Analyze an NDA in seconds. Upload or paste yours for a red-flag read, or tap a question. General information, not legal advice.
Who Qualifies as a "Representative"?
-
The definition of "Representatives" determines who can lawfully receive confidential information on your behalf. Standard NDAs typically include:
Almost always included:
- Officers and directors: Senior leadership who make strategic decisions
- Employees: Staff with a legitimate need to know
- Attorneys: Legal counsel providing advice on the matter
- Accountants: CPAs and financial advisors reviewing financials
Often included:
- Financial advisors: Investment bankers, M&A advisors
- Consultants: Outside experts assisting with evaluation
- Agents: Those authorized to act on your behalf
Sometimes contested:
- Contractors: May or may not be included (see below)
- Affiliates: Parent companies, subsidiaries, related entities
- Lenders and investors: Financing sources for a transaction
Key principle: Each person who receives confidential information must have a genuine "need to know" for the purpose specified in the NDA. The definition sets outer boundaries, not automatic authorization.
-
It depends on your NDA's specific language. Contractors are not automatically included.
If contractors are NOT in the Representatives definition:
- You cannot share confidential information with them without disclosing party consent
- Sharing anyway would be a breach of the NDA
- You may need to request an amendment or separate authorization
If contractors ARE included:
- You can share with contractors who have a need to know
- You remain responsible for their compliance with confidentiality obligations
- You should have confidentiality agreements with those contractors
Best practice for receiving parties: Before signing, ensure the Representatives definition covers all categories of people you'll actually need to involve. Common additions to request:
- "Independent contractors"
- "Subcontractors"
- "Temporary workers"
- "Freelance consultants"
Example scenario: You're evaluating a software acquisition and need your freelance technical consultant to review the codebase. If contractors aren't included in the NDA, you can't share the code without breaching the agreement.
-
No. "Need to know" is a substantive requirement, not just curiosity or interest.
Legitimate need to know:
- The person's job function requires the information to complete assigned tasks
- The information is directly relevant to their role in the permitted purpose
- They can't perform their work without access to the information
NOT a need to know:
- General curiosity about what the company is working on
- Senior title alone (CEOs don't automatically need every detail)
- Being on the same team but working on different aspects
- Wanting to stay informed for future reference
Real-world examples:
- Yes: Sharing target company financials with your CFO who is evaluating the acquisition price
- Yes: Sharing technical specs with engineers who will assess integration feasibility
- No: Sharing customer lists with your sales team "in case the deal happens"
- No: Telling HR about salary data from an acquisition target before any deal is signed
Practical tip: Document who receives what information and why. If a dispute arises, you'll want records showing each disclosure was justified by a genuine business need.
Third-Party Access and Outside Advisors
-
Usually yes, but verify your NDA covers "financial advisors" in the Representatives definition.
When investment banks are typically included:
- M&A transactions where banks provide deal advisory
- Financing transactions where banks help structure deals
- Strategic reviews where banks evaluate options
Requirements for sharing with investment banks:
- The bank must have a need to know for the permitted purpose
- You remain responsible for the bank's compliance
- The bank should be bound by its own confidentiality obligations to you
Watch out for conflicts: Major investment banks often work with multiple clients in the same industry. Consider whether:
- The bank represents competitors who might benefit from the information
- The bank's information barriers ("Chinese walls") are adequate
- You should request that the bank not be engaged by competitors on conflicting matters
Disclosing party concern: If you're sharing sensitive information, consider requiring disclosure of which advisors will receive it, or even pre-approval for specific advisors.
-
This is heavily negotiated and often NOT automatically permitted.
Why lenders/investors may need access:
- To underwrite financing for the transaction
- To assess risk before committing capital
- To satisfy their own due diligence requirements
Why disclosing parties resist:
- Lenders and investors have broad information networks
- Private equity firms may own competitors
- Banks may share information across different client teams
- The circle of people with access expands significantly
Common compromises:
- Allow disclosure to "bona fide" financing sources after a deal is signed but before closing
- Require financing sources to sign their own confidentiality agreements
- Limit what categories of information can be shared with financing sources
- Require advance notice of which financing sources will receive information
Practical tip for bidders: If you need financing, negotiate for the right to share with lenders upfront. Don't assume you can add this later - disclosing parties often refuse mid-process.
-
Not always, but it's often required or advisable.
What most NDAs require:
- Representatives must be informed of the confidential nature of the information
- Representatives must be bound by confidentiality obligations at least as protective as the NDA
- The receiving party remains liable for Representatives' breaches
When separate agreements ARE needed:
- Third-party advisors (lawyers, accountants, consultants) who aren't your employees
- When the NDA explicitly requires Representatives to sign acknowledgments
- When dealing with particularly sensitive information
- Contractors and freelancers who may work for others
When separate agreements may NOT be needed:
- Employees already bound by employment agreement confidentiality provisions
- In-house lawyers bound by professional ethics rules
- When the NDA says Representatives "shall be deemed" to have agreed
Best practice: Even when not strictly required, having written acknowledgments creates a paper trail. If a leak occurs, you can demonstrate you took reasonable steps to protect the information.
Liability and Responsibility
-
Yes, almost always. This is one of the most important aspects of the Representatives clause.
Standard NDA language makes you liable for Representatives:
- "Receiving Party shall be responsible for any breach of this Agreement by its Representatives"
- "Any act or omission by a Representative shall be deemed an act or omission by the Receiving Party"
- "Receiving Party agrees to be liable for any breach by its Representatives as if committed by the Receiving Party itself"
What this means in practice:
- If your employee leaks confidential information, the disclosing party sues you, not the employee
- You can't avoid liability by blaming the individual who caused the breach
- You may have indemnification rights against the Representative, but that doesn't protect you from the disclosing party
How to manage this risk:
- Limit who receives confidential information to those who truly need it
- Train Representatives on their obligations
- Maintain records of who received what information
- Have strong internal confidentiality policies and enforcement
- Consider insurance coverage for confidentiality breaches
-
You can try to negotiate softer language, but disclosing parties usually resist.
Possible modifications to negotiate:
- "Reasonable efforts" standard: "Receiving Party shall use reasonable efforts to ensure Representatives comply" (vs. strict liability)
- Only for authorized Representatives: "Receiving Party shall be responsible only for breaches by Representatives to whom disclosure was properly authorized"
- Notification obligation: "Receiving Party shall promptly notify Disclosing Party of any suspected breach and cooperate in mitigation"
What disclosing parties typically reject:
- Complete immunity for Representative breaches
- Caps on liability for confidentiality breaches
- Shifting responsibility to pursue Representatives directly
Alternative approach - expand indemnification rights:
Instead of limiting liability to the disclosing party, strengthen your internal agreements with Representatives so you can recover from them if they cause a breach. This gives the disclosing party full protection while allowing you to shift costs to the responsible party.
-
The confidentiality obligations typically continue, but enforcement becomes complicated.
Legal position:
- The original receiving party remains bound by the NDA
- Former employees remain bound by any confidentiality agreements they signed
- The receiving party may still be liable for breaches by former Representatives
Practical challenges:
- Former employees may not remember or care about confidentiality obligations
- The receiving party has less control over former employees' behavior
- Tracking what information former employees retained is difficult
- New employers may pressure former employees to share what they know
Risk mitigation strategies:
- Exit procedures: Remind departing employees of ongoing obligations
- Document return: Collect all confidential materials before departure
- Exit acknowledgment: Have departing employees sign confirmation of obligations
- Limit initial access: Only share with employees likely to stay through the project
For disclosing parties: Consider requiring the receiving party to notify you when key personnel who received significant confidential information leave the company.
Practical Implementation
-
Good information governance is essential for NDA compliance and breach response.
Basic tracking methods:
- Access logs: Use document management systems that track who opens files
- Distribution lists: Maintain records of who receives confidential materials
- Data rooms: Virtual data rooms automatically log all access
- Email records: Preserve emails distributing confidential information
For larger organizations:
- Designate a project lead responsible for tracking information flow
- Create a register of authorized Recipients with their business justification
- Implement access controls limiting who can view sensitive documents
- Use watermarking or unique document copies to trace leaks
Why this matters:
- If accused of a breach, you can show exactly who had access
- Easier to identify the source if information does leak
- Demonstrates good faith efforts to protect information
- Helps with return/destruction obligations when the NDA ends
Minimum documentation: At least keep a simple spreadsheet listing: (1) what was shared, (2) with whom, (3) when, and (4) business justification.
-
Yes, for truly sensitive competitive information, clean teams are a best practice.
What is a clean team?
A restricted group of people authorized to receive the most sensitive confidential information, isolated from commercial decision-making that could be influenced by that information.
When clean teams are used:
- Competitor acquisitions (to prevent competitive misuse)
- Highly sensitive pricing or customer information
- Trade secrets or proprietary technology
- When antitrust concerns require information barriers
How clean teams work:
- Only clean team members can access the most sensitive information
- Clean team members are often external advisors or internal staff without commercial roles
- Clean team produces summaries or analyses without revealing raw sensitive data
- If the deal doesn't close, clean team members may be restricted from working on competitive matters
Example: In a merger between competitors, a clean team of outside lawyers and economists might review detailed customer-specific pricing data. They would report to deal decision-makers whether synergies exist, without revealing which specific customers pay what prices.
-
This is a genuine tension that requires careful management.
The core problem:
An engineer reviews a competitor's technology under NDA. Later, they work on your company's similar product. How do you ensure they don't use what they learned? Practically, people can't "unlearn" information.
Legal considerations:
- Using confidential information in competing products is a breach
- But proving that specific confidential information influenced later work is difficult
- Receiving parties often argue later developments were "independent" or based on "residuals"
Protective measures:
- Firewalls: Keep personnel who review confidential information separate from competitive projects
- Time separation: Don't assign personnel to competitive projects immediately after NDA work
- Documentation: Document independent development processes to rebut claims of misuse
- Limited access: Only show personnel what they absolutely need, not everything available
For disclosing parties: Consider requesting restrictions on which personnel can receive information, or "cooling off" periods before they can work on competitive projects.
-
Evaluate each request on its merits, but maintain appropriate controls.
Common mid-project expansion requests:
- Adding new advisors (a new law firm comes on board)
- Including additional internal teams (product development wants to review)
- Expanding to affiliates (a subsidiary needs access)
- Adding financing sources (lenders need due diligence)
Questions to ask before approving:
- Is there a legitimate business reason for the expansion?
- Can the purpose be achieved with a smaller expansion?
- Will the new Recipients be bound by confidentiality obligations?
- Does the expansion increase risk of competitive harm?
How to respond:
- Approve with conditions: "Yes, but these new people must sign acknowledgments"
- Approve partially: "Your consultant can see technical specs but not financial projections"
- Request specifics: "Please identify exactly who needs access and why"
- Decline: "We're not comfortable expanding access at this stage"
Document everything: Keep records of what expansions you approved, when, and why. This protects you if disputes arise later about what was authorized.
Need this NDA reviewed, drafted, or negotiated?
Build or review one yourself free in the NDA Studio. Or have me handle it: a California attorney (Bar #279869) reviews or redlines your NDA for a flat $575 (up to three revision rounds), or gives you a direct written read for $240.