NDA Agreement Format India: Free Template + AI Alternative

Every meaningful business conversation in India — whether with an investor, a potential vendor, or a new hire — begins with sharing something valuable: information. And every time you share confidential information without a properly drafted Non-Disclosure Agreement, you are gambling with your competitive advantage.

Yet most NDAs circulating in Indian businesses are copy-pasted from American templates, riddled with unenforceable clauses, and completely silent on the Digital Personal Data Protection Act, 2023. That is not a minor oversight — it is a structural vulnerability.

This guide gives you a complete, India-specific NDA agreement format, explains exactly what makes it enforceable under Indian law, and shows you a faster way to generate customised NDAs with AI.

What Makes an NDA Legally Enforceable Under Indian Law?

Before we get to the template, you need to understand the legal scaffolding that holds an NDA together in India. Without this understanding, even the best-formatted agreement is just paper.

The Indian Contract Act, 1872: Foundation of Every NDA

An NDA is a contract. For it to be valid, it must satisfy the essential requirements of a valid contract under the Indian Contract Act, 1872:

• Free consent (Sections 13–22): Both parties must agree voluntarily, without coercion, undue influence, fraud, misrepresentation, or mistake.
• Lawful consideration (Section 23): The agreement must involve lawful consideration. In mutual NDAs, the exchange of confidential information itself constitutes valid consideration. In unilateral NDAs, the consideration is often the opportunity being extended — a job offer, an investment discussion, or access to a tender.
• Lawful object (Section 23): The purpose of the NDA must not be unlawful, immoral, or opposed to public policy.
• Competent parties (Section 11): The signatories must be of sound mind, of the age of majority, and not disqualified from contracting by any law.

The Section 27 Trap: Restraint of Trade

This is where most Indian NDAs fail — and most template providers do not warn you.

Section 27 of the Indian Contract Act declares that every agreement by which anyone is restrained from exercising a lawful profession, trade, or business of any kind is void to that extent. Indian courts have interpreted this provision broadly.

In Percept D'Mark (India) Pvt. Ltd. v. Zaheer Khan (2006) 4 SCC 227, the Supreme Court confirmed that post-termination non-compete clauses are generally void under Section 27. While this case dealt primarily with non-compete obligations, the principle has significant implications for NDAs:

• An NDA that functions as a de facto non-compete — for instance, by defining "confidential information" so broadly that the receiving party cannot practically work in the same industry — risks being struck down.
• Reasonable confidentiality obligations that survive termination are generally upheld, provided they protect legitimate interests and do not amount to restraint of trade.

The key distinction, as articulated in Niranjan Shankar Golikari v. Century Spinning and Manufacturing Co. (1967) 2 SCR 378, is between a restraint that protects legitimate proprietary interests (enforceable) and one that merely prevents competition (void).

Practical implication: Your NDA must define confidential information with specificity, not sweep in general skills and knowledge. The survival period must be reasonable. And the obligations must be limited to non-disclosure and non-use — not a blanket prohibition on working in a particular field.

Remedies: Specific Relief Act, 1963

When an NDA is breached, the Disclosing Party typically seeks injunctive relief under the Specific Relief Act, 1963. Section 36 empowers courts to grant temporary and perpetual injunctions. Indian courts have been willing to grant interim injunctions in cases of confidentiality breaches, provided:

• There is a prima facie case of breach
• The balance of convenience favours the applicant
• Irreparable harm will result if the injunction is not granted

In John Richard Brady v. Chemical Process Equipments Pvt. Ltd. (1987) 1 Bom CR 372, the Bombay High Court granted an injunction restraining the use of confidential technical information, affirming that contractual obligations of confidentiality are enforceable through specific relief.

Stamp Duty and Registration

NDAs in India generally do not require registration under the Registration Act, 1908, as they do not fall within the categories of documents for which registration is compulsory under Section 17. However, stamp duty may apply depending on the state. In Maharashtra, for instance, NDAs attract stamp duty under the Bombay Stamp Act as agreements or records of agreements. Non-payment of stamp duty does not make the NDA void, but it renders the document inadmissible as evidence under Section 35 of the Indian Stamp Act, 1899 — which effectively defeats the purpose if you ever need to enforce it in court.

Always pay the applicable stamp duty. It is a modest cost that protects the enforceability of your agreement.

Three Types of NDAs: Choosing the Right Format

Not every NDA is the same. Choosing the wrong type creates either inadequate protection or unnecessary friction.

1. Unilateral NDA (One-Way)

One party discloses; the other receives and is bound by confidentiality obligations.

When to use:

• Hiring employees who will access proprietary systems
• Engaging vendors or consultants for specific projects
• Sharing business plans with potential investors (initial stage)
• Disclosing trade secrets during due diligence

Key characteristic: Only the Receiving Party has obligations. The Disclosing Party retains full control.

2. Mutual NDA (Two-Way / Bilateral)

Both parties disclose and receive confidential information. Both are bound by reciprocal obligations.

When to use:

• Joint venture discussions
• Partnership or collaboration negotiations
• Technology licensing or integration conversations
• M&A negotiations where both sides share sensitive data
• Co-development agreements

Key characteristic: Symmetry. Both parties are simultaneously Disclosing Party and Receiving Party. This is the most common format in business-to-business transactions.

3. Multilateral NDA (Multi-Party)

Three or more parties share confidential information under a single agreement.

When to use:

• Consortium-based projects (infrastructure, defence, large-scale IT)
• Multi-party joint ventures
• Situations where a separate bilateral NDA between each pair of parties would be impractical

Key characteristic: Simplifies documentation when multiple entities are involved. However, multilateral NDAs are more complex to draft and require careful attention to the flow of information between specific parties.

For most Indian businesses, a mutual NDA is the default starting point. We will use this format for the template below.

Review your existing NDA for gaps — Quick Triage Free

Complete NDA Agreement Format for India: Annotated Template

Below is a comprehensive, clause-by-clause NDA template drafted for Indian law. Each clause is followed by an annotation explaining its purpose and drafting considerations.

---

MUTUAL NON-DISCLOSURE AGREEMENT

This Mutual Non-Disclosure Agreement ("Agreement") is entered into on this ______ day of ____________, 2026 ("Effective Date")

BETWEEN:

[Party A Name], a company incorporated under the Companies Act, 2013, having its registered office at [Address], represented by [Name], [Designation], duly authorised (hereinafter referred to as "Party A", which expression shall, unless repugnant to the context, include its successors and permitted assigns)

AND

[Party B Name], a company incorporated under the Companies Act, 2013, having its registered office at [Address], represented by [Name], [Designation], duly authorised (hereinafter referred to as "Party B", which expression shall, unless repugnant to the context, include its successors and permitted assigns)

Party A and Party B are hereinafter individually referred to as a "Party" and collectively as the "Parties."

WHEREAS:

A. The Parties wish to explore a potential business relationship concerning [brief description of purpose] ("Purpose").

B. In connection with the Purpose, each Party may disclose to the other certain Confidential Information (as defined herein).

C. The Parties wish to establish the terms and conditions under which such Confidential Information shall be disclosed, received, and protected.

NOW, THEREFORE, in consideration of the mutual covenants and agreements herein contained, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

---

Clause 1: Definitions

1.1 "Confidential Information" means any and all information, whether in written, oral, electronic, visual, or any other form, disclosed by or on behalf of the Disclosing Party to the Receiving Party, directly or indirectly, in connection with the Purpose, including but not limited to:

(a) trade secrets, inventions, patents, patent applications, copyrights, designs, processes, formulae, algorithms, software source code, and technical data;

(b) business plans, strategies, financial information, projections, pricing, customer lists, supplier lists, and marketing plans;

(c) proprietary data, research, development, and know-how;

(d) Personal Data (as defined under the Digital Personal Data Protection Act, 2023) of employees, customers, or third parties that may be shared in connection with the Purpose; and

(e) any information that is designated as "Confidential," "Proprietary," or with a similar legend at the time of disclosure, or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.

1.2 "Disclosing Party" means the Party disclosing Confidential Information.

1.3 "Receiving Party" means the Party receiving Confidential Information.

1.4 "Representatives" means the directors, officers, employees, advisors, consultants, agents, and professional advisors (including legal counsel, accountants, and auditors) of a Party who have a need to know the Confidential Information for the Purpose and are bound by obligations of confidentiality no less restrictive than those set forth herein.

1.5 "Personal Data" shall have the meaning ascribed to it under the Digital Personal Data Protection Act, 2023, as amended from time to time.

Annotation: The definition of Confidential Information is the most litigated clause in NDA disputes. It must be specific enough to be enforceable but broad enough to cover the information you actually share. The inclusion of Personal Data as a separate sub-category (Clause 1.1(d)) is essential post-DPDP Act 2023. Note the "reasonable person" standard in sub-clause (e) — this catches information that is confidential by nature even if not explicitly marked.

---

Clause 2: Exclusions from Confidential Information

2.1 Confidential Information shall not include any information that:

(a) is or becomes publicly available through no fault or breach of this Agreement by the Receiving Party;

(b) was already in the possession of the Receiving Party prior to disclosure by the Disclosing Party, as evidenced by the Receiving Party's written records;

(c) is independently developed by the Receiving Party without reference to or use of the Confidential Information, as evidenced by the Receiving Party's written records;

(d) is lawfully received by the Receiving Party from a third party who is not bound by any obligation of confidentiality with respect to such information; or

(e) is required to be disclosed by law, regulation, or order of a court or governmental authority of competent jurisdiction, provided that the Receiving Party shall (i) provide the Disclosing Party with prompt written notice of such requirement prior to disclosure (to the extent legally permissible), (ii) cooperate with the Disclosing Party in seeking a protective order or other appropriate remedy, and (iii) disclose only such portion of the Confidential Information as is legally required.

Annotation: These are standard and universally accepted exclusions. The critical safeguards are the evidentiary requirements ("as evidenced by written records") in sub-clauses (b) and (c), and the procedural protections in sub-clause (e) for compelled disclosures. Without sub-clause (e), a Receiving Party faces an impossible choice between breaching the NDA and contempt of court.

---

Clause 3: Obligations of the Receiving Party

3.1 The Receiving Party shall:

(a) hold all Confidential Information in strict confidence and not disclose it to any third party except as expressly permitted herein;

(b) use the Confidential Information solely for the Purpose and for no other purpose whatsoever;

(c) limit disclosure of Confidential Information to its Representatives on a need-to-know basis, and ensure that each such Representative is informed of the confidential nature of the information and is bound by obligations of confidentiality no less restrictive than those contained herein;

(d) protect the Confidential Information using at least the same degree of care as it uses to protect its own confidential information of a similar nature, and in no event less than a reasonable degree of care;

(e) promptly notify the Disclosing Party in writing upon discovery of any unauthorised use or disclosure of Confidential Information; and

(f) not reverse-engineer, decompile, or disassemble any Confidential Information, or attempt to derive any trade secrets or proprietary information therefrom, without the prior written consent of the Disclosing Party.

Annotation: Sub-clause (d) uses the dual standard — "same degree of care" plus "no less than reasonable care." This prevents a party with lax internal security from arguing it applied the "same" (inadequate) standard. Sub-clause (f) on reverse engineering is essential for technology-related NDAs and is supported by Section 65 of the Copyright Act, 1957, which permits decompilation only in limited circumstances.

---

Clause 4: DPDP Act 2023 — Personal Data Obligations

4.1 To the extent that any Confidential Information constitutes Personal Data under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Receiving Party shall:

(a) process such Personal Data only to the extent necessary for the Purpose and in compliance with the DPDP Act and any rules notified thereunder;

(b) implement appropriate technical and organisational measures to protect Personal Data against unauthorised access, use, disclosure, alteration, or destruction, in accordance with the obligations of a Data Processor under the DPDP Act;

(c) not transfer Personal Data outside India except in compliance with Section 16 of the DPDP Act and any restrictions notified by the Central Government;

(d) promptly notify the Disclosing Party of any Personal Data Breach (as defined under the DPDP Act) affecting the Confidential Information, and cooperate with the Disclosing Party in addressing such breach, including in any notifications required to be made to the Data Protection Board of India or affected Data Principals;

(e) upon termination or expiry of this Agreement, delete or return all Personal Data in accordance with Clause 7 and the requirements of the DPDP Act; and

(f) not engage any sub-processor to process Personal Data received under this Agreement without the prior written consent of the Disclosing Party.

4.2 Where the Disclosing Party acts as a Data Fiduciary under the DPDP Act, the Receiving Party acknowledges that it shall be deemed a Data Processor and shall comply with all obligations applicable to Data Processors under the DPDP Act.

Annotation: This clause is the most important addition to Indian NDAs since 2023. The DPDP Act imposes direct obligations on Data Fiduciaries and Data Processors. If your NDA involves sharing employee records, customer databases, user analytics, or any personal data, you must address DPDP compliance. Failure to do so exposes both parties to penalties of up to Rs. 250 crore under the DPDP Act. Sub-clause (c) on cross-border transfers is particularly relevant for companies with foreign counterparties.

---

Clause 5: Term and Survival

5.1 This Agreement shall come into effect on the Effective Date and shall remain in force for a period of [2/3/5] years ("Term"), unless earlier terminated by either Party upon thirty (30) days' prior written notice to the other Party.

5.2 The obligations of confidentiality under this Agreement shall survive the termination or expiry of this Agreement for a period of [3/5] years from the date of such termination or expiry.

5.3 Notwithstanding Clause 5.2, obligations relating to trade secrets shall survive for as long as such information remains a trade secret under applicable law.

Annotation: The survival period is critical. Indian courts are unlikely to enforce perpetual confidentiality obligations (as these may run afoul of Section 27). A survival period of 3–5 years is standard for commercial NDAs. However, for trade secrets, Clause 5.3 provides a carve-out — trade secret protection continues for as long as the information qualifies as a trade secret, which is consistent with the common law position in India as recognised in Burlington Home Shopping Pvt. Ltd. v. Rajnish Chibber (1995) 61 DLT 6.

---

Clause 6: Remedies

6.1 The Parties acknowledge and agree that any breach or threatened breach of this Agreement may cause irreparable harm to the Disclosing Party for which monetary damages alone would be an inadequate remedy.

6.2 Accordingly, the Disclosing Party shall be entitled to seek injunctive relief, specific performance, or any other equitable remedy from a court of competent jurisdiction, in addition to any other remedies available at law or in equity, without the necessity of proving actual damages or posting any bond or surety.

6.3 The remedies provided herein are cumulative and not exclusive of any other remedies available under applicable law.

Annotation: This clause is essential for practical enforceability. Injunctive relief under Sections 36–42 of the Specific Relief Act, 1963, is often the only effective remedy for a confidentiality breach, since monetary damages are difficult to quantify. The "irreparable harm" language aligns with the test Indian courts apply when granting interlocutory injunctions under Order XXXIX of the Code of Civil Procedure, 1908.

---

Clause 7: Return and Destruction of Information

7.1 Upon termination or expiry of this Agreement, or upon the written request of the Disclosing Party, the Receiving Party shall, within fifteen (15) days:

(a) return to the Disclosing Party all documents, materials, and other tangible items containing or embodying Confidential Information; or

(b) destroy all such documents, materials, and tangible items, and permanently delete all electronic copies of Confidential Information from its systems and devices,

and shall provide a written certification signed by an authorised officer of the Receiving Party confirming such return or destruction.

7.2 Notwithstanding Clause 7.1, the Receiving Party may retain copies of Confidential Information to the extent required by applicable law, regulation, or internal compliance or archival policies, provided that such retained copies shall remain subject to the confidentiality obligations of this Agreement.

Annotation: The certification requirement in Clause 7.1 is often missing from template NDAs, but it provides a crucial evidentiary trail. Clause 7.2 acknowledges the practical reality that companies subject to regulatory requirements (e.g., RBI-regulated entities, companies under SEBI oversight) may be legally required to retain certain records.

---

Clause 8: No Grant of Rights

8.1 Nothing in this Agreement shall be construed as granting to the Receiving Party any licence, right, title, or interest in or to any Confidential Information, intellectual property, or other proprietary rights of the Disclosing Party.

8.2 The disclosure of Confidential Information under this Agreement shall not constitute any representation, warranty, or guarantee regarding the accuracy, completeness, or fitness for any purpose of such information.

---

Clause 9: Governing Law and Jurisdiction

9.1 This Agreement shall be governed by and construed in accordance with the laws of India.

9.2 Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts at [City], India.

9.3 [Optional — Arbitration clause:] Any dispute, controversy, or claim arising out of or relating to this Agreement shall be settled by arbitration administered in accordance with the Arbitration and Conciliation Act, 1996, as amended. The arbitration shall be conducted by a sole arbitrator appointed by mutual agreement of the Parties. The seat of arbitration shall be [City], India. The language of arbitration shall be English. The arbitral award shall be final and binding on both Parties.

Annotation: Always specify governing law and jurisdiction. For domestic NDAs between Indian parties, Indian law and Indian courts are standard. For NDAs with international counterparties, the choice of Indian governing law is advisable if enforcement is likely to be sought in India. Clause 9.3 is optional but increasingly preferred — arbitration is faster and more confidential than litigation, which is particularly appropriate for disputes involving confidential information.

---

Clause 10: General Provisions

10.1 Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior negotiations, discussions, and agreements.

10.2 Amendment. No amendment to this Agreement shall be effective unless made in writing and signed by both Parties.

10.3 Waiver. No waiver of any provision of this Agreement shall constitute a waiver of any other provision or of the same provision on a future occasion.

10.4 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

10.5 Assignment. Neither Party may assign this Agreement or any rights or obligations hereunder without the prior written consent of the other Party.

10.6 Notices. All notices under this Agreement shall be in writing and delivered to the addresses specified above, by hand delivery, registered post, or email to the designated contact persons.

10.7 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same agreement. Execution by electronic signature shall be valid and binding.

---

IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.

| Party A | Party B | |---|---| | Signature: __________________ | Signature: __________________ | | Name: __________________ | Name: __________________ | | Designation: __________________ | Designation: __________________ | | Date: __________________ | Date: __________________ |

Witness 1: | Witness 2: Name: __________________ | Name: __________________ Signature: __________________ | Signature: __________________

---

DPDP Act 2023: What Every NDA Now Needs

The Digital Personal Data Protection Act, 2023 fundamentally changed the landscape for NDAs in India. If your NDA was drafted before August 2023, it almost certainly lacks these critical protections.

Why DPDP Compliance in NDAs Matters

Under the DPDP Act:

• A Data Fiduciary (the entity that determines the purpose and means of processing personal data) is directly liable for how personal data is handled — even when shared with third parties.
• A Data Processor (the entity that processes data on behalf of the Data Fiduciary) must comply with the Data Fiduciary's instructions and the Act's requirements.
• Penalties for non-compliance range up to Rs. 250 crore depending on the nature of the violation.

When you share personal data under an NDA — whether it is employee records during an HR outsourcing discussion, customer data during a technology integration, or user analytics during an investment pitch — the NDA must clearly establish data processing roles, obligations, and breach notification protocols.

Key DPDP Additions for Your NDA

1. Define "Personal Data" separately within your Confidential Information definition, cross-referencing the DPDP Act.
2. Specify Data Fiduciary and Data Processor roles — who determines the purpose of processing, and who processes on whose behalf.
3. Restrict cross-border transfers — the DPDP Act empowers the Central Government to restrict transfers to notified countries. Your NDA must prohibit transfers except in compliance with Section 16.
4. Mandate breach notification — the Act requires Data Fiduciaries to notify the Data Protection Board and affected Data Principals of breaches. Your NDA must require the Receiving Party to notify you promptly so you can meet statutory timelines.
5. Address data retention and deletion — the DPDP Act requires deletion of personal data when the purpose is fulfilled. Your NDA's return/destruction clause must align with this.
6. Prohibit unauthorised sub-processing — if the Receiving Party engages sub-processors, your NDA must require prior consent and flow-down of obligations.

Generate a custom NDA tailored to your situation in 2 minutes — Try Contract Generation Wizard Free

Common Mistakes That Make NDAs Unenforceable in Indian Courts

Drafting an NDA is not merely a formatting exercise. These are the most common errors that lead to NDAs being struck down or rendered ineffective:

1. Overbroad Definition of Confidential Information

Defining "Confidential Information" as "any and all information shared between the parties" without specificity is a red flag. Indian courts may interpret such clauses as unreasonable restraints, particularly if the breadth of the definition effectively prevents the Receiving Party from working in a particular domain.

Fix: Be specific. List categories. Use the "reasonable person" standard as a catch-all, not the primary definition.

2. Unreasonable Duration

A perpetual NDA — or one with a 10-year survival period for routine commercial information — is unlikely to be enforced. While trade secrets may warrant longer protection, general business information should be protected for 2–5 years.

Fix: Differentiate between trade secrets (longer protection) and general confidential information (reasonable fixed term).

3. Section 27 Violations: The NDA as a Disguised Non-Compete

If your NDA prevents the Receiving Party from using general skills, industry knowledge, or publicly available methodologies, it functions as a non-compete agreement and is void under Section 27.

Fix: Clearly carve out general skills and knowledge from the definition of Confidential Information. Ensure the obligations relate only to specific, identifiable proprietary information.

4. No Exclusions Clause

An NDA without standard exclusions (publicly available information, independently developed information, prior knowledge) is commercially unreasonable and may face judicial scepticism.

Fix: Always include the standard five exclusions outlined in Clause 2 of the template above.

5. Missing or Inadequate Remedies Clause

Without a clause explicitly acknowledging the right to injunctive relief, you may face delays in obtaining interim orders from courts.

Fix: Include the remedies clause with language on irreparable harm and the right to seek equitable relief without proving actual damages.

6. Failure to Specify Governing Law and Jurisdiction

An NDA without a governing law clause invites jurisdictional disputes that can delay enforcement by months or years.

Fix: Always specify Indian law as the governing law and designate a specific city for jurisdiction.

7. No Stamp Duty Payment

As discussed above, an unstamped NDA is inadmissible as evidence. This is a fatal defect that is entirely preventable.

Fix: Pay the applicable stamp duty before or at the time of execution.

NDA for Different Contexts: Investors, Employees, and Vendors

While the core structure remains the same, NDAs must be tailored to the specific relationship.

NDA for Investors

• Purpose clause should reference fundraising, due diligence, or potential investment
• Typically mutual — the startup shares business data; the investor may share deal terms, fund strategy, or portfolio information
• Shorter term — investment discussions often resolve within 6–12 months; a 2-year agreement term with 3-year survival is typical
• Carve-outs for portfolio conflicts — investors often require the ability to invest in potentially competing companies. Your NDA should address this (e.g., the NDA does not restrict the investor from investing in companies in the same sector, provided it does not disclose the Disclosing Party's Confidential Information)
• DPDP considerations — if you share customer data or user metrics with identifiable personal data, the DPDP clause is essential

NDA for Employees

• Unilateral — the employer discloses; the employee receives
• Typically part of or annexed to the employment agreement under the Indian employment law framework
• Must navigate Section 27 carefully — post-employment confidentiality obligations are enforceable, but they must not amount to a restraint on the employee's ability to earn a livelihood. The Supreme Court in Wipro Ltd. v. Beckman Coulter International S.A. (2006) 3 SCC 118 upheld the distinction between protecting legitimate confidential information and imposing unreasonable restraints
• Define trade secrets narrowly — general skills, training, and industry knowledge learned during employment cannot be classified as Confidential Information
• Include an inventions assignment clause if the employee may create intellectual property during their tenure
• DPDP considerations — employees may access customer personal data, employee personal data, and vendor personal data. The NDA must address each category

NDA for Vendors and Consultants

• Can be unilateral or mutual, depending on whether the vendor shares proprietary methodologies
• Include flow-down obligations — if the vendor uses sub-contractors, your Confidential Information must be protected at every tier
• Specify permitted use narrowly — the vendor should only use Confidential Information for delivering the specific services contracted
• Align with the master services agreement (MSA) — the NDA should complement, not contradict, confidentiality provisions in the MSA
• Include audit rights — the right to verify the vendor's compliance with confidentiality obligations
• DPDP considerations — if the vendor processes personal data on your behalf, the NDA must establish the Data Processor relationship and include all DPDP-mandated provisions

How AI Contract Review Catches NDA Gaps

Even experienced lawyers miss NDA gaps — not because of incompetence, but because human review is subject to fatigue, familiarity bias, and the sheer volume of contracts that pass through a legal team.

AI-powered contract review tools like LexiReview address this systematically:

1. Clause Completeness Check

AI scans your NDA against a comprehensive checklist of essential clauses. Missing a return/destruction clause? No exclusions? No DPDP provisions? The system flags it instantly.

2. Enforceability Risk Analysis

AI identifies clauses that may be unenforceable under Indian law — overbroad definitions, unreasonable durations, potential Section 27 violations — and provides specific recommendations for remediation.

3. Consistency Verification

In complex transactions involving multiple documents (NDA + MSA + SLA + DPA), AI checks for conflicts between confidentiality provisions across documents. A common issue: the NDA defines "Confidential Information" one way, and the MSA defines it differently.

4. DPDP Act Compliance

AI verifies that your NDA includes all necessary DPDP provisions — Data Processor obligations, breach notification, cross-border transfer restrictions, deletion requirements — and flags any gaps.

5. Benchmarking Against Market Standards

AI compares your NDA terms against a database of market-standard NDAs in the same industry and deal type. Is your survival period unusually long? Is your definition unusually narrow? The system provides context.

6. Plain Language Summaries

AI generates plain-language summaries of each clause, making it easier for business stakeholders to understand what they are signing without waiting for a legal team review.

The result is not a replacement for legal judgment — it is a force multiplier. Your legal team spends less time on routine clause-checking and more time on strategic advice.

Frequently Asked Questions

Is an NDA legally binding in India?▾

Yes. An NDA is a valid and enforceable contract under the Indian Contract Act, 1872, provided it meets the essential requirements of a valid contract: free consent, lawful consideration, lawful object, and competent parties. Indian courts have consistently upheld the enforceability of NDAs and granted injunctive relief for their breach. However, specific clauses within an NDA may be struck down if they violate Section 27 (restraint of trade) or are otherwise unconscionable.

Does an NDA need to be on stamp paper in India?▾

While an NDA is valid even without stamp paper, it may be inadmissible as evidence in court if the applicable stamp duty is not paid. Stamp duty varies by state — for example, in Maharashtra, it is governed by the Maharashtra Stamp Act. The cost is typically modest (a few hundred to a few thousand rupees), and paying it protects the evidentiary value of your agreement. Always pay the applicable stamp duty.

What is the ideal duration for an NDA in India?▾

For the agreement term, 2–5 years is standard for most commercial relationships. The survival period (during which confidentiality obligations continue after termination) is typically 3–5 years for general business information. Trade secrets should be protected for as long as they remain trade secrets. Perpetual NDAs are disfavoured by Indian courts and may be deemed unreasonable. The appropriate duration depends on the nature of the information, the industry, and the commercial context.

Can an NDA be enforced against an ex-employee in India?▾

Confidentiality obligations can be enforced against ex-employees, but non-compete obligations generally cannot. Section 27 of the Indian Contract Act voids agreements in restraint of trade, and post-employment non-compete clauses have been consistently struck down by Indian courts (see Percept D'Mark v. Zaheer Khan). However, an obligation not to disclose or use specific, identifiable trade secrets and confidential information is enforceable, provided it does not effectively prevent the ex-employee from working in the industry.

What happens if someone violates an NDA in India?▾

The Disclosing Party can seek multiple remedies: (1) injunctive relief under the Specific Relief Act, 1963, to prevent further disclosure; (2) damages for losses suffered; (3) specific performance, if applicable; and (4) in extreme cases involving theft of trade secrets, criminal remedies under Section 405/406 of the Bharatiya Nyaya Sanhita, 2023 (formerly IPC) for criminal breach of trust. The most effective immediate remedy is typically an interim injunction, which can be obtained within days if the court is satisfied there is a prima facie case and irreparable harm.

Does the DPDP Act 2023 affect existing NDAs?▾

Yes. If your existing NDA involves the sharing of personal data (as defined under the DPDP Act) — which includes employee data, customer data, or any data that identifies a natural person — your NDA should be updated to include DPDP-compliant provisions. Key additions include: Data Fiduciary/Data Processor role allocation, breach notification obligations, cross-border transfer restrictions, and data deletion requirements. NDAs drafted before 2023 almost certainly lack these provisions.

Is a mutual NDA better than a unilateral NDA?▾

It depends on the context. A mutual NDA is appropriate when both parties will share confidential information — which is the case in most business negotiations, partnerships, and M&A discussions. A unilateral NDA is appropriate when information flows in only one direction, such as employer-to-employee or company-to-vendor. Using a mutual NDA when only one party shares information is not harmful, but it may create unnecessary complexity. Using a unilateral NDA when both parties share information leaves one party unprotected.

Can I use an NDA template from the internet for my Indian business?▾

You can, but you should not use it without significant modification. Most freely available NDA templates are drafted for US or UK law and contain provisions that are either unenforceable or irrelevant in India (e.g., references to the Uniform Trade Secrets Act, US state jurisdictions, or UK GDPR). At a minimum, you need to ensure the template complies with the Indian Contract Act, addresses Section 27 concerns, specifies Indian governing law and jurisdiction, includes DPDP Act provisions, and accounts for Indian stamp duty requirements. Better yet, use an AI-powered tool like LexiReview to generate an NDA specifically drafted for Indian law.

How is an NDA different from a confidentiality clause in a contract?▾

An NDA is a standalone agreement focused entirely on protecting confidential information. A confidentiality clause is one provision within a larger contract (such as a services agreement, employment agreement, or licensing agreement). The substantive obligations can be similar, but an NDA is typically more comprehensive — it includes detailed definitions, exclusions, remedies, return/destruction provisions, and survival clauses that may not fit within a single clause of a broader agreement. For preliminary discussions before a definitive agreement is signed, a standalone NDA is essential.

Can LexiReview help me review or generate an NDA?▾

Yes. LexiReview offers two capabilities: (1) Quick Triage reviews your existing NDA and flags missing clauses, enforceability risks, DPDP compliance gaps, and deviations from market standards in minutes; and (2) Contract Generation Wizard generates a custom NDA tailored to your specific context — investor discussions, employee onboarding, vendor engagement — with all essential Indian law provisions included. Both features are available on the free plan.

Conclusion: From Template to Tailored NDA

A well-drafted NDA is not a formality — it is the first line of defence for your most valuable business asset: information. In 2026, with the DPDP Act in effect and Indian courts increasingly willing to enforce (or strike down) confidentiality agreements based on the quality of their drafting, the stakes for getting your NDA right have never been higher.

This guide has given you the legal framework, the complete template, and the practical guidance to draft an enforceable NDA under Indian law. But every business relationship is different, and a template — however comprehensive — is still a starting point.

If you want to move beyond templates:

• Upload your existing NDA to check for gaps, Section 27 risks, and DPDP compliance issues
• Generate a custom NDA tailored to your specific transaction in minutes, not hours
• Review counterparty NDAs before you sign and identify clauses that work against your interests

Review or generate your NDA with LexiReview — Sign Up Free