Are NDAs Enforceable in Malaysia? Confidentiality Under the Contracts Act 1950 (2026)

NDAs are enforceable in Malaysia, but courts impose real limits. A blanket restraint that prevents someone from working in their field after leaving employment will likely fail under Section 28 of the Contracts Act 1950. The law distinguishes clearly between protecting genuine confidential information — which is enforceable — and restricting competition through the back door of a confidentiality clause, which is not.

The governing framework: Contracts Act 1950 and common law

Malaysia has no standalone trade secrets statute. Confidentiality obligations derive from two sources: the Contracts Act 1950 (which governs the formation and enforcement of agreements) and the common law of equity imported through the Civil Law Act 1956.

An NDA signed between two commercial parties is a contract like any other. For it to be enforceable the agreement must satisfy the basic requirements in Sections 10 to 30 of the Contracts Act: offer, acceptance, consideration, and lawful object. Most NDAs fail in court not because of those formalities but because of how the restraint clause is drafted — too wide, too long, or aimed at legitimate competition rather than genuine secrets.

Section 28 and the restraint-of-trade rule

Section 28 of the Contracts Act 1950 voids any agreement that restrains a person from exercising a lawful profession, trade, or business. The section is blunt: the agreement is void to the extent of the restraint, not merely voidable at the option of the restricted party.

Malaysian courts have repeatedly held that this provision applies to post-employment NDAs that are, in substance, non-compete clauses dressed in confidentiality language. Where an NDA prevents a former employee from using their general skills and experience, rather than protecting a defined body of genuinely secret information, Section 28 will strike it down. The Federal Court's approach in cases involving employment restraints has consistently been stricter than, for example, English courts, which allow a broader "reasonableness" test.

The practical effect is significant: an NDA clause that says "you shall not disclose or use any information relating to the company's business" is likely to be treated, in an employment context, as an overbroad restraint. A clause that says "you shall not disclose the specific formulation of Product X, which you had access to in your role as a process engineer" stands on much firmer ground.

Implied confidentiality in employment

Even without a signed NDA, employees owe their employer a duty of confidentiality during the term of employment. This duty arises from the employment relationship itself and has been recognised by Malaysian courts as part of the implied terms of an employment contract.

The duty covers information that is genuinely confidential — customer databases not accessible publicly, production processes kept secret, pending pricing strategies, and similar material. General skills, knowledge of industry practices, and information that is publicly available do not attract this protection, even if the employer classifies them internally as confidential.

After employment ends, the implied duty narrows considerably. Former employees remain bound not to disclose or use specific trade secrets they acquired, but they are free to apply their general skills and accumulated know-how. Malaysian courts draw this line by examining the nature of the information, not the label placed on it by the employer.

What counts as a trade secret under Malaysian common law

Because Malaysia has no statute codifying trade secrets, the common law test applies. Information qualifies for protection if it meets three conditions: the information was not publicly known, the owner took reasonable steps to keep it secret, and unauthorised disclosure would cause real damage.

Courts look at how the information was treated in practice. Was it stored behind access controls? Was it marked confidential? Were staff briefed on its sensitivity? An employer who leaves sensitive pricing data in shared drives accessible to all staff will struggle to argue that the same data is a protectable trade secret when an employee leaves with it.

Trade secrets that Malaysian courts have protected include proprietary software code, manufacturing formulas, client lists compiled through significant investment, and financial models not derivable from published accounts. Generic sector knowledge — the kind of understanding any experienced professional in the field would possess — does not qualify.

Post-employment protection: what survives Section 28

A well-drafted NDA can extend some confidentiality protection beyond the employment period, but only for information that genuinely qualifies as a trade secret. The clause must be specific enough that a court can identify the protected information without reading it as a general prohibition on competition.

Duration matters. Malaysian courts have not established a fixed maximum, but post-employment confidentiality obligations that extend beyond two to three years for most categories of information are increasingly difficult to defend. For high-value technical secrets in industries such as pharmaceuticals or proprietary software, longer periods may be arguable, but the burden is on the party seeking enforcement.

Geographic scope is less relevant for confidentiality obligations than for non-compete clauses, because the obligation is about using or disclosing information rather than about where the person works. A former employee who moves to Singapore and discloses protected trade secrets to a competitor there can still face a claim in Malaysian courts if the damage is felt in Malaysia.

Mutual versus one-way NDAs

Commercial NDAs between businesses often run in both directions: each party discloses some confidential information and each party is bound to protect the other's. Malaysian courts treat mutual NDAs the same way as one-way obligations — the enforceability of each party's obligations is assessed independently, and the fact that the agreement is mutual does not save an otherwise unenforceable restraint.

In M&A due diligence and joint venture discussions, mutual NDAs are standard. The key drafting point is to define the protected information by category and purpose — "information disclosed for the purpose of evaluating the proposed transaction" — rather than by a catch-all that sweeps in everything either party knows.

Remedies when an NDA is breached

The primary remedy for breach of an NDA in Malaysia is damages. The plaintiff must demonstrate loss caused by the disclosure or misuse of the protected information. Where a direct financial loss is difficult to quantify, courts have been willing to award nominal damages alongside injunctive relief.

An injunction — typically an interim injunction — is the remedy most parties actually want when a breach is discovered. Malaysian courts apply the American Cyanamid balance-of-convenience test: is there a serious issue to be tried, and would damages be an adequate remedy? For trade secrets, courts frequently conclude that damages are inadequate because the harm from a continuing disclosure is irreversible. Interim injunctions in NDA cases have been granted at speed in the Malaysian High Court, particularly where the defendant is about to start working for a direct competitor.

Breach of an NDA can also found a claim in equity for breach of confidence, which is not strictly dependent on a contract. Where no written NDA exists but a confidential relationship was clearly established, equity may provide a remedy on the same principles.

Drafting for enforceability in 2026

The Malaysian courts' treatment of NDA disputes points to a clear drafting principle: precision beats breadth. An NDA should identify the categories of information protected (by description, not blanket label), the permitted uses, the duration, and the exceptions (information that becomes public through no fault of the receiving party, information independently developed, information received from a third party without restriction).

Employment NDAs should avoid language that could be read as preventing a former employee from competing at all. The confidentiality obligation and any non-solicitation clause should be separated and drafted to survive independently if one falls. A severance clause that explicitly authorises a court to read down an unenforceable provision — rather than void it entirely — can preserve the enforceable part of the agreement.

For businesses operating in Malaysia and needing a properly structured agreement, a Malaysian non-disclosure agreement that reflects the Contracts Act 1950 framework provides a starting point that can be adapted for both commercial and employment contexts.

Key points for businesses and employers

Section 28 of the Contracts Act 1950 is not a technicality — it is the primary reason NDA clauses fail in Malaysian courts. The section voids restraints that go beyond protecting genuine confidential information and spill into restricting what a person can do with their career or general expertise.

Implied confidentiality in employment covers genuinely secret information during and after the employment period, but the scope narrows sharply once employment ends. Post-employment NDA clauses are enforceable only for real trade secrets, not for general industry knowledge or skills.

Remedies are real — injunctions are available and courts move quickly when a breach is genuine. But the strength of any claim depends entirely on how precisely the protected information was defined and how carefully the business treated that information during the employment or commercial relationship.