Why Carve-Outs Are Essential
Even the most comprehensive NDA cannot — and should not — prohibit all disclosures of confidential information. There are situations where the law requires disclosure, where public safety demands it, or where business practicality necessitates sharing information with specific parties. NDA carve-outs address these situations by creating defined exceptions to the general confidentiality obligations.
Without proper carve-outs, the receiving party could face an impossible conflict between their NDA obligations and their legal duties. Courts also view NDAs without reasonable exceptions as overbroad, which can jeopardize enforceability of the entire agreement.
Legally Compelled Disclosures
Court Orders and Subpoenas
The most common carve-out covers disclosures required by court orders, subpoenas, or other legal process. If a court orders the receiving party to produce confidential information, they must comply regardless of the NDA. The carve-out formalizes this reality and establishes procedures for handling the situation.
Best practice provisions:
- Require the receiving party to promptly notify the disclosing party of any legal demand for confidential information (unless the notification itself is prohibited by law)
- Give the disclosing party the opportunity to seek a protective order or other legal remedy before disclosure occurs
- Require that only the minimum information necessary to comply with the legal demand be disclosed
- Require the receiving party to cooperate with the disclosing party's efforts to limit the scope of disclosure
Government Investigations
Regulatory agencies, law enforcement, and government investigators may request or demand confidential information. The NDA should allow disclosure to government bodies when legally required while still requiring notification and cooperation to limit the scope of disclosure.
Securities Regulations
Publicly traded companies have disclosure obligations under securities laws. If the confidential information becomes material to the company's securities filings, it may need to be disclosed. The NDA should acknowledge this obligation.
A carve-out for legally compelled disclosures does not make the information non-confidential. The information retains its confidential status even after compelled disclosure, and the receiving party must continue to treat it as confidential in all other contexts.
Regulatory and Compliance Carve-Outs
Industry-Specific Reporting
Many industries have mandatory reporting requirements that may involve sharing confidential information:
- Healthcare — Adverse event reporting, public health notifications, Medicare and Medicaid compliance
- Financial services — Suspicious activity reports, regulatory examinations, capital adequacy disclosures
- Environmental — Emissions reporting, hazardous materials disclosures, environmental impact assessments
- Energy — Safety incident reports, reliability compliance, rate filings
- Technology — Data breach notifications, cybersecurity incident reports
Tax Reporting
Tax authorities may require the disclosure of financial information that is covered by the NDA. Include a carve-out for disclosures to tax authorities as required by applicable law.
Audit Requirements
The receiving party may be subject to audits by regulatory bodies, independent auditors, or accreditation organizations. The NDA should allow disclosures necessary to comply with audit requirements while maintaining confidentiality to the extent possible.
Professional Advisor Carve-Outs
Attorneys
The receiving party may need to share confidential information with their attorneys for legal advice. Since attorneys are already bound by attorney-client privilege and professional ethical obligations, this carve-out carries minimal risk.
Accountants and Financial Advisors
Sharing confidential financial information with accountants and auditors is often necessary for compliance, financial reporting, and business planning. Include a carve-out for disclosures to professional financial advisors who are bound by their own professional confidentiality obligations.
Bankers and Financing Sources
If the receiving party needs to share information with lenders or potential financing sources, a carve-out for this purpose is common, particularly in M&A and investment contexts. Require that the financing sources execute their own confidentiality agreements before receiving any information.
For professional advisor carve-outs, require that the advisors be bound by their own professional confidentiality obligations or sign a separate NDA. This creates a chain of confidentiality protection that extends to every party who accesses the information.
Whistleblower and Public Interest Carve-Outs
Defend Trade Secrets Act Immunity
Federal law provides immunity for individuals who disclose trade secrets to government officials or attorneys for the purpose of reporting suspected violations of law. Employee NDAs must include notice of this immunity or the employer loses certain legal remedies.
SEC Whistleblower Protections
The Securities and Exchange Commission provides protections and financial incentives for individuals who report securities violations. NDAs cannot restrict these disclosures.
State Whistleblower Laws
Many states have their own whistleblower protection laws that may apply to NDA relationships. The NDA should not conflict with these protections.
Public Health and Safety
Disclosures necessary to protect public health or safety should always be permitted, regardless of NDA terms. This is particularly important in industries like healthcare, food production, manufacturing, and transportation.
Internal Disclosures
Need-to-Know Employees
The receiving party typically needs to share confidential information with their own employees who need the information to fulfill the purpose of the NDA. Include a carve-out for internal disclosures on a need-to-know basis, with the requirement that those employees are bound by confidentiality obligations at least as protective as the NDA.
Board Members and Officers
In corporate settings, the receiving party may need to share confidential information with board members and officers for governance and decision-making purposes. This carve-out should require that recipients be informed of the confidential nature of the information.
Affiliated Entities
If the receiving party has subsidiaries or parent companies that need access to the information, a carve-out for affiliated entities may be appropriate, with appropriate confidentiality safeguards.
Drafting Effective Carve-Outs
Specificity
Carve-outs should be specific about what is permitted and under what conditions. Vague carve-outs create uncertainty and potential disputes.
Conditions and Procedures
Attach conditions to each carve-out. For example, the legally compelled disclosure carve-out should include notification requirements, cooperation obligations, and minimum-disclosure limitations.
Continuing Obligations
Make clear that a carve-out permits disclosure in a specific context but does not make the information non-confidential. The information retains its confidential status for all other purposes.
Balance
Include enough carve-outs to make the NDA practical and enforceable, but not so many that the confidentiality obligations are undermined. Each carve-out should serve a legitimate purpose.
Create Your NDA with Proper Carve-Outs
PactDraft generates NDAs with all appropriate carve-outs built in, tailored to your industry and situation. The platform ensures your agreement includes necessary exceptions for legal compliance, professional advisors, and regulatory requirements — while maintaining strong core confidentiality protections. Generate your customized NDA today.