How To Write An NDA For Your UK Business: Key Clauses And Mistakes

If you’re running a small business, you’ll probably share sensitive information more often than you realise - with potential customers, suppliers, contractors, investors, freelancers, and even collaborators you’re still “testing out”.

That’s exactly why so many business owners look up how to write an NDA before they send a pitch deck, demo a product, hand over a customer list, or discuss pricing models.

The good news is: an NDA (Non-Disclosure Agreement) doesn’t have to be complicated. But it does need to be drafted properly, because unclear wording (or missing clauses) can leave you with a document that looks official… but doesn’t actually protect you when it matters.

Below, we’ll walk you through how to write an NDA in a practical, UK-focused way - including what to include, what to avoid, and the common mistakes that can cause disputes later.

What Is An NDA, And When Do You Actually Need One?

An NDA (Non-Disclosure Agreement) is a legal agreement where one party agrees to keep certain information confidential, and not use or disclose it except as allowed under the agreement.

In plain English: it’s a contract designed to reduce the risk of other people walking away with your business secrets.

Common Situations Where An NDA Makes Sense

As a small business, you might use an NDA when you’re:

• discussing a new product or service before it launches
• sharing pricing strategies, margins, or business plans
• outsourcing work to freelancers, agencies, or developers
• talking to manufacturers or suppliers about your designs
• exploring partnerships, joint ventures, or collaborations
• considering a sale of the business or bringing in investors
• giving someone access to customer data, internal processes, or IP

If you’re regularly disclosing business-sensitive information, a properly drafted Non-Disclosure Agreement is one of the simplest legal “foundations” you can put in place to help protect yourself from day one.

Do You Need A One-Way NDA Or A Mutual NDA?

This is one of the first decisions when you’re working out how to write an NDA (and it’s where a lot of templates go wrong).

• One-way NDA (unilateral NDA): only one party is disclosing confidential information and the other party is receiving it. This is common when you’re hiring a contractor or pitching to a supplier.
• Mutual NDA (bilateral NDA): both parties will share confidential information and both need protection. This is common for collaborations, joint ventures, or early-stage commercial discussions.

If both sides are sharing sensitive information, it usually makes more sense to use a Mutual NDA rather than trying to “patch” a one-way NDA to fit.

How To Write An NDA: A Step-By-Step Checklist For UK Businesses

When people ask how to write an NDA, what they’re often really asking is: “What do I need to include so this is enforceable and actually protects my business?”

Here’s a practical step-by-step approach.

1. Be Clear About The Parties (And Who They Cover)

Start with the correct legal names of the parties.

• If you’re a limited company, use your registered company name (and ideally the company number).
• If you’re a sole trader, use your personal name (and optionally your trading name).
• If the other side is a company group, consider whether you need to include affiliates, subsidiaries, or specific team members.

It’s also worth stating who counts as a “Representative” (e.g. employees, contractors, professional advisers) because confidentiality breaches often happen through people rather than the business entity itself.

2. Define “Confidential Information” Properly

This is the heart of the NDA. If your definition is too narrow, your most valuable information may not be protected. If it’s too broad, it may be unrealistic and harder to rely on in a dispute.

A well-drafted definition usually includes:

• business plans, financials, pricing, and strategy
• customer lists, supplier terms, and contact databases
• technical information, code, designs, processes, and know-how
• marketing plans, product roadmaps, and launch timelines
• any materials marked “confidential” (plus sometimes those that should reasonably be understood to be confidential)

It also usually includes specific exclusions (we’ll cover these below) to keep the clause reasonable.

3. Set Out The Permitted Purpose (How They’re Allowed To Use It)

In an NDA, the other party should only be allowed to use your confidential information for a specific purpose - for example:

• evaluating a potential commercial relationship
• providing services under a contract
• assessing an investment opportunity

This clause matters because many disputes aren’t about “disclosure” - they’re about misuse. If your NDA doesn’t clearly limit use, it can be harder to stop someone using your information to compete with you.

4. Decide How Long Confidentiality Should Last

There’s no one-size-fits-all. You’ll often see confidentiality periods like 1–5 years, but some information (like trade secrets) may need longer protection.

As a general business-owner rule:

• Short-term negotiations: you might want confidentiality for 2–3 years after disclosure
• Technical trade secrets: you may want obligations to continue until the information becomes public (through no fault of the receiving party)

The key is balancing realism with protection. Overly one-sided or unclear terms can lead to arguments later (and may make enforcement more difficult).

5. Think About The “Exit”: Return, Deletion, And Ongoing Protection

At the end of the relationship (or on request), your NDA should cover what happens to confidential materials. For example, requiring the receiving party to:

• return documents and copies
• delete electronic files (including backups, where appropriate)
• confirm in writing they’ve complied

If you share information digitally (which most businesses do), this “clean-up” step is often what helps prevent accidental leaks later.

Key NDA Clauses You Should Include (And Why They Matter)

If you want a reliable answer to how to write an NDA, it’s not just about adding a confidentiality definition. The best NDAs work because the clauses fit together to manage real-world risks.

Here are the clauses we commonly see as “must-haves” for small businesses.

Confidentiality Obligations

This sets the standard of behaviour expected from the receiving party, such as:

• keeping information secret
• only sharing it with authorised representatives on a need-to-know basis
• taking reasonable security measures to prevent unauthorised access

If the other party has staff or subcontractors, this clause should also make them responsible for those people.

Exclusions (What Isn’t Confidential)

Most NDAs exclude information that:

• is already public (not because of a breach)
• was already known to the receiving party before disclosure
• is independently developed without using the confidential information
• must be disclosed by law or a regulator (usually with notice to the disclosing party where possible)

These exclusions keep the NDA fair and workable, which can matter if you ever need to enforce it.

Ownership And Intellectual Property (IP)

Your NDA should make it clear that sharing information doesn’t transfer ownership of that information or any IP rights.

For example: if you share a concept, design, or process, that doesn’t mean the other party is free to treat it as their own.

No Licence / No Obligation

Many NDAs include “no licence” and “no obligation” wording, which is a fancy way of saying:

• you’re not granting rights to use your IP beyond the permitted purpose
• you’re not required to proceed with a deal just because you’ve shared information

This is especially useful early in negotiations when things are still exploratory.

Remedies And Injunctive Relief

If someone breaches confidentiality, you may want the right to seek an injunction (a court order to stop the behaviour) as well as claiming damages.

You don’t want to be in a position where the only remedy is compensation after the damage is done - because once confidential information is out, it’s often impossible to “undo”.

Governing Law And Jurisdiction

For UK businesses, you’ll usually specify the law of England and Wales (or Scotland/Northern Ireland depending on where you operate) and the courts that have jurisdiction.

This reduces uncertainty if a dispute arises, particularly if the other party is based overseas.

Common NDA Mistakes That Can Leave Your Business Exposed

A lot of business owners do the right thing by looking up how to write an NDA - but then accidentally undermine themselves with a rushed template or unclear clauses.

Here are some of the most common mistakes we see.

1. Relying On A Generic Template That Doesn’t Match The Deal

Templates often:

• don’t reflect what you’re actually sharing
• use unrealistic timeframes or overly broad definitions
• miss important clauses (like permitted purpose or return/destruction)

An NDA should match your commercial reality. The more tailored it is, the more useful it is.

2. Being Too Vague About What’s Confidential

If “Confidential Information” is defined as “anything discussed”, you may think you’re covered - but in practice, vagueness can create arguments about what was actually intended to be protected.

It’s usually better to define categories (financials, customer data, IP, etc.) and include how information will be identified (e.g. in writing, marked confidential, or confirmed in a follow-up email).

3. Forgetting That Operational Confidentiality Is A People Problem

Even with a strong NDA, you need sensible internal processes. For example:

• limit access to sensitive files
• use password protection and secure sharing tools
• share only what is necessary at each stage

If confidentiality is breached internally or by someone working with you, the legal fallout can be serious - the consequences of breaching confidentiality can include claims, disciplinary processes, and reputational damage.

4. Assuming “It’s In An Email” Means It’s Not Binding

In fast-moving deals, NDAs and confidentiality commitments sometimes happen over email (or as part of a wider set of documents).

Be careful: emails can sometimes be legally binding, depending on the wording, context, and whether there’s clear intention to create legal relations. If you’re negotiating confidentiality terms informally, it helps to understand when emails are legally binding, so you don’t accidentally create obligations you didn’t intend (or fail to create the ones you need).

5. Getting Signing And Formalities Wrong

Even a well-written NDA can cause headaches if it isn’t executed properly. You’ll want to consider:

• who has authority to sign for each business
• whether you want (or need) the agreement to be signed as a deed in your circumstances (for example, depending on how it’s structured and whether you want it to be enforceable without “consideration”)
• whether a witness is required based on the signing method and document type (many NDAs are signed as simple contracts without a witness, but it depends)

If you’re unsure, it’s worth checking the basics on legal signature requirements and who can witness a signature so you’re not relying on an agreement that’s incorrectly executed.

Special NDA Scenarios For Small Businesses (Employees, Contractors, And AI Tools)

How you write an NDA should also reflect who you’re sharing information with and how they’ll handle it.

Using NDAs With Contractors And Freelancers

If you’re hiring a contractor, an NDA is often just one piece of your protection. You may also need a services agreement that covers:

• who owns the work product (IP assignment/licence)
• data protection obligations (if they touch customer data)
• scope of work, fees, and delivery milestones

A standalone NDA can help, but it’s even stronger when confidentiality sits alongside clear commercial terms.

NDAs For Employees (And Why Your Employment Docs Matter Too)

Employees usually owe confidentiality obligations as part of their employment, but those obligations should be properly documented and consistent across your policies and contracts.

If you’re scaling and hiring, it’s smart to make sure confidentiality provisions align with your onboarding documents and internal rules. (This is also where having proper workplace policies can make enforcement much smoother.)

Confidentiality And AI Tools

More businesses now use AI tools to draft content, summarise meetings, or speed up admin. That’s useful - but it can create confidentiality risks if you paste sensitive information into a tool that stores or uses data in ways you didn’t expect.

If your team uses AI in day-to-day work, it’s worth understanding the practical risks behind whether ChatGPT is confidential (and then setting clear rules about what can and can’t be uploaded).

Key Takeaways

• If you’re sharing commercially sensitive information, knowing how to write an NDA properly is one of the easiest ways to help protect your business from day one.
• Start by choosing the right structure: a one-way NDA for one disclosing party, or a mutual NDA where both sides share confidential information.
• Your NDA should clearly define confidential information, limit the permitted purpose, and set realistic timeframes for confidentiality obligations.
• Don’t forget the practical clauses: return/deletion of materials, ownership/IP protection, and reasonable exclusions for public or independently developed information.
• Avoid common pitfalls like vague definitions, “copy-paste” templates, informal email negotiations, and signing errors that can weaken enforceability.
• For contractors, employees, and modern workflows (including AI tools), NDAs work best as part of a broader legal setup and clear internal processes.

Disclaimer: This article is general information only and does not constitute legal advice. NDAs need to be tailored to your circumstances, so consider getting legal advice before relying on a template or signing.

If you’d like help drafting an NDA that fits your business (and the way you share information in the real world), you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.