Share this Blog

Rate this Post

Non-Disclosure Agreements in the IT Sector


The “One-Size-Fits-All” Approach

Concluding a Non-Disclosure Agreement, i.e., Confidentiality Agreements (also known as NDA or Confidential Disclosure Agreement – CDA) is a step that should precede not only the conclusion of a legal transaction but also the initiation of negotiations between the Contracting Parties. The purpose of this agreement is to protect what is most valuable in your business, and as it can make or break your company, it is of paramount importance.

So, how is it possible that Non-Disclosure Agreements get so little attention in practice?

Specifically, many serious negotiations in the IT industry are commonly accompanied by a generic NDA that has been “downloaded” off the Internet without any professional amendment, or is made in accordance with the law of some other country (e.g. by an American attorney) but is to be applied in Serbia. Frequently, the model of a specific NDA that was originally made for another project or another Contracting Party subsequently gets used for another legal transaction to which it is not compatible.

Such a practice often leads to a situation in which you cannot execute the agreement when you need it the most, or you cannot obtain court protection once the confidential information gets into the wrong hands. Unfortunately, these are the consequences you could experience a few years after concluding the agreement when it will already be too late.

Would you give away easily something you have been creating for years or something you’ve invested in so much?

Since we all want to avoid such a scenario, we have listed some of the most common “traps” that we have seen when working with clients from the IT sector. However, please note that in this text, we will not enter into more complex legal issues.

1. Not Knowing the Other Contracting Party

Although at the first glance it might seem like a trivial thing, it is unbelievable how frequently we have run into mistakes in regard to the identification of the Contracting Parties.

If you believe that this couldn’t happen to you, please answer the following question:

Have you asked the other Contracting Party for an Excerpt from the Business Entities Registry prior to signing the NDA or have you checked the information yourself at least in the electronic records with the Business Entities Registry prior to signing the NDA? Also, are you sure that the person who is supposed to sign the NDA is indeed authorized to sign that agreement on behalf of and for the account of that particular company, as well as whether their signature solely is sufficient enough?

If the answer is negative, there is a possibility that you have fallen into a trap. Typical examples of such mistakes are:

  • The NDA is not signed by the person authorized to represent the legal entity

Namely, in order for the NDA to be in effect, it must be signed by a person (one or more of them) who is authorized to represent the company by the law, the statute, or the decision of the company. Therefore, the fact that you are negotiating with a CTO does not mean that they have the authority to sign the Non-Disclosure Agreement.

In order to know whether a person is authorized to sign an NDA, you need to inspect the Excerpt from the registry and/or the Founding Act and Statute of that company, or any other act that proves that a person is authorized to represent it, which will depend on the country where the other Contracting Party’s seat[1] is located.

  • The NDA is concluded with a non-existent legal entity

In the IT sector, it’s not unusual to come across a website with a concept that is focused on showcasing services provided by one entity, while a group of independent freelancers who do not have a registered joint venture stands behind it. In such circumstances, an NDA cannot be executed, as there is no legal entity to conclude the NDA with. Therefore, although the use of such services may save the money you allocated for the project, from the legal aspect, the damage that may arise is irredeemable, as the effect will be such as if you had not signed the NDA at all. In this case, you need to conclude an NDA with each of the natural persons with whom you are negotiating, i.e., who will participate in the project.

In addition, the same mistake can occur even if the company is established, but its trade name differs from the business name[2] registered with the Business Entities Register, and you haven’t listed both or did not provide at least the full business name from the Business Entities Registry.

  • The Contracting Parties have not been adequately identified

The practice showed that the Contracting Parties often do not put all the necessary elements in order to identify the Contracting Parties. For example, the Contracting Parties do not define the exact address of the seat or do not provide the corporate number under which the company is registered with the business entities register of the country of their seat.

An example of the proper identification of the Contracting Parties:

2. Not Knowing Whether the Disclosure is One-way or Two-way

Prior to entering into negotiations on signing an NDA, you have to determine whether disclosing confidential information will be one-way or will both Contracting Parties disclose confidential information to each other. Therefore, it is necessary to distinguish between two types of Non-Disclosure Agreements: unilateral and bilateral (mutual NDA).

unilateral nda
bilateral nda

To illustrate with a typical outsourcing agreement, a unilateral NDA will be signed in most cases, while a bilateral (mutual) NDA will be typically signed when investing in joint projects. However, before the other Contracting Party offers its NDA (which will, as a rule, be unilateral), consider whether certain aspects of your business that will be disclosed in the project should also be confidential.

3. The “Catch-all Clause” with Non-Disclosure Agreements

When it becomes clear who will take the role of the Disclosing Party of the confidential information, and the Receiving Party of the confidential information, the most important part of the NDA comes into place – i.e., defining what is considered confidential information.

In the broadest sense, any confidential information that leverages competing power can be considered confidential information. Typical examples of information that may compose confidential information are product formulas, client lists, marketing strategies, algorithms, processes applied in computer programs or computer programs themselves, financial information, etc. The unauthorized use of such information is considered to be unfair competition and a breach of confidential information.

Another example of confidential information is the source code. Although the source code is protected by copyright[3], this protection is quite limited, because it weakens with technical code modifications. A confidentiality agreement should protect from a situation where the Receiving Party of confidential information creates a program for the same purpose after inspecting your code, using the same idea, but with a somewhat different code, and, ultimately, creates a product that will benefit them instead of you.

What will be considered confidential information in your particular case depends on the project itself and the business relationship. Understandably, if you are a Disclosing Party (for example, a contracting authority for an outsourcing agreement), you will want to make the definition as broad as possible. In contrast, if you are a Receiving Party (for example, a contractor for an outsourcing agreement) you should conduct negotiations so that the scope of the confidential information is limited as much as possible.

However, it is very important for the outcome of the negotiations to present an appropriate balance between a broad definition, which will virtually have the meaning of “everything is confidential” (the catch-all-clause), and a definition that does not include every aspect of the business that should be considered confidential.

In that light, an additional mistake that we have encountered in practice so far is defining confidential information so broadly that a question justifiably gets raised – what is not confidential?

The problem that may arise with such agreements is that they could be unenforceable, which means that in the event of a dispute, the Court may refuse to provide protection[4] to the Disclosing Party. Therefore, do not allow yourself to fall into this trap.

Furthermore, you shall define the manner in which confidential information can be transferred – it is best to explicitly state whether it can be disclosed in written, oral or electronic form, as well as information contained in physical parts, software, and materials, which will depend on what is protected by the confidential information.

4. Not Establishing the Confidentiality Procedures

For instance, if you are a Disclosing Party of confidential information and have signed an NDA, you probably believe that you have been sufficiently ensured? If this is the case, you have unfortunately fallen into a new trap.

In order for a Disclosing Party of confidential information to execute an NDA, it is necessary to introduce and comply with the procedures for keeping the confidential information in secret.

What does this mean in practice?

For instance, if the Disclosing Party of the confidential information provides written documentation to the Receiving Party, containing some of the information that falls under confidential information, it should contain the word “Confidential” or “Strictly confidential” on it. If the confidential information is, for instance, disclosed verbally, it should also be noted that this is confidential information. There are of course other ways, and the essence is that you do not treat confidential information the same way as other information.

Another important procedure is to keep confidential information within the company premises, in folders that cannot be accessed by all the employees, but only those who have such an authority. It is the same with access to electronic databases or with the cloud. Also, if it is necessary to copy the material containing confidential information, only a person who is specifically authorized to access such information can do so.

What happens if you disregard this?

It may happen during the court proceedings that the Receiving Party of confidential information emphasizes the fact they did not know that particular information they disclosed or used was deemed confidential, which was caused by a careless and negligent behavior on behalf of the Disclosing Party of the confidential information, who did not treat the protected information as confidential. Due to such circumstances, it is very likely that disclosing confidential information contrary to the interests of the Disclosing Party would go with impunity in such a situation.

5. You Have not Anticipated the Permitted Use

An NDA should anticipate the authorized methods of the permitted use of confidential information.

Which cases are those?

There are many such instances that are on a case-to-case basis, and we will provide two typical examples.

For example, a Receiving Party of confidential information must have the right to disclose the confidential information to their employees to the extent necessary for the operation of their work tasks, provided that the recipient concludes an NDA as well, which is no less stringent.

Here, you should pay attention to one more thing. If this clause is not adequately formulated and therefore, only covers the term “an employee”, then you have restricted yourself to persons who are in an employment relationship. Considering that within the IT sector in Serbia, it is common to engage developers who are actually entrepreneurs (i.e., who are not strictly employed according to the Labor Law), by incorrectly formulating this clause, you can open a space for abuse to the entire group of people. The same danger occurs in the case when the volunteer or intern has access to confidential information.

Another regular exception to the prohibition to use the confidential information is the exclusion of the obligation to protect the confidentiality of the information that was already available to the public, at the time of its disclosure to the Receiving Party.

What does that mean?

For example, if you have 10 contractors and you have signed an NDA with 9 of them, but you failed to sign it with the tenth, and that contractor has disclosed the confidential information to the public, you will not be able to execute the previously nine concluded Non-Disclosure Agreements with regards to what was disclosed to the public.

Likewise, one should bear in mind that disclosing confidential information is inevitable in certain situations. This happens in the event when the Receiving Party receives an order by the Court, which implies that they will have to disclose confidential information entirely or partially. These situations need to be regulated in such a way that the disclosing is performed with the necessary notification of the Disclosing Party, and only to that extent that it is absolutely necessary.

6. You Have not Realized Timing Is Crucial

Timing is crucial with Non-Disclosure Agreements for three reasons:

To avoid signing the NDA too late

It is recommended not to wait for “negotiations to get a more serious tone” but to conclude the NDA immediately upon the start of negotiations. Everything after that can lead to someone “borrowing” your idea, a concept, or a business model to gain benefit for themselves, without you being able to do anything or very little. So, no matter the informal tone of the conversation you lead, always take into account the nature of the information you provide and whether it is appropriate to provide confidential information in such a situation without having previously signed the NDA.

Not to miss specifying the timeframe during which confidential information could be disclosed

A well-designed NDA will always have a specified timeframe during which confidential information could be disclosed, regardless of whether the parties agreed that this would be a specific time period (e.g., at the start of the project implementation) or during the entire duration of the work on the project.

Not to wrongfully specify the duration of protecting the confidential information

Specifically, for certain confidential information, it is natural that the protection of confidentiality lasts for an indefinite period of time. A typical example that is always cited is Coca-Cola’s secret formula, which has been successfully kept a secret for 100 years[5]. However, if the subject of your NDA has nothing to do with this, but the subject is a client list or a marketing strategy, it is usually acceptable to determine the duration of the agreement to several years. After that, it is assumed that confidential information will lose value in most cases due to obsolescence.

Therefore, it is necessary to foresee a reasonable timeframe that corresponds to the nature of the confidential information[6].

However, confidentiality agreements without a timeframe are not uncommon in practice. With such Non-Disclosure Agreements, it is justifiable to raise the question as to whether they would be enforceable before the court, i.e., whether the court would protect such an agreement. Therefore, carefully consider whether the confidential information you protect will have commercial value forever or will it become obsolete over time.

7. You Don’t Have a Contractual Penalty

Non-Disclosure Agreements often contain a clause that the Receiving Party of the confidential information will be obliged to compensate the Disclosing Party of the confidential information in the event of the breach of confidentiality. If you believe you have protected yourself well with this clause, think twice.

It should be taken into consideration that in practice it is very difficult to prove these damages, whilst also the burden of proof in the court proceedings falls onto the Disclosing party of confidential information. Therefore, it is better for the Disclosing party to negotiate penalty clauses that would facilitate the burden of proof, which can be formulated in such a manner that overcomes the actual damage that may occur in a particular case.

The truth is, however, that such provisions may provoke disapproval of the other Contracting Party during the negotiations, as they are much more stringent in comparison to the clause that provides only for compensation of damages. Still, if this is the reason for refusing to conclude an NDA, then it is up to the Disclosing party to assess whether the other Contracting Party is conscientious enough and whether they are an adequate business partner, bearing in mind that the penalty clauses apply only in cases when the confidential information has been disclosed.

8. You Lack Dispute Resolution and the Applicable Law

A well-designed NDA has to provide a clause that specifies the way for resolving disputes. This is particularly important for agreements with foreign business partners because the question is what court, i.e. the court of which country will be the competent one if the seat of the Disclosing and the Receiving parties are in different countries. It is very important to consider the best solution. Often, it is a great option to anticipate arbitration of a dispute instead of going to court. You can read more on the benefits of arbitration in our blog.

Corresponding to the jurisdiction of the court, there is a clause that determines the applicable law. Now, you’re probably wondering, what is “applicable law”? This is the law that regulates the NDA and the law which will apply in the case when there is a legal gap in the agreement (something that has not been regulated).

In a vast number of cases, we have encountered Non-Disclosure Agreements that provide the dispute resolution, but do not provide the applicable law, despite the fact that these clauses are of equal importance.

If you do not provide the applicable law, you are at risk of not knowing which clauses to apply in order to find the solution in the event of a dispute over the interpretation of the agreement.

9. You Lost Sight of the Termination of the Non-Disclosure Agreement

With Non-Disclosure Agreements, it is customary for the Receiving Party to be obliged to return and / or destroy and / or erase information deemed confidential upon the termination of the business cooperation between the Contracting Parties, as well as to present the proof thereof to the Disclosing Party.

However, if you are a Receiving party of confidential information, you should negotiate the right to keep information for your archive that is deemed confidential. The reason behind this is that in the event of a court dispute, you will be able to prove what was disclosed to you, i.e., what constituted the secret so that you would not be inferior to the Disclosing Party.

Finally, if you are sure you have not fallen into any of the nine traps, congratulations are in order! You belong to a small minority. However, bear in mind that this blog post lists only typical examples we have encountered in practice with clients from the IT industry. There are many more complex legal issues to be addressed that may occur with Non-Disclosure Agreements. Therefore, the next time you sign an NDA, make sure to pay it the attention it deserves, as it protects the most valuable part of your business.

[1] In case of a foreign business partner, you may request a copy of the “Certificate of Incumbency” or “Registrar of Directors” or another equivalent document proving the authority of a person or persons signing a contract.
[2] Trade name is the name that the business entity uses for marketing and sales purposes and which represents it in public and which does not have to be identical to the business name registered in the Business Entities Register.
[3] The legal protection of software is the subject of debate by a large number of lawyers dealing with intellectual property. Opinions are divided over whether software should enjoy patent protection in addition to copyright protection, or copyright protection exclusively.
[4] That is exactly what happened in the famous case of Lasership, Inc. v. Watson, where the court in Virginia took the stance that the NDA could not be enforced because a provision that banned an employee from sharing the employer’s information was formulated too widely, as it included information that could not be considered confidential, as well as due to the life-long duration clause of the disclosure ban. A similar case is Trailer Leasing Co. v. Associates Commercial Corp., where the court in Illinois refused to execute the NDA because the definition of what was considered confidential was too wide and there was no geographical limitation.
[5]For more information on the longest kept trade secret, visit
[6] For example, in the case of Augusta Medical Complex, Inc. v. Blue Cross of Kansas, Inc., a court in Kansas made a clear statement against the Confidentiality Agreement that lasts indefinitely.

Similar Articles

Latest Articles

Ready to get started?

If you are not sure about what the first step should be, schedule consultations with one of our experts.





Not Just Another Newsletter

Forget boring legal analysis and theory. Receive timely updates,
news and reminders that can actually help your business.