Last week, we gave you five tips on how to improve your confidential disclosure agreements ("10 Tips for Better CDAs (Part 1)"). Here are five more:
6. Prohibit reverse engineering.
‘Reverse engineering’, i.e. disassembling something to analyze its components or workings in detail, has always been a topic of discussion in the legal community. While reverse engineering is often lawful (and may even be socially beneficial), many products can nowadays be easily reverse-engineered once in the market, opening up new fields for plagiarism by competitors.
Let’s say you concluded a CDA with another party. Under the CDA, you send a certain piece of proprietary software to them. If the recipient were to disassemble and ‘reverse engineer’ the software, thereby discovering the underlying code, should that discovery be considered as a lawful means of acquiring information?
The EU has found its own answer to this question: Under the European Trade Secrets Directive of 26 May 2016, reverse engineering is a valid defense in trade secret misappropriation proceedings. The Directive expressly states that “Reverse engineering of a lawfully acquired product should be considered as a lawful means of acquiring information, except when otherwise contractually agreed.”
Note the final five words: “except when otherwise contractually agreed”. In practical terms, this means that if you would like to ensure that the recipient is precluded from reverse engineering, your CDA will need to say so.
7. Set a term.
A good CDA should have an expiration date. Most confidential information has a limited lifespan, and most companies will find it overly burdensome to maintain information confidential for an indefinite period of time.
Note that the duration of a CDA is typically (much) longer than what you would find in other types of non-disclosure agreements (say, in M&A scenarios): In M&A, a maximum confidentiality term of 6 months to 1 year is fairly common. In contrast, in a biotech or pharma CDA, the term of protection is rarely shorter than 3 years, and will typically last 5 years, 10 years or even longer. In any case, you should try to find a confidentiality term that is adequate compared to the sensitivity of the information covered.
A great CDA will go one step further: In addition to defining a term of protection, you may also want to specify the time period during which the parties may actually exchange documents and other information. The latter term will usually be much shorter than the former: In a typical pharma/biotech CDA set-up, the time period during which the parties will exchange information will rarely last longer than 6 months to 1 year.
8. Make sure you can obtain an injunction in case of breach.
If you are the disclosing party, and you become aware that the recipient is about to breach the CDA, every minute counts. The most important legal remedy for a breach is an injunction, which is an order from a court to do or cease doing a certain thing (in this case, to stop any unauthorized use or disclosure). Injunctions can usually be obtained very quickly, sometimes within a couple of hours – so, they are a powerful legal tool.
In some jurisdictions (including Germany), injunctions are always available to the parties of a CDA. In other jurisdictions, you may need to expressly specify in the CDA that the parties are entitled to injunctive relief – so, you should make sure to include an appropriate provision in your agreement.
9. Don’t overthink your choice of law.
The biotech / pharma sector is inherently international – one contract party will be situated in, say, the Netherlands, while the other is a global enterprise headquartered in the United States. It is no wonder, then, that companies active in this sector will regularly conclude CDAs that are governed by a ‘foreign’ law (i.e., a law that is different from the law that would apply at their home seat).
In practice, negotiations will typically start with each party claiming that their ‘home’ law should apply, before the parties will try find a compromise. Oftentimes, that comprise will be one of two options: (1) The parties may choose to ‘stay silent’ on governing law. In effect, that means in case of any disputes, the (convoluted and complicated) international rules on conflict of laws will apply. While this solution is far from ideal, it often provides a quick way to close negotiations on the topic. (2) Alternatively, the parties may chose a seemingly ‘neutral’ law, i.e., one that is foreign to both parties. Typically, this often means that the companies will end up having Swiss law, German law, or the law of the Netherlands apply to their CDA.
We are often asked by our clients which law we would prefer. Our simple answer is: Don’t overthink it – when it comes to the protection of confidentiality, many jurisdictions differ surprisingly little.
10. Keep it simple.
A CDA is, in the end, a simple agreement – so, if possible, try to keep it that way. We often see CDAs that include non-solicitation provisions, language on patent prosecution, and non-compete obligations. While there may be good reasons to consider all of these topics, you should think twice before trying to address them in a CDA. From our experience, doing so will typically cause negotiations to take much longer – and given that a CDA is often the first agreement that the parties will conclude with each other, that may shed a bad light on the collaboration from the start.
Have a look at our CDA template if you'd like to see how we put these tips into practice.