Confidentiality Agreement (Malaysia)
CONFIDENTIALITY AGREEMENT
Trade Secrets Act 2023 (Act 830) | Contracts Act 1950 (Act 136) | Personal Data Protection Act 2010 (Act 709)
THIS CONFIDENTIALITY AGREEMENT is entered into on [Agreement Date]
BETWEEN:
(1) [Disclosing Party Name], of [Disclosing Party Address] (hereinafter referred to as the "Disclosing Party"); AND
(2) [Receiving Party Name], of [Receiving Party Address] (hereinafter referred to as the "Receiving Party").
The Disclosing Party and the Receiving Party are hereinafter collectively referred to as "the Parties".
BACKGROUND
The Parties wish to explore [Permitted Purpose] (the "Purpose") and, in connection with the Purpose, the Disclosing Party may disclose Confidential Information to the Receiving Party. The Parties intend that this Agreement shall govern the disclosure and use of such Confidential Information.
1. DEFINITIONS
1.1 "Confidential Information" means all information disclosed by the Disclosing Party to the Receiving Party in connection with the Purpose, including without limitation [Information Description], and any trade secrets as defined under the Trade Secrets Act 2023 (Act 830) of Malaysia, whether disclosed orally, in writing, in electronic form, or by any other means.
1.2 "Confidential Information" does not include information that: (a) is or becomes publicly available without breach of this Agreement by the Receiving Party; (b) was already known to the Receiving Party before disclosure under this Agreement, as evidenced by pre-existing records; (c) is independently developed by the Receiving Party without use of or reference to the Confidential Information; or (d) is required to be disclosed by Malaysian law, a court of competent jurisdiction, or a directive of a regulatory authority including the Securities Commission Malaysia or Bank Negara Malaysia, provided the Receiving Party promptly notifies the Disclosing Party of the disclosure obligation before complying.
2. OBLIGATIONS OF THE RECEIVING PARTY
2.1 The Receiving Party shall: (a) keep the Confidential Information strictly confidential; (b) use the Confidential Information solely for the Purpose; (c) not disclose the Confidential Information to any third party without the prior written consent of the Disclosing Party; and (d) protect the Confidential Information with at least the same degree of care as it uses for its own confidential information, and in any event with no less than reasonable care.
2.2 The Receiving Party may disclose Confidential Information only to its officers, employees, directors, and professional advisers who: (a) have a legitimate need to know for the Purpose; and (b) are bound by written confidentiality obligations at least as protective as this Agreement.
2.3 The Receiving Party shall, upon written request by the Disclosing Party or upon expiry or termination of this Agreement, promptly return or securely destroy all Confidential Information and any copies, summaries, or extracts thereof.
3. DURATION
3.1 The confidentiality obligations under this Agreement shall commence on the date of this Agreement and shall continue for a period of [Confidentiality Period] years from the date of the last disclosure of Confidential Information under this Agreement.
3.2 Notwithstanding the above, obligations with respect to information that constitutes a trade secret under the Trade Secrets Act 2023 (Act 830) shall remain in force for as long as the information retains its secret character, without limitation of time.
4. REMEDIES
4.1 The Receiving Party acknowledges that any breach of this Agreement would cause irreparable harm to the Disclosing Party for which damages alone would be an inadequate remedy. The Disclosing Party shall be entitled to seek: (a) emergency injunctive relief from the High Court of Malaya under Order 29 of the Rules of Court 2012; (b) damages including exemplary damages for deliberate misappropriation under the Trade Secrets Act 2023 (Act 830); (c) an order for delivery up or destruction of all Confidential Information; and (d) an account of profits.
5. GENERAL PROVISIONS
5.1 This Agreement is governed by the laws of [Governing Jurisdiction], including the Trade Secrets Act 2023 (Act 830), the Contracts Act 1950 (Act 136), and the Personal Data Protection Act 2010 (Act 709).
5.2 Any dispute arising out of or in connection with this Agreement shall be resolved by [Dispute Resolution].
5.3 Stamp duty of RM10 at a fixed rate under the Stamp Act 1949 (Act 378) should be paid to make this Agreement admissible in Malaysian courts.
5.4 This Agreement constitutes the entire agreement between the Parties regarding confidentiality and supersedes all prior discussions and understandings on the subject matter hereof.
Disclosing Party
________________
Signature
Receiving Party
________________
Signature
What Is a Confidentiality Agreement (Malaysia)?
A Confidentiality Agreement in Malaysia binds the parties to keep specified information confidential and limits its disclosure to authorised recipients. It restricts disclosure and use of designated confidential information between the disclosing and receiving parties.
Prior to the enactment of Act 830, confidentiality was protected in Malaysia primarily through common law breach of confidence principles derived from English equity, as applied by the Federal Court of Malaysia and the Court of Appeal. The landmark English case of Coco v A N Clark (Engineers) Ltd [1969] RPC 41, adopted by Malaysian courts, established the three-part test for breach of confidence: the information must have the necessary quality of confidence, it must have been imparted in circumstances importing an obligation of confidence, and there must have been an unauthorised use causing detriment.
A Confidentiality Agreement in Malaysia is also relevant to the Personal Data Protection Act 2010 (Act 709), administered by the Personal Data Protection Commissioner (PDPC). Where confidential information includes personal data of Malaysian residents, the receiving party must comply with the seven data protection principles under Act 709, including the security principle requiring appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access.
Confidentiality obligations in employment contexts are supplemented by the Employment Act 1955 (Act 265) and the Industrial Relations Act 1967 (Act 177). The Industrial Court of Malaysia has held in multiple decisions — including Metal Box Ltd v Foo Moy Lin [1993] 1 ILR 1 — that an employee's duty of fidelity during employment prevents disclosure of the employer's trade secrets, even without an express NDA. Post-employment confidentiality restraints must be reasonable in scope and duration to be enforceable under Section 28 of the Contracts Act 1950, which renders agreements in restraint of trade void unless they fall within statutory exceptions.
The legal framework governing the Confidentiality Agreement (Malaysia) in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a Confidentiality Agreement (Malaysia) in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Contracts Act 1950 (Act 136) sets the foundational requirements.
When Do You Need a Confidentiality Agreement (Malaysia)?
A Confidentiality Agreement in Malaysia is required before sharing sensitive business information with any external party.
A Confidentiality Agreement is needed when a Malaysian company enters preliminary negotiations with a potential acquirer, investor, or joint venture partner and needs to share financial statements, customer data, and proprietary technology. Without an NDA executed before disclosure, the disclosing party relies solely on equitable breach of confidence, which is harder to enforce than contractual obligations under the Contracts Act 1950.
A Confidentiality Agreement is required when a technology company or software developer in Cyberjaya, Kuala Lumpur, or Penang engages a software development contractor or IT outsourcing firm under Malaysia Digital Economy Corporation (MDEC) programmes and needs to protect source code, algorithms, and system architecture.
A Confidentiality Agreement is needed when a manufacturer submits a product design, formula, or manufacturing process to a third-party supplier or testing laboratory for evaluation or quality assurance. Protection under the Trade Secrets Act 2023 (Act 830) requires that reasonable confidentiality steps be taken — an executed NDA is strong evidence of such steps.
A Confidentiality Agreement is required when a listed company on Bursa Malaysia discloses material non-public information to advisers, auditors, or underwriters in connection with a proposed corporate exercise, requiring compliance with Bursa Malaysia Securities Berhad Listing Requirements and Securities Commission Malaysia (SC) regulations on inside information.
A Confidentiality Agreement is needed when a Malaysian startup pitches to venture capital or private equity investors, sharing business plans, financial projections, and customer lists. The agreement should be signed before the pitch or data room access is granted.
A Confidentiality Agreement is required when healthcare providers, hospitals, or medical device companies share patient data or clinical trial results with research institutions or pharmaceutical partners, requiring compliance with both Act 709 (PDPA) and confidentiality provisions of the Private Healthcare Facilities and Services Act 1998 (Act 586).
What to Include in Your Confidentiality Agreement (Malaysia)
A Malaysia Confidentiality Agreement must include the following essential components to protect the disclosing party's confidential information effectively.
Parties and Structure: Identify the disclosing party and receiving party with SSM registration numbers. State whether the NDA is unilateral (one-way disclosure) or mutual (both parties disclose). For mutual NDAs, both parties carry identical obligations.
Definition of Confidential Information: Provide a thorough definition of what constitutes confidential information — trade secrets as defined under the Trade Secrets Act 2023 (Act 830), technical data, business plans, financial information, customer lists, pricing, and personal data protected under the Personal Data Protection Act 2010 (Act 709). Specify whether oral disclosures are covered and the procedure for confirming them in writing.
Permitted Purpose: Specify the sole permitted purpose for which the receiving party may use the confidential information — e.g., evaluating a proposed acquisition, exploring a joint venture, or fulfilling a specific project. Use outside the permitted purpose constitutes misuse under Act 830.
Exclusions from Confidentiality: Standard exclusions apply to information that: (a) is or becomes publicly available without breach of the agreement; (b) was already known to the receiving party before disclosure; (c) is independently developed without use of the confidential information; or (d) is required to be disclosed by Malaysian law, Bursa Malaysia Listing Requirements, or court order.
Obligations of the Receiving Party: The receiving party must limit disclosure to its employees, directors, and professional advisers on a need-to-know basis. Each employee or adviser given access must be bound by equivalent confidentiality obligations under their own contracts or by written undertakings.
Duration: Specify how long the confidentiality obligations survive after the agreement ends. For trade secrets under the Trade Secrets Act 2023, protection persists as long as the information retains its secret character. For commercially sensitive but time-limited information, 2-5 years is typical in Malaysian practice.
Remedies: Reference the Trade Secrets Act 2023 (Act 830) remedies — injunction, delivery up, and damages — and confirm the disclosing party's right to seek emergency injunctive relief from the High Court of Malaya without first going to arbitration.
Governing Law: Specify Malaysian law, the Trade Secrets Act 2023, and the Contracts Act 1950 as governing law.
Additional compliance elements for a Confidentiality Agreement (Malaysia) used in Malaysia include: Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Forms-legal.com provides this template as a starting point for Malaysia-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Confidentiality Agreement (Malaysia) (Malaysia) [Legal document template]. Forms Legal. https://forms-legal.com/malaysia/business/contracts/confidentiality-agreement-malaysia
"Confidentiality Agreement (Malaysia) (Malaysia)." Forms Legal, 2026, https://forms-legal.com/malaysia/business/contracts/confidentiality-agreement-malaysia.
@misc{formslegal-confidentiality-agreement-malaysia,
author = {{Forms Legal}},
title = {Confidentiality Agreement (Malaysia) (Malaysia)},
year = {2026},
howpublished = {\url{https://forms-legal.com/malaysia/business/contracts/confidentiality-agreement-malaysia}},
note = {Free legal document template. Based on Contracts Act 1950 (Act 136)}
}Also available for these jurisdictions:
Frequently Asked Questions
A Confidentiality Agreement is legally binding in Malaysia under the Contracts Act 1950 (Act 136) when it satisfies the standard elements of contract formation: offer, acceptance, consideration, free consent, lawful object, and parties competent to contract. Consideration for an NDA is typically the mutual exchange of information or an agreement to engage in business discussions. Since 1 March 2024, the Trade Secrets Act 2023 (Act 830) provides additional statutory protection for trade secrets, enabling the rightsholder to sue for misappropriation even without a written NDA — though a signed NDA significantly strengthens the legal position by providing clear evidence of the confidentiality obligation and the parties' consent to it. Stamp duty of RM10 at a fixed rate under the Stamp Act 1949 (Act 378) should be paid to make the agreement admissible in Malaysian courts.
The Trade Secrets Act 2023 (Act 830) is Malaysia's first dedicated trade secrets statute, which came into force on 1 March 2024. Enacted by Parliament, Act 830 defines a trade secret as information that has commercial value because it is kept secret and is subject to reasonable steps by the rightsholder to maintain its confidentiality. The Act creates a civil cause of action for misappropriation — unauthorised acquisition, use, or disclosure of a trade secret — and provides remedies including injunctions, delivery up or destruction of infringing materials, and damages (including exemplary damages). The High Court of Malaya has jurisdiction over trade secret claims. The Act aligns Malaysia's trade secret protection with TRIPS Agreement obligations under the World Trade Organization (WTO) and comparable legislation in Singapore (Official Secrets Act, common law) and the EU (Trade Secrets Directive 2016/943). Act 830 does not replace contractual NDAs — a written Confidentiality Agreement remains the most effective tool for defining what information is confidential and the scope of permitted use.
Post-employment confidentiality obligations in Malaysia are governed by the interplay of the Contracts Act 1950 (Act 136), Section 28 (restraint of trade), the Trade Secrets Act 2023 (Act 830), and Industrial Court decisions. Courts distinguish between two types of post-employment restrictions: obligations not to use or disclose trade secrets (which are enforceable without time limit under Act 830), and non-compete clauses preventing an employee from joining competitors (which are treated as restraints of trade under Section 28 of the Contracts Act 1950 and are generally void in Malaysia unless narrowly tailored). The Industrial Court and High Court have held that an employee may use general skill and knowledge acquired during employment, but cannot use the former employer's specific confidential information such as formulas, customer databases, or proprietary processes. An express NDA signed at the time of employment significantly strengthens the employer's position in post-employment disputes.
Where a Confidentiality Agreement in Malaysia covers personal data — including names, identification numbers, contact details, or any data relating to identifiable individuals — the receiving party must comply with the Personal Data Protection Act 2010 (Act 709). Act 709 is administered by the Personal Data Protection Commissioner (PDPC) under the Ministry of Communications and Digital. The seven principles of Act 709 — general, notice and choice, disclosure, security, retention, data integrity, and access — apply to any processing of personal data by commercial entities. The NDA should require the receiving party to: process personal data only for the permitted purpose; implement appropriate security measures; not transfer personal data outside Malaysia without compliance with Act 709's restrictions; and return or destroy personal data at the end of the confidential relationship. Breach of Act 709 can result in fines up to RM300,000 or imprisonment under Sections 130-134 of Act 709.
The duration of a Confidentiality Agreement in Malaysia depends on the nature of the information and the commercial context. For genuine trade secrets protected under the Trade Secrets Act 2023 (Act 830), confidentiality obligations should remain in force for as long as the information retains its secret character — there is no fixed expiry. For commercially sensitive but time-limited information (such as M&A negotiation details, project proposals, or pricing data), Malaysian practice typically provides for 2 to 5 years from the date of disclosure or the end of the business relationship. Where the NDA covers personal data, the Personal Data Protection Act 2010 (Act 709) imposes a retention limitation principle: personal data must not be retained longer than necessary for the purpose for which it was collected. Malaysian courts assess the reasonableness of confidentiality duration as part of the restraint of trade analysis under Section 28 of the Contracts Act 1950 for post-employment obligations.
The remedies available for breach of a Confidentiality Agreement in Malaysia are: (1) injunctive relief — the High Court of Malaya may grant an urgent interlocutory injunction under Order 29 of the Rules of Court 2012 to prevent ongoing or threatened disclosure, including on an ex parte basis in emergencies; (2) damages — including compensatory damages for financial loss and, under the Trade Secrets Act 2023 (Act 830), exemplary damages for deliberate misappropriation; (3) account of profits — where the defendant profited from the breach; (4) delivery up or destruction of documents and copies containing the confidential information; and (5) specific performance. Trade secret claims are brought under Act 830 in the High Court. Contractual breach of confidence claims are brought under the Contracts Act 1950. The Asian International Arbitration Centre (AIAC) in Kuala Lumpur also handles commercial NDA disputes under the AIAC Arbitration Rules 2023 for parties who have agreed to arbitration.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Due Diligence Report (Malaysia)
A Due Diligence Report template for Malaysia summarising findings from legal, financial, regulatory, and operational reviews of a target company or asset under the Companies Act 2016, Capital Markets and Services Act 2007, and Securities Commission Malaysia guidelines. Covers corporate status, litigation, regulatory licences, material contracts, and red flags for M&A transactions.
Investment Agreement (Malaysia)
An Investment Agreement for Malaysia between an investor and a company for equity or structured investment under the Companies Act 2016, the Capital Markets and Services Act 2007, and Securities Commission Malaysia (SC) guidelines. Covers subscription price, conditions precedent, investor rights (anti-dilution, pre-emption, board representation), and exit provisions.