Updated April 2026. Disclosure: this article links to our own free UK NDA template at the bottom.
Sooner or later, every UK founder needs an NDA. You’re about to pitch an investor, brief a contractor on the product roadmap, or share customer pricing with a potential partner โ and you want a paper trail that says “this is confidential.” A non-disclosure agreement (NDA), sometimes called a confidentiality agreement, is how you do it.
The good news: a UK NDA is one of the simpler contracts you’ll ever need. The bad news: most templates floating around the internet were drafted in California, full of clauses that don’t apply under English law and missing some that do. This guide walks you through what an NDA actually needs to do under UK law, the choices you need to make, and the mistakes that turn a perfectly reasonable contract into wallpaper.
What is an NDA, legally speaking?
An NDA is a contract under English and Welsh law (or Scots law north of the border, but the principles are similar) in which one or both parties agree not to disclose specified confidential information. It’s enforceable through two doctrines: the law of contract (you signed it, you breached it, here’s the damages bill) and equitable duties of confidence โ a doctrine going back to Coco v A.N. Clark (Engineers) Ltd [1969] which protects confidential information even without a contract, but is much stronger when the parties have signed one.
Properly drafted, a UK NDA gives you two practical remedies. First, an injunction to stop the recipient from disclosing or using your information further โ courts will grant these on an urgent basis where damage is imminent. Second, damages for losses caused by disclosure โ though calculating these is often the hard bit.
Mutual or one-way: which one do you need?
This is the first decision and it’s almost always the wrong one to overthink.
- One-way (unilateral) NDA: Only one party is sharing confidential information. Use this when you’re pitching an investor (you share, they listen), giving a candidate a tour of your codebase before hiring, or sending a deck to a journalist under embargo.
- Mutual (bilateral) NDA: Both parties will share confidential information. Use this when you’re exploring a commercial partnership, going through M&A talks, or having any genuine two-way exchange about strategy or roadmap.
If in doubt, go mutual. The protection is symmetric and most counterparties are more comfortable signing a mutual one. The exception is investor pitches: VCs almost universally refuse to sign NDAs (they see too many similar deals to risk one), and asking is often a small founder-credibility own-goal.
The five essentials every UK NDA must have
Boil it down and an enforceable UK NDA needs these five things:
1. A definition of “Confidential Information”
Loose definitions kill NDAs. “Anything we ever told you” sounds robust but courts will narrow it. The strongest definitions identify both what’s covered (e.g. business plans, customer lists, technical data, financial information, unreleased products) and what isn’t (information already in the public domain, information independently developed by the receiving party, information already known before disclosure, information disclosed under compulsion of law).
2. A permitted purpose
The recipient should only be allowed to use the information for a specific, defined purpose โ “to evaluate a potential investment” or “to deliver the development services described in the engagement letter dated 1 April 2026.” Without this, the recipient can argue any commercial use was implicitly permitted.
3. A list of permitted recipients
Information rarely stays with one person. The NDA should specify who within the recipient’s organisation can see it โ typically directors, employees and professional advisers on a need-to-know basis โ and require those people to be bound by equivalent obligations.
4. A term
How long does confidentiality last? Standard commercial information: 2 to 5 years from disclosure is normal. Trade secrets: indefinite, or “for as long as the information remains confidential.” Don’t write “in perpetuity” for ordinary commercial information โ courts may strike it down as unreasonable.
5. Governing law and jurisdiction
For UK businesses dealing with UK businesses, “this Agreement is governed by the law of England and Wales and the parties submit to the exclusive jurisdiction of the English courts” is the standard. Without this clause, you risk arguing about which country’s law applies โ fatal in any urgent injunction application.
Three common mistakes that make NDAs unenforceable
Even with the essentials in place, NDAs go wrong. The three I see most often:
1. Marking nothing as confidential. If your NDA says “information identified as confidential,” and you then dump 200 pages of unmarked documents on the recipient, you have no enforceable claim. Either mark documents clearly or use a definition broad enough to cover what a reasonable person would understand to be confidential โ most modern NDAs use the latter, but you need to use one or the other consistently.
2. Penalty clauses. “If breached, recipient shall pay ยฃ500,000 in liquidated damages.” Under English law, a clause that’s purely punitive (rather than a genuine pre-estimate of loss) is unenforceable as a penalty (Cavendish Square Holding v Makdessi [2015]). Better: reserve the right to seek damages and equitable remedies.
3. Forgetting equitable remedies. Damages alone often aren’t enough โ by the time you’ve quantified them, the disclosed information is everywhere. Every UK NDA should explicitly preserve the right to seek injunctive relief.
Do I need a solicitor to draft this?
For a standard B2B NDA between UK businesses, almost certainly not. The legal architecture is well-established and most templates from reputable sources will serve you fine. A solicitor adds value when:
- The deal value is very high and the information is uniquely sensitive
- You’re dealing across multiple jurisdictions
- The NDA is one part of a wider negotiated deal (e.g. M&A heads of terms)
- The counterparty has insisted on materially altering a standard NDA
For everyday “we’re in early talks, please don’t share this,” a sensible UK template is enough. The real risk is using a US template with the wrong governing law, or signing whatever the counterparty puts in front of you without reading it.
How to actually get one signed
The friction is usually in execution, not drafting. Practical tips:
- Use e-signature. DocuSign, HelloSign, Adobe Sign, or even a typed name in an email exchange โ all are valid for an NDA in the UK under the Electronic Communications Act 2000. Don’t print, sign, scan and email.
- Send before, not after, the conversation. “Quick admin โ could you sign the attached so we can start the chat next Tuesday?” works. “We had a great call yesterday, can you sign retroactively?” doesn’t.
- Don’t over-engineer. A 12-page NDA for a 30-minute investor pitch will torpedo the meeting. Keep it short, generic, mutual.
Skip the drafting: free UK NDA template
If you want to stop reading and start sending, we built a free UK NDA generator. Answer a few plain-English questions โ mutual or one-way, who’s disclosing, what’s the purpose, what’s the term โ and it produces a fully editable Word document and PDF, drafted to current English & Welsh law, ready to e-sign. There’s no card required and no email verification beyond a one-click sign-up.
The same generator can produce a UK Privacy Policy, Employment Contract, Supplier Agreement, AST and 16 more โ see the full template library if you’re building out your paperwork stack.
Frequently asked questions
Is a UK NDA legally binding without a solicitor’s signature?
Yes. The parties to the NDA are the only signatures required. Solicitor witnessing is not necessary for a standard UK NDA between businesses or individuals.
Can I use a US NDA template in the UK?
Strongly not recommended. US NDAs typically include clauses on jury trials, US-specific liquidated damages, and choice-of-law provisions referencing US states. If you need to enforce the NDA in a UK court, those clauses are at best ignored and at worst undermine the contract. Use a UK-drafted template.
How long should a UK NDA last?
Two to five years from disclosure is typical for ordinary commercial information. For trade secrets โ recipes, proprietary algorithms, supplier lists that would damage you if leaked โ specify “for as long as the information remains confidential” rather than a fixed term.
What happens if someone breaches a UK NDA?
You can sue for damages and apply for an injunction to stop further disclosure or use of the information. Injunctions are often the more useful remedy because they prevent ongoing damage. Realistically, formal litigation is rare โ most NDA disputes are resolved by a strongly-worded letter and a settlement.
Should I send an NDA to an investor?
Most VCs and angel investors will refuse to sign NDAs at the first-meeting stage โ they see too many similar pitches and don’t want to take on the risk of “you stole my idea” claims. Sending one is often a credibility hit. Wait until the diligence phase, when an NDA is normal and expected.
Disclosure: AI Business Kit Docs is our own product. We mention it because it fits โ see our roundup of UK legal document tools for honest comparisons with Rocket Lawyer, Net Lawman, LawBite and others.