Confidentiality : what really works

Why Confidentiality Agreements (NDAs) in M&A are not enough — and How to truly protect your information

Duringa financing project,a fundraising round,a merger-acquisition (M&A),or a company sell-side process,the signing of a confidentiality agreement is almost systematic.

This legal document is generally the firstformal exchange between parties before sharing sensitive information.

Yet, in practice, NDAs do not truly protects trategic information.

Why are these agreements often insufficient?
And above all, what measures should be implemented to effectively protect confidential data during an M&A or financing process?
This is what we will examine.

What Is a Confidentiality Agreement (NDA)?

An NDA (Non-Disclosure Agreement) is a legal contract designed to protect confidential information exchanged between two parties.

In the context of mergers, acquisitions, or financing, it is generallysigned between:

  • a disclosing party (the company sharing information)
  • a receiving party (investor, potential buyer, advisor, etc.)

A Generally Short Document

A confidentiality agreement is usually a document of 1to 20 pages that defines several key elements:

1.The Parties Involved

The contract specifies

  • the identity of the parties
  • their role in the exchange of information

In some cases:

  • both parties exchange information
  • in other cases, only one party shares confidential data

2.Definition of Confidential Information

The NDA specifies which information is protected.

In general, public information is explicitly excluded from the scope of confidentiality.

Protected information may include:

  • financial data
  • strategy
  • commercial data
  • client information
  • intellectual property
  • data related to a financing or divestiture transaction

3.Duration of the Agreement

An NDA is not permanent.

In practice:

  • the duration is often limited
  • it rarely exceeds 5 years

4. No Obligation to Share

An important point:

The NDA does not require information to be shared.

It simply creates the possibility to do so within a secure framework.

5.Sanctions in Case of Breach

The contract generally provides for:

  • financial penalties
  • legal responsibilities

ifa party fails to meet its confidentiality obligations.

Why NDAs Do Not Truly Protect Information

Despite their legal importance, confidentiality agreements are often ineffective in practice.

1.Because People Do Not Always Respect Them

In reality, information can circulate despite the NDA.

For example:

  • an investor may share a document with a colleague
  • a lawyer, investment banker, or accountant may transfer a file

And  the dissemination can continue beyond authorized individuals.

Wit hover 10 years of experience in financial operations, we see that itis common for some NDAs not to bestrictly respected.

Of course, most professionals are serious — but asingle negligent intermediary can create an information leak.

2.Because It Is Very Difficult to Prove a Breach

Even if information leaks, several problems arise:

How to Know There Has Been a Leak?

In many cases:

  • the company will never know that the information circulated

How to Identify the Source of the Leak?

Even if the leak is identified, it remains to prove:

  • who shared the information
  • at what time

Which is often very complex.

How to Measure the Damage?

To obtain legal compensation, the damage must be quantified.

But how to prove:

  • that confidential information caused a financial loss?
  • or a missed opportunity?

It is often very difficult to demonstratelegally.

3.Because Legal Procedures Are Costly

Filing a procedure for breach of confidentiality can be burdensome:

  • over one year of proceedings
  • attorney fees
  • legal costs

Justto initiate a procedure, costs can easily reach €5,000 or more.

Fornon-strategic information, it is oftennot worth it.

4.Because There Is Also a Reputational Risk

Filing a complaint against:

  • an investment fund
  • a large company
  • a recognized player

can have reputational consequences.

In some cases, companies prefer not to initiate proceedings.

Should NDAs Still Be Used?

Yes.

Despite their limitations, confidentiality agreements remain essential.

They allow:

  • establishin a clear legal framework
  • formalizing expectations
  • creating a written record

They constitute a first line of defense, but they must be complemented by other measures.

How to Truly Protect Confidential Information

To secure an M&A or fundraising process, several strategies can beimplemented.

1.Information Compartmentalization

This is the most important measure.

It consists of sharing only the strictly necessary information according to:

  • the profile of the recipient
  • the progress of the project

Example: Multiple Data Rooms

It is possible to create:

  • a full data room
  • a partial data room

Each type of recipient receives a different level of information.

Segmenting Information Over Time

The more the project progresses, the more information can be shared.

For example:

  1. first phase: general information
  2. second phase: detailed financial information
  3. final phase: sensitive strategic information

Anonymizing Certain Information

It is possible to:

  • hide the company’s location
  • simplify the description of the activity
  • remove certain identifying elements

In some cases, anonymous teasers are used to present a project without revealing the company’s identity.

2.Trust-Based Relationship with the Counterparty

The human relationship remains a key factor.

The more:

  • the exchanges are serious
  • the counterparty is credible
  • the project progresses

the more it becomes relevant to share sensitive information.

3.Using Watermarks

Another technique is to use invisible watermarks in documents.

These markings allow:

  • identifying the original recipient
  • tracing the source of an information leak

Even if the document circulates, it is possible to identify the source of the dissemination.

4.Including Contractual Penalties

Some companies include substantial financial penalties in their NDAs.

How ever, cautionis required:

  • excessively high penalties may be reclassified as abusive by a court
  • they can also slow down negotiations

The objective remains to deter without blocking the process.

Some Investors Refuse NDAs Initially

In some cases, certain investment funds refuse to sign an NDA during the initial review.

The ir reasoning:

  • NDAs can slow down the process
  • they prefer to analyze a preliminary file

Then:

  • if the project interests them
  • they sign an NDA before accessing sensitive information

NDA and M&A: One Tool Among Others

In a financial operation, the NDA is onlyone element of a broader framework.

Even if the agreement is perfectly drafted and signed:

without:

  • information compartmentalization
  • structured data rooms
  • watermarks
  • a distribution strategy

the protection will remain insufficient.

Conclusion: How to Effectively Protect Your Information

To secure a merger-acquisition or fundraising operation, the best approach is:

1️⃣ first share as much non-confidential information as possible
2️⃣ verify the real interest of the recipients
3️⃣ then sign a confidentiality agreement(NDA)
4️⃣ implement additional protective measures

NDAs therefore remain a useful but imperfect tool, which must always be part of a global strategy for managing confidential information.

If you are working on a company divestiture, fundraising, or acquisition,it is essential to structure the dissemination of your information correctly.

A proper confidentiality strategy can prevent significant legal, financial, and reputational risks.