Non-disclosure agreements (NDAs) in the EU are no longer purely contractual instruments — they sit within a meaningful regulatory framework that constrains how broadly confidentiality can be imposed. The Whistleblower Directive 2019/1937, transposed by Member States by December 2021 (and December 2023 for private sector entities with 50-249 employees), creates statutory protection for individuals reporting breaches of EU law in defined circumstances. The Trade Secrets Directive 2016/943 sets minimum standards across the EU for protection of trade secrets while preserving specific exceptions for whistleblowers, journalists, and workers exercising their rights. The practical implication is that EU NDAs must carve out specific categories of permitted disclosure. NDAs that purport to silence whistleblowers, prevent disclosure to regulators, or block workers from discussing pay or working conditions are increasingly unenforceable to that extent under Member State law transposing the Directives.
What is a Permitted Disclosures?
A non-disclosure agreement in the EU is a contractual restriction on disclosure of confidential information, governed by national contract law of the relevant Member State, the Trade Secrets Directive 2016/943 (transposed in each Member State, e.g., German GeschGehG, French Code de commerce Article L151-1 et seq.), the Whistleblower Directive 2019/1937 (transposed in each Member State, e.g., German Hinweisgeberschutzgesetz, French Loi Sapin II as amended), GDPR (where confidentiality clauses interact with data protection), and sector-specific legislation (e.g., financial services). Permitted disclosures are exceptions to the confidentiality obligation, often required by law and unenforceable to exclude.
Red flags to watch for
The Directive (transposed in all Member States) protects individuals reporting breaches of specified EU law (financial services, public procurement, environmental, consumer, product safety, etc.) through internal and external reporting channels. An NDA that does not preserve this right is unenforceable to the extent of the breach reported, and the discloser is protected from retaliation.
Article 5 of Directive 2016/943 provides specific exceptions to trade secret protection: exercise of freedom of expression and information; revelation of misconduct, wrongdoing or illegal activity; disclosure by workers to their representatives; and protection of a legitimate interest recognized by EU or national law. NDA confidentiality cannot override these exceptions.
Standard EU practice includes a carve-out for disclosures required by law — court orders, regulatory subpoenas, GDPR data subject access requests, anti-money laundering reporting, etc. An NDA without this carve-out cannot lawfully compel breach of a legal obligation.
Standard practice permits disclosure to lawyers, accountants, auditors, and other professional advisors who are bound by professional confidentiality duties. Without this carve-out, the recipient cannot obtain legal or financial advice on the information.
Multiple EU instruments and Member State laws protect workers' rights to discuss pay and working conditions. The Pay Transparency Directive 2023/970 (to be transposed by June 2026) specifically protects workers' right to discuss pay. NDAs that purport to silence workers on these matters will be unenforceable.
Standard NDAs exclude from the confidentiality obligation information that: (1) is public at the time of disclosure; (2) becomes public through no fault of the recipient; (3) was already in the recipient's possession; or (4) is independently developed. An NDA without these exclusions is overbroad and may be unenforceable.
Open-ended confidentiality duration is a hallmark unfair term in EU NDAs. Standard practice: 3-5 years for ordinary commercial information, indefinite only for genuine trade secrets that are independently protected under the Trade Secrets Directive.
Your legal rights
EU NDA permitted disclosure rights are protected by: the Whistleblower Directive 2019/1937 (transposed in each Member State — Germany Hinweisgeberschutzgesetz, France Loi Sapin II as amended, Italy D.Lgs. 24/2023, Spain Ley 2/2023, etc.); the Trade Secrets Directive 2016/943 (transposed in each Member State — Germany GeschGehG, France Code de commerce Article L151-1 et seq., Italy D.Lgs. 11 maggio 2018, n. 63, etc.); the Pay Transparency Directive 2023/970 (transposition by June 2026); GDPR Articles 12-23 on data subject rights; national whistleblower and anti-corruption legislation; sector-specific laws (financial services, public procurement, environmental). Member State courts increasingly read these protections into NDAs implicitly. Disclosure to professional advisors is protected by professional secrecy in each Member State (e.g., French secret professionnel, German Berufsgeheimnis).
Questions to ask before you sign
- 1Does the NDA carve out disclosures protected under the Whistleblower Directive 2019/1937?
- 2Does it preserve the Trade Secrets Directive Article 5 exceptions (freedom of expression, misconduct disclosure, worker disclosure)?
- 3Does it permit disclosures required by law, court order, or regulatory authority?
- 4Does it permit disclosure to professional advisors (lawyers, accountants, auditors)?
- 5Does it preserve workers' rights to discuss pay and working conditions?
- 6Does it carve out information that is public, independently developed, or already known?
- 7Is the confidentiality duration time-limited (typically 3-5 years), or indefinite?
Disclaimer: This guide is for educational purposes only and does not constitute legal advice. Contract law varies by jurisdiction and individual circumstances. Always consult a qualified legal professional before making decisions based on this information.