
Tax Control Plan 2026: key areas of inspection and practical insights
The Annual Tax Control Plan sets out each year the main lines of action of the Spanish Tax Authorities in the prevention and fight against
In many commercial negotiations, M&A transactions or due diligence processes, the non-disclosure agreement (or NDA) is signed as a preliminary formality. However, its effectiveness depends on how the protected information is defined, which uses are permitted, which obligations the receiving party assumes and which mechanisms are available to respond to a leak.
In practice, an NDA should not be treated as a mere courtesy formality, but as the first document that structures the relationship between the parties before sensitive information is shared. This approach is connected to our practical guide to non-disclosure agreements (NDAs), which explains the main elements of this type of agreement.
An NDA is an agreement under which one or more parties undertake not to disclose or use certain confidential information outside the agreed purpose. It may be signed at very early stages of a commercial relationship, in discussions with potential partners, suppliers or distributors, or before starting a due diligence process.
In corporate transactions, the NDA usually appears at the beginning of the process, before relevant information about the company or the transaction is shared. It is therefore particularly common in small-market M&A transactions and in the standard M&A transaction timetable.
Although it is often signed within minutes, its role is much more important: it defines what information is protected, who may access it, what it may be used for and what consequences will follow from misuse.
The issue does not lie in the legal instrument itself. An NDA can work, and it does work when properly drafted. Problems arise when it is implemented through generic templates that are downloaded or reused without adapting them to the specific negotiation.
Proving a breach of a non-disclosure agreement can be difficult. Not necessarily because the legal framework is insufficient, but because many generic agreements lack the precision required to support a claim before a court, in mediation or in a damages negotiation.
If the NDA does not clearly describe which uses are prohibited, any indirect use of the information may fall into a grey area that is difficult to challenge. And if it does not define what constitutes confidential information, the receiving party may argue that what was disclosed was general market knowledge or information already known to it.
For this reason, the definition of confidential information should not be limited to broad and abstract language. It should be adapted to the context of the transaction and to the assets that genuinely need protection.
A robust non-disclosure agreement should regulate, at a minimum, the following points:
The more specific these obligations are, the easier it will be to prove a breach and react effectively.
NDAs used in business practice often share a pattern of shortcomings that compromises their usefulness precisely when they are most needed.
This is the most common mistake. An NDA for an M&A due diligence should not be the same as one signed to approach a potential distributor or supplier. The assets at stake, disclosure risks and economic consequences can be radically different.
If the document does not specify which information is confidential, the receiving party may argue that there was no certainty as to its protected nature or that it was general market knowledge.
In cross-border transactions, failing to expressly determine the governing law and jurisdiction may lead to conflicts of competence that delay the claim. In certain cases, mediation or arbitration may be worth considering.
In many negotiations, both parties share sensitive information. A unilateral NDA may create an unjustified imbalance and weaken the position of the party assuming obligations without receiving equivalent protection.
The NDA should regulate whether the information must be returned, destroyed or retained due to a legal obligation, as well as the treatment of internal copies, extracts, analyses and derivative documents.
In many cases, the information shared is not only confidential in contractual terms but may also qualify as a trade secret. This may be the case for technology, methodologies, algorithms, databases, commercial strategies, non-public financial information or internal documentation.
Where the information has particular competitive value, the NDA should be coordinated with internal protection measures: access controls, download traceability, user limitations, delivery records, confidentiality markings and internal security policies.
An NDA does not replace those measures. It complements them and provides a contractual basis to react if the information is misused or disclosed.
Another common mistake is to ignore the interaction between confidentiality and data protection. If the information shared includes personal data of clients, employees, candidates, suppliers or third parties, the NDA does not replace the obligations arising under the GDPR.
In such cases, a data processing agreement or specific clauses on controller/processor roles, security measures, international transfers, retention periods and return or deletion of data may be required. This issue should be coordinated with GDPR compliance in Spain.
The same caution applies to commercial contracts and business agreements, particularly when data or sensitive documentation is shared with distributors, agents, franchisees, suppliers or strategic partners.
Before signing or sending a non-disclosure agreement, at least the following questions should be reviewed:
A well-drafted non-disclosure agreement does more than protect sensitive information: it sets the rules of the game before the parties start showing their cards.
The process of drafting or reviewing an NDA carefully forces the company to identify which assets are truly valuable to the business: technology, methodology, client databases, commercial model, financial documentation or strategic information.
In addition, a well-structured NDA, properly dated and accompanied by control mechanisms, can be decisive in the event of a dispute. Not only to support a damages claim, but also to request urgent measures to stop the misuse of information, contain a leak, require the return or destruction of documents and preserve evidence.
The idea that a demanding NDA slows down the commercial relationship should be set aside. In many cases, the opposite is true: when both parties know exactly what is protected and under which conditions, trust increases and the conversation can move directly to the substance.
More companies than one might think end up bearing the cost of litigation, mediation or commercial loss arising from a leak that could have been prevented, or at least managed more efficiently, with a well-constructed NDA.
Confidentiality should not be treated as a formality that precedes the real agreement, but as the first test of an organisation’s professional and legal robustness. The NDA is, in many respects, the first clause of the contract of trust between two parties and also the first piece of evidence if that trust is broken.
Therefore, the next time you receive an NDA or prepare one yourself, it is worth asking a simple question: if this relationship ends badly, does this document give me a defensible position or merely the feeling that I have one?
The difference between those two answers is not only legal. It is strategic. And it is decided long before the substantive negotiation begins.
An NDA is a contract under which one or more parties undertake not to disclose or use certain confidential information outside the agreed purpose.
It should be signed before sharing sensitive information in a commercial negotiation, an M&A transaction, a due diligence process, a strategic collaboration or discussions with potential partners, investors, suppliers or distributors.
Not always. A generic NDA may provide insufficient protection if it does not properly define the protected information, permitted uses, recipient obligations, duration, governing law and mechanisms to react to a breach.
It should identify the categories of protected information, such as financial data, technical information, client databases, commercial strategy, know-how, methodologies, intellectual property, due diligence documentation or any information derived from the information received.
Common mistakes include using non-adapted templates, failing to define confidential information properly, omitting governing law and jurisdiction, signing a unilateral NDA when it should be reciprocal or failing to coordinate the agreement with data protection obligations.
No. If the information shared includes personal data, the NDA must be coordinated with GDPR obligations and, where appropriate, with a data processing agreement or specific data protection clauses.
The duration should be proportionate to the type of information protected and the context of the transaction. In practice, many agreements provide for periods of between two and five years, although certain sectors or types of information may justify longer periods.
Depending on the case, measures may be requested to stop the use or disclosure of the information, claim damages, require the return or destruction of documents and activate the dispute resolution mechanisms provided for in the agreement.

The Annual Tax Control Plan sets out each year the main lines of action of the Spanish Tax Authorities in the prevention and fight against

This article analyses the evolution of restructuring plans in Spain since their introduction by Law 16/2022 through to their practical consolidation in 2026, with particular

Executive summary Supreme Court ruling STS 440/2026 (20 March 2026) establishes, for the first time, a clear criterion for a very common issue in private
Your privacy settings
Manage Consent Preferences
Necessary
Analytics
Embedded Videos
Google Fonts
Marketing