An NDA hits your inbox at 3:47 on a Thursday. Sales says they need it signed by Friday to close the deal. You're not a lawyer. The document is six pages of dense legal prose. You have two choices: sign it and hope, or push it up to counsel and slow the deal down. This post is a third option — a 60-second triage framework that tells you, with reasonable confidence, whether this NDA is safe to sign on the spot, needs counsel's eyes, or has to be killed entirely.
It is not a substitute for a lawyer reading the document. It is the operational pre-screen that lets your lawyer spend their time on the NDAs that actually need it — and lets you stop sending them ten boilerplate mutual confidentiality agreements every week.
What an NDA actually does
Strip away the boilerplate and a non-disclosure agreement is doing four things:
- Defines what's confidential. Some NDAs define it narrowly ("information marked confidential at the time of disclosure"); some define it sweepingly ("all information disclosed in any form, whether or not marked"). The wider the definition, the more of your downstream work gets pulled inside the obligation.
- Sets how long the obligation lasts. Standard commercial NDAs run 2–5 years. Sometimes longer for trade-secret information. Anything described as "perpetual" or "in perpetuity" is a forever obligation.
- Names who within the company can see it. Usually "employees and contractors with a need to know, bound by similar confidentiality obligations." Variations on this clause are where audit-rights and notice obligations get smuggled in.
- Sets the remedy. What happens if you breach. Standard NDAs reference "equitable relief in addition to other remedies." Aggressive NDAs add liquidated damages, attorneys' fees, and indemnification.
Everything else — jurisdiction, assignment language, severability, the entire "Miscellaneous" section — modifies one of those four. Read for the four. Skim the rest.
The triage framework
Sort every incoming NDA into one of three buckets within 60 seconds. The bucket dictates the next step.
Sign under standard delegation
- Mutual obligations on both sides
- 2–5 year confidentiality term
- Standard exceptions (public info, independently developed, required by law)
- Reasonable scope — one project or engagement
- Your home state's jurisdiction
- No non-solicit, non-compete, or IP language
Pause — counsel review
- One-way (you take obligations, they don't)
- Term >5 years or vague on duration
- Non-solicitation clause embedded
- Jurisdiction outside your home state
- "Residuals" clause removed or modified
- Liquidated damages or attorneys' fees
- Affiliate/subsidiary drag-in
Full legal review — do not sign
- Non-compete or "non-circumvention" clause
- IP assignment / derivative-works language
- Indemnification beyond breach
- Mandatory arbitration in a remote jurisdiction
- Audit rights to inspect your systems
- Perpetual confidentiality + broad scope
- Cross-default with other agreements
If any single clause in the document fits a RED criterion, the whole document is RED — even if the rest reads like a clean GREEN. One non-compete clause buried on page five is enough to change the classification.
The 60-second scan: five questions
Open the document. Run these five searches in order. Match what you find to the triage cards above.
1. Is it mutual or one-way?
Look at the defined terms at the top. "Disclosing Party" and "Receiving Party" should both be defined as each party. If one party is always the discloser and the other is always the receiver, it's a one-way NDA dressed up with a mutual cover page. Reciprocity is in the operative language, not the title.
2. What's the term?
Search for "term," "duration," "survive," "perpetual," "in perpetuity," and "until." Anything >5 years for general commercial information is YELLOW. Anything perpetual is RED unless the confidentiality definition is genuinely narrow (think: a specific trade secret, not all information).
3. Are there non-compete-style clauses?
Search for "solicit," "circumvent," "exclusiv," "compete," "hire," and "engage." These rarely belong in an NDA. When they appear, they're functionally non-compete restrictions in confidentiality clothing. YELLOW if narrow (e.g., 12-month no-hire), RED if broader (no business with their customers, no work in their industry).
4. Does it touch your IP?
Search for "assign," "derivative," "residual," "improvement," and "own." A standard NDA does not transfer IP. When IP-flavored language appears, the NDA is doing more than confidentiality — it's a one-sided IP assignment. RED unless your counsel confirms the language is purely defensive.
5. Where's jurisdiction?
Search for "governing law" and "venue." Standard mutual NDAs are jurisdiction-neutral or your home state. A foreign-state jurisdiction adds litigation cost and changes the substantive law that would apply. YELLOW. International jurisdiction (a Delaware company demanding England & Wales law) is RED unless there's a business reason that's already been blessed.
The four traps non-lawyers miss
Trap #1: Perpetual confidentiality
Most NDAs auto-expire (3–5 years is standard). When one says "in perpetuity" or "until the information becomes generally available to the public" with no time limit, that's a forever obligation. Your record-retention policy can't help you — the contract overrides it. Your employees who eventually leave still carry the obligation. Five years after the relationship ends, an analyst at the other side could send a demand letter about something one of your engineers wrote down. The cost is in the response, not the merits.
Trap #2: Asymmetric mutuality
The cover says "Mutual Non-Disclosure Agreement" but reading the operative clauses reveals only one party is treated as Disclosing Party. Mutual is a checkbox; reciprocity is in the language. The classic version: the definition of "Confidential Information" is keyed to "information disclosed by [Company X]" rather than "information disclosed by either party." That's a one-way NDA with a mutual label.
Trap #3: Residuals stripped out
Standard NDAs let you use "residuals" — the general knowledge your people gained during the engagement, in their heads, not anything specifically disclosed. When the residuals clause is removed (or modified to require a written waiver), anything any of your employees learns during the engagement is potentially covered. That becomes a problem when the relationship ends and someone wants to work on a similar problem. The other side can argue your employee's general knowledge is contractually protected.
Trap #4: Non-circumvention buried late
A clause in the back third of the document, under "Other Provisions" or "Miscellaneous," that says you won't hire their employees, pursue their customers, or work with their partners for X years. This isn't a confidentiality term — it's a non-compete. It belongs in a non-compete agreement, not an NDA, and the placement is deliberate. Reading top-to-bottom, by the time you reach it, you've already accepted the framing of "this is just an NDA." Search for it explicitly using the keywords above.
What to actually do at each level
| Bucket | Action |
|---|---|
| GREEN | Sign within your delegated authority. Most companies delegate routine NDA signing to functional leaders under a defined exposure cap. Confirm yours. Log the executed document. |
| YELLOW | Annotate the specific clauses that flagged. Write a 3–5 line triage memo: "Standard mutual NDA from [counterparty]. Flagged for the following: [non-solicit clause Section 7, term length 7 years, jurisdiction Delaware]. Recommending counsel review before signing." Forward to counsel. Tell the requestor a 1–2 day delay is expected. |
| RED | Do not sign. Forward to counsel with a "needs negotiation" classification. Tell the requestor the deal timing has to flex. Brief the deal owner on the specific clauses driving the RED so they understand it's not a process delay — it's a substantive problem. |
The 30-second AI version
The ParClark Legal Ops bundle includes an nda-triage skill that runs the five-question scan against an incoming NDA, classifies it GREEN/YELLOW/RED, identifies the specific clauses that drove the classification, and drafts the triage memo for counsel review — in the same format your legal team is used to seeing. It does not give legal advice. It does the operational pre-screen so the lawyers see annotated documents instead of cold ones, and so non-lawyers don't have to learn contract law to do first-pass routing.
Same principle as the rest of the bundle: the AI handles the parts that are pattern-recognition. Humans handle the judgment.
Common myths
"It's just an NDA, just sign it."
NDAs have created bet-the-company exposure more than once. The classic version: a small company signs a "standard mutual NDA" with a much larger counterparty. The NDA contains a non-solicit. Six months later, an employee of the larger company joins the smaller one through an unrelated recruiter. The larger company sues, citing the non-solicit. The fees alone destroy the smaller company. The merits are never reached.
"The other side won't enforce it."
Maybe. The depositions still happen. The discovery still happens. The fees still run. "They won't enforce it" is not a thesis you can plan around — especially when you've already signed and the other side has switched leadership, hired new counsel, or decided you're a competitive threat.
"I'll redline it later."
Once you've signed, you're on it. Redlines after the fact are renegotiation requests, not corrections. The other side has no obligation to entertain them. Redline before signing or accept the document as-is.
"Our standard mutual NDA is fine — let's just send ours back."
Often the right move. But verify two things first: that your standard mutual NDA was actually drafted by counsel (and not pulled from a template years ago), and that the counterparty isn't pushing back on yours because they have a substantive concern (e.g., they actually want to disclose more than you'd be comfortable receiving). "Send ours back" is a tactic; it's not always the answer.
When the request is genuinely urgent
Sometimes the Friday deadline is real and counsel isn't reachable. Three calibration questions help:
- What's the actual exposure? If the deal value is $50,000 and the NDA classification is YELLOW for jurisdiction reasons, signing under protest and addressing it in the master agreement may be acceptable. If the deal value is $5 million or it touches your core IP, the deadline flexes.
- Is there a process the counterparty would accept? "We'll sign your mutual NDA today on the condition that we restart the clock on the non-solicit clause in the master services agreement that follows" is a reasonable position to take in writing. Get the position acknowledged before signing.
- Who owns the decision? If it's a RED NDA and counsel isn't reachable, the decision moves up to whoever has explicit authority to accept legal risk on behalf of the company. That's not the deal owner. That's not you. It's usually the GC, CFO, or CEO depending on dollar threshold.
The wrong move is to sign quietly and not tell anyone. The right move is to escalate, document the urgency, and let someone with authority make the call — or let the deal slip a day.
Stop sending counsel ten NDAs a week
The Legal Ops bundle includes the nda-triage skill that runs this exact framework against any incoming NDA, drafts the triage memo, and routes only the YELLOW and RED documents up the chain — not the routine GREENs. Plus eight other operational skills for the in-house legal function: contract pre-review, vendor packet assembly, e-sign prep, matter intake, litigation hold notices, DSR first response, policy rollout, and counsel meeting briefs.