How to Draft a Non-Disclosure Agreement in the Philippines

A non-disclosure agreement, or NDA, is one of the most commonly used private contracts in business, employment, consulting, technology, procurement, investment discussions, joint ventures, creative work, and pre-litigation information exchange in the Philippines. It is also one of the most misunderstood. Many NDAs are copied from foreign templates, overloaded with dramatic language, and drafted so broadly that they become hard to enforce. Others are too vague to protect anything meaningful. Some attempt to prohibit disclosures that Philippine law will not allow a party to suppress, such as crime reporting, regulatory compliance, or legally compelled disclosure. A good NDA is not a wall of intimidating language. It is a precise risk-allocation document that identifies what is confidential, who may use it, for what purpose, for how long, under what safeguards, and what remedies apply if the obligation is breached.

In Philippine law, an NDA is primarily a matter of contract law, but its drafting also intersects with trade secrets, employment law, agency, corporate governance, intellectual property, data privacy, evidence, and public policy limits. An enforceable Philippine NDA is therefore not just a confidentiality promise. It is a carefully bounded legal instrument that must fit the actual relationship between the parties.

This article explains, in Philippine context, how to draft a non-disclosure agreement, what legal principles govern, what clauses matter most, what mistakes commonly make NDAs weak or overbroad, how unilateral and mutual NDAs differ, how NDAs interact with employees, contractors, startups, investors, and personal data, and how to structure remedies, duration, exclusions, and dispute provisions properly.

I. What an NDA is

A non-disclosure agreement is a contract in which one or both parties agree to protect certain confidential information from unauthorized use or disclosure.

At its core, an NDA usually does three things:

  1. defines confidential information;
  2. restricts disclosure and use of that information; and
  3. sets consequences and remedies for breach.

Some NDAs are simple one-page pre-discussion agreements. Others are elaborate, transaction-specific confidentiality contracts with annexes, data handling terms, return-or-destruction obligations, and injunctive relief provisions.

In Philippine practice, the basic legal question is always the same: what exactly is being protected, against whom, for what purpose, and for how long?

II. The legal basis of NDAs in the Philippines

The foundation of an NDA in Philippine law is the Civil Code principle that contracts have the force of law between the parties, provided they are not contrary to law, morals, good customs, public order, or public policy.

That means parties are generally free to agree that:

  • certain information is confidential;
  • access is limited;
  • use is purpose-bound;
  • unauthorized disclosure is a breach;
  • and legal or equitable remedies may follow.

But that contractual freedom is not unlimited. An NDA cannot validly be drafted to:

  • conceal crime;
  • prohibit lawful whistleblowing required by law;
  • suppress testimony when disclosure is legally compelled;
  • waive rights that cannot lawfully be waived;
  • or impose terms so indefinite, vague, or unconscionable that they become difficult to enforce.

Thus, an NDA is governed by ordinary contract principles, but those principles operate within broader legal limits.

III. Why parties use NDAs

NDAs are commonly used in the Philippines in the following situations:

  • employer sharing internal methods, financial data, client lists, pricing, source materials, or business plans with employees;
  • companies discussing possible mergers, acquisitions, distribution deals, licensing, or joint ventures;
  • startups sharing business models, code, decks, customer pipelines, or prototype information with consultants, developers, or possible partners;
  • service providers gaining access to internal systems, customer data, or non-public operational information;
  • businesses disclosing proposals, bid documents, pricing strategies, and procurement terms;
  • creative or media parties sharing scripts, production plans, unreleased content, or campaign concepts;
  • family corporations or closely held businesses exchanging sensitive internal records;
  • settlement discussions and private investigations involving sensitive facts.

The broader the information flow, the more important the NDA becomes.

IV. What an NDA can and cannot realistically do

Before drafting, it is important to understand the real function of an NDA.

What an NDA can do

An NDA can:

  • create contractual confidentiality obligations;
  • deter disclosure by setting clear standards;
  • strengthen claims for injunction, damages, or specific relief;
  • define how information may be used and shared internally;
  • require return or destruction of documents;
  • support a trade secret or unfair competition claim;
  • allocate responsibility for leaks or misuse.

What an NDA cannot automatically do

An NDA does not automatically:

  • turn all information into a trade secret;
  • prohibit disclosure of information already public;
  • guarantee that a court will stop all disclosure instantly;
  • override subpoena, court order, or legal reporting obligations;
  • eliminate the need to prove confidentiality and breach;
  • or make absurdly broad restrictions automatically enforceable.

A strong NDA is realistic. It protects what should be protected without claiming the impossible.

V. The first drafting decision: unilateral or mutual NDA

This is one of the most important structural choices.

A. Unilateral NDA

A unilateral NDA is used where only one party mainly discloses confidential information, and the other party mainly receives it.

Common examples:

  • employer to employee;
  • startup to freelance developer;
  • client to outsourced service provider;
  • company to consultant;
  • seller to potential buyer in a data room context, where the seller is the main discloser.

B. Mutual NDA

A mutual NDA is used where both parties may exchange confidential information.

Common examples:

  • joint venture discussions;
  • technology collaboration;
  • co-development arrangements;
  • merger or acquisition exploration;
  • strategic partnership negotiations.

C. Why this matters

A mutual NDA should not simply be a unilateral NDA with both names inserted. The risk profile may differ on each side, and the drafting should reflect whether the parties are truly symmetrical or only formally reciprocal.

VI. The most important clause: the definition of Confidential Information

An NDA succeeds or fails largely on how it defines Confidential Information.

A weak definition is either too narrow to protect much or so broad that it becomes abstract and unmanageable.

A. A workable definition usually includes

  • information disclosed in written, oral, visual, electronic, digital, or other form;
  • business, financial, technical, commercial, strategic, operational, product, customer, supplier, pricing, software, formula, process, design, and research information;
  • drafts, summaries, notes, copies, extracts, analyses, and derivative materials prepared from the information;
  • and information disclosed by affiliates or authorized representatives, where relevant.

B. The definition should fit the transaction

A software-development NDA may emphasize:

  • source code,
  • architecture,
  • APIs,
  • deployment details,
  • credentials,
  • product roadmaps.

An investment-discussion NDA may emphasize:

  • cap table details,
  • financial models,
  • fundraising strategy,
  • market analysis,
  • product traction data.

An employer NDA may emphasize:

  • customer lists,
  • sales methods,
  • procurement terms,
  • internal reports,
  • HR data,
  • and operational procedures.

C. Avoid purely theatrical definitions

Phrases like “all information of every kind whether known or unknown forever” may sound strong but are often sloppy. The better practice is to define the category broadly but intelligibly.

VII. Whether to require information to be marked confidential

This is a classic drafting issue.

A. Strict marking approach

Some NDAs protect only information marked “confidential” in writing. This makes proof easier but may underprotect information disclosed in meetings, calls, demos, or practical exchanges.

B. Flexible approach

A better Philippine commercial draft often covers:

  • written information marked confidential;
  • oral or visual disclosures identified as confidential at the time of disclosure and confirmed in writing within a stated period;
  • and information that, by its nature or the circumstances of disclosure, reasonably should be understood as confidential.

This avoids the common problem where clearly sensitive information loses protection merely because someone forgot to stamp “CONFIDENTIAL” on every page.

VIII. The purpose clause: use limitation is just as important as non-disclosure

An NDA should not only say “do not disclose.” It should also say do not use except for the permitted purpose.

This is the Purpose or Permitted Purpose clause.

Examples:

  • evaluating a possible business relationship;
  • performing services under a consulting engagement;
  • employment duties;
  • due diligence for a proposed investment;
  • negotiation of a licensing deal;
  • review of a procurement opportunity.

A proper clause usually states that the receiving party may use the confidential information solely for the stated purpose and for no other purpose.

This matters because misuse often happens without public disclosure. A person may keep the secret but still exploit it improperly. The NDA should prohibit both.

IX. Exclusions from Confidential Information

A Philippine NDA should almost always include standard exclusions. Without them, the agreement may be overbroad and harder to defend.

Typical exclusions include information that:

  1. is or becomes publicly available through no breach by the receiving party;
  2. was already lawfully known to the receiving party before disclosure;
  3. is lawfully obtained from a third party without breach of any duty;
  4. is independently developed by the receiving party without use of the confidential information;
  5. is required to be disclosed by law, regulation, court order, or lawful government process, subject to notice where legally permitted.

These exclusions are essential because they show the NDA is not trying to monopolize information beyond what fairness allows.

X. Standard of care in protecting the information

A good NDA should state how carefully the recipient must protect the information.

Common formulations include requiring the receiving party to:

  • use at least reasonable care;
  • protect the information with no less than the degree of care used to protect its own similar confidential information;
  • and in no event use less than reasonable care.

This clause matters because it creates an operational standard for:

  • document storage,
  • password control,
  • access restriction,
  • team sharing,
  • file transfer,
  • and physical document handling.

XI. Permitted disclosures to internal personnel and advisers

Most recipients need to share information with some people internally. If the NDA does not address this, it becomes commercially unrealistic.

Typical permitted recipients may include:

  • directors;
  • officers;
  • employees;
  • in-house counsel;
  • external lawyers;
  • accountants;
  • auditors;
  • consultants;
  • financing sources;
  • technical advisers;
  • prospective investors, where appropriate to the transaction.

But this access should be limited to those who:

  • have a need to know for the permitted purpose; and
  • are bound by confidentiality obligations no less protective than those in the NDA, whether by contract, professional duty, or law.

The NDA should also state that the receiving party remains responsible for breaches by its representatives.

XII. Compelled disclosure clause

No NDA should be drafted as though courts, regulators, or law enforcement do not exist.

A proper compelled disclosure clause usually says that if disclosure is required by:

  • law,
  • regulation,
  • subpoena,
  • court order,
  • or governmental process,

the receiving party may disclose only the minimum required, and if legally permitted shall:

  • give prompt notice to the disclosing party,
  • cooperate in seeking protective treatment,
  • and disclose only what is required.

This clause is critical because an NDA cannot lawfully promise absolute secrecy against lawful compulsion.

XIII. Data privacy clause

In Philippine practice, many NDAs now overlap with the Data Privacy Act of 2012. If the confidential information includes personal data, a generic NDA may not be enough.

Where personal information is involved, the draft should consider adding provisions on:

  • compliance with the Data Privacy Act and its regulations;
  • processing only for the permitted purpose;
  • limiting access to authorized personnel;
  • implementing reasonable organizational, physical, and technical safeguards;
  • breach notification obligations where applicable;
  • data retention and deletion rules;
  • and whether the receiving party acts as a personal information controller, personal information processor, or equivalent contractual role in the broader transaction.

An NDA is not a substitute for a full data processing agreement where one is needed, but it should at least acknowledge privacy compliance if personal data is involved.

XIV. Trade secrets and proprietary rights

Many NDAs are meant to protect more than generic business confidentiality. They are meant to protect proprietary information, including trade secrets.

A helpful clause may state that:

  • all confidential information remains the property of the disclosing party;
  • no license or transfer of intellectual property rights is granted except as expressly stated;
  • disclosure does not transfer ownership of inventions, software, documents, know-how, or proprietary materials;
  • and the receiving party acquires only the limited right to use the information for the permitted purpose.

This is especially important in:

  • software and product discussions;
  • manufacturing processes;
  • formulas and recipes;
  • source code sharing;
  • engineering materials;
  • and creative development work.

XV. No license / no obligation clause

Sophisticated NDAs often include two important disclaimers.

A. No license

Disclosure does not grant:

  • ownership,
  • license,
  • right to copy,
  • right to commercialize,
  • or right to exploit intellectual property, except as expressly stated.

B. No obligation to transact

Disclosure of information does not obligate either party to:

  • continue discussions,
  • enter into a deal,
  • award a contract,
  • make an investment,
  • or proceed with a transaction.

This helps prevent arguments that because information was shared, a binding business commitment existed.

XVI. Duration of confidentiality obligations

A Philippine NDA should clearly distinguish between:

  1. the term of the agreement; and
  2. the duration of the confidentiality obligations.

These are not always the same.

A. Agreement term

The NDA might stay in force for:

  • one year,
  • two years,
  • until terminated,
  • or until the underlying transaction ends.

B. Confidentiality survival period

The confidentiality obligation may continue:

  • for a fixed number of years after disclosure or termination;
  • or, for trade secrets and highly sensitive information, for so long as the information remains confidential in fact.

C. Avoid arbitrary drafting

“Forever” may sound strong, but in practice it is better to tailor duration. For ordinary commercial information, a finite period may be more defensible. For trade secrets, longer survival is more justifiable.

A common approach is:

  • two to five years for general business information;
  • longer or indefinite protection for trade secrets, subject to the information truly remaining secret.

XVII. Return, deletion, or destruction of materials

A strong NDA should address what happens when the relationship ends or the disclosing party requests return.

Typical provisions require the receiving party, upon request or termination, to:

  • return documents and physical materials;
  • delete or destroy electronic copies;
  • delete summaries, notes, and extracts;
  • certify destruction if requested;
  • while allowing narrow retention where required by law, backup systems, or legitimate legal hold obligations.

This clause matters because sensitive information often persists in devices, shared folders, and archived email long after the relationship ends.

XVIII. Remedies clause

The remedies clause is crucial. It should make clear that breach of confidentiality may cause harm not fully compensable by money alone.

A well-drafted Philippine NDA often states that the disclosing party may seek:

  • injunctive relief;
  • specific performance;
  • damages;
  • and any other remedy available under law or equity.

This is important because leaks and misuse can spread quickly. Waiting only for damage calculation may be inadequate.

That said, avoid exaggerated penalty drafting that a court may view as unconscionable or unsupported. If liquidated damages are used, they should be drafted carefully and not as punishment disguised as estimation.

XIX. Liquidated damages: use with caution

Some Philippine NDAs include a fixed liquidated damages clause. This can be useful, but it must be drafted carefully.

A poorly drafted clause may be attacked as:

  • punitive,
  • unconscionable,
  • uncertain,
  • or unrelated to actual anticipated harm.

If used, the clause should:

  • reflect a reasonable pre-estimate of harm or a contractually justifiable amount;
  • not exclude equitable relief unless that is truly intended;
  • and not prevent recovery where the law allows additional remedies under properly drafted terms.

Many parties prefer to rely on ordinary damages plus injunctive relief rather than an aggressive liquidated-damages figure.

XX. Non-solicitation and non-compete provisions are not the same as an NDA

This is a common drafting error.

An NDA is about:

  • confidentiality,
  • limited use,
  • and non-disclosure.

A non-solicitation clause prevents poaching of employees, clients, or business relationships.

A non-compete clause restricts competitive activity.

These may be included in the same agreement, but they are legally distinct and should not be casually inserted without careful review. Philippine law is more cautious with non-compete restraints, especially if overbroad in duration, geography, or scope.

Do not assume that a confidentiality agreement automatically justifies a broad restraint of trade.

XXI. Employment NDAs

An NDA for employees in the Philippines should be drafted with special care.

It should define:

  • what internal information is confidential;
  • whether it covers information learned during employment and after separation;
  • what is excluded as general skill, experience, or publicly known information;
  • what materials must be returned at resignation or termination;
  • how personal data and company systems are to be handled;
  • whether the obligations are in a stand-alone NDA or integrated into the employment contract, handbook, or code of conduct.

Employment NDAs should not be drafted so broadly that they appear to claim ownership over everything an employee ever knows or learns in life. The better practice is to focus on real proprietary business information.

XXII. Consultant and contractor NDAs

For freelancers, agencies, developers, and independent contractors, the NDA should do more than a basic employment-style confidentiality clause.

It should address:

  • access to systems and credentials;
  • project materials and deliverables;
  • client information;
  • return of documents and access keys;
  • subcontracting restrictions;
  • whether the contractor may use samples or portfolio references;
  • IP assignment if separate from confidentiality;
  • and data privacy roles if personal data is involved.

Independent contractors often sit closer to the company’s sensitive information than ordinary employees. Their NDA must reflect that reality.

XXIII. Startup and investor NDAs

In startup practice, parties often misuse NDAs.

A. Founder mistakes

Founders sometimes want investors to sign sweeping NDAs before hearing even a basic pitch. In many real-world settings, sophisticated investors resist early broad NDAs because they review many overlapping ideas.

B. Better approach

A Philippine startup should distinguish between:

  • general pitch information, which may not justify a strict NDA;
  • and sensitive technical, financial, product, code, or customer-specific data, which may.

C. Tailor the document

For serious due diligence, an NDA may be appropriate. But it should be tied to specific categories of non-public information, not vague claims that “my entire business idea is confidential forever.”

XXIV. Oral disclosures and meeting discussions

Many confidentiality disputes arise from conversations, demos, or pitch sessions.

The NDA should say whether oral, visual, or demonstration-based disclosures are protected, and how they are confirmed.

A sensible clause often provides that oral disclosures are protected if:

  • identified as confidential when made; and
  • summarized or confirmed in writing within a fixed period, such as 15 or 30 days.

Without this, disputes arise over whether a meeting conversation was ever covered.

XXV. Residual knowledge clauses

Some sophisticated contracts include a residuals clause, saying that information retained in unaided memory is not prohibited from use in some narrow sense.

This is risky and often inappropriate for ordinary Philippine NDAs unless carefully negotiated. It can significantly weaken confidentiality protection.

If included at all, it should be used only where the parties understand its implications and the transaction justifies it.

For most practical NDA drafting in the Philippines, it is usually better to omit such clauses unless there is a strong reason to include them.

XXVI. Governing law and venue

A Philippine NDA should usually include:

  • governing law: typically Philippine law; and
  • venue or dispute resolution clause: specifying where disputes are to be filed or whether arbitration applies.

This matters because many borrowed templates use foreign law and foreign venue language that may be impractical or unintended.

If the parties are Philippine-based and the transaction is local, Philippine governing law is usually the natural choice. Venue should be drafted carefully and not casually copied from unrelated templates.

XXVII. Corporate authority and signatories

An NDA is only as useful as its execution.

The draft should identify:

  • the correct full legal names of the parties;
  • the type of party (corporation, sole proprietorship, individual, partnership);
  • principal office addresses where appropriate;
  • and the signatories’ authority.

For corporations, the signatory should have actual authority to bind the company. A beautiful NDA signed by the wrong person can create unnecessary disputes.

XXVIII. Boilerplate clauses that still matter

Even in a simple NDA, the following clauses matter:

  • entire agreement;
  • amendment only in writing;
  • no waiver except in writing;
  • severability;
  • notices;
  • counterparts and electronic signatures where appropriate;
  • assignment restrictions where relevant.

These may look routine, but they help stabilize enforcement and reduce side-argument litigation.

XXIX. Common drafting mistakes

1. Defining everything as confidential forever

This makes the document look aggressive but often weakens it.

2. Failing to define the permitted purpose

Without a use limitation, the NDA is incomplete.

3. Omitting exclusions

This makes the agreement unrealistic and overbroad.

4. Forgetting oral disclosures

A lot of real business sharing happens outside formal documents.

5. No data privacy language where personal data is involved

A major problem in Philippine practice.

6. Mixing confidentiality with extreme non-compete language

This can make the contract harder to defend.

7. Using foreign templates without localization

Especially on governing law, venue, public policy, and legal terminology.

8. Naming the wrong party

Common with startups, group companies, and app brands.

9. No remedy or return-of-materials clause

This leaves operational gaps after breach.

10. Using vague emotional language instead of precise obligations

For example, “the party shall never betray business trust” is inferior to concrete restrictions.

XXX. A practical clause structure for a Philippine NDA

A clear NDA usually follows this order:

  1. Title and parties
  2. Recitals or background
  3. Definition of Confidential Information
  4. Permitted Purpose
  5. Non-disclosure and non-use obligations
  6. Permitted disclosures to representatives
  7. Standard of care
  8. Exclusions
  9. Compelled disclosure
  10. Ownership / no license
  11. Return, deletion, or destruction
  12. Duration and survival
  13. Remedies
  14. Data privacy compliance, if relevant
  15. No obligation to transact
  16. Governing law and venue / dispute resolution
  17. Boilerplate
  18. Signature block

This structure keeps the agreement disciplined and readable.

XXXI. A drafting mindset that works

When drafting an NDA in the Philippines, ask the following questions:

  • What exact information am I trying to protect?
  • Why is it confidential?
  • Who will receive it?
  • For what limited purpose may they use it?
  • What information should not be covered?
  • How long should the obligation last?
  • Will personal data be involved?
  • What internal sharing should be allowed?
  • What remedy do I realistically need if they breach?
  • Is this NDA being used to protect a genuine business interest, or am I trying to over-control the relationship?

The best NDA is not the longest one. It is the one that maps the real risk clearly.

XXXII. Bottom line

In the Philippines, a non-disclosure agreement is primarily a contract, but a serious one. It must be drafted with enough precision to identify:

  • what information is confidential,
  • who must protect it,
  • how it may and may not be used,
  • what exceptions apply,
  • how long the duty lasts,
  • how the information must be safeguarded and returned,
  • and what remedies follow if the obligation is broken.

A legally sound Philippine NDA should be realistic, not theatrical. It should not pretend that everything is confidential forever or that no disclosure can ever be compelled by law. It should account for data privacy where personal data is involved, avoid overbroad restraint language unless separately justified, and use Philippine governing law and commercially sensible remedies.

The most important drafting principle is this: confidentiality must be specific enough to enforce and flexible enough to work in real business life. An NDA that is too vague protects little. An NDA that is too broad may protect nothing well. The best Philippine NDA is one that knows exactly what it is trying to protect—and says so clearly.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login