Key takeaways
- The NDA is signed before any substantive financial information is shared, the teaser or blind profile can be distributed without an NDA, but customer names, financial details, and employee information require a signed confidentiality agreement first.
- NDAs in M&A typically include a standstill provision (preventing signatories from acquiring company shares or soliciting customers for a period), not just a confidentiality obligation, read it carefully before signing.
- Staged disclosure, teaser, then CIM after NDA, then full data room after IOI, protects your competitive position by limiting sensitive information to buyers who have demonstrated genuine interest.
- Employee and customer confidentiality is the primary concern in most middle market processes; the NDA alone does not protect you if your banker distributes the CIM to 40 potential buyers who all have employees or customers in common with you.
In this article
- Teaser vs. blind profile vs. CIM: the three disclosure tiers
- What the NDA actually covers, and what it does not
- Protecting employee and customer confidentiality
- Common NDA and disclosure mistakes that create risk
- NDA negotiation tactics: the 5 provisions sellers should always negotiate
- What to protect vs. share in Phase 1 vs. Phase 2
- NDA breach remedies: what actually works
How to use this before a process
Teaser vs. blind profile vs. CIM: the three disclosure tiers
Rule of thumb: if a buyer will ask for it in diligence, build it before the process. The same work costs less, creates more confidence, and carries more valuation benefit when it is completed before exclusivity.
Confidential M&A processes use a staged disclosure model that releases progressively more sensitive information as buyers demonstrate interest and commitment. Understanding the three tiers, and what should and should not be in each, prevents accidental disclosure before adequate protections are in place.
Readiness Snapshot
What buyers will ask
Can management prove the claim with source documents?; Does the data room reconcile to the CIM and financial model?; Who owns the answer when buyer advisors ask for backup?
What to prepare
Data room index tied to each buyer claim.; Source schedules for EBITDA, revenue, customers, contracts, and KPIs.; Owner list for every diligence workstream.
The staged disclosure model can feel slow, founders who want interested buyers to see the full picture quickly can feel that early generosity with information builds momentum. In practice, buyers who receive full financial detail before signing an NDA have no commitment and no reason to move quickly. Staged disclosure creates scarcity, which creates urgency. The full M&A process timeline puts the NDA and CIM phases in context of the overall sequence from launch to close.
Information Disclosure Tiers in M&A
Scroll to see more →
The staged model serves two purposes: protecting competitive information from buyers who will not proceed, and creating an efficient process where buyer effort scales with their level of interest. Buyers who are serious sign the NDA and engage with the CIM; buyers who are not serious self-select out before receiving sensitive materials.
What the NDA actually covers, and what it does not
M&A NDAs are negotiated documents, not boilerplate. The seller's banker will provide a form NDA, but sophisticated buyers will redline it. Understanding the key provisions prevents signing an NDA that provides weaker protections than you expect.
Key NDA provisions to review: the definition of confidential information (should include all information about the business, not just written documents), the permitted use restriction (buyer may only use information for evaluating the transaction, not competitive intelligence), the standstill provision (buyer cannot acquire shares or solicit employees or customers for a period, typically 12-18 months), and the residuals clause (information retained in unaided memory is often excluded, negotiate this out if possible). Many of the protections established in the NDA carry forward into the letter of intent, which introduces the next layer of binding and non-binding commitments.
The standstill provision is as important as the confidentiality obligation. Without it, a strategic buyer who signs an NDA, reviews your financials, declines to proceed, and then approaches your top three customers has not technically violated confidentiality, but has used your information for competitive advantage. Ensure the standstill covers customer and employee solicitation, not just share acquisition.
Protecting employee and customer confidentiality
The most sensitive information in a middle market M&A process is not the financial statements, it is the employee and customer information. Employees who learn the company is for sale often begin interviewing elsewhere; customers who learn of a potential sale may accelerate renegotiations or seek alternatives.
Best practices for protecting employee and customer confidentiality: do not name employees below the top two or three management levels in the CIM; anonymize customers in the CIM (use "Customer A, Customer B" with industry and size descriptors); brief only the minimum necessary management team until an LOI is in hand; and work with your banker to target buyers who are less likely to have overlapping relationships.
Process confidentiality breaches, defined as material information reaching employees or customers before management was prepared to disclose, occur in approximately 18% of middle market M&A processes, most commonly through buyer contacts rather than banker contacts.
Processes with a buyer universe of fewer than 25 targeted buyers have a 40% lower rate of confidentiality breaches than those targeting 50+ buyers.
18%
M&A processes with a confidentiality breach
40% lower
breach rate with under 25 buyers vs. 50+
4 tiers
staged disclosure model: teaser → CIM → management presentation → data room
12–18 months
standard NDA standstill period for employee/customer non-solicitation
The NDA is not just a confidentiality agreement. It is a standstill agreement. Without a standstill provision, a strategic buyer who signs the NDA, reviews your financials, declines to proceed, and then approaches your top three customers has not violated the NDA, but has used your information for competitive advantage. Always confirm the standstill covers customer and employee solicitation, not just share acquisition.
The teaser exists for one purpose: to get the right buyers to sign an NDA and nothing more. If your teaser contains information that could harm you if it reached a competitor, it has too much in it.
AI diligence angle
Run a short scan to identify reporting, data room, and workflow gaps that could affect diligence confidence.
Run an AI readiness scan →Common NDA and disclosure mistakes that create risk
Common NDA and Disclosure Mistakes
A confidentiality breach mid-process is not just embarrassing. It is financially costly. Employees who learn the company is for sale begin interviewing. Customers who hear a sale is underway may accelerate renegotiations or issue RFPs. Each of these behaviors reduces the quality of earnings the buyer is underwriting. On a $5M EBITDA business at 7x, a single customer renegotiation that reduces EBITDA by $300K costs $2.1M in enterprise value. The NDA and staged disclosure process is not legal formality, and it is deal value protection.
NDA negotiation tactics: the 5 provisions sellers should always negotiate
Most sellers sign the buyer's form NDA without negotiating it. Sophisticated buyers know this and submit forms that are buyer-friendly by default. There are five provisions sellers should always push to negotiate before execution.
Five NDA Provisions to Negotiate
1. Standstill clause
Require a standstill preventing the buyer from acquiring company shares or soliciting customers or employees for 12–24 months after NDA execution. Without this, a buyer who walks away can immediately target your top customers using what they learned.
2. Non-solicitation of employees
Require a 12–18 month restriction on soliciting any employee the buyer learned about through the process. Strategic buyers who see your org chart and management team bios have an information advantage you should protect against.
3. Definition of confidential information
Negotiate the definition broadly: all information about the business, regardless of form, should be covered. Narrow definitions that cover only written documents leave verbal disclosures in management presentations unprotected. Exclude from the definition only what is genuinely publicly available or independently developed.
4. Permitted disclosures
Explicitly enumerate who the buyer may share information with: financing sources, legal advisors, and board members only. Buyers who share CIM materials with operating partners, industry consultants, or portfolio company management have violated the NDA unless those parties are named.
5. Return and destruction of information
Require written confirmation of return or destruction of all confidential materials within 10 business days of deal termination. This limits the buyer's ability to retain and use competitive intelligence after declining to proceed.
What sophisticated buyers will push back on: buyers routinely resist broad standstill clauses (they argue it limits legitimate competitive activity), residuals carve-outs for information retained in unaided memory (standard in Silicon Valley-style NDAs, disadvantageous for sellers in M&A), and broad definitions of confidential information that include market information they already knew. Sellers should resist the residuals carve-out entirely in an M&A context, and it creates an unenforceable gap that defeats the purpose of the agreement.
5 provisions
every seller NDA should address: standstill, non-solicitation, definition, permitted disclosures, return of information
12–24 months
recommended standstill duration for strategic buyers
10 days
target window for return/destruction of information on deal termination
What to protect vs. share in Phase 1 vs. Phase 2
Staged disclosure is not just about protecting sensitive information, and it is about releasing the minimum information needed to advance each buyer to the next stage. Releasing too much too early is as dangerous as releasing too little.
Staged Disclosure: What to Share and What to Hold
Why sharing too much too early is dangerous: competitor buyers, strategic acquirers who compete with your business, and can use Phase 1 data even if the deal does not close. A strategic buyer who signs an NDA, receives your CIM with customer industry breakdown and revenue concentration detail, and then declines to proceed has learned something valuable about your business. They know your customer mix, your margin profile, and how you have positioned against the market. The standstill covers solicitation; it does not make them forget what they learned.
Competitor buyers in the buyer universe require heightened protection even with an NDA in place. Consider whether to include direct competitors in Phase 1 at all, or whether to advance them only after other buyers have submitted IOIs, creating competitive tension you can reference without giving the competitor a head start.
NDA breach remedies: what actually works
Most sellers assume that an NDA protects them because breach has consequences. In practice, NDA enforcement is difficult and monetary damages are rarely recovered. Understanding the actual remedies available changes how sellers should structure the NDA.
Why monetary damages are hard to recover: proving causation is the threshold problem. To recover damages, the seller must show (1) the buyer breached the NDA, (2) the breach caused specific harm, and (3) the harm is quantifiable. In most confidentiality breach scenarios, a buyer who shared the CIM with a portfolio company, or who approached a key employee, the causal link between the disclosure and the resulting harm (employee departure, customer loss) is genuinely difficult to establish in litigation.
Why injunctive relief is the practical remedy: courts will grant emergency injunctions for clear, ongoing NDA breaches when monetary damages are inadequate. If a strategic buyer is actively soliciting your top customer using information from your CIM, a court can issue an emergency order stopping that solicitation immediately. Injunctive relief does not require proving quantified damages, and it requires showing the breach is occurring or imminent and that irreparable harm will result.
How to structure the NDA to make breach remedies enforceable: the NDA should include three specific provisions that make remedy enforcement faster and more certain, (1) a specific performance clause stating that breach will cause irreparable harm for which monetary damages are inadequate and that the non-breaching party is entitled to injunctive relief without proof of actual damages; (2) jurisdiction selection in a court with a sophisticated commercial bench (Delaware, New York, federal courts); (3) a waiver of the bond requirement for injunctive relief, which otherwise requires posting a bond before an emergency injunction can be enforced.
Frequently asked questions
What remedies are available if a buyer breaches an NDA in M&A?
The practical remedy for NDA breach is injunctive relief, a court order stopping the breach, not monetary damages. Monetary damages are difficult to recover because causation is hard to prove. Structure your NDA with a specific performance clause, jurisdiction selection, and bond waiver to make injunctive relief faster and more accessible.
Should I negotiate the NDA before signing it?
Yes. The buyer's form NDA is buyer-friendly by default. The five most important provisions to negotiate are the standstill clause, employee non-solicitation, definition of confidential information, permitted disclosures, and return/destruction of information. Most sellers sign without negotiating; those who do are materially better protected.
Work with Glacier Lake Partners
Get help structuring your confidentiality and disclosure process
We help founders design the staged disclosure process that protects competitive information while moving buyers efficiently toward an LOI.
Start a Conversation →AI diligence angle
See where AI can clean up readiness before buyers ask.
Run a short scan to identify reporting, data room, and workflow gaps that could affect diligence confidence.
Run an AI readiness scan →Research sources
Disclaimer: Financial figures and case-study details in this article are anonymized, composite, or representative examples based on middle market operating situations, and are not guarantees of outcome. Statistical references are drawn from cited third-party research; individual transaction and operational results vary based on business characteristics, market conditions, and deal structure. This content is for informational purposes only and does not constitute legal, financial, or investment advice. Consult qualified advisors for guidance specific to your situation.
Explore adjacent topics
