A Reference Framework · v1.0 · May 2026

The NDA Risk Taxonomy

Ten categories. Thirty-three patterns. Jurisdiction-specific enforceability. A structured reference for evaluating non-disclosure agreements and the confidentiality sections of broader contracts.

Published by NDASentry Last updated 26 May 2026 Open access · cite freely

Introduction

Most NDAs are written for the party doing the disclosing. The recipient — the employee, the contractor, the founder evaluating a term sheet — is expected to read the language, sign, and accept the risk.

The risk is rarely uniform. A non-disclosure agreement encodes choices across ten distinct dimensions: how confidential information is defined, which exclusions are honored, how long obligations survive, what happens under legal compulsion, what use of the information is permitted, which jurisdiction's law applies, and several more. Each dimension has a defensible default, an aggressive variant, and an indefensible overreach.

This taxonomy names the categories and the patterns within them. It is the framework used by the NDASentry analysis pipeline to score real contracts. Each linked page covers the legal background, enforceability variation by jurisdiction, and the specific risk patterns NDASentry identifies.

The Ten Categories 10 / 33 patterns

Confidential Information Definition →

What the contract treats as "confidential." Overbroad definitions create perpetual liability for information the recipient cannot reasonably segregate.

overbroad scope undefined terms unwritten oral disclosures

Standard carve-outs for information that is public, independently developed, or rightfully received. Missing exclusions trap the recipient in obligations they cannot escape.

missing standard carve-outs one-sided exclusions no required-by-law exception

Term and Survival →

How long the confidentiality obligation lasts and whether it outlives the underlying agreement. Perpetual and indefinite terms face skepticism in most U.S. jurisdictions for non-trade-secret information.

perpetual / indefinite 10+ year terms survival past termination

Return or Destruction →

What the recipient must do with confidential material when the engagement ends. Strict destruction without an archival carve-out can conflict with records-retention obligations.

missing obligation certified destruction no archival carve-out

Compelled Disclosure →

What happens when a subpoena, court order, or regulator demands the confidential information. Burdensome notice requirements or duties to contest legal process shift cost and risk to the recipient.

missing carve-out impractical notice windows recipient bears legal cost

Injunctive Relief →

Pre-agreed remedies if confidentiality is breached. Automatic injunctions and stipulated irreparable harm let the discloser shut the recipient down quickly with a low evidentiary threshold.

automatic injunction bond waiver stipulated irreparable harm

Use Restrictions →

What the recipient may and may not do with the information they receive, including whether knowledge retained in memory is still restricted — the heavily-negotiated "residual knowledge" question.

overbroad restrictions residual knowledge no-reverse-engineering

Governing Law →

Which jurisdiction's law applies and where disputes must be heard. Foreign-state forum selection, mandatory arbitration, and class-action waivers reshape the cost of any dispute.

jurisdiction trap arbitration + class waiver exclusive forum

Whether the agreement can be transferred to a third party — including a competitor or acquirer of the disclosing party — without the recipient's consent.

one-sided assignment successors-and-assigns no consent requirement

Non-Solicitation / Non-Compete →

Restrictive covenants bundled into the NDA, often outside the recipient's notice. Enforceability varies sharply: void in California, restricted in Colorado above income thresholds, evolving in many other states.

non-compete hidden in NDA employee / customer non-solicit garden leave non-circumvention

About this taxonomy

The ten categories listed here are the dimensions NDASentry actually scores when analyzing a contract. They were derived from analysis of standard NDA templates (including the open oneNDA standard), case law on enforceability, and patterns seen across thousands of contracts processed by employment lawyers, M&A counsel, and in-house teams.

Each linked page covers one category in depth: legal background, enforceability notes by U.S. jurisdiction (including California, Colorado, New York, Texas, and Washington), example clause language, and the specific risk patterns NDASentry identifies during scoring.

This is a reference document. It is not legal advice. NDA enforceability turns on facts, jurisdiction, and judicial discretion — consult a licensed attorney for binding interpretation of any specific contract.

Score the NDA in front of you.

Drop your PDF. Get a clause-by-clause risk report scored against the ten categories on this page. No account. No email. The document is deleted after the report is generated.