Non-Disclosure Agreement (Ireland)

A Non-Disclosure Agreement in Ireland binds the parties to keep specified information confidential and limits how it may be used or disclosed, under the framework of the Trade Secrets Directive (EU 2016/943, transposed). It restricts disclosure and use of designated confidential information between the disclosing and receiving parties.

NDAs in Ireland are enforceable as a matter of general contract law — they are binding provided they satisfy the essential requirements of a valid contract: offer and acceptance, consideration, certainty of terms, and an intention to create legal relations. In addition to the contractual framework, the common law of confidence — a body of equitable principles developed by the Irish and English courts — provides independent protection for confidential information disclosed in circumstances importing an obligation of confidence, even in the absence of a written agreement.

The European Union (Protection of Trade Secrets) Regulations 2018 (S.I. No. 188 of 2018), implementing the EU Trade Secrets Directive (Directive (EU) 2016/943), introduced a statutory framework for the protection of trade secrets in Ireland that supplements the common law of confidence and the contractual protections provided by NDAs. Under the 2018 Regulations, information qualifies as a trade secret if it is confidential, has commercial value because of its secrecy, and has been subject to reasonable steps to maintain its confidentiality — of which an NDA is a key example.

In the employment context, NDAs are commonly used to protect confidential information and trade secrets both during and after employment. Post-employment confidentiality obligations are enforceable in Ireland only to the extent they protect genuine trade secrets and are reasonable in scope — overly broad restrictions that prevent an employee from using their general skills and knowledge are void as restraints of trade under Irish law.

For NDAs involving personal data — for example, where a party discloses a customer database or employee records under an NDA — the GDPR (Regulation (EU) 2016/679) and the Data Protection Acts 1988 to 2018 also apply, requiring appropriate data protection safeguards to be in place. Irish courts have jurisdiction to grant injunctions (including urgent ex parte injunctions), award damages or an account of profits, and order delivery up of confidential materials for breach of NDA. The High Court and the Commercial Court are the appropriate courts for significant NDA breach claims in Ireland. The leading Irish case on breach of confidence is House of Spring Gardens v Point Blank Ltd [1984] IR 611, in which the Irish courts affirmed the equitable jurisdiction to restrain breach of confidence. In the Irish business context, the use of NDAs has grown significantly with the expansion of the technology sector, intellectual property licensing, and cross-border commercial activity.

An important limitation on NDA enforceability in Ireland arises from the Protected Disclosures (Amendment) Act 2022 (commenced 1 January 2023), which implemented the EU Whistleblower Directive (Directive (EU) 2019/1937). An NDA cannot be used to prevent a worker from making a protected disclosure to the appropriate regulatory authority, reporting a criminal offence, or disclosing information about a health and safety risk. Section 10 of the 2022 Act renders void any contractual term — including confidentiality clauses and NDAs — that purports to prohibit or restrict a worker from making a protected disclosure. Employers with 50 or more employees are required to establish formal internal reporting channels under the 2022 Act, and any attempt to use an NDA to suppress a protected disclosure may give rise to criminal liability under section 20 of the Act.

Irish startups — many supported by Enterprise Ireland, Science Foundation Ireland, and the Innovation Hubs at Irish universities — rely heavily on NDAs to protect novel business concepts, proprietary software architectures, and product designs during investor negotiations, partnership discussions, and technology licensing processes. The Irish start-up ecosystem actively encourages the use of proper IP protection instruments, including NDAs, as an essential component of the commercialisation of research and innovation. A well-drafted NDA that is proportionate in scope, duration, and coverage provides the strongest foundation for commercial relationships built on trust and clearly documented confidentiality obligations.

An Irish NDA is needed whenever a party wishes to share commercially sensitive, proprietary, or confidential information with another party and wants to confirm that the recipient is legally bound to keep that information secret and to use it only for the agreed purpose.

You need an NDA when you are: disclosing confidential business information, financial data, or trade secrets to a prospective investor, purchaser, or business partner as part of due diligence or pre-contract negotiations; sharing a business plan, product concept, invention, or technical know-how with a potential co-developer, licensee, or manufacturer; engaging a consultant, contractor, or freelancer who will have access to your clients, proprietary systems, processes, or commercially sensitive data; hiring a new employee who will have access to confidential information — for example, client lists, pricing strategies, product roadmaps, or proprietary formulas — and wanting a confidentiality obligation in their employment contract; entering into a merger, acquisition, or joint venture and sharing confidential information with the counterparty during the due diligence process; providing access to your software source code, technical specifications, or product designs to a developer, manufacturer, or technology partner; or disclosing confidential settlement terms that you wish to remain private — in which case a confidential settlement agreement (with an NDA element) is appropriate.

An NDA is particularly important in the early stages of a business relationship — before a formal contract has been agreed and executed — when information is being shared to assess whether the parties wish to proceed. At this stage, the parties may not yet be committed to a full commercial relationship, but the disclosing party is vulnerable to the information being misused or shared with competitors. An NDA provides legal protection during this sensitive period.

An NDA should be put in place before confidential information is disclosed — retrospective NDAs (entered into after disclosure) are effective but create a gap in protection. An Irish solicitor can advise on the appropriate type of NDA (mutual or one-way) and the scope of protection needed for the specific information to be shared.

For Irish employers, a carefully drafted confidentiality clause in the employment contract is the primary contractual mechanism for protecting trade secrets and confidential information during and after the employment relationship. Post-employment confidentiality obligations are enforceable in Ireland to the extent they protect genuine trade secrets and are reasonable in scope and duration — courts will not enforce restrictions that prevent a former employee from using their general skills and knowledge acquired during employment (the rule against unreasonable restraints of trade). In sensitive sectors such as pharmaceuticals, technology, and financial services, the NDA or confidentiality clause should be one element of a broader information security strategy that includes role-based access controls, employee training, and strong IT security measures.

Under the Companies Act 2014, the Companies Registration Office (CRO) maintains the register of Irish companies. Section 343 of the Companies Act 2014 sets annual confirmation obligations. The Competition and Consumer Protection Commission (CCPC) enforces the Consumer Rights Act 2022. The Central Bank of Ireland regulates financial services under the Central Bank Act 1971. The High Court of Ireland has jurisdiction under Section 212 of the Companies Act 2014.

A thorough Irish NDA should include the following essential provisions.

The parties clause identifies the disclosing party (or parties, in a mutual NDA) and the receiving party by full legal name, address, and (for companies) CRO number and registered office. It should clarify whether the NDA is mutual (both parties disclose confidential information) or one-way (only one party discloses).

The purpose clause states the specific purpose for which the confidential information is being disclosed — for example, to evaluate a potential acquisition, to assess a product licensing opportunity, or to engage the recipient as a service provider. This prevents the receiving party from using the information for any purpose other than the stated one.

The definition of confidential information clause is one of the most critical provisions. It defines what information is covered by the NDA — typically all non-public information relating to the disclosing party's business, operations, technology, customers, and finances, whether in written, oral, electronic, or any other form. Common carve-outs from the definition include information that is or becomes publicly available through no breach of the NDA, information already known to the recipient before disclosure, information independently developed by the recipient, and information received from a third party without restriction.

The confidentiality obligations clause specifies what the receiving party must do: keep the confidential information strictly confidential; not disclose it to any third party without the disclosing party's prior written consent; use it only for the stated purpose; and protect it using the same degree of care the receiving party uses to protect its own confidential information (and in any event, not less than reasonable care).

The permitted disclosures clause specifies the limited circumstances in which disclosure is permitted — for example, disclosure to the receiving party's employees, directors, advisers, and professional representatives who need to know the information for the permitted purpose, subject to equivalent confidentiality obligations. Disclosure required by law, court order, or regulatory authority should also be addressed — requiring the receiving party to give notice to the disclosing party before making such a disclosure where possible.

The trade secrets clause acknowledges that certain confidential information may constitute a trade secret within the meaning of the European Union (Protection of Trade Secrets) Regulations 2018, and that the obligations in respect of trade secrets continue for as long as the information remains a trade secret — not merely for the term of the NDA.

The GDPR clause (where personal data is included in the confidential information) confirms that any personal data shared under the NDA will be processed in compliance with the GDPR and the Data Protection Acts 1988 to 2018, and that each party will implement appropriate technical and organisational security measures.

The term clause specifies the duration of the confidentiality obligations — typically two to five years for general confidential information, with a longer or indefinite period for trade secrets.

The remedies clause confirms that breach of the NDA would cause irreparable harm entitling the disclosing party to seek injunctive relief without the need to prove actual damage, in addition to any other remedies available under Irish law.

The governing law clause confirms that the NDA is governed by Irish law and that disputes are subject to the exclusive jurisdiction of the Irish courts. The forms-legal.com Non-Disclosure Agreement (Ireland) template covers the mandatory elements under Trade Secrets Directive (EU 2016/943, transposed).

An Irish Non-Disclosure Agreement (NDA) draws its legal force from three complementary sources of law, each of which imposes distinct obligations and provides distinct remedies.

The foundation of NDA protection in Ireland is the common law doctrine of breach of confidence, confirmed by the Irish courts in House of Spring Gardens Ltd v Point Blank Ltd [1984] IR 611. In that landmark decision, the Supreme Court affirmed that the Irish courts possess equitable jurisdiction to restrain the use or disclosure of confidential information, and that this jurisdiction operates independently of any written contractual obligation. The court set out three requirements for an obligation of confidence to arise: the information must have the necessary quality of confidence (it must not be publicly known); the information must have been communicated in circumstances importing an obligation of confidence; and there must be an actual or threatened unauthorised use or disclosure of the information. Where these requirements are met, the court may grant an injunction, award equitable compensation, and order delivery up of confidential documents. The House of Spring Gardens authority remains the leading Irish statement of the common law of confidence and is regularly applied by the High Court and Commercial Court in confidentiality disputes.

A second pillar of NDA protection is provided by the European Union (Protection of Trade Secrets) Regulations 2018 (S.I. No. 188 of 2018), which transposed the EU Trade Secrets Directive (Directive (EU) 2016/943) into Irish law. The 2018 Regulations provide a statutory framework for the protection of information that qualifies as a trade secret — that is, information that is not generally known, has commercial value by virtue of its secrecy, and has been subject to reasonable steps by the holder to keep it secret (Regulation 2). An NDA is one of the key mechanisms by which a trade secret holder demonstrates that reasonable steps have been taken — without an NDA, the holder may face difficulty proving that confidential information disclosed to a third party was genuinely intended to be secret. Regulation 4 makes the acquisition, use, or disclosure of a trade secret unlawful where carried out in breach of a confidentiality agreement. The Regulations provide civil remedies including injunctions, corrective measures, damages (including lost profits and unjust enrichment), and the publication of judicial decisions.

The third pillar is the Protected Disclosures (Amendment) Act 2022, which sets a critical outer boundary on NDA enforceability. Section 10 of the 2022 Act renders void any contractual term that purports to prevent a worker from making a protected disclosure — meaning that no NDA can validly suppress a report of wrongdoing to a regulatory authority. Every Irish NDA should include a carve-out confirming that its confidentiality obligations do not restrict the right to make a protected disclosure under the 2022 Act, to avoid any argument that the NDA is void for attempting to do so.

Post-employment confidentiality restrictions in NDAs must also satisfy the restraint-of-trade doctrine. The High Court, following the principles established in the leading Irish case on restraint of trade, will strike down post-employment restrictions — including confidentiality obligations — that are wider than reasonably necessary to protect a legitimate business interest. The decision in Murgitroyd & Company Ltd v Purdy [2005] IEHC 159 confirmed that Irish courts will assess the reasonableness of restraint of trade clauses in the employment context by reference to the employer's legitimate business interest, the scope and duration of the restriction, and the public interest in free competition. Any NDA that purports to prevent a former employee from using their general professional skills or knowledge — as opposed to protecting genuine trade secrets — risks being struck down as an unreasonable restraint of trade.

An Irish Non-Disclosure Agreement appears deceptively simple, but errors in its drafting, scope, or implementation lead to enforcement failures, unnecessary litigation, or invalidity. The following mistakes are among the most common encountered in commercial practice in Ireland.

1. Defining confidential information too broadly, making the NDA effectively unenforceable. An NDA that defines confidential information as 'all information disclosed by either party' without any qualification or carve-out is likely to be challenged as unconscionably broad — capturing information already in the public domain, general business knowledge, and the receiving party's own independently developed ideas. Under Irish contract law, a court may decline to enforce an overly broad NDA on the basis that it operates as an unreasonable restraint. The correct approach is to define confidential information with sufficient precision to capture the genuinely sensitive information being shared, while including the standard carve-outs for publicly known information, prior knowledge, and independent development.

2. Failing to carve out protected disclosures, risking invalidity of the entire NDA. Section 10 of the Protected Disclosures (Amendment) Act 2022 renders void any contractual term that purports to prohibit or restrict a worker from making a protected disclosure. An NDA between an employer and an employee (or contractor) that does not include an express carve-out for protected disclosures is at risk of being void in its entirety, or of exposing the employer to liability under the Protected Disclosures Acts 2014-2022 if the worker is discouraged from reporting wrongdoing. The correct approach is to include a standard whistleblowing carve-out clause in every employment-related NDA.

3. Using a mutual NDA where a one-way NDA is appropriate, or vice versa. Mutual NDAs — where both parties assume confidentiality obligations — are appropriate where both parties are sharing sensitive information. Where only one party is disclosing confidential information (for example, where a business is pitching its product concept to a potential investor), a one-way NDA is more appropriate. Using a mutual NDA in a one-way disclosure situation may create confidentiality obligations on the disclosing party in respect of information it receives from the other party, which may not be intended. The correct approach is to match the type of NDA to the commercial reality of the information exchange.

4. Not specifying the purpose of disclosure, allowing the recipient to use information beyond the intended scope. An NDA that does not clearly define the purpose for which confidential information is disclosed — and restrict the recipient's right to use the information to that purpose only — gives the recipient the flexibility to argue that they are entitled to use the information for any business purpose. The correct approach is to specify the purpose (for example, 'to evaluate a potential acquisition of the disclosing party's business') and expressly prohibit any other use.

5. Omitting an obligation to return or destroy confidential materials on termination. Many NDAs address the obligations of the receiving party during the term but fail to address what happens to confidential materials after the relationship ends. A recipient who retains copies of confidential documents, databases, or technical specifications after the NDA has terminated continues to hold the disclosing party's information without any clear obligation, increasing the risk of misuse. The correct approach is to include a return or destruction clause requiring the recipient to return or certify the destruction of all confidential materials on termination, and to extend the obligation to electronic copies.

6. Relying on a vague or inadequate remedies clause, weakening the case for injunctive relief. When seeking an emergency injunction to restrain a threatened breach of an NDA, the applicant must satisfy the High Court that there is a serious question to be tried, that damages would not be an adequate remedy, and that the balance of convenience favours the grant of the injunction. An NDA that does not expressly acknowledge that breach would cause irreparable harm — or that expressly limits remedies to damages — may weaken the applicant's case for injunctive relief. The correct approach is to include a remedies clause that acknowledges the irreparable nature of a breach and expressly confirms the disclosing party's right to seek injunctive relief, consistent with the principles affirmed in House of Spring Gardens Ltd v Point Blank Ltd [1984] IR 611.

7. Setting confidentiality obligations of the same duration for both general confidential information and trade secrets. Under the European Union (Protection of Trade Secrets) Regulations 2018, trade secret obligations persist for as long as the information retains the quality of a trade secret — there is no fixed time limit. An NDA that subjects trade secret information to the same finite confidentiality term as general confidential information (for example, a three-year confidentiality obligation) effectively limits trade secret protection in a way that is unnecessary and disadvantageous to the disclosing party. The correct approach is to include a tiered confidentiality provision: a defined term for general confidential information, and an indefinite obligation for information that meets the definition of a trade secret under the 2018 Regulations.

8. Not addressing the position of affiliates and professional advisers who may need access to the information. An NDA that restricts disclosure strictly to the receiving party — without authorising disclosure to the receiving party's employees, directors, legal advisers, financial advisers, and accountants who need to know the information for the permitted purpose — creates practical difficulties for the receiving party in conducting due diligence or managing the relationship. The correct approach is to include a permitted disclosure clause that authorises disclosure to advisers subject to equivalent confidentiality obligations, and to require the receiving party to require that those advisers comply.

9. Using an NDA without first verifying that the information to be shared actually qualifies for protection. An NDA cannot protect information that is already publicly available at the time of disclosure — no contractual obligation can compel a recipient to treat publicly known facts as confidential. Businesses that enter into NDAs without first auditing whether their confidential information is genuinely secret — for example, by checking whether similar technical know-how has been published in patent applications, academic papers, or product documentation — may find that their NDA provides no practical protection. The correct approach is to conduct a pre-NDA confidentiality audit to confirm that the information to be disclosed has the necessary quality of confidence.

10. Failing to execute the NDA before confidential information is shared. Many businesses begin sharing confidential information informally — in emails, conversations, or presentations — before an NDA has been signed, intending to finalise the documentation later. A gap in NDA coverage creates a period during which the disclosing party has no contractual protection for information already shared. While the common law of confidence may provide some protection in the absence of a written agreement (under the principles in House of Spring Gardens Ltd v Point Blank Ltd [1984] IR 611), relying on the equitable jurisdiction is more expensive and uncertain than enforcing a signed NDA. The correct approach is to execute the NDA before any confidential information is disclosed, and to confirm in the NDA whether it covers any information shared prior to its execution.