Before any substantive information about your business is shared with a prospective buyer, an NDA should be signed. This is not a bureaucratic formality — it is the legal foundation that governs what the recipient can do with your most sensitive commercial information. A well-drafted NDA is meaningful protection. A poorly drafted one is a false sense of security.
What an NDA Covers in M&A
The Non-Disclosure Agreement (also called a Confidentiality Agreement, or CA) in an M&A context is a contract under which the recipient of confidential information agrees to use it only for the stated purpose (evaluating a potential transaction), keep it confidential, and return or destroy it if the transaction does not proceed.
The core provisions of a Malaysian M&A NDA should include:
Definition of confidential information. Broadly defined to include all financial data, customer and supplier information, employee details, business plans, technical information, and anything else disclosed in connection with the potential transaction — whether in writing, orally, or in any other form. The definition should explicitly include information derived from the disclosed information.
Obligation of confidentiality. The recipient agrees not to disclose the confidential information to any third party without the disclosing party's written consent, except to their own advisors (lawyers, accountants, bankers) who are bound by equivalent obligations. This carve-out for advisors is standard and necessary — a buyer cannot conduct due diligence without involving their legal and financial advisors.
Purpose limitation. The confidential information may be used only for the purpose of evaluating the potential transaction. It may not be used to solicit the seller's customers, employees, or suppliers; to develop competing products; or for any other commercial advantage. This is the clause that protects you from a buyer who walks away from the transaction and then uses your business intelligence against you.
Term of confidentiality. The obligation of confidentiality should survive for a defined period. In Malaysian M&A practice, 24 months from the date of signing is a standard and enforceable term. Some NDAs specify 36 months or a permanent obligation for certain categories of information (trade secrets).
Return or destruction of information. Upon request from the disclosing party, or upon termination of the potential transaction, the recipient must promptly return all confidential information and destroy any copies. They should be required to provide written confirmation of destruction.
Permitted disclosures. Necessary carve-outs include: information already in the public domain (through no fault of the recipient); information the recipient independently developed without reference to the disclosed information; and disclosures required by law or regulation (e.g., a court order). The drafting of these carve-outs matters — they should be narrow and specific.
What Sellers Must Insist On
Purpose limitation with specificity. Generic NDAs often say the information "may be used only for evaluating the transaction." This is not enough. Add: "and specifically, may not be used to directly or indirectly solicit the Company's customers, employees, or key suppliers." This closes the gap that a sophisticated buyer might otherwise exploit.
Specific performance remedy. Damages are often an inadequate remedy for breach of an NDA — by the time you have quantified your losses and obtained a judgment, the competitive harm has already occurred. Insist on a clause stating that the disclosing party is entitled to seek injunctive relief and specific performance without the need to demonstrate actual financial loss. Malaysian courts have the jurisdiction to grant injunctions; include this explicitly.
Under the Contracts Act 1950, specific performance is available as a remedy for breach of contract where damages would not be an adequate remedy — which is typically the case with confidentiality breaches. However, the contractual basis for the remedy should be clearly stated.
Binding on affiliates. If the buyer is a company within a group, ensure the NDA binds the entire group — not just the specific entity signing. Otherwise, a subsidiary of the buyer could technically use the information without the parent being in breach.
Important:
A common NDA weakness in Malaysian practice is vague language around the "return and destroy" obligation. NDAs that say "reasonable efforts to destroy" or "destroy where practicable" are inadequate. The obligation should be mandatory and time-bound: "Within 10 business days of a written request, destroy all copies in whatever form and provide written certification." Without a specific destruction obligation, a recipient who decides not to proceed with a transaction may retain your financials, customer lists, and employee details indefinitely.
What Buyers Should Watch For
From a buyer's perspective, the NDA is generally a low-risk document to sign — you are not committing to anything commercially. However, watch for:
Overly broad definitions of confidential information. If the definition includes all information "of or concerning" the seller's business, this potentially includes information you independently develop or possess about the industry. Push for a definition limited to information actually disclosed by the seller in connection with the transaction.
Non-solicitation provisions. Some NDAs include non-solicitation obligations — restricting the buyer from approaching the seller's employees or customers for a defined period even if no transaction proceeds. These are legitimate in principle, but ensure the duration and scope are proportionate. A 24-month non-solicitation for an entire industry sector would be unreasonable.
Standstill provisions. In listed company contexts, NDAs sometimes include standstill clauses restricting the buyer from acquiring shares in the market while the NDA is in force. For private company transactions, these are unusual but occasionally inserted. A standstill in a private company context would restrict a PE fund from acquiring a competitor during the exclusivity period. Seek advice if you see this.
The Process After NDA Signing
Following NDA execution, the seller's advisor distributes the Information Memorandum to the prospective buyer. The IM provides full business details that were deliberately withheld from the blind teaser stage. The buyer reviews the IM, conducts preliminary analysis, and either submits an indicative offer or declines to proceed.
The NDA remains in force through the full due diligence process, LOI negotiation, SPA negotiation, and for the specified term after either completion or termination of discussions. It is not replaced by the SPA — both documents operate simultaneously and have different protections.
Keep a copy of every signed NDA, with the date signed and the list of information provided to each party. If a dispute arises, the timeline matters.
Key Takeaways
- A properly drafted NDA covers: confidential information definition, confidentiality obligation, purpose limitation, term, return/destruction of information, and remedies
- Purpose limitation is the most commercially important clause — without it, a buyer who walks away can potentially use your business intelligence against you
- Specific performance remedy is essential — by the time you have quantified damages from an NDA breach, the harm has already occurred
- Insist on a mandatory return/destruction obligation with written certification — vague "reasonable efforts" language is insufficient
- In Malaysian practice, 24 months is a standard and enforceable NDA term
Related reading
Letter of Intent: What It Means and What It Commits You ToAfter the NDA comes the LOI. Understanding the binding and non-binding provisions before signing protects your negotiating position.
Related reading
The Blind Teaser: Generating Buyer Interest Without Revealing Who You AreThe blind teaser is the document that comes before the NDA in the process. Understanding its purpose helps you use it effectively.