NDASentry
Home / Taxonomy / Return or Destruction
CATEGORY 04 OF 10

Return or Destruction

What the recipient must do with confidential material when the engagement ends. Strict destruction without an archival carve-out can conflict with records-retention obligations under SOX, GDPR, and litigation hold requirements.

Part of The NDA Risk Taxonomy Patterns scored 3 Last updated 26 May 2026
The Question

What happens when the engagement ends?

Every NDA contemplates an ending. The relationship runs its course, the deal closes (or doesn't), the employee leaves, the vendor engagement wraps. At that point, the recipient still has the disclosing party's confidential material in their files, their email, their backups, and potentially in third-party systems the recipient doesn't control.

The return or destruction clause sets the rules for what happens next. A well-drafted clause defines what must be returned or destroyed, who is responsible, the timeline, and what carve-outs apply for material the recipient is legally required to retain (financial records, litigation holds, regulatory requirements).

A poorly drafted clause creates one of two problems. Either it demands more than the recipient can deliver (full destruction of every copy including backups, which is technically impossible in modern IT environments), or it provides no obligation at all, leaving the recipient holding confidential material indefinitely with no defined endpoint.

Legal Background

What sensible drafting looks like

A defensible return-or-destruction clause does five things: names the trigger (typically written request from the discloser, or termination of the agreement); names the obligation (return, destroy, or recipient's choice); names the materials covered (originals, copies, derivatives, summaries); names a reasonable timeline (30 days is common); and provides an archival carve-out for material the recipient must retain for legal, regulatory, or backup reasons.

The archival carve-out is the part most aggressive NDAs omit. Modern companies operate under records-retention obligations from multiple sources: Sarbanes-Oxley for public-company financial records, GDPR for personal data, HIPAA for health information, regulatory record-keeping for financial services, and litigation holds whenever a dispute is reasonably anticipated. Backup systems automatically copy data to redundant storage that cannot be selectively purged.

A return clause that requires destruction of all copies in any form conflicts with these obligations. Sensible drafting acknowledges that the recipient may retain copies required by law or stored in routine backups, with those copies remaining subject to the confidentiality obligations.

Example Clauses

What this looks like in real contracts

Standard — With Archival Carve-Out "Upon termination of this Agreement or upon written request by the Disclosing Party, the Receiving Party shall, at the Disclosing Party's option, return or destroy all Confidential Information in its possession, including all copies and derivatives, within thirty (30) days. Notwithstanding the foregoing, the Receiving Party may retain (i) copies required by law or regulation, and (ii) copies contained in routine backup systems that cannot be selectively purged, provided that such retained copies remain subject to the confidentiality obligations of this Agreement."
Aggressive — Certified Destruction, No Carve-Out "Upon termination, the Receiving Party shall destroy all Confidential Information in any form, including all copies, backups, derivatives, and notes referencing the Confidential Information, and shall provide written certification, signed by an officer of the Receiving Party, that such destruction has been completed."
Missing — No Return Obligation (absence) The agreement contains no provision addressing what happens to Confidential Information at the end of the engagement. The recipient is technically obligated to keep the material confidential forever but has no defined point of release.
In Practice

Why backup carve-outs matter

Modern IT infrastructure makes complete destruction of digital data physically impractical. Email backups, cloud-storage version history, database transaction logs, off-site disaster recovery, and immutable cloud archives all create copies that cannot be selectively deleted on demand without violating other obligations or destroying unrelated material.

Sophisticated NDAs acknowledge this reality. The archival carve-out doesn't release the recipient from confidentiality — it simply recognizes that retained copies are subject to the same obligations as the original disclosure, and that the recipient cannot certify destruction of something they cannot physically destroy. Without this carve-out, signing a strict destruction clause is signing a representation the recipient cannot truthfully make.

Risk Patterns Scored

What NDASentry flags in this category

4.1 Missing return-or-destruction obligation

The agreement contains no provision addressing what happens to confidential material at the end of the engagement. The recipient has confidentiality obligations with no defined endpoint and no procedure for releasing the material. This is more common in poorly-drafted NDAs than recipients realize.

4.2 Certification of destruction requirement

The agreement requires the recipient to certify in writing — sometimes by sworn affidavit — that all copies have been destroyed. Without an archival carve-out, this creates a false certification risk. Without a defined scope of search, the certification is open-ended in time and effort. Combined with a short timeline, this pattern is a common drafting overreach.

4.3 No backup or archival carve-out for destruction

The destruction obligation does not exclude routine backups, legally-required records, or records subject to litigation hold. The recipient is either forced to violate the NDA (by retaining required copies), violate other obligations (by destroying records they must retain), or sign a representation they cannot truthfully make.

Empirical findings — coming soon

We are scoring a corpus of public NDAs to publish prevalence data for each pattern in this taxonomy. The findings — including what percentage of real NDAs contain the patterns above, broken down by industry and jurisdiction — will appear here when the study is complete.

Common questions

What is a return-or-destruction clause in an NDA?
A provision specifying what the recipient must do with the disclosing party's confidential material when the agreement ends or upon request. Standard drafting requires return or destruction within a defined window (typically 30 days) with an archival carve-out for material the recipient must retain for legal, regulatory, or backup reasons.
Can an NDA require certified destruction of all copies?
It can require it, but compliance is often impossible. Modern IT systems create backup copies that cannot be selectively purged. Legal and regulatory obligations require retention of certain records regardless of contractual obligations. Sensible drafting includes a carve-out for these unavoidable retained copies.
What is an archival carve-out in an NDA destruction clause?
A provision acknowledging that the recipient may retain copies of confidential information required by law (e.g., SOX, GDPR, HIPAA, litigation hold) or contained in routine backup systems that cannot be selectively purged. Retained copies remain subject to the underlying confidentiality obligations.
How long does a recipient have to return or destroy NDA material?
Industry standard is 30 days from a written request or from the termination of the agreement. Shorter timelines (10-15 days) are sometimes seen but can be impractical for large or distributed organizations. Longer timelines (60-90 days) are appropriate for complex engagements with extensive documentation.
Related categories
01
Confidential Information Definition
What the contract treats as 'confidential.' Overbroad definitions create perpetual liability for information the recipient cannot reasonably segregate.
03
Term and Survival
How long a confidentiality obligation lasts and whether it outlives the underlying agreement.
05
Compelled Disclosure
What happens when a subpoena, court order, or regulator demands the confidential information. Burdensome notice requirements or duties to contest legal process shift cost and risk to the recipient.

Score the NDA in front of you.

Drop your PDF. Get a clause-by-clause risk report scored against all ten categories. No account. No email. The document is deleted after the report.

Analyze · $9