How Long Should an NDA Last? Duration Best Practices

Standard NDA durations

The most common NDA duration is two years. This provides sufficient protection for most business information while remaining reasonable enough to be enforceable in virtually all jurisdictions.

One-year NDAs are common in fast-moving industries like technology and media, where information becomes obsolete quickly. Three-year NDAs are standard for industries where information retains value longer, such as healthcare, manufacturing, and financial services. Five-year NDAs are typically reserved for particularly sensitive information or regulated industries.

There is no single correct duration for all NDAs. The right choice depends on your specific circumstances, the nature of the information being protected, and the norms of your industry.

Factors that affect duration

Several factors should influence your NDA duration decision.

How long does the information remain valuable? If your confidential information will be obsolete in a year (such as a specific marketing campaign or product launch timeline), a longer NDA is unnecessary. If the information has enduring value (such as a manufacturing process or customer database), a longer term is appropriate.

What is standard in your industry? Courts are more likely to enforce durations that align with industry norms. If two-year NDAs are standard in your industry, a ten-year NDA may face scrutiny.

How sensitive is the information? Highly sensitive information such as trade secrets, financial data, and proprietary algorithms may warrant longer protection than general business information.

What is the nature of the relationship? NDAs for short-term projects (such as a consulting engagement) may need shorter terms than NDAs for ongoing strategic partnerships.

What will a court consider reasonable? The most critical factor. Courts evaluate NDA durations for reasonableness, and terms that are excessive relative to the type of information may be reduced or invalidated.

Duration by industry

Different industries have different norms for NDA duration, driven by how quickly information becomes stale and how sensitive it typically is.

Technology and Software: 1-2 years. Technology evolves rapidly, and much of the information shared (product features, technical architecture) loses its competitive value within a year or two. However, core algorithms and proprietary code may warrant longer protection.

Healthcare and Biotech: 3-5 years. Clinical data, research findings, and pharmaceutical formulations retain value for extended periods. Regulatory requirements may also influence duration.

Financial Services: 2-3 years. Financial strategies, trading algorithms, and client data require sustained protection. Regulatory compliance (such as SEC requirements) may mandate specific confidentiality periods.

Manufacturing: 3-5 years. Manufacturing processes, supplier relationships, and cost structures change slowly and remain competitively valuable for extended periods.

Consulting and Professional Services: 1-2 years. Client engagement details and methodologies are typically protected for shorter periods, though trade-secret-level methodologies may warrant longer terms.

Real Estate: 2-3 years. Deal structures, property valuations, and investor relationships maintain relevance for moderate periods.

Duration by use case

The purpose of the NDA also influences the appropriate duration.

Merger and acquisition due diligence: 2-3 years. Even if the deal falls through, the detailed financial and operational information shared during due diligence retains competitive value.

Employee onboarding: 2-5 years post-employment. Employees accumulate significant confidential knowledge over their tenure, and post-employment restrictions should be long enough to diminish the value of that information.

Contractor or freelancer engagement: 1-2 years after the engagement ends. Contractor relationships are typically shorter and more focused, so the confidential information shared is correspondingly narrower.

Partnership exploration: 1-2 years. If the partnership does not materialize, the information shared during exploratory discussions usually has a limited shelf life.

Investor pitch (due diligence stage): 2-3 years. Detailed financials and strategic plans shared during investor due diligence require sustained protection regardless of whether the investment occurs.

Term vs. survival period

Many NDAs distinguish between two time periods: the term (how long the NDA governs the relationship) and the survival period (how long confidentiality obligations continue after the term expires or the relationship ends).

For example, an NDA might have a two-year term during which the parties actively share information, followed by a three-year survival period during which confidentiality obligations continue even though no new information is being shared. The total effective protection in this case is five years.

Using a term plus survival structure is often more practical than a single long duration. It allows you to specify that information sharing occurs during a defined period while extending the protection of that information for as long as it remains valuable.

When drafting, be explicit about when the survival period begins (at expiration of the term or at termination of the business relationship, whichever comes first) and exactly how long it lasts.

When indefinite terms are appropriate

Indefinite NDA terms — where confidentiality obligations last forever or for as long as the information qualifies as a trade secret — are appropriate in specific situations.

Trade secrets: By definition, trade secrets derive their value from being secret. If the information remains a trade secret, there is a legitimate interest in indefinite protection. Courts generally accept indefinite terms for genuine trade secrets.

Proprietary formulas and processes: Information like Coca-Cola's formula or a pharmaceutical compound's synthesis process may remain valuable indefinitely. Indefinite NDA terms are appropriate and enforceable for this type of information.

However, indefinite terms are not appropriate for general business information. Courts may view indefinite restrictions on non-trade-secret information as unreasonable and unenforceable. If you use an indefinite term, clearly limit it to information that meets the legal definition of a trade secret.

A practical approach is to use a fixed term for general confidential information and an indefinite term specifically for trade secrets within the same NDA. This provides appropriate protection for each category of information.

Getting the duration right

When choosing your NDA duration, start with the industry standard for your sector, then adjust based on the sensitivity of the information and the nature of the business relationship.

If in doubt, two to three years is a safe default that is widely accepted as reasonable across industries and jurisdictions. Avoid the extremes — very short terms (less than one year) may not provide adequate protection, while very long terms (more than five years for non-trade-secret information) invite enforceability challenges.

NDANow lets you select your preferred duration during the NDA creation process. The generator automatically ensures that the duration language in your NDA is clear, specific, and properly integrated with the other provisions of the agreement.