Non-Disclosure Agreement (Malaysia)

A Non-Disclosure Agreement (NDA) in Malaysia is a legally binding contract under the Contracts Act 1950 by which one or both parties agree to keep designated information confidential and refrain from disclosing it to third parties without authorisation. The Contracts Act 1950, which governs the formation and enforcement of contracts throughout Malaysia, provides the foundational framework for NDA enforceability — requiring offer, acceptance, consideration, and the capacity of parties under Section 10 of the Act.

Malaysian NDAs are commonly deployed in commercial transactions, employment relationships, technology licensing, joint ventures, and merger and acquisition due diligence processes. The disclosing party (owner of the confidential information) may be an individual, a company registered with the Companies Commission of Malaysia (Suruhanjaya Syarikat Malaysia, or SSM) under the Companies Act 2016, or a limited liability partnership registered under the Limited Liability Partnerships Act 2012. The receiving party undertakes not to use the information beyond the agreed purpose and not to disclose it except to authorised personnel.

Malaysian courts, including the High Court of Malaya (Kuala Lumpur) and the Court of Appeal, have consistently upheld NDAs as enforceable contracts where the confidential information is clearly identified and the restraint is reasonable in scope and duration. In Forefront Medical Technology (Pte) Ltd v Modern-Pak Pte Ltd [2006], the court affirmed that obligations of confidentiality arising from both express contracts and equity are enforceable. Malaysian courts also recognise the equitable doctrine of breach of confidence, derived from the common law principle established in Coco v AN Clark (Engineers) Ltd [1969], allowing relief even absent a written agreement.

The Personal Data Protection Act 2010 (PDPA 2010) intersects with NDAs when the confidential information constitutes personal data of individuals. Under PDPA 2010, Section 6, personal data may only be processed with the consent of the data subject or for specified lawful purposes. An NDA that involves sharing personal data must be read alongside PDPA 2010 obligations and should specify compliance requirements for both parties.

Under Malaysian law, a unilateral NDA binds only the receiving party, while a mutual NDA (also called a bilateral NDA) imposes confidentiality obligations on both parties. NDAs do not require stamp duty under the Stamp Act 1949 as a condition of validity, but instruments may be stamped for evidentiary purposes. For the NDA to be enforceable in Malaysian courts, the subject matter of confidentiality must have the necessary quality of confidence — meaning it must not be information that is already in the public domain or generally known in the relevant industry.

The legal framework governing the Non-Disclosure Agreement (Malaysia) in Malaysia draws on several key statutes and regulatory bodies. Under Malaysian law, the Contracts Act 1950 (Act 136) governs contractual obligations. The Companies Act 2016 (Act 777) regulates corporate entities through the Companies Commission of Malaysia (SSM). The Employment Act 1955 (Act 265) and the Department of Labour govern employment matters. The Personal Data Protection Act 2010 (Act 709) and the Personal Data Protection Department protect personal data. The Inland Revenue Board of Malaysia (LHDN) administers tax obligations. The Industrial Court adjudicates employment disputes under the Industrial Relations Act 1967 (Act 177). Parties executing a Non-Disclosure Agreement (Malaysia) in Malaysia should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Contracts Act 1950 (Act 136) sets the foundational requirements.

A Non-Disclosure Agreement in Malaysia is needed whenever a party discloses sensitive business information to another party and requires legal protection against unauthorised use or disclosure.

An NDA is required when a technology company shares source code, algorithms, or software architecture with a potential investor or development partner during due diligence. Without an executed NDA, the developer has no contractual remedy if the recipient uses the disclosed technology to compete or shares it with third parties — the equitable doctrine of confidence alone may not cover all situations.

An NDA is needed when a Malaysian company registered with SSM under the Companies Act 2016 engages in merger or acquisition discussions, share purchase negotiations, or asset sale due diligence. The data room materials — financial statements, customer lists, supplier contracts — constitute highly sensitive commercial information that must be protected before any legally binding transaction agreement is signed.

An NDA is required when an employer in Malaysia hires a new employee who will have access to trade secrets, proprietary manufacturing processes, client databases, or pricing strategies. While Section 13 of the Employment Act 1955 imposes implied duties of fidelity, an express written NDA provides clearer contractual terms and a wider scope of protection beyond the employment period.

An NDA is needed when a Malaysian entrepreneur pitches a business concept, invention, or creative work to a potential business partner, licensee, or investor. Without written confidentiality protection, the recipient could legally adopt the idea if it was not already protected by intellectual property rights under the Patents Act 1983, the Copyright Act 1987, or the Trade Marks Act 2019.

An NDA is required when a medical practice, hospital, or healthcare provider shares patient data or clinical research findings with a pharmaceutical company or research institution. Both the PDPA 2010 and professional codes of conduct under the Medical Act 1971 impose confidentiality obligations, and an NDA formalises these in the commercial context.

An NDA is needed when a Malaysian company outsources software development, data processing, or professional services to a third-party vendor. The vendor will inevitably access internal systems, data, and operational information that constitutes confidential business information requiring contractual protection.

A valid and enforceable Non-Disclosure Agreement in Malaysia must contain the following essential elements.

Identification of Parties: The NDA must state the full legal names, registration numbers (for companies registered with SSM under the Companies Act 2016), and addresses of both the disclosing party and the receiving party. Section 10 of the Contracts Act 1950 requires parties to be competent to contract — of the age of majority (18 years under the Age of Majority Act 1971), of sound mind, and not disqualified from contracting by any law.

Definition of Confidential Information: The NDA must precisely define what constitutes confidential information — whether by category (financial data, technical specifications, customer lists, trade secrets) or by marking convention (documents stamped 'Confidential'). An overly broad definition may be struck down as an unreasonable restraint of trade under Section 28 of the Contracts Act 1950, which voids agreements in restraint of trade except in limited circumstances.

Confidentiality Obligations: The receiving party's obligations must be clearly stated — to hold the information in confidence, use it only for the specified purpose, disclose it only to authorised personnel, and return or destroy it upon request. The standard of care required (typically the same degree of care the receiving party uses for its own confidential information) should be specified.

Permitted Disclosures and Exclusions: The NDA must specify categories of information excluded from confidentiality — information already in the public domain, information independently developed by the receiving party, information received from a third party without restriction, and information required to be disclosed by law, court order, or regulation by Bank Negara Malaysia, the Securities Commission Malaysia (SC), or Bursa Malaysia.

Purpose of Disclosure: The NDA must state the specific purpose for which the confidential information is disclosed — for example, evaluating a potential joint venture, assessing a licensing arrangement, or conducting due diligence for a share acquisition under the Companies Act 2016.

Duration and Term: The NDA must specify the duration of the confidentiality obligation. Malaysian courts will uphold reasonable time limits, typically two to five years for commercial NDAs, though trade secrets may warrant indefinite protection. The term should begin from the date of disclosure or the date of the agreement.

Remedies and Governing Law: The NDA should state that breach will cause irreparable harm entitling the disclosing party to seek injunctive relief from the High Court of Malaya under Order 29 of the Rules of Court 2012, without the need to prove actual damage. The agreement should specify that it is governed by the laws of Malaysia and that disputes will be resolved in the courts of Malaysia or by arbitration under the Arbitration Act 2005 before the Asian International Arbitration Centre (AIAC).

Signatures and Execution: For a company, execution must comply with Section 66 of the Companies Act 2016 — signed by two directors, or one director and the company secretary, or under the common seal. For an LLP, execution is by two or more partners or an authorised partner under the Limited Liability Partnerships Act 2012. The forms-legal.com Non-Disclosure Agreement (Malaysia) template covers the mandatory elements under Contracts Act 1950 (Act 136).