When a former employee walks out of your office with a client list saved to a personal drive, or a potential investor shares your pitch deck with a competitor, the first question any lawyer will ask is: did you have an NDA in place? And if you did — was it actually drafted well enough to hold up in an Indian court?
Most NDAs circulating in Indian business today are copied from foreign templates, filled with unenforceable clauses, and completely disconnected from how Indian courts interpret confidentiality obligations under the Indian Contract Act, 1872. This guide takes you through every clause you need in an Indian NDA, explains the law behind it, gives you ready-to-use drafting language, and flags the mistakes that get agreements thrown out.
Table of Contents
- What Is a Non-Disclosure Agreement and When Do You Need One in India?
- Types of NDAs Used in Indian Practice
- Legal Framework — Is an NDA Enforceable in India?
- Clause-by-Clause NDA Drafting Guide (with Sample Language)
- Clause 1: Parties and Recitals
- Clause 2: Definition of Confidential Information
- Clause 3: Exclusions from Confidentiality
- Clause 4: Obligations of the Receiving Party
- Clause 5: Permitted Use and Purpose Limitation
- Clause 6: Term and Duration
- Clause 7: Return or Destruction of Information
- Clause 8: Non-Solicitation and Non-Compete Considerations
- Clause 9: Remedies for Breach
- Clause 10: Dispute Resolution
- Clause 11: Governing Law and Jurisdiction
- Clause 12: AI and Data Protection Clause
- Clause 13: Miscellaneous Provisions
- Complete NDA Template for India (Ready to Use)
- Using AI Responsibly for NDA Drafting
- Stamp Paper and Execution Requirements
- Common Mistakes That Make Indian NDAs Unenforceable
- What to Do When an NDA Is Breached
- Industry-Specific NDA Considerations
- Frequently Asked Questions
What Is a Non-Disclosure Agreement and When Do You Need One in India?
A non-disclosure agreement is a legally binding contract where one or both parties agree to keep certain information confidential. In India, NDAs derive their enforceability from the Indian Contract Act, 1872 — specifically from the general principles of contract formation under Section 10 (free consent, lawful consideration, lawful object) and the remedies framework under Sections 73 and 74 for breach.
Unlike countries with dedicated trade secret legislation, India has no standalone trade secrets statute as of 2026. The 22nd Law Commission of India recommended a Protection of Trade Secrets Bill in 2024, but until that becomes law, NDAs remain the primary contractual mechanism for protecting confidential business information in this country.
You need an NDA in at least five situations that arise regularly in Indian business and legal practice. The first is when you are hiring employees or engaging consultants who will access proprietary information — client databases, pricing strategies, source code, or internal processes. The second is when you are pitching to investors or partners and need to share financial projections, business models, or expansion plans. The third is during joint venture or collaboration discussions where both sides exchange commercially sensitive information. The fourth is in mergers and acquisitions, where due diligence requires opening your books to potential buyers. And the fifth is when you are engaging vendors or service providers who will handle your data or intellectual property.
Before drafting, you also need to understand what an NDA is not. An NDA protects confidential information from being disclosed or misused. It is not a non-compete agreement (which restricts someone from working in a competing business) and it is not a non-solicitation agreement (which prevents poaching of employees or clients). Indian courts draw a sharp line between these three instruments, and conflating them is one of the fastest ways to make your NDA unenforceable. Section 27 of the Indian Contract Act makes agreements in restraint of trade void, and any NDA that reads more like a non-compete will attract scrutiny under this provision.
Types of NDAs Used in Indian Practice
Three types of NDAs are commonly used in India, and choosing the right one depends on the direction of information flow.
A unilateral NDA is used when only one party is disclosing confidential information. This is the most common structure in employer-employee relationships, investor pitch meetings, and vendor engagements. The disclosing party defines what is confidential, and the receiving party agrees to protect it.
A mutual or bilateral NDA is used when both parties will be sharing confidential information with each other. This is standard in joint venture negotiations, technology partnerships, and M&A due diligence. Both parties simultaneously act as disclosing and receiving parties, and the obligations are reciprocal.
A multilateral NDA involves three or more parties. This comes up in consortium deals, multi-party joint ventures, or situations where several entities need to share information for a common purpose. It is less common but avoids the need for multiple bilateral NDAs.
The decision framework is straightforward. If information flows in one direction, use a unilateral NDA. If both sides will share sensitive information, use a mutual NDA. If three or more parties are involved and information flows in multiple directions, consider a multilateral NDA to simplify the documentation.
Legal Framework — Is an NDA Enforceable in India?
Indian courts have consistently upheld well-drafted NDAs as enforceable contracts. The legal framework rests on several pillars.
The Indian Contract Act, 1872 provides the foundation. Section 10 establishes the general requirements for a valid contract — free consent, competent parties, lawful consideration, and lawful object. Section 27 makes agreements in restraint of trade void, but Indian courts have carved out a clear exception: a restriction on disclosing or using confidential information and trade secrets does not amount to restraint of trade. The Supreme Court established this principle in Niranjan Shankar Golikari v. Century Spinning and Manufacturing Co. Ltd. (AIR 1967 SC 1098), where it upheld confidentiality obligations imposed during the term of employment as reasonable and enforceable. Sections 73 and 74 provide the framework for claiming damages — Section 73 for unliquidated damages based on actual loss, and Section 74 for liquidated damages where the parties have pre-agreed a compensation amount.
The Specific Relief Act, 1963 gives courts the power to grant injunctions — temporary and permanent — to prevent a party from breaching confidentiality obligations. In practice, injunctive relief is the most effective remedy in NDA breach cases because the damage from disclosure is often irreversible and difficult to quantify in monetary terms.
The Delhi High Court reinforced these principles in Pepsi Foods Ltd. v. Bharat Coca-Cola Holdings Pvt. Ltd. (1999), holding that an employee who misappropriated trade secrets and confidential information from a former employer could be restrained by court order. The court recognised that restraining the use of trade secrets does not amount to restraint of trade under Section 27.
The Digital Personal Data Protection Act, 2023 (DPDP Act) adds a new layer. If the confidential information shared under an NDA includes personal data, the parties must comply with DPDP Act obligations. A data fiduciary (the entity determining the purpose and means of processing personal data) must ensure that personal data is processed only for the stated purpose, with appropriate security safeguards, and that any breach is reported to the Data Protection Board and affected individuals. This means your NDA should explicitly address DPDP Act compliance if personal data is part of the confidential information exchanged.
Clause-by-Clause NDA Drafting Guide (with Sample Language)
This is the core of the guide. Each clause below includes its purpose, drafting tips specific to Indian law, sample language you can adapt, and the common mistakes to avoid.
Clause 1: Parties and Recitals
The opening clause identifies who is bound by the agreement and why they are entering it. Use full legal names, registered addresses, and entity type (company, LLP, partnership, or individual). The recitals section sets the context — it explains why confidential information is being shared without revealing the information itself.
Drafting tip: Always include the CIN (Corporate Identification Number) for companies and LLPIN for LLPs. This eliminates ambiguity if there are similarly named entities.
Sample language:
“This Non-Disclosure Agreement (“Agreement”) is entered into on [Date] between: (1) [Full Legal Name], a company incorporated under the Companies Act, 2013, having CIN [Number] and its registered office at [Address] (hereinafter referred to as the “Disclosing Party”); and (2) [Full Legal Name], [entity type], having [registration number] and its registered office at [Address] (hereinafter referred to as the “Receiving Party”). WHEREAS the Disclosing Party possesses certain confidential and proprietary information relating to [general description of business purpose] and wishes to disclose such information to the Receiving Party for the purpose of [specific purpose, e.g., evaluating a potential business collaboration].”
Common mistake: Using vague descriptions like “Party A” and “Party B” without full legal details, which creates enforcement difficulties if the agreement needs to be produced in court.
Clause 2: Definition of Confidential Information
This is the most important clause in any NDA. Indian courts have held that vague or overly broad definitions of confidential information are likely to be unenforceable. You need to be specific enough that a court can determine what was protected, but broad enough that you do not accidentally exclude information that matters.
Drafting tip: Use a combination approach — start with a general category-based definition, then add specific examples, and finally list what is excluded. This structure has been upheld by Indian courts as reasonable and enforceable.
Sample language:
“‘Confidential Information’ means all information, whether written, oral, electronic, visual, or in any other form, disclosed by the Disclosing Party to the Receiving Party, directly or indirectly, including but not limited to: (a) business plans, financial data, projections, and pricing information; (b) customer and supplier lists, contact details, and relationship information; (c) trade secrets, technical data, product designs, source code, algorithms, and know-how; (d) marketing strategies, sales data, and market research; (e) information relating to employees, consultants, and their compensation; (f) any information marked as ‘Confidential,’ ‘Proprietary,’ or with similar designation; and (g) any information that, by its nature or the circumstances of its disclosure, a reasonable person would understand to be confidential. Confidential Information also includes oral disclosures, provided the Disclosing Party identifies such information as confidential at the time of disclosure and confirms it in writing within fifteen (15) business days.”
Common mistake: Not covering oral disclosures. In many Indian businesses, sensitive information is shared in meetings and phone calls. Without explicit coverage, orally disclosed information falls outside the NDA’s protection.
Clause 3: Exclusions from Confidentiality
No NDA should attempt to protect everything. Courts expect reasonable exclusions, and failing to include them can make the entire agreement appear unreasonable.
Drafting tip: The four standard exclusions are well-established in Indian contract practice. Include all four, and resist requests to remove them — a court may view their absence as evidence of an oppressive or unreasonable agreement.
Sample language:
“Confidential Information shall not include information that: (a) was already in the public domain at the time of disclosure, or subsequently enters the public domain through no fault of the Receiving Party; (b) was already known to the Receiving Party prior to disclosure, as demonstrated by written records predating the date of disclosure; (c) is independently developed by the Receiving Party without reference to or use of the Confidential Information, as demonstrated by documented evidence; or (d) is required to be disclosed by law, regulation, or order of a court or governmental authority of competent jurisdiction, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement (to the extent legally permitted) and reasonable opportunity to seek a protective order or other appropriate remedy.”
Common mistake: Omitting the “court order” exclusion. If a receiving party is legally compelled to disclose information (for example, in response to a summons or regulatory order), they should not be in breach of the NDA for complying with the law.
Clause 4: Obligations of the Receiving Party
This clause defines what the receiving party must do to protect the information. Indian courts look for a “reasonable standard of care” — the same level of protection the receiving party applies to its own confidential information, with a minimum standard of reasonable care.
Drafting tip: Be specific about operational obligations — who can access the information, how it should be stored, and what happens if there is a breach. Generic statements like “shall keep information confidential” are weak.
Sample language:
“The Receiving Party agrees to: (a) hold the Confidential Information in strict confidence and not disclose it to any third party without the prior written consent of the Disclosing Party; (b) use the Confidential Information solely for the Purpose stated in this Agreement and for no other purpose; (c) restrict access to the Confidential Information to those of its employees, officers, directors, advisors, and consultants who have a genuine need to know for the Purpose and who are bound by written confidentiality obligations no less restrictive than those contained herein; (d) protect the Confidential Information using the same degree of care it uses to protect its own confidential information of a similar nature, but in no event less than reasonable care; (e) notify the Disclosing Party in writing within forty-eight (48) hours of becoming aware of any unauthorised disclosure, use, or access of the Confidential Information; and (f) not reverse-engineer, decompile, or disassemble any Confidential Information that includes software, prototypes, or technical materials, unless expressly permitted in writing.”
Common mistake: Not binding sub-recipients. If the receiving party shares information with its lawyers, accountants, or consultants, those individuals must also be bound by confidentiality. The clause should make the receiving party liable for breaches by its authorised recipients.
Clause 5: Permitted Use and Purpose Limitation
The purpose clause ties the disclosure to a specific business objective. This is important because Indian courts assess reasonableness partly by looking at whether the confidentiality obligations are proportionate to the stated purpose.
Drafting tip: Be as specific as possible about the purpose. “Evaluating a potential investment” is better than “business purposes.” A narrower purpose makes it easier to prove that any use outside that scope was unauthorised.
Sample language:
“The Receiving Party shall use the Confidential Information solely for the purpose of [specific description, e.g., ‘evaluating a potential equity investment in the Disclosing Party’ or ‘performing due diligence in connection with the proposed acquisition of the Disclosing Party’s business’] (the ‘Purpose’) and for no other purpose whatsoever. Any use of the Confidential Information beyond the Purpose shall constitute a material breach of this Agreement.”
Common mistake: Using an open-ended purpose like “for mutual benefit” or “for business collaboration” — this makes it nearly impossible to prove that any particular use was unauthorised.
Clause 6: Term and Duration
This clause sets two timelines: how long the NDA remains in force (the term) and how long the confidentiality obligations survive after the term ends (the survival period).
Drafting tip: Indian courts generally accept confidentiality periods of two to five years as reasonable. Perpetual obligations are viewed with suspicion unless they relate to trade secrets. For trade secrets, you can draft a longer or indefinite survival period, but you must clearly define what constitutes a trade secret within the agreement.
Sample language:
“This Agreement shall come into effect on the date first written above and shall remain in force for a period of [two/three] years from the date hereof, unless terminated earlier by either party upon thirty (30) days’ written notice to the other party. Notwithstanding the expiry or termination of this Agreement, the confidentiality obligations contained herein shall survive and continue to bind the Receiving Party for a period of [three/five] years from the date of disclosure of the relevant Confidential Information. With respect to any Confidential Information that constitutes a trade secret under applicable law, the confidentiality obligations shall continue for so long as such information retains its character as a trade secret.”
Common mistake: Not differentiating between general confidential information and trade secrets. A blanket perpetual obligation for all information is likely to be challenged. A tiered approach — fixed period for general information, indefinite for trade secrets — is both practical and defensible.
Clause 7: Return or Destruction of Information
When the business relationship ends or the NDA is terminated, the receiving party should return or destroy all confidential information. This clause needs a verification mechanism.
Drafting tip: Include a certification requirement — a written confirmation from an authorised officer of the receiving party that all information has been returned or destroyed. For electronic information, specify that destruction includes purging from all servers, backup systems, and personal devices.
Sample language:
“Upon the expiry or termination of this Agreement, or upon written request by the Disclosing Party at any time, the Receiving Party shall, at the Disclosing Party’s option, promptly: (a) return all documents, materials, and media containing Confidential Information to the Disclosing Party; or (b) destroy all such documents, materials, and media, including all copies, summaries, notes, and extracts thereof, and permanently delete all Confidential Information stored in electronic form from all systems, devices, servers, and backup media. Within fifteen (15) days of such return or destruction, the Receiving Party shall provide a written certification signed by an authorised officer confirming that all Confidential Information has been returned or destroyed in accordance with this clause. Notwithstanding the foregoing, the Receiving Party may retain one archival copy of the Confidential Information solely for legal compliance or regulatory purposes, provided such copy remains subject to the confidentiality obligations of this Agreement.”
Common mistake: Not accounting for electronic copies, cloud backups, and email archives. In 2026, information lives across multiple systems. The clause must explicitly address digital destruction.
Clause 8: Non-Solicitation and Non-Compete Considerations
This is where most Indian NDAs go wrong. Section 27 of the Indian Contract Act makes all agreements in restraint of trade void. Courts have consistently struck down post-employment non-compete clauses as unenforceable.
Drafting tip: If you want to include non-solicitation (restricting the poaching of employees or clients), keep it separate from the NDA’s confidentiality obligations and ensure it is limited in scope, geography, and duration. Do not disguise a non-compete as a confidentiality clause — Indian courts will look at the substance, not the label. The Supreme Court in Superintendence Company of India (P) Ltd. v. Krishan Murgai (1980) struck down a post-employment restraint even though it was framed as a confidentiality obligation.
Sample language (non-solicitation only — keep separate from confidentiality):
“During the term of this Agreement and for a period of [twelve (12)] months following its expiry or termination, the Receiving Party shall not, directly or indirectly, solicit, recruit, or hire any employee, consultant, or contractor of the Disclosing Party with whom the Receiving Party had contact or about whom the Receiving Party received Confidential Information during the term of this Agreement.”
Common mistake: Including a blanket non-compete clause within the NDA. Indian courts will sever it or — worse — use it as grounds to question the reasonableness of the entire agreement.
Clause 9: Remedies for Breach
This clause defines what happens when someone violates the NDA. In India, you have both civil and criminal remedies available, and the clause should preserve all options.
Drafting tip: Include both injunctive relief and damages. Indian courts routinely grant temporary injunctions in NDA breach cases under the Specific Relief Act, 1963. For monetary damages, consider including a liquidated damages clause under Section 74 of the Indian Contract Act — this avoids the difficulty of proving actual loss. However, the liquidated amount must be a genuine pre-estimate of loss, not a penalty.
Sample language:
“The Receiving Party acknowledges that any breach of this Agreement may cause irreparable harm to the Disclosing Party for which monetary damages alone would be inadequate. Accordingly, the Disclosing Party shall be entitled, in addition to any other remedies available at law or in equity, to seek injunctive relief, specific performance, or other equitable remedies from any court of competent jurisdiction without the necessity of proving actual damages or posting any bond. In addition, the Receiving Party shall indemnify and hold harmless the Disclosing Party from and against all losses, damages, costs, and expenses (including reasonable legal fees) arising from or in connection with any breach of this Agreement by the Receiving Party or its authorised recipients.”
Common mistake: Not mentioning injunctive relief explicitly. While courts can grant injunctions regardless of what the contract says, explicitly referencing the right to seek injunctive relief strengthens your application and signals the seriousness of the obligation.
Clause 10: Dispute Resolution
Choose between litigation and arbitration. For most Indian NDAs, arbitration is preferable — it is faster, private (which is particularly relevant when the dispute itself involves confidential information), and the Arbitration and Conciliation Act, 1996 provides a well-established framework.
Drafting tip: If you choose arbitration, specify the seat (which determines the governing procedural law), the language, the number of arbitrators, and the appointing institution. For NDAs between Indian parties, a single arbitrator with a seat in the city where the disclosing party operates is a practical default.
Sample language:
“Any dispute, controversy, or claim arising out of or in connection with this Agreement, including its validity, interpretation, performance, breach, or termination, shall be resolved by arbitration administered under the rules of [the Mumbai Centre for International Arbitration / the Delhi International Arbitration Centre / the Indian Council of Arbitration]. The seat of arbitration shall be [City], India. The arbitration shall be conducted in English by a sole arbitrator appointed in accordance with the applicable rules. The arbitral award shall be final and binding upon the parties. Notwithstanding the foregoing, either party may seek interim or injunctive relief from any court of competent jurisdiction to prevent irreparable harm pending the constitution of the arbitral tribunal.”
Common mistake: Forgetting to preserve the right to seek court-ordered injunctions alongside arbitration. Arbitral tribunals can take time to constitute, and in NDA breach cases, every day of delay allows further disclosure. The clause should explicitly carve out the right to approach courts for urgent interim relief.
Clause 11: Governing Law and Jurisdiction
Specify which law governs the agreement and which courts have jurisdiction.
Drafting tip: For agreements between Indian parties, choose Indian law and the courts of a specific city. Avoid “courts in India” without specifying the city — this invites jurisdictional disputes. For cross-border NDAs, Indian parties should push for Indian governing law and Indian-seated arbitration, as enforcing a foreign judgment or award in India adds significant time and cost.
Sample language:
“This Agreement shall be governed by and construed in accordance with the laws of India. Subject to the arbitration clause above, the courts at [City], India shall have exclusive jurisdiction over any disputes arising out of or in connection with this Agreement.”
Common mistake: Choosing a foreign governing law for an NDA between two Indian parties. This creates unnecessary complications and may result in an Indian court applying Indian law regardless, under public policy principles.
Clause 12: AI and Data Protection Clause
This is a 2026 essential. With generative AI tools now embedded in legal, financial, and operational workflows, your NDA must explicitly address whether confidential information can be processed by AI systems — and if so, under what conditions.
Drafting tip: Draft this clause to address three risks: (1) AI tools that retain input data for model training, (2) AI platforms whose terms of service grant the provider a licence to use submitted content, and (3) the difficulty of “destroying” information once it has been processed by an AI model. If the DPDP Act applies (because personal data is involved), include a cross-reference to the receiving party’s data protection obligations.
Sample language:
“The Receiving Party shall not input, upload, process, or otherwise make available any Confidential Information to any artificial intelligence system, machine learning model, large language model, or automated data processing tool (collectively, ‘AI Tools’) unless: (a) the AI Tool operates in a closed, enterprise-grade environment that does not retain input data, use input data for model training, or share input data with third parties; (b) the Receiving Party has obtained the prior written consent of the Disclosing Party, specifying the AI Tool, the purpose of processing, and the safeguards in place; and (c) the AI Tool’s terms of service do not grant the AI provider any licence, right, or interest in or to the Confidential Information. Where Confidential Information includes personal data as defined under the Digital Personal Data Protection Act, 2023, the Receiving Party shall ensure that any processing of such data complies with the requirements of that Act, including but not limited to the obligations of a data fiduciary under Section 8.”
Common mistake: Ignoring AI entirely. An NDA drafted in 2026 without an AI clause is already outdated. The risk of confidential information being absorbed into an AI model’s training data is real and growing, and courts have not yet fully addressed the implications — which makes contractual protection even more important.
Clause 13: Miscellaneous Provisions
These are standard boilerplate clauses, but each serves a specific purpose in Indian contract law.
Sample language for key miscellaneous provisions:
“Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from this Agreement and the remaining provisions shall continue in full force and effect.
Entire Agreement. This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior negotiations, representations, warranties, commitments, offers, and agreements, whether written or oral.
Amendment. No amendment or modification of this Agreement shall be effective unless made in writing and signed by both parties.
Assignment. Neither party may assign or transfer this Agreement or any rights or obligations hereunder without the prior written consent of the other party.
No Waiver. The failure of either party to enforce any provision of this Agreement shall not be construed as a waiver of such provision or the right to enforce it at a later time.
Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed equivalent to original signatures for all purposes.”
Complete NDA Template for India (Ready to Use)
Below is a full mutual NDA template incorporating all thirteen clauses discussed above. Adapt it to your specific transaction by modifying the bracketed sections.
NON-DISCLOSURE AGREEMENT
This Non-Disclosure Agreement (“Agreement”) is entered into on [Date] (“Effective Date”)
BETWEEN:
(1) [Full Legal Name], a [company incorporated under the Companies Act, 2013 / LLP registered under the Limited Liability Partnership Act, 2008 / individual], having [CIN/LLPIN/PAN] [Number] and its registered office/residing at [Full Address] (hereinafter “Party A”);
AND
(2) [Full Legal Name], a [entity type], having [registration number] and its registered office/residing at [Full Address] (hereinafter “Party B”).
Party A and Party B are individually referred to as a “Party” and collectively as the “Parties.”
RECITALS
WHEREAS the Parties wish to explore [specific purpose, e.g., a potential business collaboration / a potential investment / a proposed transaction] (the “Purpose”) and, in connection therewith, each Party may disclose certain confidential and proprietary information to the other Party;
NOW, THEREFORE, in consideration of the mutual covenants contained herein and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:
1. DEFINITIONS
1.1 “Disclosing Party” means the Party disclosing Confidential Information.
1.2 “Receiving Party” means the Party receiving Confidential Information.
1.3 “Confidential Information” means all information, whether written, oral, electronic, visual, or in any other form, disclosed by the Disclosing Party to the Receiving Party, directly or indirectly, including but not limited to: (a) business plans, financial data, projections, and pricing information; (b) customer and supplier lists, contact details, and relationship information; (c) trade secrets, technical data, product designs, source code, algorithms, and know-how; (d) marketing strategies, sales data, and market research; (e) employee, consultant, and compensation information; (f) any information marked as “Confidential,” “Proprietary,” or with similar designation; and (g) any information that a reasonable person would understand to be confidential given its nature or the circumstances of disclosure. Oral disclosures shall constitute Confidential Information if identified as confidential at the time of disclosure and confirmed in writing within fifteen (15) business days.
1.4 “Authorised Recipients” means the Receiving Party’s employees, officers, directors, advisors, legal counsel, accountants, and consultants who have a genuine need to know the Confidential Information for the Purpose and who are bound by written confidentiality obligations no less restrictive than those in this Agreement.
2. EXCLUSIONS
Confidential Information shall not include information that: (a) was in the public domain at the time of disclosure or enters the public domain through no fault of the Receiving Party; (b) was known to the Receiving Party prior to disclosure, as evidenced by written records; (c) is independently developed by the Receiving Party without reference to the Confidential Information, as evidenced by documented records; or (d) is disclosed pursuant to a legal obligation, court order, or regulatory requirement, provided the Receiving Party gives prompt written notice to the Disclosing Party (to the extent legally permitted) and cooperates in seeking a protective order.
3. OBLIGATIONS
3.1 The Receiving Party shall hold all Confidential Information in strict confidence and shall not disclose it to any person other than Authorised Recipients.
3.2 The Receiving Party shall use the Confidential Information solely for the Purpose and for no other purpose.
3.3 The Receiving Party shall protect the Confidential Information with the same degree of care it uses for its own confidential information, and in no event less than reasonable care.
3.4 The Receiving Party shall be responsible for any breach of this Agreement by its Authorised Recipients.
3.5 The Receiving Party shall notify the Disclosing Party in writing within forty-eight (48) hours of becoming aware of any unauthorised disclosure or use of the Confidential Information.
3.6 The Receiving Party shall not reverse-engineer, decompile, or disassemble any Confidential Information without the prior written consent of the Disclosing Party.
4. AI AND DATA PROTECTION
4.1 The Receiving Party shall not input, upload, or process any Confidential Information using any artificial intelligence tool, machine learning model, or automated data processing system unless: (a) the tool operates in a closed, enterprise-grade environment that does not retain input data or use it for model training; (b) the Disclosing Party has given prior written consent; and (c) the tool’s terms of service do not grant the provider any rights in the Confidential Information.
4.2 Where Confidential Information includes personal data as defined under the Digital Personal Data Protection Act, 2023, the Receiving Party shall ensure compliance with the obligations of a data fiduciary under that Act.
5. TERM AND SURVIVAL
5.1 This Agreement shall remain in force for [two (2) / three (3)] years from the Effective Date, unless terminated earlier by either Party upon thirty (30) days’ written notice.
5.2 The confidentiality obligations shall survive for [three (3) / five (5)] years from the date of disclosure of the relevant Confidential Information.
5.3 For Confidential Information constituting trade secrets, the obligations shall continue for as long as the information retains its trade secret character.
6. RETURN AND DESTRUCTION
6.1 Upon expiry, termination, or written request, the Receiving Party shall promptly return or destroy all Confidential Information, including copies, notes, summaries, and electronic records.
6.2 The Receiving Party shall provide written certification of return or destruction within fifteen (15) days.
6.3 The Receiving Party may retain one archival copy solely for legal compliance, subject to the confidentiality obligations of this Agreement.
7. REMEDIES
7.1 The Receiving Party acknowledges that breach may cause irreparable harm. The Disclosing Party shall be entitled to injunctive relief, specific performance, and other equitable remedies without proving actual damages.
7.2 The Receiving Party shall indemnify the Disclosing Party against all losses, damages, costs, and expenses (including legal fees) arising from any breach.
7.3 The remedies in this Agreement are cumulative and do not exclude any other remedies available at law or in equity.
8. DISPUTE RESOLUTION
8.1 Any dispute arising from this Agreement shall be resolved by arbitration under the rules of [arbitration institution] with the seat at [City], India, conducted in English by a sole arbitrator.
8.2 The arbitral award shall be final and binding.
8.3 Notwithstanding the above, either Party may seek interim injunctive relief from a court of competent jurisdiction pending constitution of the arbitral tribunal.
9. GOVERNING LAW AND JURISDICTION
This Agreement shall be governed by the laws of India. Subject to Clause 8, the courts at [City], India shall have exclusive jurisdiction.
10. GENERAL
10.1 Severability. Invalid provisions shall be severed; remaining provisions continue in force.
10.2 Entire Agreement. This Agreement supersedes all prior agreements on the subject matter.
10.3 Amendment. Amendments must be in writing and signed by both Parties.
10.4 Assignment. Neither Party may assign without prior written consent.
10.5 No Waiver. Failure to enforce a provision does not waive the right to enforce it later.
10.6 Counterparts. This Agreement may be executed in counterparts; electronic signatures are valid.
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.
| Party A | Party B |
| Signature: ________________ | Signature: ________________ |
| Name: | Name: |
| Designation: | Designation: |
| Date: | Date: |
Witness 1: Name, Address, Signature
Witness 2: Name, Address, Signature
Customisation notes: For a unilateral NDA, remove references to mutual obligations and designate one party as the Disclosing Party and the other as the Receiving Party throughout. For an employment NDA, add clauses on inventions and work product assignment, and ensure the non-compete language (if any) operates only during the term of employment to comply with Section 27.
Using AI Responsibly for NDA Drafting
Artificial intelligence tools can genuinely accelerate NDA drafting. They can generate first drafts, flag missing clauses, review language for consistency, and even compare your NDA against market-standard terms. But using AI for legal document drafting comes with specific risks that you must manage carefully, especially in India where the legal and regulatory landscape around AI is still developing.
The first risk is confidentiality breach through the AI tool itself. When you paste your client’s business information, transaction details, or proprietary terms into a consumer-grade AI chatbot, that information may be stored, used for model training, or accessible to the platform’s employees. In February 2026, a US federal court ruled that documents created using a consumer AI platform were not protected by attorney-client privilege. While Indian courts have not yet addressed this specific issue, the principle is instructive — if your AI tool’s terms of service give the provider a licence to use input data, you may be compromising the very confidentiality the NDA is meant to protect.
The second risk is accuracy. AI models generate plausible-sounding legal language, but they do not verify it against current Indian statutes, recent High Court decisions, or the specific requirements of your transaction. An AI tool might draft a non-compete clause that reads perfectly but is void under Section 27 of the Indian Contract Act. It might reference a provision of a statute that has been amended or repealed. It might generate language drawn from common law jurisdictions that does not work under Indian contract law principles.
The third risk is over-reliance. An NDA generated entirely by AI without human review is a liability waiting to materialise. The AI does not know the commercial context of your deal, the relative bargaining positions of the parties, or the specific risks that matter most to your client.
Here is how to use AI responsibly in NDA drafting. First, use enterprise-grade AI tools with clear data privacy commitments — tools that do not retain your input, do not use it for training, and operate in a closed environment. Never paste confidential client information into a free, consumer-facing AI chatbot. Second, use AI as a starting point, not a finished product. Generate a first draft, then review every clause against the Indian Contract Act, the Specific Relief Act, and any sector-specific regulations that apply. Third, always have a qualified legal professional review the final document. The AI can save you time on the first draft, but the legal judgement — knowing which clauses to tighten, which to relax, and which to add based on the specific deal — requires human expertise. Fourth, maintain an audit trail. If you used an AI tool to draft or review an NDA, document which tool you used, what information you inputted, and what the tool’s data handling terms are. This protects you if questions arise about confidentiality or privilege later.
The most practical approach in 2026 is to treat AI as a research assistant and first-draft generator, not as a replacement for legal skill. Use it to speed up the process, then apply your own knowledge of Indian law to refine and finalise the document.
Stamp Paper and Execution Requirements
Indian law does not strictly require NDAs to be executed on stamp paper. An NDA on plain paper or company letterhead, signed by both parties, is a valid contract under the Indian Contract Act, 1872. However, stamping makes a significant difference in enforceability — an unstamped document may be inadmissible as evidence in court proceedings under the Indian Stamp Act, 1899, unless the deficiency in stamp duty (plus a penalty) is paid at the time of production.
The stamp duty amount varies by state because the Indian Stamp Act, 1899 is a Central act that states have the power to adopt with amendments. Maharashtra follows the Bombay Stamp Act, 1958, Karnataka has the Karnataka Stamp Act, 1957, Kerala has the Kerala Stamp Act, 1959, and Rajasthan has the Rajasthan Stamp Act, 1998. Most other states follow the Central act with state-specific notifications on duty amounts.
For NDAs specifically, stamp duty is generally nominal — typically ranging from INR 100 to INR 500 depending on the state. Some states classify NDAs under “agreements not otherwise provided for” in their stamp duty schedules, which attracts a minimal duty. Check the specific schedule applicable in the state where the NDA will be executed.
E-stamp paper is now available in most major states including Maharashtra, Delhi-NCR, Karnataka, Tamil Nadu, Uttar Pradesh, Gujarat, Himachal Pradesh, Assam, and Uttarakhand. You can purchase e-stamps through the Stock Holding Corporation of India (SHCIL) portal or authorised centres. E-stamps are fully valid and increasingly preferred over physical stamp paper.
Notarisation is not mandatory for an NDA in India. However, getting the document notarised adds an additional layer of authenticity. The notary confirms the identities of the signatories, which can be valuable if the agreement is ever challenged on grounds of forgery or denial of execution.
Witness signatures are also not legally required, but including two witnesses is standard practice and recommended. Witnesses strengthen the evidentiary value of the document and make it harder for a party to later deny having signed the agreement.
For digital execution, the Information Technology Act, 2000 recognises electronic signatures as valid. Both Aadhaar-based e-signatures and digital signatures issued by a certifying authority are legally valid for executing an NDA electronically.
Common Mistakes That Make Indian NDAs Unenforceable
Seven mistakes appear repeatedly in Indian NDAs that are challenged in court.
The first is defining confidential information too broadly or too vaguely. A definition that covers “all information of any kind” gives the receiving party no way to know what is actually protected and invites a court to find the clause unreasonable. The definition must be specific enough that a reasonable person can identify what falls within it.
The second is disguising a non-compete as a confidentiality clause. If the practical effect of your NDA is to prevent someone from working in their field of expertise, an Indian court will treat it as a restraint of trade under Section 27 — regardless of what you call it. Keep confidentiality obligations separate from competitive restrictions, and understand that post-employment non-competes are unenforceable in India.
The third is missing consideration. For an NDA signed at the start of employment, the employment itself constitutes consideration. But for a standalone NDA signed after the employment relationship has already begun, you need separate consideration — a bonus, a promotion, access to new information, or some other identifiable benefit. Without it, the agreement lacks one of the essential elements of a valid contract under Section 10.
The fourth is no term or survival clause. An NDA that does not specify how long the obligations last creates uncertainty. Courts are reluctant to enforce open-ended obligations, and the receiving party can argue that the obligation was only meant to last during the business relationship.
The fifth is choosing the wrong jurisdiction. Specifying a jurisdiction that has no connection to either party or the transaction creates inconvenience and may be challenged. Choose the city where the disclosing party is headquartered or where the business relationship is centred.
The sixth is failing to include a dispute resolution mechanism. Without an arbitration or jurisdiction clause, the parties may end up litigating over where to litigate — wasting time and money before they even address the substantive breach.
The seventh is ignoring the DPDP Act. If your NDA covers personal data — employee records, customer databases, user information — and you do not address DPDP Act compliance, you are creating a gap between your contractual framework and your statutory obligations. This gap can be exploited by a party seeking to avoid its confidentiality obligations.
What to Do When an NDA Is Breached
When you discover that confidential information has been disclosed or misused in violation of your NDA, speed matters. Every hour of delay potentially allows further dissemination.
Your immediate steps should be to document everything — take screenshots, preserve emails, save timestamps, and identify exactly what information was disclosed, to whom, and through what channel. Then send a formal cease-and-desist letter through your lawyer, referencing the specific NDA clauses that have been breached and demanding immediate cessation of the unauthorised disclosure or use.
For injunctive relief, file an application under Order XXXIX Rules 1 and 2 of the Code of Civil Procedure, 1908, read with the Specific Relief Act, 1963. The court can grant an ex parte temporary injunction if you demonstrate a prima facie case, balance of convenience in your favour, and irreparable harm. In NDA breach cases involving trade secrets or time-sensitive business information, courts have been willing to grant urgent interim orders.
For monetary damages, you can pursue a claim under Section 73 of the Indian Contract Act (compensation for loss caused by breach) or Section 74 (reasonable compensation not exceeding the agreed liquidated damages amount, if your NDA includes one). If the breach also involves criminal elements — for example, an employee stealing proprietary data — you can file a complaint under Section 405/406 of the Indian Penal Code (criminal breach of trust) or the equivalent provisions under the Bharatiya Nyaya Sanhita, 2023 (Sections 316/317).
If your NDA includes an arbitration clause, you must initiate arbitration for the substantive dispute. However, you can still approach a court for interim injunctive relief under Section 9 of the Arbitration and Conciliation Act, 1996, even before the arbitral tribunal is constituted.
Industry-Specific NDA Considerations
Different industries require different emphasis in their NDAs.
For startups and fundraising, the NDA should focus on protecting the business model, technology stack, financial projections, and investor pipeline. Investors frequently resist signing NDAs before initial pitch meetings, so consider a tiered approach — share general information without an NDA, and require an NDA before sharing detailed financials and proprietary technology. Keep the term shorter (one to two years) since startup information changes rapidly.
For employment and HR, the NDA should be specific to the employee’s role and the information they will access. A software developer’s NDA should protect source code and algorithms; a sales manager’s NDA should protect client lists and pricing. Avoid blanket NDAs that cover everything — courts scrutinise these more closely. Always ensure the NDA is signed at the time of hiring (when employment itself is the consideration) rather than mid-employment (which requires separate consideration).
For technology and SaaS companies, the NDA should explicitly cover source code, APIs, system architecture, security protocols, and data handling practices. Include provisions on reverse engineering, and address the specific risk of confidential information being exposed through integration testing or API access. The AI clause discussed above is particularly important here.
For M&A and due diligence, mutual NDAs are standard. Include provisions addressing the use of information rooms (virtual data rooms), the involvement of external advisors (who must be bound by separate confidentiality undertakings), and standstill provisions preventing the receiving party from making an unsolicited bid based on the information received.
For real estate and construction, NDAs should cover project plans, cost estimates, tender documents, and land acquisition strategies. Given the involvement of multiple parties (developers, architects, contractors, government authorities), consider a multilateral NDA framework.
Disclaimer: This article is for informational and educational purposes only and does not constitute legal advice. Laws, rules, and procedures are subject to change. For advice specific to your situation, consult a qualified legal professional. Information is current as of March 2026.
Frequently Asked Questions
Is an NDA legally valid and enforceable in India?
Yes. NDAs are enforceable as contracts under the Indian Contract Act, 1872, provided they meet the essential requirements of a valid contract — free consent, lawful consideration, competent parties, and lawful object. Indian courts have consistently upheld well-drafted NDAs and granted injunctive relief to prevent breaches. The key limitation is that NDA clauses which effectively operate as restraints of trade (non-competes) are void under Section 27 of the Act.
Can I draft my own NDA without a lawyer?
You can, but it carries risks. A self-drafted NDA may contain vague definitions, unenforceable clauses, or gaps that undermine its effectiveness. For low-stakes situations like freelancer engagements, a well-researched self-drafted NDA using a reliable template may suffice. For high-value transactions, employee agreements involving trade secrets, or cross-border deals, professional legal review is strongly recommended.
What is the penalty for breaking an NDA in India?
There is no fixed statutory penalty. Remedies include injunctive relief (a court order stopping further disclosure), damages under Section 73 of the Indian Contract Act (compensation for actual loss), liquidated damages under Section 74 (pre-agreed compensation), and potentially criminal prosecution under Section 405/406 of the IPC or equivalent BNS provisions for breach of trust. The actual consequences depend on the NDA’s terms and the nature of the breach.
How long does an NDA last in India?
There is no statutory limit. Typical NDAs in India last two to five years, with confidentiality obligations surviving for an additional period after termination. Trade secret protections can be drafted as indefinite. Courts generally consider two-to-five-year terms reasonable but may question perpetual obligations for general confidential information.
Does an NDA need to be on stamp paper in India?
Strictly, no — an NDA on plain paper is a valid contract. However, an unstamped document may face admissibility challenges as evidence in court. Stamp duty for NDAs is generally nominal (INR 100-500 depending on the state), and stamping is strongly recommended for enforceability. E-stamp paper is available in most major states.
Is an NDA enforceable after termination of employment?
Confidentiality obligations in an NDA survive termination of employment — this has been upheld by Indian courts, including in Niranjan Shankar Golikari v. Century Spinning (1967). However, non-compete clauses (preventing someone from working for a competitor) are void after employment ends under Section 27 of the Indian Contract Act. The distinction is between protecting information (enforceable) and restricting employment (void).
What is the difference between an NDA and a confidentiality agreement?
There is no legal difference. “Non-Disclosure Agreement” and “Confidentiality Agreement” are interchangeable terms used for the same type of contract. Some practitioners prefer “Confidentiality Agreement” when the focus is on protecting information within an ongoing relationship, and “NDA” when it is a standalone agreement, but the legal effect is identical.
Can an NDA be signed electronically in India?
Yes. The Information Technology Act, 2000 recognises electronic signatures — including Aadhaar-based e-signatures and digital signatures issued by certifying authorities — as valid for contract execution. An electronically signed NDA has the same legal effect as a physically signed one.
What should I do if someone refuses to sign an NDA?
First, understand why. Investors and large corporations often have policies against signing NDAs before initial discussions. In such cases, consider sharing only non-sensitive information initially and requiring an NDA before detailed disclosures. If a party refuses outright, you can limit what you share, use a one-way NDA with minimal obligations, or proceed without an NDA while documenting that the information shared was clearly designated as confidential.
Can an NDA protect an idea?
An NDA can protect how an idea is expressed and the specific details surrounding it, but it cannot protect the idea itself. Indian law, like most legal systems, does not recognise property rights in abstract ideas. However, if the idea is expressed in a specific form (a business plan, a technical design, a financial model), that expression can be protected as confidential information under an NDA. For broader protection, combine the NDA with intellectual property registrations where applicable.
Is a mutual NDA better than a unilateral NDA?
It depends on the situation. A mutual NDA is appropriate when both parties are sharing confidential information — joint ventures, M&A discussions, and technology partnerships are common examples. A unilateral NDA is appropriate when only one party is disclosing — employer-employee relationships, investor pitches, and vendor engagements. Using a mutual NDA when only one party discloses information adds unnecessary complexity without additional protection.
What is the role of the DPDP Act in NDA drafting?
If the confidential information shared under an NDA includes personal data (employee records, customer databases, user information), the DPDP Act, 2023 imposes additional obligations. The party receiving personal data must comply with data fiduciary obligations under Section 8, including processing data only for the stated purpose, maintaining security safeguards, and reporting breaches. Your NDA should cross-reference these statutory obligations to ensure consistency between contractual and legal requirements.
Can I use AI tools to draft an NDA?
Yes, but with caution. AI tools can generate useful first drafts and flag missing clauses, but they should never be the final word. Key risks include: the AI tool may store your confidential input data (violating client confidentiality); AI-generated language may not be accurate under current Indian law; and AI cannot assess the commercial context of your specific deal. Always use enterprise-grade tools with strong data privacy policies, and have a qualified legal professional review the final document.
How is a trade secret different from confidential information in an NDA?
All trade secrets are confidential information, but not all confidential information qualifies as a trade secret. A trade secret is information that derives economic value from being secret, and the holder has taken reasonable steps to maintain its secrecy. In an NDA, this distinction matters for the survival clause — general confidential information can have a fixed confidentiality period (two to five years), while trade secrets can be protected indefinitely. The 2024 Law Commission recommendation on trade secrets legislation, once enacted, will create additional statutory protections.
What is the cost of getting an NDA drafted by a lawyer in India?
Costs vary widely depending on the complexity and the lawyer’s experience. A simple unilateral NDA from a junior advocate or online legal service may cost INR 2,000-5,000. A customised bilateral NDA from a mid-level law firm typically costs INR 10,000-25,000. Complex NDAs for M&A transactions or cross-border deals drafted by senior partners at established firms can cost INR 50,000-2,00,000 or more. The investment is proportionate to the value of the information being protected.