the ABA’s Business Law Today summary of one-year DTSA jurisprudence notes, federal courts have proven willing to grant injunctive relief on traditional Federal Rule 65 standards in trade secret cases. State law provides a parallel track under the Uniform Trade Secrets Act.

If those five clauses are drafted carefully, the cover page can say almost anything. If those five clauses are weak, the cover page cannot save the document.

What changes when these documents enter a CLM workflow

For most general counsel and legal operations leaders, the volume of NDAs in a typical year ranges from a few hundred to several thousand. Hand-reviewing each one is one of the most expensive things a legal department does relative to the legal value created. The 2024 World Commerce & Contracting and Deloitte report, “The Purpose of Contracts,” found that only 39 percent of legal and contract professionals believe their contracts achieve their intended goals and 76 percent report inefficiencies in their contract processes. Industry-wide, WorldCC has documented that poor contracting practices cost organizations approximately 9 percent of annual revenue, with complex industries losing 15 percent or more.

The shift from a Word-and-email workflow to a CLM workflow is where the document’s title actually starts to matter, because it drives how the document gets routed. A modern contract intake form asks the requester to identify the type of confidentiality at the entry point. The standard intake question is “Is this a one-way or two-way disclosure?” rather than “NDA or confidentiality agreement?” because the underlying legal mechanic, not the convention, determines which template the system serves up. From there, the workflow branches:

  • Standard unilateral or mutual paper, with a low-risk counterparty: route to self-service execution with no legal review
  • Standard paper, with an elevated-risk counterparty (regulated industry, public company, M&A target): route to lightweight legal review
  • Counterparty paper or non-standard terms: route to full legal review with redlining tools and a fallback playbook

A clause library and fallback playbook are the operational equivalents of negotiation positions. For each of the five clauses above, the playbook specifies the preferred position, the acceptable fallback, and the walk-away. AI contract review tools can run the first pass against the playbook in seconds and flag deviations, leaving senior counsel to spend their time only on genuine exceptions.

In our work with general counsel and legal operations leaders, NDAs surface as the most common candidate for automation almost without exception. The reason is simple: NDAs combine high volume, low judgment density, and high standardization potential. The mechanism does not have to be a full enterprise CLM. A self-service intake portal, a legal service request workflow inside a tool the company already uses, or even a maintained internal page hosting a standard mutual NDA template can capture most of the gain.

A representative result from one Swiftwater client: the legal team was receiving roughly 100 NDA requests per month before the engagement. After establishing a standard mutual NDA template, a unilateral NDA template, and a CDA template, plus an intake form that routed requests automatically, the volume reaching legal review dropped to fewer than a dozen per month. The remaining requests were the ones that genuinely needed legal judgment, where the counterparty insisted on changes or where intellectual property considerations were in play. Everything else was self-serve. The legal team did not lose oversight; they gained it, because every signed NDA now lived in a searchable repository with metadata rather than scattered across personal inboxes.

For a deeper walkthrough of NDA automation specifically, including the eight-step intake-through-execution workflow, see How to Automate NDAs. For the broader clause library and playbook architecture that supports this approach, see Clause Libraries, Contract Templates, and Playbooks.

Common mistakes legal teams make with NDA inventories

Five recurring patterns surface in CLM implementations across mid-to-large enterprises.

Letting the business sign whatever paper hits their desk. Without a routing standard, a sales rep will sign a counterparty’s NDA to keep a deal moving, and that paper goes into a personal inbox rather than a contract repository. Six months later, no one remembers the obligations. The WorldCC and Deloitte 2024 report identifies this kind of fragmented contract handling as a primary driver of the 76 percent inefficiency rate they observed across contracting functions.

No central NDA repository. Documents live in inboxes, shared drives, and contract folders that nobody maintains. When a question arises about whether the company has signed an NDA with a particular counterparty, the answer requires an archaeological dig. A CLM repository with searchable metadata closes this gap in one step.

WORKING WITH SWIFTWATER

Have a question the guides haven't answered?

Our professionals work with legal, risk, and compliance functions globally — from lean in-house teams to large enterprise departments. If your situation calls for a practitioner's perspective, a 30-minute discovery call is the right next step.

Book a Discovery Call

Confidentiality periods that auto-renew without review. Some NDAs include automatic renewal clauses tied to the underlying business relationship. If the relationship is monitored but the NDA is not, obligations can extend years past their useful life. A repository with renewal alerts removes this blind spot.

Treating mutual and unilateral as interchangeable in templates. Some legal teams build a single “NDA template” that is technically unilateral but gets handed out for situations that should be mutual. This creates asymmetric obligations that the business team does not catch until a counterparty pushes back. Maintaining separate templates for unilateral and mutual scenarios, with clear routing, prevents this. The Common Paper and OneNDA initiatives both exist in part because the legal community recognized that without separate, well-drafted, widely adopted standards, organizations default to whatever template surfaced last in a folder.

No fallback positions, so every redline goes to senior counsel. Without a documented playbook, every counterparty redline becomes a one-off legal review. Junior counsel cannot triage because they do not know the firm’s preferred position. With a playbook, the same redlines get handled in minutes rather than days.

Bottom Line

The cover page on a confidentiality agreement or NDA tells you almost nothing about the legal effect of the document. The clauses inside tell you everything, and the workflow around the document tells you whether your legal department is in control of its own confidentiality posture or watching obligations accumulate without governance.

Treat the title as a label, treat the clauses as the contract, and treat the CLM workflow as the system that turns either one into something your business can rely on.


Frequently asked questions

Is a confidentiality agreement the same as an NDA?

In U.S. legal practice, the two terms describe the same instrument. Authorities including the Cornell Law School Legal Information Institute and Bloomberg Law treat NDAs, confidentiality agreements, confidential disclosure agreements, and proprietary information agreements as synonymous. Courts interpret the clauses inside the document rather than the title on the cover page. The practical convention is that NDAs are more often unilateral, with one party disclosing, and confidentiality agreements are more often mutual, with both parties exchanging information. A document titled NDA with mutual obligations creates mutual obligations, and a document titled Confidentiality Agreement with unilateral obligations creates unilateral obligations.

When should I use an NDA versus a confidentiality agreement?

Use a unilateral NDA when only one party will be sharing confidential information, such as employee onboarding, contractor engagements, or early-stage investor pitches. Use a mutual NDA or confidentiality agreement when both parties will be sharing information, such as M&A negotiations, joint ventures, or vendor partnerships. The decision is structural rather than terminological. The same legal protections apply either way; the difference is who owes the duty and to whom. Established open standards including the Common Paper Mutual NDA and OneNDA provide widely adopted starting points for the mutual case.

What is the difference between a unilateral NDA and a mutual NDA?

A unilateral NDA imposes the duty of confidentiality on one party only, the Receiving Party, with respect to information shared by the Disclosing Party. A mutual NDA imposes the duty on both parties with respect to information they share with each other. Mutual NDAs are more common in commercial relationships of substantive exchange, while unilateral NDAs are more common in employment and one-sided disclosure contexts. The clauses are mirror images of each other, with the obligation language applied bilaterally. According to the Common Paper 2024 Q1 Benchmark Report, 74 percent of mutual NDAs in commercial use specify a fixed-length confidentiality term, with two years being the most common selection.

Are NDAs and CDAs the same thing?

A CDA, or Confidential Disclosure Agreement, is functionally identical to an NDA. The terms are interchangeable in U.S. legal practice. CDA terminology is more common in pharmaceutical and biotech transactions, in academic and university tech transfer agreements, and in Commonwealth jurisdictions including the United Kingdom, Australia, and Canada. If a counterparty sends a CDA, treat it as you would any NDA: read the clauses, not the cover.

Can a confidentiality clause inside another contract replace a standalone NDA?

Yes, in most cases. Once parties have a master agreement in place, such as a master service agreement or a license agreement, a confidentiality clause within that agreement typically supersedes any standalone NDA the parties may have signed earlier. The confidentiality clause in the master agreement should explicitly state that it replaces prior confidentiality agreements between the parties to avoid ambiguity. Many CLM workflows are designed to retire standalone NDAs once the relationship moves into a master agreement, and to preserve the standalone NDA only for the period before the larger contract is executed.


Related Swiftwater insights


Disclaimer: This article is provided for educational and informational purposes only. Swiftwater & Company and the author do not provide legal advice. External links reflect the work of their respective authors and are provided for reference.

Danish Butt
Danish Butt

Danish is a visionary leader with 20+ years in transforming global enterprises. He currently serves as the Managing Director at Swiftwater and Company. As an advisor to chief legal officers and their legal functions, he excels in merging business growth with strategic vision and risk management. His impactful roles previously at Huron Consulting, Siemens, and Morae Global highlight his diverse expertise.

LinkedIn More About Danish Butt More Articles

Index