top of page
  • Bartłomiej Dmitruk

Non-disclosure agreements (NDAs) in mergers and acquisitions (M&A) transactions

Why is confidentiality in M&A transactions so important?

The transaction of selling a company or attracting an investor is a strategic decision and process from the owner's point of view. The confidentiality of such a process, the extent of information and the manner in which documents and information are shared is critical, as any unauthorised disclosure of information can have a negative impact on the normal operation of the company being sold and on the process of selling the company itself.

Here are some selected consequences of disclosure of confidential information in the process of selling a company:

  • the sold company's relationships with customers and suppliers may be jeopardised if they learn that the company is in the process of being sold and may change ownership;

  • important information, such as customer lists, trade secrets and know-how, may be at risk;

  • the stability of key employees of the company being sold may be at risk;

  • the company may be liable for breaches of data protection laws, antitrust laws, market abuse laws and other industry regulations.

Consequently, sellers in the M&A process typically require potential buyers to enter into a non-disclosure agreement (NDA) before the seller discloses any information to the potential buyer.

Ways other than NDA to maintain confidentiality

In addition to a non-disclosure agreement, sellers can protect the confidentiality of business information in other ways. Here are three tips that a seller might consider using:

  • limit the number of people involved in the company's sales project. Think carefully about which staff members need to be involved and at what stage of the sales process they should be introduced;

  • create procedures on how information is to be provided and how the buyer can view/access this information. To achieve this, sellers may choose to purchase SECUDO's Virtual Data Room service to properly secure the documents being shared and have control over the entire process of providing information to potential buyers;

  • be aware of where meetings and communications are taking place. Whether you are planning a physical meeting or holding a video or telephone conference, the location of such meetings should be away from prying eyes and out of earshot of non-participants. For physical meetings, it is advisable to hire an off-site conference room in a neutral location or use the room/office of the law firm or transaction adviser handling the transaction.

Mutual or unilateral non-disclosure agreements

It is important to determine whether only one party will disclose information to the other or whether both parties will exchange confidential information. Sellers will almost always have to disclose confidential information to buyers, but there are transactions where the buyer should also disclose confidential information to the seller. The parties will therefore need to discuss which form of NDA to use: whether it is a reciprocal NDA ('two-way' information flow) or a unilateral NDA ('one-way' information flow).

It is true that some potential buyers may not want to disclose confidential information about themselves and will therefore reject any request to sign a reciprocal NDA. This is particularly true for buyers who plan to purchase the business using 100% of their own cash.

Ultimately, whether an NDA is reciprocal or not may depend largely on which party has more 'bargaining power'. But regardless of bargaining power, there may be situations where the seller may want to make a hard attempt to pressure the buyer to sign a reciprocal NDA. For example, when the seller anticipates that the buyer will purchase the seller's company by paying with their shares, sellers usually want to make sure that their receipt of the buyer's shares constitutes a fair exchange. In order to do this, the seller will need to provide the buyer with information about the buyer's business in order to confirm the fairness of this exchange. Understanding the buyer's business is even more important when the owner(s) of the seller's company will take a position in the buyer's company after the transaction.

Other situations where a reciprocal NDA would be important are where the seller has concerns about the buyer's creditworthiness and wants to understand the buyer's ability to finance the purchase of its business.

Key provisions of the NDA

While this is not an exhaustive list of important provisions that should be included in negotiations, the following key terms should be carefully considered:

  1. the identity of the parties and who is covered by the NDA;

  2. the definition of confidential information;

  3. the purpose of confidential information;

  4. exclusions from confidentiality;

  5. the obligation to return or destroy confidential information;

  6. the length of time for which the confidential information is to be protected;

  7. possible penalties/consequences in case of breach.

1. The identity of the parties and who is covered by the NDA agreement

Who the parties are is usually quite straightforward and will be described at the beginning of the NDA. The more difficult issue is whether there must be other persons or companies that should be bound by the NDA. For example, are there any subsidiaries or other companies associated with the buyer that should also be covered by the NDA? Does the buyer expect to provide confidential information to external advisers such as lawyers, auditors or investment bankers? If this is the case, the NDA should make clear how these parties are to be associated.

From the buyer's perspective, the buyer will have an incentive to make sure that the NDA freely allows it to share confidential information with any employees or advisers it needs. If the NDA prevents the buyer from doing so, then the buyer should make sure that the NDA has mechanisms in place to effectively obtain the seller's consent for those employees and advisers.

From the seller's perspective, the seller will have an incentive to make sure that the NDA adequately protects it from the buyer sharing information with third parties, particularly outside advisers and outside investors. Very often, the NDA will hold the buyer legally responsible for any breach of confidentiality by its employees or external advisers.

2. Definition of confidential information

There is no doubt that defining what the NDA considers to be 'confidential information' is of paramount importance. Sellers would like the definition to be as broad as possible to ensure that any information they provide is adequately protected. Buyers, on the other hand, would want to be sure of what is covered, so their motivation is to keep the definition as narrow as possible.

There are four potentially 'troublesome' issues that both parties will need to resolve:

  • Documents marked 'confidential'. Should the NDA only cover documentation that has been marked 'confidential' by the seller? This would obviously not be ideal for sellers, as it is an administrative burden to ensure that all relevant documentation is clearly marked as 'confidential'. It also does not provide comfort where there may have been confidential information otherwise disclosed. Buyers, on the other hand, would favour this solution as it will provide certainty as to what information is covered by the NDA.

  • Oral information. Should the NDA cover oral information provided to the buyer?

  • 'Residual' clause. Should the NDA include a 'residual' clause? A residual clause exempts from confidentiality any information retained in the unconscious memory of the recipient's employees.

  • Non-disclosure of a party's interest in the transaction. Many buyers do not want the seller to disclose to others their interest in purchasing a particular business. Therefore, they would like the NDA to keep secret the identity of the buyer and the fact that discussions are taking place with the seller. Sellers, on the other hand, may want to disclose to third parties that there are other interested parties if they are soliciting interest from other prospects.

3. Purpose of confidential information

The purpose (or how the information should be used by the recipient) is an essential part of the NDA. This obligation occurs alongside the recipient's obligation to keep the information confidential and together they form the two pillars of the NDA.

The purpose of an NDA can be very specific. Typical language in an NDA for an M&A transaction will include an explicit statement that: "the information provided may not be used for any purpose other than to evaluate the M&A transaction".

4. Exemptions from confidentiality

A confidentiality obligation under an NDA is almost never an absolute, unconditional obligation. There are certain situations where a permitted exception under the NDA should be made and the confidentiality requirement should be excluded.

Typical examples of exemption scenarios include the following situations:

  • When law or regulation requires disclosure. Virtually all well-drafted NDAs will contain an exemption clause allowing disclosure when the information is required or requested by a government authority, regulator or when ordered by a court;

  • When the information is already publicly known. If the information is already publicly known (and has not been made public by the recipient in breach of the NDA), then it would be unnecessary for that information to be protected under the NDA.

  • Where the information was already known to the recipient. As in the point above, where the recipient already knew of certain information, perhaps because it had received it from another party who had no duty of confidentiality to the disclosing party, an argument can be made that it would be inappropriate or unfair for the recipient to be under a legal obligation to keep that information confidential.

  • Where the information has been independently disclosed without reference to confidential information. This exception is also similar to the previous two. The general principle of these exemptions is that if the recipient 'already knows' the information because he or she acquired it independently without reference to confidential information, why should that information be protected?

5. Obligation to return or destroy information

Most non-disclosure agreements contain a clause stating that the recipient should return or destroy the information at the request of the discloser. This obligation usually arises when one party decides to terminate negotiations and not proceed with the transaction.

The difficulty is that this requirement has to be balanced by practical considerations and record retention obligations that the recipient may have. Accordingly, the buyer may wish to negotiate an exception with the seller so that the recipient does not have to remove electronic files from servers and backup systems.

In addition, the buyer may be required to retain a copy of the information for legal or regulatory purposes. This may not sit too well with the seller. However, a common workaround is for the law firm or Virtual Data Room provider to hold a copy on behalf of the recipient to meet its legal obligations.

6. The length of time for which confidential information is to be protected

Exactly how long an NDA should last is one of the most heavily negotiated parts of an NDA. From the disclosing party's point of view, the argument is that an NDA should last forever to protect extremely sensitive information. On the recipient side, the argument is that a perpetual NDA is unreasonable, mainly because it is unenforceable.

There are no clear market standards as to what the appropriate timeframe for an NDA should be. Many factors come into play. For example, companies with a large amount of sensitive intellectual property may result in a longer NDA timeframe. Business customs and commercial practices may also influence what is considered an acceptable time limit.

7. Consequences / penalties in the event of breach of the NDA agreement

The disclosing party or parties may clearly specify in the NDA the amount of the penalty for each breach of contract. In the absence of such a provision, the parties may pursue claims under the general principles of the Civil Code.

'Super-sensitive' information in the NDA

Where a business is heavily reliant on trade secrets, 'know-how' or valuable intellectual property, it is not unusual for the discloser to have a second confidentiality agreement reserved for the disclosure of 'super-sensitive' information.

In this case, timing and document control are key. For example, the seller may, as part of the first NDA, disclose the existence of some highly sensitive trade secret that will be shared at a much later stage. The seller may place a condition that the buyer will not receive such information until a binding contractual commitment to purchase the business has been signed. In addition, the seller may also make disclosure conditional on the signing of a second non-disclosure agreement specifically covering the super-sensitive information in question.

In such situations, it may also be prudent to impose practical control measures, such as disclosing the information through a tool such as SECUDO's Virtual Data Room in a highly secure 'Spy View' mode. Access to such information is then restricted to key individuals in the transaction (decision-makers) and is very carefully monitored and controlled.

Practical aspects of the NDA agreement

Where to find a good template for such an agreement? A law firm or an in-house lawyer can prepare such an agreement. One can also use standards developed by reliable sources on the web - one such place is the portal In a few steps, we can obtain there a model NDA agreement in English, which we can adapt for the purposes of an M&A transaction or another project.


A confidentiality agreement is usually the first step between the seller and buyers in the process of selling a company. Although it appears to be a relatively simple agreement, it can regulate very precisely the relationship concerning the disclosure of confidential information, which constitutes company secrets and often determines the competitive advantage of the company being sold.

About us

DealDone is a specialised company offering high quality information and data security products. We offer digitisation services and software in the field of modern technologies for the circulation of confidential information, classified information, sensitive data and the digitisation, security, encryption and sharing of data and documents inside and outside the organisation.

DealDone has developed and marketed the Virtual Data Room SECUDO. SECUDO is a platform for the secure data sharing and processing of confidential information, offered in a Software-as-a-Service model for business customers.


bottom of page