How to Review an NDA in 5 Minutes: Step-by-Step Guide for Lawyers

The average NDA takes 45 minutes to review manually. At $350/hour — the national median for transactional attorneys per Clio’s 2025 Legal Trends Report — that’s $262 per NDA. If you review 10 NDAs a month, you’re spending $2,625 and nearly 8 hours on what most lawyers consider “simple” agreements.

NDAs are not simple. They are the most commonly reviewed contract type in solo and small firm practice, and they hide traps that experienced attorneys miss routinely. A 2024 World Commerce & Contracting report found that poor contract management erodes an average of 8.6% of contract value — and that erosion starts with the “routine” agreements no one scrutinizes carefully.

This guide gives you a structured 5-minute review framework you can use on every NDA that crosses your desk. It works whether you’re reviewing at 9 AM with coffee or at 11 PM with a deadline. Try Clause Labs Free to run this entire checklist with AI in under 30 seconds, or use the manual framework below.

The RAPID NDA Review Framework

Most lawyers read NDAs front-to-back and hope they catch everything. That approach works fine until it doesn’t — and the clause you missed is the one that matters. The RAPID framework gives you a systematic method that forces you to check what matters most, even under time pressure.

R — Rights: Who’s giving up what? Identify which party’s rights are restricted and whether the restrictions are mutual or one-sided.

A — Asymmetry: Is this agreement balanced? Mutual NDAs should impose roughly equal obligations. One-way NDAs should clearly favor only the disclosing party.

P — Protections: What exceptions, carve-outs, and limitations exist? Standard exclusions should always be present. If they’re missing, the NDA is overbroad.

I — Issues: What time bombs are hiding in the agreement? Duration problems, non-compete riders, residuals clauses, and remedies overreach all live here.

D — Definitions: How is “Confidential Information” defined? This single definition controls the entire agreement. If it’s too broad, everything is restricted. If it’s too narrow, nothing is protected.

Five letters. Five categories. Five minutes for a first-pass review that catches 90% of NDA problems. Now let’s break down the specific clauses you need to check within each category.

The 12 NDA Clauses to Check Every Time

For each clause below, you’ll find what it is, what to look for, the red flag language that should trigger pushback, and a negotiation tip.

1. Definition of Confidential Information

This is the most important clause in any NDA. It determines the scope of everything that follows.

What to look for: Is the definition specific enough to be enforceable but broad enough to protect the intended information? Courts have repeatedly held that overly vague definitions render NDAs unenforceable.

Red flag: “All information shared between the parties in any form” — this catch-all language is both overbroad and potentially unenforceable. Courts in multiple jurisdictions have questioned NDAs that fail to identify specific categories of protected information.

Green flag: “Confidential Information means technical specifications, business plans, customer lists, pricing data, and proprietary software, whether disclosed orally, in writing, or electronically, and marked as confidential or that a reasonable person would understand to be confidential.”

Negotiation tip: Push for a definition that specifies categories of protected information rather than using catch-all language. It protects your client better because it’s more likely enforceable.

2. Exclusions from Confidential Information

Every enforceable NDA must include standard exclusions. If they’re missing, the NDA attempts to restrict information that cannot legally be restricted.

What to look for: Five standard exclusions should appear in every NDA:

1. Information already known to the receiving party before disclosure
2. Information that is or becomes publicly available through no fault of the receiving party
3. Information independently developed by the receiving party
4. Information received from a third party without restriction
5. Information required to be disclosed by law, regulation, or court order

Red flag: Missing even one of these exclusions — particularly the legal compulsion carve-out. Without it, a party could face contempt of court for complying with a subpoena because the NDA technically restricts disclosure.

Negotiation tip: If any standard exclusions are missing, add them. This is not a negotiation point — it’s a drafting deficiency. Most experienced counterparties will agree immediately.

3. Obligations of the Receiving Party

This clause defines what the receiving party must actually do (and not do) with the confidential information.

What to look for: Reasonableness of the standard of care. “Best efforts” is more onerous than “reasonable efforts.” The standard should match the sensitivity of the information.

Red flag: “Receiving Party shall use the highest degree of care” or “Receiving Party shall prevent any and all unauthorized disclosure.” Absolute standards are nearly impossible to meet and expose your client to liability for even minor inadvertent disclosures.

Green flag: “Receiving Party shall use the same degree of care it uses to protect its own confidential information, but no less than reasonable care.”

Negotiation tip: Push for “reasonable care” or “same degree of care used for own confidential information,” whichever is standard in your client’s industry.

4. Permitted Disclosures

Who can the receiving party share confidential information with? This clause should address employees, advisors, and legal counsel at minimum.

What to look for: The NDA should permit disclosure to employees, contractors, and professional advisors who need the information and are bound by confidentiality obligations at least as protective as the NDA.

Red flag: No permitted disclosure clause at all — this technically means the receiving party can’t even share information with its own lawyers for the purpose of evaluating the deal.

Negotiation tip: Ensure the list of permitted recipients is broad enough to include everyone who will actually need access. For M&A NDAs, this should include accountants, bankers, and board members.

5. Duration of Confidentiality Obligations

How long do the obligations last? This is where many NDAs become unreasonable.

What to look for: Market-standard duration is 1-3 years for most commercial NDAs. Trade secret NDAs may justify longer periods. Perpetual obligations for general business information are a red flag.

Red flag: “Obligations under this Agreement shall survive in perpetuity” — for ordinary business information, this is likely unenforceable in many jurisdictions and signals that the drafter is either inexperienced or overreaching. According to Cooley GO’s NDA guidance, courts in many states view perpetual restrictions on non-trade-secret information skeptically.

Green flag: “Obligations shall continue for a period of two (2) years following disclosure of the applicable Confidential Information” or “for two (2) years following termination of this Agreement.”

Negotiation tip: If your client is the receiving party, push for a fixed term. If your client is the disclosing party, the longer the better — but be realistic about enforceability. Two to three years is defensible; perpetual for general business information often isn’t.

6. Return or Destruction of Information

What happens to confidential information when the NDA expires or terminates?

What to look for: A clear obligation to return or destroy confidential information upon request or at termination, with a certification requirement.

Red flag: No return/destruction provision at all. Without it, the receiving party can retain confidential information indefinitely, even after the NDA expires.

Negotiation tip: Include a carve-out allowing retention of one archival copy for legal compliance purposes and retention of information stored on routine backup systems — requiring purging of backup systems is technically impractical and creates a dispute trigger.

7. Non-Solicitation Riders

Non-solicitation provisions do not belong in a standard NDA. Their presence signals scope creep.

What to look for: Any provision restricting either party from soliciting or hiring the other’s employees, clients, or vendors. These provisions sometimes appear as a “Related Restrictions” section or buried within the “Additional Covenants.”

Red flag: “During the term and for 12 months following termination, neither party shall solicit or hire any employee of the other party.” In a simple NDA for business discussions, this restriction has nothing to do with protecting confidential information.

Negotiation tip: Strike non-solicitation provisions from NDAs unless there’s a specific business reason for their inclusion. If the counterparty insists, negotiate it as a separate agreement with appropriate consideration — don’t let it ride on an NDA. Note: non-solicitation enforceability varies by state. Review the ABA’s overview of restrictive covenants for jurisdiction-specific considerations.

8. Non-Compete Provisions

If you find a non-compete in an NDA, stop reviewing and start negotiating.

What to look for: Any restriction on competitive activities, business relationships, or entering specific markets. Non-competes absolutely do not belong in a standard NDA — they should be separate agreements with separate consideration.

Red flag: “Receiving Party agrees not to engage in any business that competes with Disclosing Party for a period of 12 months.” This transforms an NDA into a non-compete agreement, often without adequate consideration and potentially unenforceable under state law.

Negotiation tip: Refuse to accept non-compete language in an NDA. Period. If your client needs a non-compete, draft one separately with appropriate consideration, reasonable scope, and jurisdiction-specific compliance. Four states — California, Minnesota, Oklahoma, and North Dakota — ban non-competes almost entirely. See our guide to non-compete clause enforceability in 2026 for state-by-state analysis.

9. The Residuals Clause

This is the clause most lawyers miss — and it can quietly gut an NDA’s protections.

What to look for: A residuals clause permits the receiving party to use information retained in the “unaided memory” of its personnel, free of any confidentiality restrictions. According to Venable’s analysis of residuals clauses, if broadly drafted, a residuals clause can be “detrimental to the Disclosing Party” because it allows the receiving party to freely use any information its employees can remember.

Red flag: “Nothing in this Agreement shall restrict the Receiving Party from using Residual Information. ‘Residual Information’ means any ideas, concepts, know-how, or techniques retained in the unaided memory of any Representative of the Receiving Party.” This effectively creates a legal workaround: anything an employee remembers is fair game.

Green flag: A narrowly drafted residuals clause that excludes source code, customer data, pricing information, and strategic plans from the residuals exception, limits the exception to non-strategic personnel, and includes a time limit.

Negotiation tip: If you represent the disclosing party, strike the residuals clause entirely or narrow it significantly. If you represent the receiving party, push for a residuals clause — it provides meaningful protection against inadvertent breach claims. The key is defining what “unaided memory” covers and what it excludes.

10. Remedies and Injunctive Relief

This clause determines what happens when the NDA is breached.

What to look for: Most NDAs include an acknowledgment that breach would cause irreparable harm and that the disclosing party is entitled to injunctive relief (a court order to stop the breach) without proving actual damages.

Red flag: “Disclosing Party shall be entitled to injunctive relief and specific performance without bond or other security, in addition to all other remedies available at law or equity.” The “without bond” language removes a judicial safeguard that protects against frivolous injunction requests.

Negotiation tip: Accepting injunctive relief language is standard. Resist “without bond” provisions — courts in many jurisdictions require bonds for injunctions regardless of what the contract says, so the clause may not even be enforceable, but it signals aggressive drafting intent.

11. Governing Law and Jurisdiction

Which state’s law governs the NDA, and where would disputes be litigated?

What to look for: The governing law should match one of the parties’ locations or the location where the business relationship will primarily operate. A random jurisdiction suggests strategic forum shopping.

Red flag: A Delaware or New York governing law clause when both parties are based in California and the business relationship will operate in California. Forum selection clauses that require your client to litigate across the country add significant cost and inconvenience.

Negotiation tip: Push for your client’s home jurisdiction. If the counterparty insists on their jurisdiction, evaluate whether the governing law actually matters for this NDA (often, it doesn’t — NDA law is fairly uniform across most states). But if the NDA includes non-compete provisions or restrictive covenants, governing law becomes critical because enforceability varies dramatically by state.

12. Mutual vs. One-Way Obligations

Is the NDA protecting one party’s information or both parties’ information?

What to look for: In a mutual NDA, both parties disclose confidential information and both have obligations. In a one-way NDA, only one party discloses. The structure should match the actual information flow.

Red flag: A mutual NDA where only one party will actually disclose information. This creates unnecessary obligations for your client without corresponding benefit. Conversely, a one-way NDA presented when both parties will share sensitive information leaves one party unprotected.

Negotiation tip: If both parties will share information (the norm in most business discussions), insist on mutual obligations. If the NDA is truly one-way, make sure the obligations run in the right direction.

Red Flags That Should Stop You Cold

Some NDA provisions should trigger immediate pushback. If you see any of the following, flag them as critical issues before proceeding:

• Perpetual confidentiality with no exceptions — likely unenforceable for non-trade-secret information and signals aggressive overreach
• “All information shared” as the definition — overbroad, vague, and potentially unenforceable
• Non-compete or non-solicitation provisions buried in the NDA — scope creep that transforms a confidentiality agreement into a restrictive covenant
• Automatic assignment of IP — some NDAs include language assigning any intellectual property developed during discussions to the disclosing party, which has nothing to do with confidentiality
• Waiver of jury trial — an aggressive provision that doesn’t belong in a standard NDA
• One-sided attorney’s fees — if the disclosing party can recover legal fees but the receiving party cannot, the NDA creates asymmetric enforcement economics
• Missing standard exclusions — particularly the legal compulsion carve-out (subpoena compliance)

If you encounter more than two of these issues in a single NDA, consider whether the counterparty is negotiating in good faith or using the NDA as a vehicle for broader restrictions.

Common NDA Mistakes by Scenario

Different contexts create different NDA traps. Here’s what to watch for in the scenarios solo lawyers encounter most.

Startup NDA for Investor Meetings

The most common mistake: founders draft NDAs that are too broad to enforce and too aggressive to sign. Most sophisticated investors refuse to sign NDAs before hearing a pitch — and a founder who insists may signal inexperience.

What to advise: If an NDA is appropriate, keep it narrow. Define confidential information as specific technical or financial data shared during due diligence, not “business ideas” or “concepts.” Duration of 12-18 months is reasonable.

Employee NDA (or CIIA)

The most common mistake: NDAs that include hidden non-compete provisions that may be unenforceable in your employee’s state. California, Minnesota, Oklahoma, and North Dakota effectively ban non-competes; Illinois, Massachusetts, Washington, and Oregon impose significant income thresholds and restrictions.

What to advise: Separate the NDA from any restrictive covenants. Review the IP assignment provisions carefully — employees should always be allowed to exclude prior inventions. Check state-specific requirements for independent consideration.

Vendor NDA for Due Diligence

The most common mistake: missing carve-outs for legal and regulatory disclosure. When your client is reviewing a vendor’s confidential information for a potential acquisition, the NDA must permit sharing with accountants, bankers, and board members — not just lawyers.

What to advise: Negotiate broad permitted disclosures. Include a carve-out for disclosures required by securities regulations, government agencies, and court orders. Add explicit permission to share with professional advisors under their own confidentiality obligations.

M&A NDA

The most common mistake: failing to include standstill provisions, non-solicitation of key employees, and return/destruction obligations tailored to the deal timeline.

What to advise: M&A NDAs are not standard NDAs — they’re deal-specific instruments. Include standstill provisions if the target wants them, employee non-solicitation (which is more defensible than customer non-solicitation in this context), and detailed information handling protocols.

How AI Can Speed Up NDA Review

The RAPID framework and 12-clause checklist above work for manual review. But the reality of solo practice is that you’re often reviewing NDAs late at night, between client calls, or with a deadline an hour away.

AI contract review tools — including Clause Labs, Spellbook, and LegalOn — can run the equivalent of this entire checklist in seconds. Clause Labs specifically flags all 12 clauses discussed above, identifies missing exclusions, and generates plain-English explanations of each issue.

The approach that works best for most practitioners: let AI do the first pass and flag the issues, then apply your professional judgment to the flagged items. This is consistent with ABA Model Rule 1.1 (competence, including technology competence) and ABA Formal Opinion 512 (ethical use of generative AI tools), which requires lawyers to review and verify AI output rather than relying on it blindly.

For a deeper analysis of the ethical considerations, see our guide to whether AI contract review is ethical.

Upload your next NDA to Clause Labs’s free analyzer — it runs the full 12-clause analysis in under 30 seconds. No credit card, no signup for the basic analysis. Use it alongside the manual framework above and see what it catches that a quick read might miss.

Frequently Asked Questions

How long should an NDA review take?

A first-pass review using the RAPID framework should take approximately 5 minutes for a standard 3-5 page NDA. A thorough review with redline markup typically takes 20-30 minutes. If you’re spending more than 45 minutes on a standard NDA, you either don’t have a systematic framework or the NDA has significant issues that require negotiation. According to World Commerce & Contracting, human-led contract review averages 92 minutes — the RAPID framework cuts that significantly for standard NDAs.

What’s the most commonly missed NDA clause?

The residuals clause. According to EveryNDA’s analysis of residual information clauses, most lawyers either don’t notice it or don’t understand its implications. A broadly drafted residuals clause can effectively allow the receiving party to use any information its employees can remember — potentially gutting the NDA’s core protection. Check clause #9 in the framework above every single time.

Should I redline or reject a bad NDA?

Redline first. Most NDA problems stem from lazy drafting (using an old template without updating it) rather than bad faith. Redlining shows professionalism and often resolves issues quickly. Reject only when the NDA contains non-negotiable problems — like a disguised non-compete for a California employee or a perpetual term for general business information — that suggest the counterparty is using the NDA for purposes beyond confidentiality protection.

When should I escalate NDA review to a more senior attorney?

Escalate when the NDA involves trade secrets with potential seven-figure value, when it includes restrictive covenants you’re not sure are enforceable in the governing jurisdiction, when the counterparty is a government entity or heavily regulated industry, or when the NDA is connected to an M&A transaction. For routine commercial NDAs between private companies, a lawyer with the RAPID framework and the 12-clause checklist above should be fully equipped.

Can AI review NDAs accurately?

Purpose-built AI contract review tools identify NDA clause types and flag common risks with high accuracy for standard commercial NDAs. They’re particularly strong at catching missing exclusions, overbroad definitions, and asymmetric obligations — the pattern-based issues that humans miss when reviewing under time pressure. They’re weaker at assessing business context, relationship dynamics, and jurisdiction-specific enforceability nuances. The best approach is using AI for the first-pass identification, then applying your legal judgment to the flagged items. See our comparison of AI tools for contract review for a detailed assessment.

---

This article is for informational purposes only and does not constitute legal advice. NDA enforceability varies by jurisdiction, contract type, and specific factual circumstances. Consult a qualified attorney for advice specific to your situation.