NDA Review Playbook (Commercial, Jurisdiction-Agnostic)

Overview

Scope limitation (important): this playbook supports one-way (unilateral) commercial NDAs only.

If the NDA is mutual, stop: this playbook is out of scope and you should escalate to counsel or use a separate mutual-NDA review approach.

Variation callouts appear throughout:

• M&A / Due diligence
• Employment / contractor
• Investor / VC

LEGAL DISCLAIMER

THIS IS NOT LEGAL ADVICE. This skill is provided for informational and educational purposes only. Laws vary by jurisdiction and individual circumstances, and only a licensed attorney can provide advice tailored to your specific situation. When the NDA is high-risk, high-value, cross-border, or otherwise sensitive, escalate to qualified counsel.

Remember: All outputs from this skill must be reviewed by a qualified legal professional before being used for any legal purposes.

Inputs to collect (ask before reviewing)

A. Role and deal context (required)

• Are we reviewing as Recipient (we receive confidential info) or Discloser (we disclose confidential info)?
• Confirm the NDA is one-way (unilateral). If it is mutual, stop: this playbook cannot be used.
• What is the purpose / permitted use (e.g., evaluation of partnership, vendor RFP, diligence)?
• What are the parties (legal names) and any affiliates that should be covered?
• What information types are expected (tech, pricing, customer data, product roadmap, source code)?
• Desired timeline: when do we need to sign?

B. Practical constraints (recommended)

• Do we need to share with affiliates, advisors, contractors, auditors, or potential acquirers?
• Will we need to export data across borders or store in cloud tools?
• Will any personal data be shared? If yes, are there separate data-processing terms?

Jurisdiction-agnostic note: avoid asserting “this clause is invalid” without the governing law details; focus on commercial risk, operational feasibility, and market norms.

Deliverables (output format)

Quick start (default output template)

ALWAYS output:

1. Executive summary
2. Clause-by-clause issue log (single table)

A. Executive summary (1 page)

• Party role (Recipient or Discloser) and confirmation it is one-way (unilateral)
• Top 5 negotiation points (ranked)
• “Sign as-is” / “Sign with changes” / “Escalate” recommendation

B. Clause-by-clause issue log (lawyer-style, thorough)

Use a single table so counsel and business owners can track issues, owners, and deadlines.

Example (compact)

Executive summary (example skeleton):

• Role: Recipient (one-way NDA)
• Recommendation: Sign with changes
• Top 5 points: definition scope; term/survival; representatives; backup carve-out; remedies/fees

Issue log (example rows):

5-step workflow

Step 1 — Identify stance (Recipient vs Discloser)

• Confirm which side we are on for this specific NDA (titles are often misleading).
• Confirm the NDA is one-way (unilateral). If it is mutual, stop (out of scope).

Quick heuristic:

• If we are being asked to keep their info secret → we are Recipient.
• If we are sharing our sensitive info → we are Discloser (if the NDA is mutual, stop: out of scope).

Step 2 — Triage the NDA (fast risk scan)

Flag these immediately:

• Perpetual confidentiality for all information (no trade secret distinction)
• Residuals clause allowing use of “memory” or generalized knowledge
• Injunctive relief + attorneys’ fees one-way against Recipient
• Indemnity for breach or broad third-party claims
• No carve-outs for compelled disclosure or prior knowledge
• Overbroad definition: “all information, whether marked or not” with no reasonableness
• Affiliate coverage missing when we must share internally

If any are present and the NDA matters, proceed with full review and consider escalation.

Step 3 — Clause-by-clause review (use the reference modules)

Use these references while reviewing:

• Key clauses
• Party obligations
• Duration & scope
• Remedies & liability
• Standard exceptions

Step 4 — Draft redlines and negotiation positions

For each issue, produce:

• Preferred redline (best risk outcome)
• Fallback position (acceptable compromise)
• Rationale (1–2 sentences: business + operational feasibility)
• Owner (who needs to approve / negotiate: Legal, Sales, Security, Product)
• Deadline (by when the counterparty needs the change)

Negotiation discipline: do not propose 20 changes. Focus on the 5–10 that materially change risk.

Step 5 — Finalize the package

• Ensure consistency (definitions used the same way everywhere)
• Confirm operational feasibility (can we actually comply?)
• Re-scan the Step 2 triage list and ensure each flagged item is represented in the issue log
• Provide a short “what we changed and why” summary

Perspective-specific checklists

A. Recipient checklist (incoming NDA — typical case)

M&A / Due diligence: ensure diligence sharing (advisors, financing, affiliates) is permitted and that data room exports/notes are covered.

B. Discloser checklist (when we are sharing sensitive info)

Investor / VC: watch for standstill, solicitation, and “no contact” provisions—these are not standard in plain NDAs and may need separate agreement.

Risk rating guide

Common pitfalls (issue → risk → fix)

Review prompts (copy/paste)

A. Minimal prompt (fast)

• Role: Recipient/Discloser
• NDA type: one-way (unilateral)
• Purpose: …
• Please produce (1) exec summary, (2) clause-by-clause issue log table with: Clause, Issue, Risk, Preferred redline, Fallback, Rationale, Owner, Deadline, (3) top 5 negotiation points.

B. Deep prompt (recommended)

• Add constraints: affiliates, advisors, contractors, cross-border sharing, personal data, cloud tools.
• Ask for: preferred redline + fallback + rationale per issue.

Ownership & timing defaults (if the user does not specify)

Use these defaults to populate Owner and Deadline in the issue log: