Every NDA has exceptions. Information that isn't confidential, obligations that don't apply, circumstances where you can disclose without breaching. These carve-outs are not weaknesses—they're essential. They protect both parties from being bound by absurd obligations, and they're expected by anyone who understands contract law.
Why exclusions matter
Imagine an NDA with no exceptions. Everything is confidential. Forever. That means if information happens to become public through no fault of the recipient, they're still bound not to use it. If the recipient independently develops the same idea, they can't use that either. If a regulator demands disclosure, the recipient breaches the NDA to comply with the law.
No reasonable person would sign such a contract. Exclusions set realistic boundaries. They say: "We want to protect genuinely proprietary information, but we're not trying to control information you already had or information that becomes public."
The four standard exclusions
1. Public domain
The most fundamental exclusion. Information that becomes part of the public domain is not confidential. This seems obvious, but how do you define it?
The standard language is: "Information that becomes publicly available through no fault or breach of the recipient shall not be deemed confidential." This protects the recipient from being liable for information that the whole world knows.
But "publicly available" is important. It doesn't mean one person knows about it. It means it's genuinely in the public domain—published, widely distributed, discussed in trade magazines, or commonly known in the industry.
The burden is on the recipient to prove the information was public. If they disclose something, then argue it was already public, you can challenge them. But the exclusion prevents you from claiming breach just because information eventually becomes common knowledge.
2. Independently developed information
This exclusion protects the recipient if they develop the same information independently, without using the disclosed information. For example, two engineering teams might separately solve the same technical problem.
The standard language is: "Information independently developed by the recipient without reference to, and without using, the disclosed information shall not be deemed confidential."
This is fair, but it's also where disputes arise. How do you prove something was developed independently? The recipient needs to show: they didn't have access to the disclosed information at the time of development, their development process was separate, and there's no evidence they copied or referred to the disclosure.
In practice, this is hard to prove. If the recipient and the discloser are both in the same industry, working on similar problems, the court might be sceptical of claims of independence. But the exclusion is fair in principle—you can't prevent someone from using their own talent and resources.
3. Previously known or possessed information
If the recipient already knew the information before the disclosure, they shouldn't be bound by the NDA to keep it secret—because they didn't learn it from you.
The standard language is: "Information that the recipient can demonstrate was in its possession prior to disclosure by the discloser, as evidenced by written records, shall not be deemed confidential."
Notice the key phrase: "can demonstrate." The burden is on the recipient to prove they already knew. They need written evidence—a prior document, email, file, or record dated before the disclosure showing they possessed the information.
Verbal claims don't count. If the recipient says "we already knew this" with no documentation, that's not sufficient. This protects the discloser from fake claims of prior knowledge.
4. Lawfully received from a third party
If the recipient receives information from someone else, without confidentiality restrictions, they shouldn't be bound by the NDA. For example, if information is published in a trade journal, anyone can lawfully receive it.
The standard language is: "Information received by the recipient from a third party without a duty of confidentiality, and without breach of any third-party agreement, shall not be deemed confidential."
This is fair but important: "without a duty of confidentiality." If the recipient gets the information from someone else who is also bound by an NDA, that doesn't count as an exception. The restriction travels with the information.
Exceptions to the exceptions
Even where information falls within an exclusion, some NDAs add a twist: "However, the confidentiality obligation survives to the extent permitted by law."
What does this mean? It means that even if information becomes public, you might still be able to prevent certain uses. For instance, if a trade secret becomes public due to someone's breach, the public might know the secret, but the breacher can still be liable for the breach that exposed it.
Information that requires disclosure by law
This isn't technically an exclusion, but it's a critical carve-out. If a court order, regulator, or law requires disclosure, the recipient can disclose—but they should give notice first.
Standard language: "If the recipient is required by law, court order, or regulatory authority to disclose any confidential information, the recipient shall provide prompt written notice to the discloser, to the extent legally permitted, so that the discloser may seek a protective order."
This allows compliance with the law without breaching the NDA, and it gives the discloser a chance to protect themselves through a court order.
Drafting exclusions fairly
Here's the balance: exclusions should protect the recipient from unreasonable liability, but they shouldn't swallow the NDA whole. A good approach:
Be specific: Don't say "any information we already knew." Say "information in our possession, as evidenced by written records dated before [date]."
Require proof: Shift the burden to the recipient to demonstrate the exception applies. They need evidence, not just claims.
Use "or breach of any third-party agreement": This prevents someone from escaping the NDA by technically receiving information from a third party, when that third party was also bound.
Survive carve-outs: Consider adding language that confidentiality obligations survive even where information becomes public, to the extent permitted by law. This maintains your rights against the breacher even if the breach succeeds.
Common disputes about exclusions
Was it really public? The recipient claims information is public; you claim it was only known to a few. The court looks at the market—is this common knowledge in the industry? How widely was it discussed?
Prior knowledge: The recipient claims they already knew something. You say they didn't. They need contemporaneous documents. Emails, files, dated memos. Without those, the court won't believe them.
Independence: Was development truly independent? The court looks at timing, whether the recipient had access to the disclosed information, and whether their product/service is suspiciously similar. If it looks like copying, independence claims fail.
Next steps
If you're drafting or reviewing an NDA, make sure the exclusions are clearly defined and balanced. Overly broad exclusions will swallow your protection; overly narrow ones will make the other party unwilling to sign.
Unsure whether specific exclusions are fair or adequately protect you? Have an NDA reviewed by a contract specialist. Upload it to QuickLegalCheck for a detailed analysis of coverage and exclusions.