A tier-one Indian engineering company once tried to enforce a carefully negotiated non-disclosure agreement against a departing senior employee. It went to the Bombay High Court to get an arbitrator appointed. And there it stalled, not because the confidentiality covenant was weak, not because the employee had a clever defence, but because nobody had stamped the document. Under the Stamp Act, an unstamped instrument can’t be acted on until duty and penalty are paid. So the court didn’t tear up the NDA. It impounded it, fixed the duty at ₹100 under the residuary entry (Article 5(h)(B) of the Maharashtra Stamp Act, the catch-all for an agreement with no ascertainable money value), added a penalty of roughly ₹44 for the delay, and directed that once about ₹144 was paid the instrument be endorsed and the matter proceed.
A valid, lawyer-drafted contract held up over a ₹100 stamp. That’s the kind of avoidable failure that defines NDA practice in this country.
Here’s why it bites harder in India than almost anywhere else. India has no dedicated trade-secrets statute. There is no Act you can sue under to protect a client list, a pricing model, or your source code the way you’d sue under a copyright or patent law. The contract itself is the protection. That puts enormous weight on getting the NDA right: define the confidential information precisely, set the obligations and survival period, pick the governing law, and execute it so a court will actually look at it. A sloppy or unstamped NDA leaves the most valuable thing a business owns effectively unprotected the moment someone tests it.
Picture who’s reading this. A founder about to open a data room to an investor or onboard a vendor. A freelancer or consultant handed an NDA to sign and unsure what to keep or cut. An HR or in-house lawyer standardising employee confidentiality terms across forty hires. A law student asked to draft one from scratch by Thursday. None of them can do the job with a generic internet template, because most of those are US-flavoured and silent on exactly the points Indian courts test: Section 27 reasonableness, a properly defined “confidential information”, stamping for admissibility, valid e-signature, and (since 2023) the Digital Personal Data Protection Act layer when personal data is involved.
So here’s the promise. This is the practitioner-grade, copy-paste handbook: a complete annotated specimen NDA you can lift clause by clause (mutual, with a one-way variant), plus the full India enforceability, stamping, e-signature, DPDP and trade-secret stack that tells you what each clause has to survive. Let’s get the one-line answer out of the way first, then build it properly.
A non-disclosure agreement (NDA) is a written contract under the Indian Contract Act, 1872 in which one or both parties promise to keep shared confidential information secret. To draft one, name the parties, define the confidential information and exclusions, set the obligations, term, remedies and governing law, then execute and stamp it. Stamping makes it court-admissible; registration is not needed.
That paragraph is the headline; everything below is how you actually draft to it, what each clause is doing, and where the traps are hiding. The Table of Contents maps the route from “what is this” to a finished, signable document.
What is a non-disclosure agreement, and when do you actually need one
A non-disclosure agreement (NDA) is a written contract under the Indian Contract Act, 1872 in which one or both parties promise to keep shared confidential information secret. To draft one, name the parties, define the confidential information and exclusions, set the obligations, term, remedies and governing law, then execute and stamp it. Stamping makes it court-admissible; registration is not needed.
Strip away the label and an NDA is an ordinary commercial contract. Under the Indian Contract Act, 1872, an agreement is enforceable when it has the standard essentials: offer, acceptance, lawful consideration, free consent, capacity, and a lawful object. The moment one party agrees to disclose something sensitive and the other agrees to keep it secret in exchange for access, you have all of them. The NDA just writes that bargain down with enough precision that a court can read who promised what.
“NDA”, “confidentiality agreement” and “secrecy agreement” all describe the same instrument. The label doesn’t change the legal effect. There’s a related distinction worth fixing early: a standalone NDA is a separate document, while a confidentiality clause is the same promise tucked inside a bigger contract (an employment agreement, a vendor contract, a joint-venture agreement). The clause does the same job within that contract; the standalone NDA does it before, or independent of, any larger deal.
When do you actually need one? Whenever you’re about to hand someone information you’d hate to see leak. The trigger situations are predictable: an investor pitch or a data room, vendor or contractor onboarding, employment, M&A diligence, joint ventures, and any serious product or IP discussion. The common thread is asymmetric trust. You’re sharing something valuable with someone who hasn’t yet earned the right to misuse it, and the NDA is how you set the terms before, not after, the leak.
Here’s the part most guides skip, and it’s the stake-raiser carried over from the courtroom story above. Because India has no trade-secrets statute, the NDA isn’t a formality you tack on for comfort. It is the protection. Lose the contract and you’ve lost the legal handle on the secret. So a generic internet template is a trap for an Indian party: it’s almost always silent on the things that decide outcomes here, namely whether the non-compete inside it is even valid under Section 27, whether the agreement is admissible if it’s unstamped, whether the e-signature holds, and what happens when the confidential information includes personal data. (More on each of those throughout this guide.)
Why care if you’ve been signing borrowed NDAs for years without a problem? Because the engagement that goes wrong is rarely the one you braced for. It’s the trusted vendor who quietly hires your lead engineer, or the investor who passes and then funds a clone. The NDA is cheap insurance you draft once and reuse for a decade.
Types of NDA: unilateral vs mutual (bilateral) vs multilateral, and how the clauses change
Before you draft a single clause, decide which document you’re actually making. The three standard shapes look similar on the page but distribute the obligations very differently, and picking the wrong one means rewriting half the operative language later. Get this choice right and the rest of the draft falls into place.
Unilateral, mutual and multilateral NDAs: which one fits your situation?
A one-way (unilateral) NDA has one party disclosing and the other only receiving. The receiving party carries all the confidentiality obligations; the disclosing party carries none, because it isn’t handing over anything to be protected in return. A mutual (bilateral) NDA has both sides disclosing and both sides bound, which is the right shape whenever information genuinely flows both ways. A multilateral NDA involves three or more parties, typically a consortium or a multi-party collaboration, where each participant may both disclose and receive.
| Type | Who discloses | Who is bound | Typical use case | Key clause difference |
|---|---|---|---|---|
| Unilateral (one-way) | One party only | The receiving party only | Founder pitching an investor; disclosing a concept to a potential vendor | Single “Disclosing Party” / “Receiving Party” definitions; obligations run one way |
| Mutual (bilateral) | Both parties | Both parties | Joint ventures, co-development, M&A diligence where both share | “Each Party” language; obligations, return and survival run reciprocally |
| Multilateral | Three or more | All signatories | Consortiums, multi-party R&D, syndicate deals | Defined groups of parties; cross-obligations among all signatories |
So which do you use? If you’re the only one revealing anything (a founder showing a deck to a VC, an inventor describing a concept), a one-way NDA from your side is logical. If both sides will exchange sensitive material (a JV, a technology collaboration, an acquisition where each party opens its books), a mutual NDA is fairer and easier to get signed. For three or more collaborators, you go multilateral, or, more practically, run a web of mutual NDAs. A common negotiation point: the other side hands you a one-way NDA that binds only you. If you’ll also be sharing anything, push to make it mutual; the conversion is mostly mechanical, as the next subsection shows.
What changes when you go from a one-way to a mutual NDA (reciprocal drafting)
This is the operative point no template page makes, and it’s the difference between understanding an NDA and just copying one. Converting a one-way NDA into a mutual one isn’t a fresh draft; it’s a set of predictable swaps. The defined-term “Disclosing Party” and “Receiving Party” collapse into “each Party” or “the Parties”, because each side now plays both roles. The obligations clause, which in a one-way NDA points only at the receiving party, becomes reciprocal: each party owes the same duties to the other.
The same flip runs through the rest of the document. Return-and-destruction obligations apply to both sides on termination. The survival period binds each party’s confidentiality equally. Remedies become available to whichever party is wronged, not just the original discloser. We’d recommend drafting mutual by default unless you’re certain only one side will ever disclose, because retrofitting reciprocity into a one-way template is exactly where drafters miss a clause and leave one side unprotected. (The specimen below is mutual, with a clearly marked note showing the lines that change to make it one-way.)
Set up the deal
Substantive duties
Execute
1
Identify the parties (and signing authority)
Full legal name, address and capacity; confirm the signatory can bind their side. This decides who is actually bound.
2
State the purpose / permitted use
Set out why the information is shared and the only purpose the recipient may use it for. A narrow Purpose stops misuse.
3
Define Confidential Information + exclusions
Specify what is protected, then carve out public-domain, prior-knowledge, independently-developed and lawfully-received.
4
Set the receiving party’s obligations
Restrict use to the Purpose, limit access to need-to-know, and bar copying or reverse-engineering.
5
Set the term & survival period
Fix how long the NDA runs and, separately, how long confidentiality survives after it ends. Keep the two clocks distinct.
6
Return / destruction of materials
Require return or destruction on termination or request, and certification where the information is sensitive.
7
Remedies & injunction (+ s.74)
Provide for an injunction plus damages, and make any liquidated-damages figure a genuine pre-estimate so it survives Section 74.
8
Governing law, jurisdiction & dispute resolution
Pick the governing law, the courts or arbitral seat, and court-versus-arbitration, before any dispute exists.
9
Boilerplate
No-licence, no-waiver, severability, entire agreement, notices and e-sign. Dull, but each one closes a gap that bites later.
10
Execute & stamp
Registration not required. Sign by wet-ink, Aadhaar e-Sign or DSC, stamp for admissibility, and keep the proof.
iPleaders
How to draft an NDA in India: step by step
Drafting an NDA isn’t a feat of legal genius. It’s a checklist, run in order, with India-specific judgement at a few key points. The reader who lands here usually wants the doing-it sequence, not theory, so here it is as ten concrete steps. Each maps to a clause shown in full in the specimen below and explained in depth in the clause-by-clause section.
- Identify the parties accurately. Capture each party’s full legal name, address, and capacity (individual versus entity), and confirm whoever signs has authority to bind their side. This decides who is actually bound and whether the contract sticks.
- State the purpose and permitted use. Set out why the information is being shared and the only purpose for which the receiving party may use it. A narrow, defined purpose is what stops the recipient using your secret for anything else.
- Define “Confidential Information” precisely, and list the exclusions. Specify what is protected, then carve out the four standards: information already in the public domain, prior knowledge, independently developed material, and anything lawfully received from a third party. A vague definition is the single most common drafting failure.
- Set the receiving party’s obligations. Restrict use to the stated purpose, limit access to a need-to-know basis, and bar copying or reverse-engineering. These are the active duties the contract actually enforces.
- Set the term and the survival period. Fix how long the NDA runs and, separately, how long confidentiality survives after it ends. Keep these two clocks distinct; conflating them is a classic error.
- Add return or destruction of materials. Require the receiving party to return or destroy confidential material on termination or on request, and to certify it where the information is sensitive.
- Add remedies and injunctive relief. Provide for an injunction (the most valuable remedy in confidentiality disputes) plus damages, and make any liquidated-damages figure a genuine pre-estimate so it survives Section 74.
- Choose governing law, jurisdiction and dispute resolution. Pick the governing law, the courts or arbitral seat, and whether disputes go to court or arbitration, before any dispute exists and while both sides are still reasonable.
- Add the boilerplate. Include the no-licence/IP clause, no-waiver, severability, entire-agreement, notices and counterparts/e-sign clauses. Dull, but each one closes a gap that bites later.
- Execute and stamp correctly. Stamp the NDA for admissibility (registration is not required), sign by wet-ink, Aadhaar e-Sign or DSC, and keep the proof. This is the step the courtroom story turned on, and the one people skip most.
Run those ten in sequence and you have a complete, India-aware NDA. The order isn’t arbitrary: parties and purpose come first because everything else references them, the substantive duties sit in the middle, and execution closes it out. Which step do most people skip? Steps 3 and 10, the precise definition and the stamping, and those are exactly the two that decide whether the document holds up when it’s tested.
Define the secret
Duties & limits
Enforce & protect
Closing
1
Definition of Confidential Information
What is protected: marked or reasonable-person information, in any form. Make-or-break clause; be specific, not “everything is confidential”.
2
Exclusions from confidential information
The four carve-outs: public domain, prior knowledge, independently developed, lawfully received from a third party.
3
Purpose / permitted use
The information may be used only for the defined Purpose, and for no other; no use to compete or reverse-engineer.
4
Obligations of the receiving party
Keep it secret, need-to-know access, no copying or reverse-engineering, flow-down to employees and advisers.
5
Term & survival
Two clocks: how long the NDA runs, and how long confidentiality survives after it ends. Indefinite for genuine trade secrets.
6
Return / destruction of materials
Return or destroy all copies on termination or request, with certification; realistic carve-outs for backups and compliance.
7
No licence / no transfer of IP
Sharing under an NDA grants no IP rights; all confidential information stays the disclosing party’s property.
8
Remedies & injunctive relief
Injunction plus damages; any liquidated-damages figure must be a genuine pre-estimate to survive Section 74.
9
Governing law, jurisdiction & dispute resolution
Indian law, an Indian seat or forum, and an arbitration-versus-court choice; pair it with proper stamping.
10
Data-protection / DPDP clause
Where confidential information includes personal data: purpose limits, security, breach notice, deletion under the DPDP Act 2023.
11
Boilerplate
No-waiver, severability, entire agreement, notices, and counterparts / e-sign. Dull, but each line closes a gap.
iPleaders
NDA format and template: a complete, copy-paste annotated specimen (mutual + one-way variant)
This is the section the “format and template” search actually wants, and it’s the one no competitor publishes properly. The templates online are gated behind a form, downloadable files you can’t read on the page, or thin inline samples with no commentary. What follows is a complete, copy-paste Mutual Non-Disclosure Agreement in full draft language, clause by clause, with a short annotation after each clause explaining what it does, the alternatives, and the India-specific trap.
How to use this template: copy the whole thing, then fill every bracketed field (such as [Party A Name], [date], [State], [number] years) with your specifics. Read the annotation under each clause before you change anything, because that’s where the trade-offs live. The clause text sits inside the boxed blocks; the commentary is the normal prose after each one. This is a starting point, not legal advice for your particular deal, so customise it per the clause notes and the deeper sections below. A note on type: this specimen is mutual; the one-way variant note at the end shows exactly which lines change to make it unilateral.
This Mutual Non-Disclosure Agreement (“Agreement”) is made on [date] at [city], between:
(1) [Party A Name], [individual / company incorporated under the Companies Act, 2013 / LLP], having its address / registered office at [address], represented by [name and designation of authorised signatory] (“Party A”); and
(2) [Party B Name], [individual / company / LLP], having its address / registered office at [address], represented by [name and designation of authorised signatory] (“Party B”).
Party A and Party B are each a “Party” and together the “Parties”. Each Party may act as a “Disclosing Party” when it shares information and as a “Receiving Party” when it receives information.
This is the parties block. It fixes who is bound, records the relationship type, and (crucially for a company) names the authorised signatory. The dual “Disclosing Party / Receiving Party” definition is what makes this a mutual NDA: each side can play both roles. The trap: where a party is a company or LLP, the person signing must have authority to bind it, so keep the signatory designation line and, for large deals, attach a board resolution or power of attorney.
Recitals. (A) The Parties wish to explore a potential [business relationship / transaction / collaboration] (the “Purpose”); (B) in connection with the Purpose, each Party may disclose to the other certain confidential and proprietary information; (C) the Parties wish to protect that information on the terms set out below.
Recitals set the context and, importantly, name the Purpose, which the rest of the contract uses to limit how the information may be used. Keep them short and factual; a court reads recitals to understand intent, not to be persuaded. The trade-off: a tightly drawn Purpose protects the discloser (the recipient can use the information only for that), but if you draw it too narrowly you may block legitimate use, so match it to the real deal.
1. Definition of Confidential Information. “Confidential Information” means any non-public information disclosed by one Party to the other, in any form (written, oral, electronic, visual or otherwise), that is marked or identified as confidential, or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure, including without limitation business plans, financial information, customer and supplier lists, pricing, technical data, source code, designs, know-how and trade secrets.
This is the make-or-break clause. The drafting goal is to be specific enough that a court can identify what’s protected, while broad enough to catch the obvious categories. The “marked or reasonable-person” formula handles both labelled documents and oral disclosures. The trap: resist the temptation to write “everything exchanged is confidential”. An over-broad sweep, especially over ordinary client lists, may not be enforced, a point the American Express Bank Ltd. v. Priya Puri, (2006) III LLJ 540 (Del) decision makes plainly when it treats client information acquired through ordinary employment as generally not protectable.
2. Exclusions from Confidential Information. Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was already known to the Receiving Party before disclosure, free of any confidentiality obligation; (c) is independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information; or (d) is lawfully received from a third party who is free to disclose it.
The exclusions are the recipient’s protection, and they’re standard for good reason: nobody should be liable for keeping secret something that was never really a secret. These four carve-outs (public domain, prior knowledge, independently developed, lawfully received) are market-standard worldwide. The trap: without them, a recipient who already knew the information, or later reads it in a newspaper, is technically in breach. Always include all four.
3. Purpose and permitted use. Each Receiving Party shall use the Disclosing Party’s Confidential Information solely for the Purpose, and for no other purpose. The Receiving Party shall not use the Confidential Information for its own benefit or that of any third party, nor to compete with, or reverse-engineer the products or processes of, the Disclosing Party.
This clause does the heavy lifting of limiting use. Confidentiality alone says “don’t tell”; the purpose clause adds “don’t use it for anything else”. The anti-reverse-engineering line matters where you’re sharing a product or process. The trade-off: keep “the Purpose” tightly tied to the recitals so there’s no gap between what you allowed and what you’re now objecting to.
4. Obligations of the Receiving Party. Each Receiving Party shall: (a) keep the Confidential Information strictly confidential; (b) disclose it only to those of its employees, directors, advisers or affiliates who need to know it for the Purpose and who are bound by confidentiality obligations no less protective than these; (c) not copy or reproduce it except as necessary for the Purpose; and (d) protect it using at least the same degree of care it uses for its own confidential information, and in no event less than reasonable care.
These are the active duties the contract enforces. The “need-to-know” limit and the “no less protective” flow-down to employees and advisers are what stop the information leaking through the recipient’s own team. The standard-of-care formula (“same care as its own, and at least reasonable care”) is the conventional benchmark. The trap: a recipient that shares the information widely inside its organisation, with no flow-down obligation, has effectively defeated the NDA.
5. Term and survival. This Agreement is effective from the date above and continues for [two/three/five] years (the “Term”), unless terminated earlier by [number] days’ written notice. The confidentiality obligations in this Agreement survive termination or expiry and continue for a further [number] years, and indefinitely in respect of any information that constitutes a trade secret, for as long as it remains a trade secret.
Two clocks live here, and keeping them separate is the whole point. The Term is how long the NDA is operative; the survival period is how long confidentiality lasts after the Term ends, often longer, and potentially indefinite for genuine trade secrets. Courts will enforce post-expiry confidentiality where the information genuinely warrants it. The trap: writing a single duration and assuming “perpetual” works for ordinary business information; for ordinary information a finite, reasonable survival period is safer.
6. Return or destruction of materials. On termination or expiry, or on the Disclosing Party’s written request, each Receiving Party shall promptly return or destroy all Confidential Information in its possession (including copies), and, if requested, certify in writing that it has done so, save for one copy that may be retained for legal-compliance purposes and any copies in routine backup systems that are not readily accessible.
This clause closes the loop: it gets your information back, or destroyed, when the relationship ends. The certification requirement gives you proof. The realistic carve-outs (one compliance copy, inaccessible backups) reflect how modern IT systems actually work; an absolute “destroy everything” obligation is often impossible to honour. The trade-off: tighten or drop the carve-outs where the information is exceptionally sensitive.
7. No licence or transfer of intellectual property. Nothing in this Agreement grants either Party any licence or right in the other Party’s Confidential Information or intellectual property, by implication or otherwise, except the limited right to use it for the Purpose. All Confidential Information remains the property of the Disclosing Party.
An NDA protects secrecy, not ownership, and this clause makes that explicit. Sharing information under an NDA does not hand the recipient any IP rights in it. The trap: parties sometimes assume that because they paid for access, or because the NDA is silent, they’ve acquired rights in what they were shown. They haven’t. If the deal genuinely needs IP to change hands, that requires a separate assignment or licence agreement under the Copyright Act, 1957 (for copyright works) or the relevant IP statute, not an NDA.
8. Remedies and injunctive relief. Each Party acknowledges that a breach of this Agreement may cause irreparable harm for which damages alone are inadequate, and that the non-breaching Party is entitled to seek injunctive relief in addition to any other remedy at law. Any liquidated-damages amount stated here, namely [₹ amount], represents a genuine pre-estimate of the loss likely to be suffered and is not a penalty.
The remedies clause is what gives the NDA teeth. The injunction acknowledgement primes a court to grant the most valuable remedy in a confidentiality dispute: an order to stop further disclosure or use, available under the Specific Relief Act, 1963. The liquidated-damages line must be drafted with care: under Section 74 of the Indian Contract Act, 1872, a sum that’s really a penalty may be read down to actual loss proved, so a figure framed as a genuine pre-estimate stands a far better chance of being enforced.
9. Governing law, jurisdiction and dispute resolution. This Agreement is governed by the laws of India. The Parties shall first attempt to resolve any dispute by good-faith negotiation. Any unresolved dispute shall be [referred to arbitration by a sole arbitrator under the Arbitration and Conciliation Act, 1996, seated at [city], in English / subject to the exclusive jurisdiction of the courts at [city]].
This clause decides where and how a fight is resolved. Choosing Indian governing law and an Indian seat or forum keeps enforcement straightforward against an Indian party. The arbitration-versus-litigation choice is genuine: arbitration is private and often faster but can cost more for small claims; court jurisdiction is the simpler route for low-value NDAs. The trap, and this is where the courtroom story recurs, is that even an arbitration clause won’t help you appoint an arbitrator smoothly if the NDA is unstamped, so pair this clause with proper execution.
10. Data protection (where personal data is shared). Where any Confidential Information includes personal data, each Receiving Party shall process that personal data only for the Purpose and on the Disclosing Party’s instructions, apply reasonable security safeguards, notify the Disclosing Party without undue delay of any personal-data breach, and delete or return the personal data on termination, consistent with the Digital Personal Data Protection Act, 2023.
This is the modern clause most templates still omit. The moment the “confidential information” includes customer, employee or user data, the NDA inherits a data-protection dimension. The trap: a bare NDA with no data clause is a gap exactly where regulators are now looking. Where the processing is substantial, this clause is a bridge, not a substitute, and the parties should also put a full data-processing arrangement in place (covered in the DPDP section below).
11. Boilerplate. No failure or delay in exercising any right is a waiver of it. If any provision is held invalid, the rest remains in force. This Agreement, with its schedules, is the entire agreement between the Parties and supersedes prior discussions; amendments must be in writing and signed by both Parties. Neither Party may assign this Agreement without the other’s written consent. Notices shall be in writing to the addresses or emails above. This Agreement may be executed in counterparts and by electronic signature, each of which is an original.
The boilerplate looks like filler, but each line closes a gap: no-waiver stops a one-off indulgence becoming a permanent surrender, severability saves the document if one clause fails, the entire-agreement clause stops a stray email being treated as a binding side-promise, and the counterparts/e-sign line authorises remote signing. Don’t delete boilerplate just because it’s dull.
Signature and execution block
For Party A
Signature:
Name: [____]
Designation: [____]
Date: [____]
For Party B
Signature:
Name: [____]
Designation: [____]
Date: [____]
Execution method: [wet-ink / Aadhaar e-Sign / DSC]. Both Parties confirm that, where e-signed, the audit trail is retained as proof of execution.
Stamp-duty endorsement: this Agreement is to be stamped in [State] as required under the applicable Stamp Act before being relied upon in evidence.
The execution block records who signed, when, how, and on what authority. Naming the e-sign method and confirming the audit trail matters for proving execution. The stamp-duty endorsement line is the practitioner’s modern addition after the courtroom story above: it flags the stamping obligation on the face of the document so nobody forgets it.
Converting this to a one-way (unilateral) NDA. To make this specimen unilateral, change four things and the rest follows. First, in the parties block, drop the dual-role line and define one party as the “Disclosing Party” and the other as the “Receiving Party”. Second, in clauses 3, 4, 6 and 10, replace “each Receiving Party” / “each Party” with “the Receiving Party”, so the obligations run one way only. Third, in clause 5 (survival) and clause 8 (remedies), make the protection and the right to an injunction run in favour of the Disclosing Party alone. Fourth, delete any reciprocal language (“each Party may act as…”). Everything else (definition, exclusions, governing law, boilerplate, execution) stays the same. That’s the entire conversion.
That’s the complete specimen. Copy it, fill the brackets, read the annotations, and you have a contract that beats almost everything else online for an Indian engagement. The next section goes deeper on the clauses that carry the most risk, because knowing why each one is worded this way is what lets you negotiate it.
Drafting each clause: parties, confidential information, obligations, term, remedies, governing law and boilerplate
The specimen showed you the language. This section explains the reasoning, clause by clause, with the India-specific judgement that separates an NDA that holds from one that folds. Each subsection stands on its own, so you can jump to the clause you’re negotiating.
The parties, recitals and purpose / permitted-use clause (and signing authority)
The parties block looks trivial and isn’t. A startup founder signs an NDA with “Acme Pvt Ltd”, the deal sours, and it turns out the person who signed for Acme was a junior manager with no authority to bind the company. Now the founder is arguing about whether there’s a contract at all. That’s the signing-authority trap, and it’s why the parties block must name not just the entity but the authorised signatory and capacity.
The recitals and the purpose clause work together to fence in how the information may be used. The recitals state why the parties are talking (the “Purpose”); the purpose clause limits the recipient to using the information only for that. Keep the Purpose specific. A common question is how to handle an NDA where you’re not sure the deal will happen: that’s exactly what the Purpose is for, framing it as “to evaluate a potential transaction” lets the recipient assess the opportunity without acquiring any wider right to use what they learn.
In practice, what experienced drafters check first is whether the signatory can actually bind the party. For a company, that means a board resolution, a delegation of authority, or a power of attorney for high-value NDAs. The pitfall is treating the parties block as a formality and discovering, mid-dispute, that the contract was signed by someone who couldn’t commit the company.
Defining “Confidential Information” and the four standard exclusions
This is the clause the whole NDA turns on, because you can’t enforce confidentiality over information you never clearly defined. The drafting goal is precision without paralysis: specific enough that a court can identify what’s protected, broad enough to catch the categories that matter (business plans, financials, customer and supplier lists, pricing, technical data, source code, designs, know-how). The “marked or reasonable-person-would-understand” formula is the workhorse, because it covers both stamped documents and things said out loud in a meeting.
The four exclusions (public domain, prior knowledge, independently developed, lawfully received) are non-negotiable. They protect the recipient from being liable for keeping secret something that was never genuinely secret. And there’s a hard limit Indian courts impose on the definition itself: information an employee acquires through ordinary employment, such as a customer list built up in the normal course, is generally not a protectable trade secret. The American Express Bank Ltd. v. Priya Puri, (2006) III LLJ 540 (Del) ruling makes exactly this point, holding that ordinary client information isn’t protectable and an over-broad post-employment restraint to protect it is void. So don’t let the definition quietly try to lock down things the law won’t protect. For a deeper treatment of the clause mechanics, the most important clauses in a confidentiality agreement is a useful companion read.
Obligations of the receiving party, return/destruction, and the no-licence/IP clause
The obligations clause is where confidentiality becomes action. It’s not enough to say “keep it secret”; the clause must say what the recipient must actually do: use the information only for the Purpose, restrict access to a need-to-know basis, flow the obligation down to employees and advisers, and refrain from copying or reverse-engineering. The need-to-know limit and the flow-down are the two provisions that stop a leak happening inside the recipient’s own organisation. For the drafting craft behind this clause, how to draft obligations clauses goes deeper.
Return-and-destruction is the clean-up clause: when the relationship ends, the recipient gives the information back or destroys it, and certifies it where the stakes warrant. Pair it with realistic carve-outs (a single compliance copy, inaccessible backups), because an absolute destruction obligation is often impossible to keep.
The no-licence/IP clause closes a gap people routinely miss: what happens if the NDA is silent on ownership? Sharing information under an NDA transfers no IP. If the contract says nothing, the recipient gets, at most, a limited right to use the information for the Purpose, and certainly no ownership.
Can the disclosing party reuse or exploit your idea if the NDA is silent on IP? The NDA protects secrecy; it doesn’t, on its own, stop the other side from independently using a non-secret idea or assign ownership either way. If ownership needs to move, that’s a separate assignment, which is why the Diljeet Titus, Advocate v. Alfred A. Adebare, 130 (2006) DLT 330 line matters: courts will protect confidential information taken in breach, but ownership questions need their own clause.
Term, survival, and how long confidentiality should actually last
Here’s the distinction the entire field muddles. The Term is how long the NDA is operative. The survival period is how long confidentiality continues after the Term ends. These are two different clocks, and a good NDA sets them separately. A typical Term for ordinary business information is two to five years; the survival period is often longer, and for genuine trade secrets it can run indefinitely, for as long as the information stays secret.
How long should confidentiality actually last? It depends on what you’re protecting. Ordinary business information that goes stale (this quarter’s pricing, a product roadmap that ships) needs only a finite survival period. A genuine trade secret (a formula, a proprietary algorithm) can warrant indefinite protection, and Indian courts have enforced confidentiality beyond an NDA’s expiry where the information justified it. The pitfall is writing a single duration that conflates the two clocks, or assuming “perpetual” will be enforced for ordinary information. (The full term-versus-survival-versus-limitation breakdown, including how long you have to actually sue, sits in its own section below.)
Remedies: injunction, damages and the Section 74 liquidated-damages position
When confidentiality is breached, what you usually want most isn’t money; it’s for the leaking to stop. That’s why the injunction is the headline remedy in confidentiality disputes, available under the Specific Relief Act, 1963. The remedies clause should acknowledge that damages alone may be inadequate and that the wronged party can seek injunctive relief, because that acknowledgement primes a court to grant it.
Damages come next, and this is where Section 74 of the Indian Contract Act, 1872 catches the careless. If your NDA names a fixed sum payable on breach, that sum must be a genuine pre-estimate of likely loss, not a punishment. A figure that looks like a penalty can be read down to the actual loss proved. So injunction versus damages versus indemnity isn’t really a ranking: the injunction stops the harm, damages compensate for it, and an indemnity (where included) shifts third-party-claim risk. For most NDAs, the injunction is the remedy that matters; draft the clause to make it easy to get.
Governing law, jurisdiction, dispute resolution and the boilerplate
The governing-law and jurisdiction clause decides whose law applies and where a dispute is heard. For an NDA with an Indian party, Indian governing law and an Indian seat or forum keep enforcement clean. Is a foreign-governing-law NDA enforceable against an Indian party? It can be, but it complicates and slows enforcement, so unless there’s a strong reason (a genuinely foreign counterparty insisting on it), Indian law is the safer default. Litigation versus arbitration is a real choice: arbitration under the Arbitration and Conciliation Act, 1996 is private and often quicker, while court jurisdiction is simpler and cheaper for low-value NDAs.
The non-solicitation drafting note belongs here too, because it’s a Section 27 question. A narrow non-solicitation clause (a bar on poaching specific named clients or staff, kept reasonable in scope) has a far better chance of holding than a blanket post-termination non-compete, which Section 27 largely voids. Draft the restraint you can actually enforce.
The boilerplate (no-waiver, severability, entire agreement, assignment, notices, counterparts/e-sign) is the unglamorous backbone. There’s a second-order reason it now also carries an explicit stamp-duty handling line: as courts treat unstamped commercial instruments strictly at the threshold, the execution step has become as litigated as the clauses themselves. Practitioners increasingly write the stamping obligation into the boilerplate (“this Agreement shall be stamped in [State]”) so the admissibility trap is flagged on the face of the document. (The execution section below explains why.)
Section 27, Indian Contract Act 1872 — agreements in restraint of trade are void
Enforceable
-
✓
In-term exclusivity — a restraint operating during the engagement, designed to promote the contract.
Golikari; Gujarat Bottling v. Coca Cola -
✓
Confidentiality obligations — the real workhorse; protects genuine secrets and can survive expiry. -
✓
Narrow non-solicitation — targeting specific named clients or staff, kept reasonable in scope and duration. -
✓
Genuine trade-secret protection — cost / pricing models, source code, formulas; protectable beyond the term.
Fairfest Media v. ITE Group
Void under s.27
-
✕
Post-termination non-compete — barring someone from working after the engagement ends is largely void.
Superintendence v. Krishan Murgai -
✕
Blanket bar on joining competitors — a post-term negative covenant, even in a commercial context, is struck down.
Percept D’Mark v. Zaheer Khan -
✕
Over-broad “everything is confidential” — especially over ordinary client lists an employee built in the normal course.
American Express Bank v. Priya Puri
iPleaders
Is an NDA enforceable in India? Section 27 and the non-compete trap: what survives, what’s void
Is an NDA enforceable in India? Yes, as an ordinary contract, provided it has the Section 10 essentials of the Indian Contract Act, 1872: lawful object, consideration, free consent, and competent parties. That’s the baseline almost every guide gets to. But there’s a trap underneath it that template pages miss, and it decides whether half the clauses people bundle into their NDAs are worth anything.
The trap is Section 27 of the Indian Contract Act, 1872, which voids agreements in restraint of trade. The practical effect: a post-termination non-compete bundled into an NDA (a clause barring someone from working for a competitor after the engagement ends) is largely void. People copy these from US templates constantly; here, they’re mostly decorative. What survives Section 27 is everything that protects legitimate interests without restraining trade after the relationship ends: confidentiality obligations, in-term exclusivity, narrow non-solicitation, and genuine trade-secret protection.
The case spine that controls this is settled and old, and it still frames every NDA drafted in India today. The Supreme Court in Niranjan Shankar Golikari v. Century Spinning and Mfg. Co. Ltd., AIR 1967 SC 1098 held that restraints operating during the term of a contract are not hit by Section 27, while post-termination restraints are treated differently. That in-term-versus-post-term line was reinforced for commercial covenants in Gujarat Bottling Co. Ltd. v. Coca Cola Co., (1995) 5 SCC 545, where a restraint operating during the subsistence of an agreement, designed to promote the contract rather than restrain trade, was upheld. On the other side, Superintendence Company of India (P) Ltd. v. Krishan Murgai, (1981) 2 SCC 246 held a post-service restraint on a former employee prima facie void, and Percept D’Mark (India) Pvt. Ltd. v. Zaheer Khan, (2006) 4 SCC 227 extended the rule beyond employment, voiding a post-term negative covenant in a commercial services context. Together, that 1967-to-2006 line is the framework you draft against.
| Restraint type | When it operates | Enforceable under s.27? | Drafting note |
|---|---|---|---|
| Confidentiality | During and after the term | Enforceable | The real workhorse; protects genuine secrets, can survive expiry |
| In-term exclusivity | During the engagement only | Generally valid | Use for the term, price it into the deal; in-term restraints upheld by the Supreme Court |
| Non-solicitation | During and (narrowly) after | Often enforceable if narrow | Target specific named clients/staff, keep duration reasonable |
| Post-termination non-compete | After the engagement ends | Largely void | Don’t rely on it; Section 27 strikes it down (Superintendence, Percept) |
So how do you operationalise this when drafting? Keep what’s enforceable (confidentiality, in-term exclusivity, narrow non-solicitation, trade-secret protection) and drop or narrow what isn’t (broad post-term non-competes, blanket bars on joining competitors).
Can your employer stop you joining a competitor after you leave using the NDA? Generally no; that’s a post-employment restraint Section 27 voids. The employer can still enforce genuine confidentiality and a reasonable non-solicit. There’s also a definitional limit: even confidentiality won’t stretch to cover ordinary client lists an employee built in the normal course, as American Express Bank Ltd. v. Priya Puri confirms. For a deeper treatment, see how Section 27 affects the enforceability of confidentiality agreements.
NDA term, survival and the limitation period: how long does it last, and how long to sue?
The field conflates three completely different time concepts, and untangling them is a quiet win because nobody else does it cleanly. There’s the term (how long the NDA is operative), the survival period (how long confidentiality lasts after the term), and the limitation period (how long you have to actually sue once a breach happens). They answer different questions, and a good NDA, plus a clear head, keeps them apart.
The term is what you negotiate: typically two to five years for ordinary business information. The survival period is usually longer, because a secret doesn’t stop being a secret when the contract ends; for genuine trade secrets it can be indefinite. Indian courts have enforced confidentiality beyond an NDA’s expiry where the information warranted it, the Fairfest Media Ltd. v. ITE Group Plc, 2015 SCC OnLine Cal 6 decision being a clear example, where business information was protected and use restrained for a defined period after the NDA’s expiry. So writing the term and the survival separately isn’t pedantry; it’s what lets you protect a trade secret long after the working relationship is over.
| Concept | What it governs | Typical position | Drafting note |
|---|---|---|---|
| Term | How long the NDA is operative | 2-5 years for ordinary business information | Negotiate to the deal; can be tied to the Purpose ending |
| Survival of confidentiality | How long secrecy lasts after the term | Often longer; indefinite for genuine trade secrets | Write it as a separate clause; don’t conflate with the term |
| Limitation period | How long you have to sue after a breach | Generally 3 years from the date of breach (Limitation Act, 1963) | A legal default, not something you set in the NDA |
The limitation period is the one people get most confused about, partly because of a popular “6 versus 12 years” framing floating around online. For an ordinary breach-of-contract claim, the limitation period is generally three years from the date of breach under the Limitation Act, 1963 (Article 55). The longer six-or-twelve-year periods attach to specific instrument types (such as certain registered or secured instruments), not to a plain NDA. So do confidentiality obligations survive after the term ends? Yes, if you drafted a survival clause; and you generally have three years from a breach to act, so don’t sit on it.
1. Stamping
Is the NDA stamped?
▼ No
VALIDbut inadmissible in evidence until duty + penalty are paid.
Indian Stamp Act, ss.33 & 35
CUREcourt impounds, fixes duty + penalty, then endorses; the matter proceeds.
John Cockerill India v. Sanjay Navare (2023)
DOe-stamp through the relevant state portal at signing. Stamp duty is a state subject.
2. Register / notarise?
Does an NDA need registration?
▼
NOregistration is not required for an NDA.
Registration Act, 1908
Notarise or add witnesses?
▼
OPTIONALnot a condition of validity; an evidentiary comfort layer only.
3. Signing method
How will it be signed?
▼
VALIDwet-ink, Aadhaar e-Sign or DSC are all valid.
IT Act ss.5, 10A, 3A; NDAs not in Schedule I
KEEPretain the audit trail as proof of who signed and when.
4. Personal data?
Does the confidential information include personal data?
▼ Yes
ADDa DPDP data-protection clause: purpose limits, security, breach notice, deletion.
DPDP Act 2023, s.8(2)
PLUScross-reference a standalone data-processing agreement where processing is substantial.
iPleaders
Executing the NDA: stamp duty, the unstamped-admissibility trap, e-signature, notarisation and registration
This is the section that resolves the field’s single biggest factual confusion, and it’s where the ₹144 courtroom story finally pays off. Drafting a perfect NDA is only half the job; executing it correctly is the other half, and four execution questions trip people up constantly: stamping, registration, notarisation, and e-signature. The historical context explains why this matters more now: since the N.N. Global line of stamping jurisprudence began shaping how courts treat unstamped commercial instruments from 2017 onward, the execution step has moved from afterthought to threshold issue, especially for NDAs that carry an arbitration clause.
Stamp duty and the unstamped-NDA trap: valid but inadmissible until cured
Does an NDA need to be on stamp paper, and at what value? The answer that resolves the confusion: an NDA is perfectly valid without stamping, but it is inadmissible in evidence until the duty (and any penalty) is paid. The rule lives in Sections 33 and 35 of the Indian Stamp Act, 1899: a court presented with an insufficiently stamped instrument must impound it and cannot act on it until the deficit is cured. So an unstamped NDA isn’t void, it’s just unusable in court until you fix it.
What does “fixing it” look like in practice? Exactly what happened in the courtroom story. In John Cockerill India Limited v. Sanjay Kamalakar Navare, 2023 SCC OnLine Bom 2066, the Bombay High Court, faced with an unstamped NDA at the arbitrator-appointment stage, did not throw it out: it impounded the document, fixed the duty under the residuary entry (Article 5(h)(B) of the Maharashtra Stamp Act, the catch-all for an agreement with no ascertainable money value), added a penalty for the delay, and directed that once the duty plus penalty was paid the instrument be endorsed and the matter proceed. The valid contract stayed valid throughout; only its admissibility was suspended until cured.
Stamp value and rules vary by state, because stamp duty is a state subject; for an NDA with no ascertainable money value, it’s usually a small fixed amount under the residuary entry, and an e-stamp through the relevant state portal is the practical route. The pitfall is the comforting myth that “unstamped means invalid” (it doesn’t) or “I’ll stamp it if there’s ever a problem” (by then the penalty has grown and the document is stuck).
Registration, notarisation and witnesses: what an NDA actually needs (and doesn’t)
Does an NDA need to be registered under the Registration Act, 1908? No. Registration is simply not required for an NDA, and confusing stamping with registration is one of the field’s most common errors. The only execution step that affects court admissibility is stamping; registration and the NDA are unrelated.
Does an NDA need to be notarised or have witnesses? Also no. Notarisation and witnesses are optional, not conditions of validity. A signed (or validly e-signed) NDA between competent parties is binding without either. They can add an evidentiary comfort layer for high-stakes deals, but they’re never the thing that makes or breaks the contract. What actually matters for court use is stamping, full stop.
E-signature validity: wet-ink vs Aadhaar e-Sign vs DSC, and email-only NDAs
Can you sign an NDA electronically in India? Yes, and the law on this is settled even if most templates barely mention it. The Information Technology Act, 2000 gives electronic signatures legal recognition: Section 5 treats a valid electronic signature as equivalent to a handwritten one, Section 10A confirms that contracts formed electronically are enforceable, and Section 3A read with Schedule II covers recognised techniques such as Aadhaar e-Sign and the Digital Signature Certificate (DSC). Crucially, NDAs are not in the Schedule I exclusions (which cover instruments like negotiable instruments, wills and certain property documents), so an NDA can be fully e-signed. For the broader position, the legal validity of e-signatures in India is worth a read.
Which method should you pick? All three are valid, and the choice is about convenience and risk. Wet-ink suits the cautious or low-tech deal; Aadhaar e-Sign suits fast remote execution and is increasingly the default; DSC suits high-value or recurring relationships where a stronger cryptographic signature is worth the setup. Whichever you choose, name it in the execution block and retain the audit trail, because that trail is your proof of who signed and when.
Is a verbal or WhatsApp/email-only NDA enforceable? Often yes, which surprises people. Under Section 10A of the Information Technology Act, 2000, a contract concluded through electronic correspondence can bind, so an NDA agreed over email can be enforceable in principle. But “enforceable in principle” and “easy to enforce” are different things. An email-only NDA usually leaves terms missing (no clear definition, no survival clause, no governing law) and makes proof harder. We’d recommend treating a signed, properly executed NDA as the safe default and email-only as the fallback you fall into, not the one you choose.
When the NDA touches personal data: the DPDP Act 2023 layer
Here’s the freshness edge nobody in the competitor field has. The moment the “confidential information” in your NDA includes personal data (customer records, employee data, user information), a bare NDA is no longer enough on its own. Does the DPDP Act 2023 mean an NDA alone is no longer sufficient for personal data? In effect, yes, where the arrangement involves one party processing personal data for the other.
The reason sits in Section 8(2) of the Digital Personal Data Protection Act, 2023. A Data Fiduciary (the entity that decides why and how personal data is processed) that engages a Data Processor (someone processing it on the Fiduciary’s behalf) needs a valid contract governing that processing. An NDA promises secrecy; it does not, by itself, satisfy the DPDP processing-contract requirement. So when personal data is in play, the parties need both the NDA and a DPDP-compliant data-processing arrangement, or a combined instrument that carries a proper data-protection and breach-notification clause.
| Instrument | What it covers | When it is enough | When you need the other too |
|---|---|---|---|
| NDA | Secrecy of shared confidential information | When the information is purely commercial, no personal data | Add a DPA when a party processes personal data |
| Data-processing agreement (DPA) | Lawful processing of personal data (purpose, security, breach, deletion) under DPDP s.8(2) | When the relationship is about processing personal data | Add an NDA when broader business secrets are also shared |
What to do in practice: add a data-protection clause to the modern NDA covering purpose limitation, reasonable security safeguards, breach notification, and deletion or return on termination (the specimen’s clause 10 does exactly this), and cross-reference a standalone DPA where the processing is substantial. As the DPDP Rules 2025 take operational effect, a data-protection clause is becoming standard NDA boilerplate, and any personal-data NDA is increasingly a two-document problem. Practitioners expect this to be the default within a couple of years, not an add-on. For the operational detail, the DPDP Rules 2025 operational compliance guide sets out what businesses now have to do.
Trade secrets, IP ownership and why the NDA carries the weight in India
This is the section that explains why a good NDA matters so much here, and it opens on an encouraging note after all the cautionary tales. In a dispute where confidential client and business information was carried away by departing associates, a Delhi High Court bench was willing to protect that information and grant injunctive relief, on the strength of equity and contract alone, with no trade-secrets statute to rely on. That’s the Diljeet Titus, Advocate v. Alfred A. Adebare, 130 (2006) DLT 330 decision, and it proves the upside: a well-framed confidentiality obligation does get enforced by Indian courts.
Why does the NDA carry so much weight here? Because India has no dedicated trade-secrets statute. There is no Act with a statutory definition of “trade secret” and a ready-made set of remedies the way there is for copyright or patents. Protection comes from three sources stitched together: the contract (the NDA), equitable and common-law principles (a court’s power to restrain misuse of information held in confidence), and the Section 27 carve-out that lets you protect genuine confidential information even though you can’t impose a post-term non-compete. The contract is the load-bearing piece, which is exactly why a sloppy NDA is so dangerous.
What actually qualifies as a protectable trade secret? Genuine business information: cost and pricing models, customer lists that aren’t merely an employee’s ordinary contacts, marketing strategy, source code, formulas. The Fairfest Media Ltd. v. ITE Group Plc, 2015 SCC OnLine Cal 6 decision confirms that information such as cost/pricing, projected investments and marketing strategy can qualify, and supported restraining its use beyond the NDA’s expiry. The limit, from the Section 27 line, is that information an employee picks up through ordinary employment generally isn’t a protectable secret.
One more distinction matters: an NDA is about secrecy, not ownership. Trade-secret protection via an NDA versus protection via patent or IP registration answers different questions. A patent gives you a registered, time-limited monopoly but requires public disclosure; an NDA keeps the information secret indefinitely but only against those who signed. If you also need ownership to transfer, that requires a separate assignment. Looking ahead, a dedicated National Trade Secrets law is increasingly likely under TRIPS and trade-deal pressure, which would layer statutory definitions and remedies on top of the contractual route; until then, the NDA is the protection.
Drafting NDAs for different situations: employees, freelancers, vendors, startups and investors
The same NDA skeleton flexes by relationship, and knowing how it flexes is what separates a reusable template from a one-off. The clauses don’t change wholesale; the emphasis does, and a few India-specific watch-outs shift with the use case.
For an employee NDA, the emphasis is confidentiality plus in-term exclusivity plus a narrow non-solicitation, never a post-term non-compete (void under Section 27). Tie the NDA to the employment contract, and remember the American Express Bank Ltd. v. Priya Puri limit: you can’t lock down a customer list the employee built through ordinary work. A freelancer or contractor NDA defines confidentiality around the deliverables, keeps the secrecy-versus-IP-ownership distinction crisp (the NDA protects secrets; a separate clause assigns IP), and usually rides alongside the services agreement.
A vendor or supplier NDA is usually mutual where both sides share specifications, and it needs the data clause whenever the vendor will process personal data (the DPDP cross-reference). A startup-to-investor NDA is often one-way from the founder, but here’s the practical reality: many VCs simply refuse to sign one, because they see overlapping deals all day. What do you do instead? Limit what you disclose early, watermark sensitive decks, and save the real secrets for after term-sheet stage.
| Use case | One-way or mutual | Clause emphasis | India-specific watch-out |
|---|---|---|---|
| Employee NDA | One-way (from employer) | Confidentiality, in-term exclusivity, narrow non-solicit | No post-term non-compete (s.27); client-list limit (American Express) |
| Freelancer / contractor NDA | Often one-way or mutual | Confidentiality around deliverables; IP-vs-secrecy distinction | Pair with the services agreement; don’t conflate secrecy with IP assignment |
| Vendor / supplier NDA | Usually mutual | Mutual confidentiality; data clause if personal data flows | Add a DPDP processing clause where the vendor handles personal data |
| Startup-investor NDA | Usually one-way (founder) | Limited disclosure; survival of secrecy | Many VCs won’t sign; watermark and stage your disclosures |
| Company-to-company / M&A | Mutual | Data-room scope, return/destruction, defined Purpose | Tie disclosures to the diligence Purpose; tight return clause |
An NDA between two companies for M&A diligence is mutual, scoped to the data room, and leans hard on the return-and-destruction clause, because when the deal falls through (most do), you want your information back. The common thread across all of these: keep the skeleton, move the emphasis, and watch the Section 27 and DPDP points that shift with the relationship.
Breach of an NDA: remedies, proof, and the enforcement path
This is the payoff section: the NDA has been breached, your secret is out or about to be, and the question is what you can actually do. The good news is that a well-drafted, properly executed NDA turns a weak grievance into a recoverable claim. The enforcement path is a ladder you climb one rung at a time.
Start with the cease-and-desist or legal notice: a formal demand, citing the agreement and the specific clauses breached, requiring the other side to stop and to remedy. Many breaches end here, because a documented notice signals you’re serious and tracking it. If that fails, the most valuable step in a confidentiality dispute is the injunction, an order under the Specific Relief Act, 1963 stopping further disclosure or use. An injunction protects the secret while the rest of the dispute plays out, which is why the remedies clause is drafted to make one easy to get.
Damages follow, recoverable under Sections 73 and 74 of the Indian Contract Act, 1872, with the Section 74 caveat that a liquidated-damages figure must be a genuine pre-estimate, not a penalty, or it gets read down to the loss actually proved. Then the dispute-resolution clause kicks in (arbitration or court), and note that the John Cockerill stamping point recurs precisely here, at the arbitration-appointment stage, so an unstamped NDA can stall enforcement at the worst moment. What about jail? Can you get criminal action for an NDA breach, or is it only civil? The norm is civil; a criminal route exists only narrowly, mainly where the breach also involves computer-data misuse caught by the Information Technology Act, 2000, and it’s fact-specific.
How do you prove a breach, and what evidence do you keep? This is where good drafting pays off twice. Keep the defined confidential-information schedule, access logs, and the e-signature audit trail, because they show what was protected, who had access, and that the NDA was validly executed. Two pitfalls recur: an NDA signed by someone without authority to bind the company (which can sink the claim at the threshold), and an NDA so over-broad or long that a court won’t enforce it.
So what’s the penalty for breaching an NDA in India? There’s no fixed statutory penalty; remedies are contractual and civil, an injunction plus damages, with a liquidated-damages figure only if it’s a genuine pre-estimate. A well-drafted, stamped NDA is what makes recovery realistic rather than wishful.
Common NDA drafting mistakes: do’s and don’ts
Most NDA failures aren’t exotic; they’re the same handful of errors, repeated. Here are the high-frequency, high-cost ones, each with the fix, drawn from every section above. Treat this as the pre-signing checklist.
- Don’t write “everything is confidential”. An over-broad definition is harder to enforce, not easier (American Express). Do define categories precisely and lean on a “reasonable person” catch-all.
- Don’t bundle a post-termination non-compete. It’s largely void under Section 27. Do use confidentiality, in-term exclusivity and a narrow non-solicitation instead.
- Don’t forget to stamp it. An unstamped NDA is inadmissible until cured (John Cockerill). Do stamp it at execution, in the right state, and add a stamp-duty clause.
- Don’t confuse the term with the survival period. They’re two clocks. Do draft them separately, with longer survival for genuine trade secrets.
- Don’t leave it silent on IP. Silence doesn’t transfer ownership and may leave a gap. Do add a no-licence clause and a separate assignment if ownership must move.
- Don’t omit a carve-out for compelled disclosure. A recipient ordered by a court or regulator to disclose shouldn’t be in breach. Do add a “required by law” exception with notice to the discloser.
A few more round out the list. Don’t use a US or generic internet template silent on India points (Section 27, stamping, e-sign, DPDP); don’t let an unauthorised person sign for a company; and don’t ignore the DPDP layer when personal data is involved. There’s a second-order pattern worth naming: the “template trap”. Free generic NDAs proliferate, but they fail exactly when litigated, because they’re silent on the India-specific points, which is precisely why serious businesses move toward annotated, India-aware drafting (the kind this guide gives you) and toward paid drafting where the stakes justify it. The cheapest version of this checklist is reading the annotations in the specimen before you change a clause.
Quick comparison tables: NDA types, stamping, term, Section 27, e-sign, NDA vs MoU vs DPA
For scannability, here’s the master comparison that ties the guide together, plus pointers back to the tables in their home sections. The one most people search for, and that no competitor lays out cleanly, is how an NDA differs from an MoU and from a data-processing agreement, and which of them needs stamping.
| Instrument | Binding? | Core purpose | Stamping / registration | When you need it |
|---|---|---|---|---|
| NDA | Yes (a contract) | Keep shared information secret | Stamp for admissibility; no registration | Whenever you share confidential information |
| MoU | Often not binding (depends on wording) | Record intent / understanding before a deal | Stamp if it creates obligations; no registration | To frame a relationship before binding terms |
| Data-processing agreement (DPA) | Yes (a contract) | Govern lawful processing of personal data (DPDP s.8(2)) | Stamp as a commercial contract; no registration | When one party processes personal data for another |
NDA versus MoU is the cleanest distinction: an NDA is a binding contract that protects secrecy; an MoU usually records intention and may or may not be binding depending on how it’s written (which decides whether it needs stamping). NDA versus DPA splits on subject matter: secrecy versus lawful data processing, and personal-data deals often need both. The other comparison tables live in their home sections: NDA types sits in the types section near the top, the Section 27 enforceability table sits in the enforceability section, term-versus-survival-versus-limitation sits in the duration section, and the stamping/registration/notarisation and e-sign tables sit in the execution section. Which instrument do you reach for first? An NDA, almost always, because secrecy is the threshold protection every other document builds on.
Frequently asked questions on drafting a non-disclosure agreement
How do I draft a non-disclosure agreement in India step by step?
Identify the parties and confirm signing authority, state the purpose, define “Confidential Information” and its four exclusions, set the receiving party’s obligations, fix the term and survival period separately, add return/destruction, add remedies and an injunction clause, choose governing law and dispute resolution, add the boilerplate, then execute and stamp it. The complete copy-paste template is on this page; fill the bracketed fields and customise per the clause notes.
Where can I download a free NDA template in India (Word/PDF)?
The complete, copy-paste annotated template (a mutual NDA, with a one-way variant note) is right here on this page, with no gated download or paywall. Copy it, fill the bracketed fields, read the annotation under each clause to understand the trade-offs, customise it to your deal, and execute it. That’s the whole template, on the page, free to use.
How long should an NDA last, and what term and survival period should I set?
Set two clocks separately. The term (how long the NDA is operative) is typically two to five years for ordinary business information. The survival of confidentiality (how long secrecy lasts after the term) is usually longer, and can be indefinite for genuine trade secrets for as long as they stay secret. Don’t assume “perpetual” works for ordinary information.
Does an NDA need to be on stamp paper, and what value?
An NDA is valid without stamping, but it’s inadmissible in evidence until duty and any penalty are paid (Sections 33 and 35 of the Indian Stamp Act, 1899). For an agreement with no ascertainable money value, the duty is usually a small fixed amount under the residuary entry, and it varies by state. An e-stamp through the state portal is the practical route.
Can I sign an NDA electronically or with a digital signature in India?
Yes. The Information Technology Act, 2000 recognises electronic signatures (Section 5), validates electronic contracts (Section 10A), and covers techniques such as Aadhaar e-Sign and DSC (Section 3A with Schedule II). NDAs are not in the Schedule I exclusions, so e-signing is fully valid. Name the method in the execution block and keep the audit trail as proof.
Does an NDA need to be notarised or have witnesses?
No. Notarisation and witnesses are optional, not conditions of validity. A signed, or validly e-signed, NDA between competent parties is binding without either. They can add an evidentiary comfort layer for high-stakes deals, but what actually matters for using the NDA in court is stamping, not notarisation.
Does an NDA need to be registered under the Registration Act, 1908?
No. Registration is not required for an NDA. The only execution step that affects court admissibility is stamping under the Indian Stamp Act, 1899. Registration and the NDA are unrelated, and confusing the two is one of the most common mistakes people make about NDA execution.
Is an NDA actually enforceable in India?
Yes. An NDA is enforceable as a contract under the Indian Contract Act, 1872 if it has the Section 10 essentials (lawful object, consideration, free consent, competent parties). The catch is Section 27: a post-termination non-compete bundled into the NDA is largely void, while confidentiality, in-term restraints and narrow non-solicitation remain enforceable.
Can I enforce an unstamped or insufficiently stamped NDA in court?
The contract is valid, but an insufficiently stamped instrument is inadmissible in evidence until you pay the deficit duty plus penalty (Section 35 of the Indian Stamp Act, 1899; the John Cockerill cure). Pay the shortfall and penalty, the document is endorsed, and it becomes admissible. So yes, you can enforce it, after regularising the stamping.
What happens if my NDA isn’t stamped, is it void or just inadmissible?
Not void, just inadmissible until cured. The court impounds the document, you pay the duty plus a penalty (often calculated per month of delay), it’s endorsed, and the matter proceeds. The underlying contract stays valid throughout; only its admissibility in evidence is suspended until the stamping is regularised.
Is a non-compete clause inside my NDA enforceable in India?
A post-termination non-compete bundled into an NDA is largely void under Section 27 of the Indian Contract Act, 1872, which strikes down agreements in restraint of trade. The enforceable substitutes are in-term exclusivity (during the engagement), confidentiality (which can survive), and a narrow non-solicitation. Draft those rather than relying on a non-compete that probably won’t hold.
Can my employer stop me joining a competitor after I leave using the NDA?
Generally no. A post-employment restraint stopping you from working for a competitor is void under Section 27 (Superintendence; American Express). The employer can still enforce genuine confidentiality and a reasonable non-solicitation. A clause barring you outright from a competitor after you leave is mostly unenforceable in India.
What is the penalty for breaching an NDA in India?
There’s no fixed statutory penalty. Remedies are contractual and civil: an injunction (Specific Relief Act, 1963) to stop the disclosure, plus damages, and a liquidated-damages figure only if it’s a genuine pre-estimate of loss (Section 74). A criminal route is narrow and fact-specific, mainly where computer-data misuse under the Information Technology Act, 2000 is involved.
What is the limitation period to sue for NDA breach, 6 or 12 years?
For an ordinary breach-of-contract claim, the limitation period is generally three years from the date of breach under the Limitation Act, 1963 (Article 55). The longer six- or twelve-year periods attach to specific instrument types, such as certain registered or secured instruments, not to a plain NDA. So for most NDAs, act within three years of the breach.
NDA vs confidentiality agreement vs secrecy agreement, are they the same?
Effectively yes. “NDA”, “confidentiality agreement” and “secrecy agreement” describe the same instrument, and the label doesn’t change the legal effect. A confidentiality clause inside a larger contract (an employment or vendor agreement) does the same job within that contract; a standalone NDA does it separately. Pick the label your counterparty is comfortable with.
Unilateral vs bilateral (mutual) vs multilateral NDA, which do I use?
Use a one-way (unilateral) NDA when only one side discloses, such as a founder pitching an investor. Use a mutual (bilateral) NDA when both sides disclose, such as a joint venture or M&A diligence. Use a multilateral NDA for three or more parties, such as a consortium. The clauses run one-way or reciprocally accordingly.
Stamp paper vs e-stamp vs plain company letterhead, what does an NDA need?
An NDA on plain paper or letterhead is still a valid contract, but for court use it must be adequately stamped. E-stamp through the state portal is the standard, convenient route, and the value varies by state. Letterhead is fine for the body of the document, but stamping is what secures admissibility if you ever need to rely on the NDA in evidence.
Wet-ink vs Aadhaar e-Sign vs DSC, which signing method for an NDA?
All three are valid under the Information Technology Act, 2000. Wet-ink suits the cautious or low-tech deal; Aadhaar e-Sign suits fast remote execution and is increasingly the default; DSC suits high-value or recurring deals where a stronger cryptographic signature is worth the setup. Specify the chosen method in the execution block and retain the e-sign audit trail as proof.
References
Case Law
- American Express Bank Ltd. v. Priya Puri, (2006) III LLJ 540 (Del) (Delhi High Court, 2006): client/customer lists acquired through ordinary employment are generally not protectable trade secrets, and an over-broad post-employment restraint to protect them is void under Section 27.
- Diljeet Titus, Advocate v. Alfred A. Adebare, 130 (2006) DLT 330 (Delhi High Court, 2006; 2006 (32) PTC 609 (Del)): even without a trade-secrets statute, a court can protect confidential information taken by departing associates through equity and contract, granting injunctive relief.
- Fairfest Media Ltd. v. ITE Group Plc, 2015 SCC OnLine Cal 6 (Calcutta High Court, 2015): business information such as cost/pricing, projected investments and marketing strategy can qualify as a trade secret; the court restrained use of NDA-disclosed information beyond the NDA’s expiry.
- Gujarat Bottling Co. Ltd. v. Coca Cola Co., (1995) 5 SCC 545 (Supreme Court of India, 1995; AIR 1995 SC 2372): a restrictive covenant operating during the subsistence of an agreement, designed to promote the contract rather than restrain trade, is not hit by Section 27.
- John Cockerill India Limited v. Sanjay Kamalakar Navare, 2023 SCC OnLine Bom 2066 (Bombay High Court, 12 September 2023): an unstamped NDA is not void but is inadmissible until impounded and the deficit stamp duty plus penalty is paid; duty fixed at Rs 100 under the residuary entry Article 5(h)(B) of the Maharashtra Stamp Act, with a 2% per month penalty, and endorsement directed on payment.
- Niranjan Shankar Golikari v. Century Spinning and Mfg. Co. Ltd., AIR 1967 SC 1098 (Supreme Court of India, 1967; (1967) 2 SCR 378): restraints operating during the term of a contract are not hit by Section 27 of the Indian Contract Act, 1872; post-termination restraints are treated differently.
- Percept D’Mark (India) Pvt. Ltd. v. Zaheer Khan, (2006) 4 SCC 227 (Supreme Court of India, 2006; AIR 2006 SC 3426): a negative covenant operating after the term of an agreement is in restraint of trade and void under Section 27; the doctrine extends beyond employment to commercial contracts.
- Superintendence Company of India (P) Ltd. v. Krishan Murgai, (1981) 2 SCC 246 (Supreme Court of India, 1980; AIR 1980 SC 1717): a post-service restrictive covenant on a former employee is prima facie void under Section 27.
- VFS Global Services Private Limited v. Suprit Roy, 2008 (2) Bom CR 446 (Bombay High Court, 2007): confidentiality and garden-leave-type covenants in employment must be reasonable and not operate as a post-employment restraint of trade; a clause prohibiting disclosure of trade secrets is not in restraint of trade.
Statutes
- Indian Contract Act, 1872: sections cited: 2, 10, 23, 27, 73, 74.
- Indian Stamp Act, 1899: sections cited: 33, 35.
- Registration Act, 1908: no registration required for an NDA.
- Copyright Act, 1957: IP ownership versus secrecy distinction.
- Maharashtra Stamp Act, 1958: residuary entry, Article 5(h)(B) of Schedule I.
- Limitation Act, 1963: Article 55 (three-year limitation for breach of contract).
- Specific Relief Act, 1963: section 38 and injunctive relief.
- Information Technology Act, 2000: sections cited: 3A, 5, 10A; First and Second Schedules.
- Digital Personal Data Protection Act, 2023: section 8(2).
Primary and regulatory sources
- SCC Online: the John Cockerill (Bombay High Court, 12 September 2023) unstamped-agreement judgment: the unstamped-NDA admissibility cure (Rs 100 duty, 2% monthly penalty, total Rs 144).
- Ministry of Electronics and Information Technology: the official Digital Personal Data Protection Act, 2023 (and the Information Technology Act, 2000).
- Startup India: the model non-disclosure agreement template (a non-competing government reference).
- LiveLaw: legal commentary on the unstamped-NDA admissibility issue.
Last verified: 2026-05-20
Disclaimer
This article is for informational and educational purposes only and does not constitute legal advice. The clause language and commentary above are illustrative drafting references; they are not tailored to any specific transaction, party, or jurisdiction. For specific legal guidance on drafting, negotiating, or executing a non-disclosure agreement, consult a qualified legal professional.
