NDA Review Playbook (Commercial, Jurisdiction-Agnostic)

单向商业NDA审查手册（不局限于司法管辖区）

Overview

概述

What this skill does	What it does not do
Reviews an NDA and outputs issues, risks, and suggested redlines	Provide jurisdiction-specific legal conclusions
Supports Recipient or Discloser perspectives (user-chosen)	Guarantee enforceability
Produces an executive summary + clause-by-clause markup guidance	Replace counsel for complex deals

Scope limitation (important): this playbook supports one-way (unilateral) commercial NDAs only.

If the NDA is mutual, stop: this playbook is out of scope and you should escalate to counsel or use a separate mutual-NDA review approach.

Variation callouts appear throughout:

M&A / Due diligence

Employment / contractor

Investor / VC

本工具可实现的功能	本工具不支持的功能
审查NDA并输出问题、风险及建议修订标记	提供特定司法管辖区的法律结论
支持从接收方或披露方视角进行审查（用户可选）	保证协议可执行性
生成执行摘要 + 逐条修订指导意见	替代法律顾问处理复杂交易

范围限制（重要）： 本手册仅支持单向（单方）商业NDA的审查。

若为双向NDA，请停止使用本手册：此类场景超出本工具范围，应提交法律顾问处理或使用专门的双向NDA审查方案。

全文将标注不同场景的变体说明：

并购/尽职调查

雇佣/承包商

投资者/风投

LEGAL DISCLAIMER

法律免责声明

THIS IS NOT LEGAL ADVICE. This skill is provided for informational and educational purposes only. Laws vary by jurisdiction and individual circumstances, and only a licensed attorney can provide advice tailored to your specific situation. When the NDA is high-risk, high-value, cross-border, or otherwise sensitive, escalate to qualified counsel.

Remember: All outputs from this skill must be reviewed by a qualified legal professional before being used for any legal purposes.

本内容并非法律建议。 本工具仅用于信息参考与教育目的。不同司法管辖区的法律及具体情况存在差异，只有持牌律师才能针对您的特定场景提供专业法律建议。当NDA涉及高风险、高价值、跨境或其他敏感场景时，请提交给合格法律顾问处理。

注意： 本工具的所有输出内容在用于任何法律场景前，必须经过合格法律专业人士的审查。

Inputs to collect (ask before reviewing)

需收集的输入信息（审查前确认）

A. Role and deal context (required)

A. 角色与交易背景（必填）

Are we reviewing as Recipient (we receive confidential info) or Discloser (we disclose confidential info)?
Confirm the NDA is one-way (unilateral). If it is mutual, stop: this playbook cannot be used.
What is the purpose / permitted use (e.g., evaluation of partnership, vendor RFP, diligence)?
What are the parties (legal names) and any affiliates that should be covered?
What information types are expected (tech, pricing, customer data, product roadmap, source code)?
Desired timeline: when do we need to sign?

我们是以接收方（接收保密信息）还是披露方（披露保密信息）的身份审查NDA？
确认NDA为单向（单方）。若为双向NDA，请停止使用本工具（超出范围）。
本次NDA的目的/允许用途（例如：合作伙伴评估、供应商招标、尽职调查）？
交易双方的合法名称及需覆盖的关联方？
预计涉及的信息类型（技术、定价、客户数据、产品路线图、源代码）？
期望的时间线：需在何时签署？

B. Practical constraints (recommended)

B. 实际约束条件（推荐确认）

Do we need to share with affiliates, advisors, contractors, auditors, or potential acquirers?
Will we need to export data across borders or store in cloud tools?
Will any personal data be shared? If yes, are there separate data-processing terms?

Jurisdiction-agnostic note: avoid asserting “this clause is invalid” without the governing law details; focus on commercial risk, operational feasibility, and market norms.

是否需要与关联方、顾问、承包商、审计机构或潜在收购方共享保密信息？
是否需要进行跨境数据传输或在云工具中存储信息？
是否会共享个人数据？若是，是否有单独的数据处理条款？

不局限于司法管辖区的提示：在未明确准据法的情况下，避免断言“该条款无效”；应聚焦于商业风险、操作可行性及市场惯例。

Deliverables (output format)

交付成果（输出格式）

Quick start (default output template)

快速上手（默认输出模板）

ALWAYS output:

Executive summary
Clause-by-clause issue log (single table)

必须包含以下内容：

执行摘要
逐条问题记录（单表格形式）

A. Executive summary (1 page)

A. 执行摘要（1页）

Party role (Recipient or Discloser) and confirmation it is one-way (unilateral)
Top 5 negotiation points (ranked)
“Sign as-is” / “Sign with changes” / “Escalate” recommendation

我方角色（接收方/披露方）及NDA为单向的确认
排名前5的谈判要点
“原样签署”/“修订后签署”/“提交上级处理”的建议

B. Clause-by-clause issue log (lawyer-style, thorough)

B. 逐条问题记录（律师风格，详尽版）

Use a single table so counsel and business owners can track issues, owners, and deadlines.

Clause	Issue (1 line)	Risk (H/M/L)	Preferred redline	Fallback	Rationale (1–2 sentences)	Owner	Deadline
Definition	Overbroad; includes unmarked info with no reasonableness
Term & survival	Perpetual confidentiality for all information
Use restriction	Purpose too broad; blocks internal evaluation
Disclosures	Representatives undefined; strict liability
Return/destruction	No backup carve-out
Remedies	One-way fees + automatic injunction
Liability	Indemnity + unlimited consequential damages
Boilerplate	Assignment prohibits change of control

采用单表格形式，方便法律顾问与业务负责人跟踪问题、负责人及截止日期。

条款	问题（单行描述）	风险等级（高/中/低）	建议修订标记	备选方案	理由（1-2句话）	负责人	截止日期
定义	范围过宽；包含无标记且未限定合理性的信息
期限与存续期	所有信息永久保密
使用限制	目的范围过宽；阻碍内部评估
披露条款	代表方未定义；严格责任
返还/销毁	未保留备份例外
救济措施	单向费用 + 自动禁令
责任	赔偿 + 无限间接损失
boilerplate条款	转让条款禁止控制权变更

Example (compact)

示例（精简版）

Executive summary (example skeleton):

Role: Recipient (one-way NDA)
Recommendation: Sign with changes
Top 5 points: definition scope; term/survival; representatives; backup carve-out; remedies/fees

Issue log (example rows):

Clause	Issue (1 line)	Risk (H/M/L)	Preferred redline	Fallback	Rationale (1–2 sentences)	Owner	Deadline
Term & survival	Perpetual confidentiality for all information	H	Add 2–5 year survival; trade secret carve-out only	5-year survival for all	Reduces indefinite operational burden while protecting truly sensitive info	Legal	Before signature
Return/destruction	No backup carve-out	M	Add backup/legal hold exception + continued confidentiality	Allow retention in immutable backups only	Required for standard IT operations; avoids impossible compliance	Security + Legal	Before signature

执行摘要（示例框架）：

角色：接收方（单向NDA）
建议：修订后签署
前5个谈判要点：定义范围、期限/存续期、代表方、备份例外、救济措施/费用

问题记录（示例行）：

条款	问题（单行描述）	风险等级（高/中/低）	建议修订标记	备选方案	理由（1-2句话）	负责人	截止日期
期限与存续期	所有信息永久保密	高	添加2-5年存续期；仅保留商业秘密永久保密的例外	所有信息保密期限为5年	在保护真正敏感信息的同时，降低无限期的操作负担	法务	签署前
返还/销毁	未保留备份例外	中	添加备份/法律保留例外 + 持续保密要求	仅允许在不可变备份中保留	符合标准IT操作要求；避免无法执行的合规义务	安全 + 法务	签署前

5-step workflow

五步工作流程

Step 1 — Identify stance (Recipient vs Discloser)

步骤1 — 明确立场（接收方vs披露方）

Confirm which side we are on for this specific NDA (titles are often misleading).
Confirm the NDA is one-way (unilateral). If it is mutual, stop (out of scope).

Quick heuristic:

If we are being asked to keep their info secret → we are Recipient.
If we are sharing our sensitive info → we are Discloser (if the NDA is mutual, stop: out of scope).

确认本次NDA审查的我方立场（合同标题常存在误导）。
确认NDA为单向（单方）。若为双向NDA，请停止操作（超出范围）。

快速判断方法：

若要求我方对对方的信息保密 → 我方为接收方。
若我方需共享敏感信息 → 我方为披露方（若为双向NDA，请停止操作：超出范围）。

Step 2 — Triage the NDA (fast risk scan)

步骤2 — NDA快速风险扫描

Flag these immediately:

Perpetual confidentiality for all information (no trade secret distinction)
Residuals clause allowing use of “memory” or generalized knowledge
Injunctive relief + attorneys’ fees one-way against Recipient
Indemnity for breach or broad third-party claims
No carve-outs for compelled disclosure or prior knowledge
Overbroad definition: “all information, whether marked or not” with no reasonableness
Affiliate coverage missing when we must share internally

If any are present and the NDA matters, proceed with full review and consider escalation.

立即标记以下风险点：

所有信息永久保密（未区分商业秘密）
允许使用“记忆”或通用知识的剩余条款
针对接收方的单向禁令救济 + 律师费条款
针对违约或宽泛第三方索赔的赔偿条款
未包含强制披露或预先知晓信息的例外
定义范围过宽：“所有信息，无论是否标记”且未限定合理性
当需内部共享时，缺失关联方覆盖条款

若存在上述任何风险点且该NDA较为重要，请进行全面审查并考虑提交上级处理。

Step 3 — Clause-by-clause review (use the reference modules)

步骤3 — 逐条审查（参考模块）

Use these references while reviewing:

Key clauses
Party obligations
Duration & scope
Remedies & liability
Standard exceptions

审查时可参考以下内容：

关键条款
双方义务
期限与范围
救济措施与责任
标准例外

Step 4 — Draft redlines and negotiation positions

步骤4 — 起草修订标记与谈判立场

For each issue, produce:

Preferred redline (best risk outcome)
Fallback position (acceptable compromise)
Rationale (1–2 sentences: business + operational feasibility)
Owner (who needs to approve / negotiate: Legal, Sales, Security, Product)
Deadline (by when the counterparty needs the change)

Negotiation discipline: do not propose 20 changes. Focus on the 5–10 that materially change risk.

针对每个问题，需产出：

建议修订标记（最佳风险应对方案）
备选立场（可接受的妥协方案）
理由（1-2句话：结合业务 + 操作可行性）
负责人（需批准/谈判的角色：法务、销售、安全、产品）
截止日期（需向对方提出修改的时间）

谈判原则： 不要提出20项修改建议。聚焦于5-10项对风险有实质性影响的内容。

Step 5 — Finalize the package

步骤5 — 最终整理交付包

Ensure consistency (definitions used the same way everywhere)
Confirm operational feasibility (can we actually comply?)
Re-scan the Step 2 triage list and ensure each flagged item is represented in the issue log
Provide a short “what we changed and why” summary

确保内容一致性（定义在全文中使用统一）
确认操作可行性（我方是否真的能遵守？）
重新扫描步骤2的风险点列表，确保每个标记的风险点都已记录在问题日志中
提供简短的“修改内容及原因”摘要

Perspective-specific checklists

视角专属检查清单

A. Recipient checklist (incoming NDA — typical case)

A. 接收方检查清单（收到NDA时的典型场景）

Topic	Red flags	Typical ask
Definition of Confidential Information	Overbroad; includes independently developed info; no marking/identification standard	Add reasonableness + identification standard; add exclusions
Purpose / Permitted Use	Any use restriction beyond evaluation; bans on internal sharing	Tie to stated purpose; allow internal need-to-know
Representatives	We are liable for any representative breach without control	Limit to those under written confidentiality; commercially reasonable care
Term & survival	Perpetual for everything; unclear start date	Fixed term; longer only for trade secrets
Return / destruction	Requires deletion of backups immediately	Add practical backup carve-out
Remedies	One-way fees + broad injunction language	Mutuality or reasonableness; clarify equitable relief scope
Liability / indemnity	Indemnity; unlimited damages; consequential damages	Cap or exclude categories; remove indemnity
Residuals	Allows use of “retained in memory”	Delete or narrow heavily

M&A / Due diligence: ensure diligence sharing (advisors, financing, affiliates) is permitted and that data room exports/notes are covered.

主题	风险信号	典型诉求
保密信息定义	范围过宽；包含独立开发的信息；无标记/识别标准	添加合理性要求 + 识别标准；增加排除项
目的/允许用途	限制超出评估范围的使用；禁止内部共享	与既定目的绑定；允许内部按需共享
代表方	我方对任何代表方的违约承担责任，未限定控制权	限定为签署保密协议的代表方；要求尽商业合理注意义务
期限与存续期	所有信息永久保密；起始日期不明确	固定期限；仅商业秘密可延长保密期限
返还/销毁	要求立即删除备份	添加实用的备份例外条款
救济措施	单向费用 + 宽泛的禁令语言	要求对等或合理；明确衡平救济范围
责任/赔偿	赔偿条款；无限损失；间接损失	限制或排除相关损失类别；删除赔偿条款
剩余条款	允许使用“记忆留存”的信息	删除或大幅缩小范围

并购/尽职调查： 确保允许与顾问、融资方、关联方共享尽职调查信息，且数据室导出/笔记被覆盖。

B. Discloser checklist (when we are sharing sensitive info)

B. 披露方检查清单（我方共享敏感信息时）

Topic	Red flags	Typical ask
Definition	Too narrow; requires marking only; excludes oral disclosures	Add oral confirmation mechanism; broaden categories reasonably
Security standard	Only “reasonable” with no baseline	Add minimum safeguards, or align with internal policy
Exclusions	Too broad (e.g., “independently developed” with no proof)	Require written evidence of prior knowledge/independent development
Term & survival	Too short	Extend for sensitive categories; trade secret survival
Remedies	No equitable relief, no fees	Add equitable relief and/or fees (carefully)

Investor / VC: watch for standstill, solicitation, and “no contact” provisions—these are not standard in plain NDAs and may need separate agreement.

主题	风险信号	典型诉求
定义	范围过窄；仅要求标记；排除口头披露	添加口头确认机制；合理扩大类别范围
安全标准	仅要求“合理”但无基线	添加最低保障措施，或与内部政策对齐
排除项	范围过宽（例如：“独立开发”无需证明）	要求提供预先知晓/独立开发的书面证据
期限与存续期	期限过短	延长敏感信息的保密期限；保留商业秘密的永久保密例外
救济措施	无衡平救济，无律师费条款	谨慎添加衡平救济和/或律师费条款

投资者/风投： 注意禁止要约、招揽及“禁止联系”条款——这些不属于普通NDA的标准内容，可能需要单独协议。

Risk rating guide

风险评级指南

Rating	Meaning	Example
High	Creates material, uncapped, or operationally impossible risk	Broad indemnity + unlimited damages for any breach
Medium	Risk is real but manageable with process controls	Strict notice deadlines for compelled disclosure
Low	Mostly cosmetic or market-standard	Minor notice method issues

评级	含义	示例
高	造成重大、无上限或无法操作的风险	宽泛的赔偿条款 + 违约导致的无限损失
中	风险真实存在，但可通过流程控制管理	强制披露的严格通知期限
低	多为形式问题或符合市场惯例	轻微的通知方式问题

Common pitfalls (issue → risk → fix)

常见陷阱（问题→风险→修复方案）

Issue	Risk	Suggested fix
“All information is confidential forever”	Operational burden; unfair risk allocation	Add fixed term + trade secret carve-out
No compelled disclosure carve-out	Breach if subpoenaed	Add “required by law” disclosure path
Return/destruction requires purge of backups	Impossible to comply	Add backup and system integrity exception
Recipient indemnifies discloser	Open-ended exposure	Remove indemnity; use direct damages only
Residuals clause	Allows de facto use of confidential info	Delete or restrict to non-trade-secret, non-source-code

问题	风险	建议修复方案
“所有信息永久保密”	操作负担；不公平的风险分配	添加固定期限 + 商业秘密例外
无强制披露例外	收到传票时可能违约	添加“法律要求”的披露路径
返还/销毁要求清除备份	无法合规	添加备份与系统完整性例外
接收方向披露方赔偿	无限暴露风险	删除赔偿条款；仅使用直接损失
剩余条款	允许实际使用保密信息	删除或限制为非商业秘密、非源代码信息

Review prompts (copy/paste)

审查提示语（可直接复制粘贴）

A. Minimal prompt (fast)

A. 极简提示语（快速审查）

Role: Recipient/Discloser
NDA type: one-way (unilateral)
Purpose: …
Please produce (1) exec summary, (2) clause-by-clause issue log table with: Clause, Issue, Risk, Preferred redline, Fallback, Rationale, Owner, Deadline, (3) top 5 negotiation points.

角色：接收方/披露方
NDA类型：单向（单方）
目的：……
请产出（1）执行摘要，（2）包含以下字段的逐条问题记录表：条款、问题、风险等级、建议修订标记、备选方案、理由、负责人、截止日期，（3）前5个谈判要点。

B. Deep prompt (recommended)

B. 详细提示语（推荐使用）

Add constraints: affiliates, advisors, contractors, cross-border sharing, personal data, cloud tools.
Ask for: preferred redline + fallback + rationale per issue.

添加约束条件：关联方、顾问、承包商、跨境共享、个人数据、云工具。
要求：针对每个问题提供建议修订标记 + 备选方案 + 理由。

Ownership & timing defaults (if the user does not specify)

默认负责人与时间要求（若用户未指定）

Use these defaults to populate Owner and Deadline in the issue log:

Topic	Default owner	Default deadline
Confidentiality scope/definition, exceptions, term/survival	Legal	Before signature
Security standards / audit rights	Security + Legal	Before signature
Return/destruction and backups	Security + IT + Legal	Before signature
Liability cap / damages / indemnity / fees	Legal + Finance	Before signature
Operational constraints (representatives, affiliates, tooling)	Legal + Business owner	Before signature

使用以下默认值填充问题记录中的负责人和截止日期：

主题	默认负责人	默认截止日期
保密范围/定义、例外、期限/存续期	法务	签署前
安全标准/审计权	安全 + 法务	签署前
返还/销毁与备份	安全 + IT + 法务	签署前
责任上限/损失/赔偿/费用	法务 + 财务	签署前
操作约束（代表方、关联方、工具）	法务 + 业务负责人	签署前

nda-review-jamie-tso

Original

Translation