Non-Disclosure Agreement Spain (Acuerdo de Confidencialidad)

A Non-Disclosure Agreement Spain (Acuerdo de Confidencialidad) is a legally binding contract between two or more parties under which one or more parties (the disclosing party — parte divulgadora) agree to share confidential information with the other party (the receiving party — parte receptora) solely for a defined purpose, and the receiving party agrees not to disclose, use, or exploit that information without prior authorisation. In Spain, Acuerdos de Confidencialidad are governed by several overlapping legal frameworks: the Código Civil (Royal Decree of 24 July 1889) Article 1255, which establishes the principle of contractual freedom (autonomía de la voluntad) and permits parties to conclude contracts with whatever clauses and conditions they deem appropriate provided they do not contravene law, morality, or public order; the Ley 1/2019, de 20 de febrero, de Secretos Empresariales (implementing EU Directive 2016/943/EU on the protection of undisclosed know-how and business information); and Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), which implements the EU GDPR in Spain and governs any personal data exchanged in commercial contexts.

The Ley 1/2019 de Secretos Empresariales is Spain's dedicated trade secrets statute, transposing EU Directive 2016/943/EU. Article 1 of Ley 1/2019 defines a secreto empresarial (trade secret) as any information or knowledge — including technical, commercial, economic, financial, and strategic information — that meets three cumulative conditions: (1) it is secret in the sense that, as a whole or in its precise configuration and assembly, it is not generally known among or readily accessible to persons within circles that normally deal with that kind of information; (2) it has commercial value because it is secret; and (3) it has been subject to reasonable steps to keep it secret by the person lawfully in control of the information. When confidential information qualifies as a secreto empresarial under Ley 1/2019, the statute provides specific civil remedies — injunctions (medidas cautelares), seizure of infringing goods, damages, and publication of judicial decisions — that go beyond the general remedies available under the Código Civil.

Before the enactment of Ley 1/2019, trade secret protection in Spain was scattered across Article 13 of the Ley de Competencia Desleal (Ley 3/1991, de 10 de enero) — which classified the unlawful disclosure of trade secrets as an act of unfair competition — and general contractual and tort law under Articles 1101 and 1902 of the Código Civil governing contractual and non-contractual liability. Ley 1/2019 consolidated and strengthened these protections, aligning Spain with other EU member states and providing the legal basis for autonomous NDA enforcement independent of proving unfair competition.

Spanish courts — principally the Juzgados de lo Mercantil established under Ley Orgánica 8/2003 — have jurisdiction over trade secret disputes, unfair competition claims, and intellectual property matters. The Audiencias Provinciales (provincial courts of appeal) hear second-instance appeals, and the Sala de lo Civil of the Tribunal Supremo provides final interpretation of civil and commercial law under Article 1.6 of the Código Civil.

Bilateral NDAs (acuerdos de confidencialidad mutuos) are common in M&A due diligence processes, technology licensing negotiations, joint venture discussions, and strategic partnership evaluations. Unilateral NDAs (acuerdos de confidencialidad unilaterales) are standard in employer-employee contexts — supplementing the employment contract's implicit duty of loyalty under Article 5(a) of the Estatuto de los Trabajadores — and in vendor-client relationships where only one party discloses proprietary information. For employee NDAs, the obligations should be coordinated with any non-compete clause (pacto de no competencia) under Article 21 of the Estatuto de los Trabajadores.

A Non-Disclosure Agreement Spain is required in any commercial, professional, or employment context where one party discloses confidential information to another and needs legal assurance that the information will not be misused, disclosed to third parties, or exploited for competitive purposes without authorisation.

An Acuerdo de Confidencialidad is needed before entering into merger and acquisition (M&A) negotiations or due diligence processes — when a potential acquirer receives access to the target company's financial statements, customer lists, intellectual property portfolio, and strategic plans. Law firms and investment banks (bancos de inversión) in Madrid and Barcelona routinely require NDAs before virtual data rooms are opened. The Juzgados de lo Mercantil have jurisdiction to enforce NDA breaches arising in M&A contexts under Article 86 ter of the Ley Orgánica del Poder Judicial.

An NDA is required when a technology company or startup shares proprietary software code, algorithms, technical specifications, or product roadmaps with a potential investor, development partner, or service provider. Spain's startup ecosystem — governed by Ley 28/2022, de 21 de diciembre, de fomento del ecosistema de las empresas emergentes (Startup Act) — has made NDAs a standard component of investment discussions with venture capital funds regulated by the Comisión Nacional del Mercado de Valores (CNMV).

An Acuerdo de Confidencialidad is needed when entering into a franchise agreement, distribution agreement, or agency contract — before the franchisor discloses the operational manual, secret formulas, pricing structures, and customer databases that form the core of the franchise system. Franchise relationships in Spain are governed by the Real Decreto 201/2010 on pre-contractual disclosure obligations, which requires a pre-contractual disclosure document (documento de información precontractual) at least 20 days before signing, often accompanied by an NDA.

A Non-Disclosure Agreement is required when an employer engages a consultant, freelancer (autónomo), or external service provider who will have access to client data, internal systems, pricing models, or proprietary processes. Under the LOPDGDD and GDPR Article 28, where the external party will process personal data on behalf of the employer, a separate data processing agreement (contrato de encargado de tratamiento) is also required — the NDA complements but does not replace this data processor agreement.

An NDA is needed when a researcher, university, or technology transfer office (Oficina de Transferencia de Resultados de Investigación — OTRI) at a Spanish university (Universidad Autónoma de Madrid, Universidad de Barcelona, Universidad Politécnica de Madrid, etc.) collaborates with a private company and shares unpublished research results, patent applications, or know-how prior to commercialisation.

Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255.

A valid and enforceable Non-Disclosure Agreement Spain under the Ley 1/2019 de Secretos Empresariales and Código Civil Article 1255 must contain the following essential elements.

Identification of Parties: Full legal name, DNI/NIF/NIE, and registered address of both the disclosing party (parte divulgadora) and the receiving party (parte receptora). Where either party is a legal entity — sociedad limitada (S.L.) or sociedad anónima (S.A.) — the NIF (Número de Identificación Fiscal), the Registro Mercantil registration details, and the name and capacity of the signatory must be stated. The NIF is assigned by the Agencia Estatal de Administración Tributaria (AEAT) and identifies the entity in all commercial and tax dealings.

Definition of Confidential Information: A precise definition of what constitutes confidential information (información confidencial) under the agreement — covering business plans, financial projections, client lists, pricing data, technical specifications, software code, trade secrets qualifying under Article 1 of Ley 1/2019 de Secretos Empresariales, and any other identified categories. The definition should state what is excluded from confidentiality obligations — information already in the public domain, information independently developed by the receiving party, or information required to be disclosed by a court or regulatory authority such as the Agencia Española de Protección de Datos (AEPD) or the Comisión Nacional del Mercado de Valores (CNMV).

Purpose of Disclosure: A clear statement of the permitted purpose (finalidad) for which confidential information may be used — limited to the evaluation of a specific commercial transaction, project, or relationship. Use of the information for any other purpose constitutes breach.

NDA Type — Unilateral or Mutual: Whether the agreement is unilateral (confidentiality obligations on the receiving party only) or mutual/bilateral (confidentiality obligations on both parties — acuerdo de confidencialidad mutuo). Mutual NDAs are appropriate where both parties will exchange confidential information.

Confidentiality Obligations: Specific obligations of the receiving party — to keep the information secret; not to disclose it to any third party without prior written consent; to use it only for the permitted purpose; to implement reasonable security measures (medidas de seguridad razonables) to protect the information; and to restrict access to employees, advisers, or subcontractors (subcontratistas) on a strict need-to-know basis, subject to equivalent confidentiality obligations.

Duration of Confidentiality: The period during which the confidentiality obligation applies — typically 2 to 5 years from disclosure, or for as long as the information qualifies as a trade secret under Ley 1/2019. Spanish courts applying Ley 1/2019 have held that perpetual confidentiality clauses are enforceable where the information retains economic value and the obligation does not restrict competition unreasonably under EU competition law (Articles 101–102 TFEU).

Remedies for Breach: The consequences of breach — right to seek injunctive relief (medidas cautelares) from the Juzgado de lo Mercantil under Articles 10–12 of Ley 1/2019; right to claim damages (daños y perjuicios) under Article 1101 of the Código Civil; right to seizure of infringing documents or products under Article 11 of Ley 1/2019; and the right to request publication of the court's decision. A liquidated damages clause (cláusula penal) under Article 1152 of the Código Civil may be included as a pre-estimated damages amount for breach.

Return or Destruction of Information: Obligation to return or certifiably destroy all confidential information and copies upon request or at the end of the permitted purpose, with written confirmation of destruction.

Data Protection: Where personal data is shared, compliance with Reglamento (UE) 2016/679 (GDPR) and Ley Orgánica 3/2018 (LOPDGDD) must be addressed — identifying the processing purpose, legal basis, data categories, and the parties' respective roles as data controller or data processor. The Agencia Española de Protección de Datos (AEPD) at aepd.es supervises GDPR compliance in Spain.

Governing Law and Jurisdiction: Spanish law, specifically the Ley 1/2019 de Secretos Empresariales and the Código Civil, with jurisdiction of the Juzgados de lo Mercantil for trade secret and unfair competition claims, or the Juzgados de Primera Instancia for general contractual disputes.

Forms-legal.com provides this Non-Disclosure Agreement Spain template as a starting point for standard commercial confidentiality arrangements. Complex NDAs — particularly those involving M&A due diligence, financial data, or internationally operating parties — should be reviewed by a qualified abogado specialising in mercantile law (derecho mercantil) or data protection.

Under the Ley de Sociedades de Capital (LSC) RDL 1/2010, the Registro Mercantil maintains the register of Spanish companies. The Código de Comercio 1885 governs commercial obligations. The Agencia Estatal de Administración Tributaria (AEAT) administers Impuesto sobre Sociedades (IS) under Ley 27/2014. The Comisión Nacional de los Mercados y la Competencia (CNMC) enforces competition law. The Código Civil governs general contractual obligations under Article 1255.