Everyone signs confidentiality clauses. Almost nobody reads them until the moment information has already leaked — and then the clause is the only thing standing between a party and a remedy. At that point the wording that got skimmed at signature decides everything: what counted as confidential, whether the disclosure was actually permitted, and whether the obligation had already expired.
Here's what a confidentiality clause needs to do, illustrative wording, and the traps that quietly make one worthless.
What a confidentiality clause is for
A confidentiality clause (or a standalone non-disclosure agreement) restricts what a receiving party can do with information the disclosing party shares. It does three jobs: it defines what's protected, it obliges the recipient to keep it secret and use it only for a permitted purpose, and it carves out what isn't caught.
A confidentiality clause inside a contract and a standalone NDA do the same work; the clause is just the embedded version. Either way, the drafting choices are identical — and identical in where they fail.
The building blocks
Reading a confidentiality clause means checking each of these:
| Element | What to check |
|---|---|
| Definition of Confidential Information | Is it broad (everything disclosed) or narrow (only marked "confidential")? |
| Permitted purpose | Can the recipient use the information only for the deal, or more widely? |
| Obligations | Keep secret, limit access to those who need it, don't copy beyond need |
| Exclusions | Public-domain, already-known, independently-developed, lawfully-received information |
| Permitted disclosures | To advisers, or when compelled by law or a regulator |
| Duration | How long the obligation lasts after the contract ends |
| Return or destruction | What happens to the information when the relationship ends |
Field note: The most-fought element isn't the obligation — it's the definition. A clause that protects "all information disclosed" is easy to breach accidentally and hard to enforce precisely; one that protects only information marked "Confidential" is clean but fails the moment someone forgets to mark something. Which way you draft depends on which risk your client can least afford.
Illustrative wording
Illustrative only — to show the structure, not a precedent to drop into a live agreement:
"The Receiving Party shall keep the Confidential Information secret and confidential, shall use it solely for the Permitted Purpose, and shall not disclose it to any person except to those of its Representatives who need to know it for the Permitted Purpose and who are bound by equivalent obligations of confidence. This clause does not apply to information that is or becomes public through no breach of this agreement, was lawfully known to the Receiving Party before disclosure, or is independently developed without reference to the Confidential Information."
The exclusions in that second sentence are doing as much work as the obligation in the first.
The traps that make it worthless
- No exclusions. Without carve-outs for public-domain and independently-developed information, the recipient is technically in breach for using knowledge it already had or that everyone knows. Courts dislike enforcing that, and its absence signals sloppy drafting.
- A duration that's too short — or perpetual. Trade secrets may warrant an indefinite obligation; ordinary commercial information usually doesn't, and a perpetual blanket obligation can be commercially unworkable and harder to enforce. Match duration to the sensitivity.
- No permitted-disclosure carve-out for law and regulators. A recipient compelled by a court or regulator to disclose must be allowed to, or the clause forces them to choose between two breaches.
- Silence on advisers. Recipients need to share information with their lawyers, accountants, and funders. A clause that forbids all onward disclosure is impractical and gets ignored.
- No return-or-destruction mechanism. When the deal dies, what happens to the copies? Without a clause, they sit on the recipient's systems indefinitely.
The blunt question: if information you care about leaked tomorrow, does this clause let you prove it was covered, that the disclosure wasn't permitted, and that the obligation was still live? If any of the three is shaky, the clause won't hold.
Where AI contract tools help
Confidentiality clauses are high-frequency and pattern-heavy, which makes them a good fit for AI contract review: a tool will reliably extract the definition, duration, and exclusions and flag where they deviate from your firm's standard. That's a real time-saver on a clause that's easy to skim.
What AI won't judge is whether this definition and duration fit this deal's actual sensitivity — that's the lawyer's call. And there's a sharper irony worth noting: reviewing a confidential agreement by pasting it into a public AI tool can itself breach confidentiality. Use a contained tool, and verify the AI's summary against the actual clause.
FAQ
What is a confidentiality clause? A contractual provision that requires a party receiving information to keep it secret, use it only for an agreed purpose, and not disclose it beyond permitted recipients — with defined exclusions for information that is public or already known.
What's the difference between a confidentiality clause and an NDA? None in substance. An NDA is a standalone agreement dedicated to confidentiality; a confidentiality clause is the same protection embedded within a larger contract. The drafting considerations are identical.
How long should a confidentiality obligation last? It should match the sensitivity of the information — ordinary commercial information for a defined period after the contract ends, genuine trade secrets potentially for longer. Perpetual blanket obligations can be commercially awkward and harder to enforce.
What are typical exclusions from confidentiality? Information that is or becomes public through no breach, was already lawfully known to the recipient, is independently developed without using the confidential information, or is lawfully received from a third party.
Can I review a confidential document with AI? Only in a tool that keeps the data contained — not a free public chatbot, which can itself be a confidentiality breach. Use an approved, governed tool.
LegalAI Space's drafting and review agents work from your firm's own precedents and flag clause deviations against your playbook — with client data kept contained and every suggestion traceable to source. Book a 30-minute call with Daman.
Related reading
- Limitation of liability clause: example and the legal limits — capping exposure, and what the law won't let you exclude.
- Indemnity clause: what it means and how to read one — shifting the cost of specified losses.
- Is ChatGPT confidential for lawyers? — why the tool you review confidential documents in matters.