Confidentiality · NDA in M&A

Confidentiality: what really works

Why confidentiality agreements (NDAs) in M&A are not enough — and how to truly protect your information

In a financing project, a fundraising round, a merger and acquisition (M&A) or a business sale process, signing a non-disclosure agreement (NDA) is almost systematic. Yet in practice, NDAs do not really protect strategic information.

What is an NDA? Why insufficient Should you keep them? Truly protect
Secure my deal Our method

In a financing project, a fundraising round, a merger and acquisition (M&A) or a business sale process, signing a non-disclosure agreement (NDA) is almost systematic. This legal document is generally the first formal exchange between the parties before sharing sensitive information.

Yet in practice, NDAs do not really protect strategic information. Why are these agreements often insufficient? And above all, what measures should be put in place to effectively protect your confidential data during an M&A or financing process? That is what we will study.

What is a non-disclosure agreement (NDA)?

An NDA (Non-Disclosure Agreement) is a legal contract aimed at protecting the confidential information exchanged between two parties.

In an M&A or financing context, it is generally signed between:

  • a disclosing party (the company that shares information)
  • a receiving party (investor, potential buyer, adviser, etc.)

A confidentiality agreement is generally a document of 1 to 20 pages that defines several key elements:

1

The parties involved

The contract specifies the identity of the parties and their role in the exchange of information. In some cases, both parties exchange information; in other cases, only one party shares confidential data.

2

The definition of confidential information

The NDA specifies which information is protected. In general, public information is explicitly excluded from the scope of confidentiality. The protected information may include:

  • financial data
  • strategy
  • commercial data
  • customer information
  • intellectual property
  • data related to a financing or sale transaction
3

The duration of the agreement

An NDA is not eternal. In practice, the duration is often limited and it rarely exceeds 5 years.

4

The absence of an obligation to share

An important point: the NDA does not oblige anyone to share information. It simply creates the possibility to do so within a secure framework.

5

The sanctions in case of breach

The contract generally provides for financial sanctions and legal liabilities if a party does not respect its confidentiality obligations.

Why NDAs do not really protect

Despite their legal importance, confidentiality agreements are often not very effective in practice.

1

Because people do not always respect them

In reality, information can circulate despite the NDA. For example:

  • an investor may share a document with a colleague
  • a lawyer, investment banker or accountant may forward a file

And the spread can continue beyond the authorised people. With more than 10 years of experience in financial transactions, we see that it is common to find that some NDAs are not strictly respected. Of course, the majority of professionals are serious — but it only takes one negligent intermediary to create an information leak.

2

Because it is very difficult to prove a breach

How do you know there has been a leak?

In many cases, the company will never know that the information has circulated.

How do you identify the source of the leak?

Even if the leak is identified, it remains to prove who shared the information and when. Which is often very complex.

How do you measure the harm?

To obtain compensation in court, you need to quantify the damage. But how do you prove that confidential information caused a financial loss or a loss of earnings? It is often very difficult to demonstrate legally.

3

Because legal proceedings are costly

Initiating proceedings for breach of confidentiality can be heavy:

  • more than a year of proceedings
  • lawyers' fees
  • legal costs

Just to launch proceedings, the costs can easily reach €5,000 or more. For non-strategic information, the game is often not worth the candle.

4

Because there is also a reputational risk

Filing a complaint against:

  • an investment fund
  • a large company
  • a well-known player

can have reputational consequences. In some cases, companies prefer not to initiate proceedings.

Should you continue to use NDAs?

Yes — but as a first line of defence

Despite their limits, confidentiality agreements remain essential. They allow you to:

  • establish a clear legal framework
  • formalise expectations
  • create a written record

They constitute a first line of defence, but they must be complemented by other measures.

How to truly protect your confidential information

To secure an M&A or fundraising process, several strategies can be put in place.

1

Compartmentalising information

This is the most important measure. It consists in sharing only the strictly necessary information according to the profile of the contact and the progress of the project.

Example: several data rooms

You can create a complete data room and a partial data room. Each type of contact receives a different level of information.

Segmenting information over time

The more the project advances, the more information can be shared. For example:

  1. first phase: general information
  2. second phase: detailed financial information
  3. final phase: sensitive strategic information

Anonymising certain information

It is possible to hide the location of the company, simplify the description of the activity, remove certain identifying elements. In some cases, anonymous teasers are used to present a project without revealing the company's identity.

2

The relationship of trust with the counterparty

The human relationship remains a key factor. The more the exchanges are serious, the more the counterparty is credible and the more the project advances, the more relevant it becomes to share sensitive information.

3

Using watermarks

Another technique consists in using invisible watermarks in documents. These markings make it possible to:

  • identify the original recipient
  • trace the origin of an information leak

Even if the document circulates, it is possible to identify the source of the spread.

4

Providing for contractual penalties

Some companies add significant financial penalties to their NDAs. However, you must remain cautious:

  • penalties that are too high can be reclassified as abusive by a court
  • they can also slow down negotiations

The objective remains to deter without blocking the process.

Some investors even refuse NDAs at the outset

In some cases, some investment funds refuse to sign an NDA during the first analysis. Their reasoning: NDAs can slow down the process, they prefer to analyse a preliminary file. Then, if the project interests them, they sign an NDA before accessing sensitive information.

NDA and M&A: one tool among others

In a financial transaction, the NDA is only one element of a wider arrangement. Even if the agreement is perfectly drafted and signed, without compartmentalisation of information, a structured data room, watermarks and a disclosure strategy, protection will remain insufficient.

Conclusion: how to effectively protect your information

1

first share a maximum of non-confidential information

2

verify the real interest of the contacts

3

then sign a non-disclosure agreement (NDA)

4

put in place additional protection measures

NDAs therefore remain a useful but imperfect tool, which must always fit into a global strategy for managing confidential information.

If you are working on a business sale, fundraising or acquisition transaction, it is essential to structure the disclosure of your information correctly. A good confidentiality strategy can avoid significant legal, financial and reputational risks.

Frequently asked questions about confidentiality in M&A

What is an NDA (non-disclosure agreement)?

It is a legal contract aimed at protecting the confidential information exchanged between a disclosing party and a receiving party. It defines the parties, the protected information, the duration and the sanctions in case of breach.

Does an NDA really protect my information?

Not on its own. In practice, information can circulate, a breach is hard to prove, proceedings are costly and there is a reputational risk. The NDA is a first line of defence to be complemented.

How do you truly protect your data in M&A?

Through compartmentalising information (complete/partial data rooms, segmentation over time, anonymisation), a relationship of trust, watermarks and measured contractual penalties.

Should you sign an NDA before any exchange?

The best approach is to first share a maximum of non-confidential information, verify the real interest of the contacts, then sign an NDA before opening access to sensitive information.

Go further

Protect your information at every stage

Structured data rooms, compartmentalised disclosure and support: Collaboration Capital secures the information sharing of your sale, acquisition or fundraising.

Request a confidential discussion