Artificial intelligence businesses run on data, models and know-how that are difficult to protect under conventional IP law. Copyright does not clearly attach to trained model weights. Patents require disclosure. Registered designs do not protect datasets. In this landscape, the NDA — properly drafted to cover AI-specific assets — is the primary legal tool for protecting the confidential information that defines a competitive AI product.
NDASafe is a document preparation service, not a law firm. Our templates are legally reviewed against applicable UK law at the point of release, but every situation is different. Where significant value, unusual risk or a cross-border element is involved, take independent legal advice before you sign.
Why AI and data require careful NDA drafting
A generic NDA template drafted for a conventional business relationship will frequently miss the most commercially valuable elements of an AI project. Standard confidentiality definitions refer to 'business information, financial data and technical specifications' — language that was written for an era of spreadsheets and product specs, not training corpora with millions of rows, fine-tuning methodologies, and latency-optimised inference pipelines.
UK courts have increasingly recognised the commercial value of data as a standalone asset. The Trade Secrets (Enforcement, etc.) Regulations 2018 — the primary UK trade secret legislation — extends to any information that: (a) is secret; (b) has commercial value because it is secret; and (c) the holder takes reasonable steps to keep secret. All three limbs must be satisfied. An AI company that shares its training dataset without an NDA, or that fails to label confidential information as such, risks losing the right to claim trade secret protection if a dispute later arises.
What counts as confidential information in an AI context
An NDA for AI and data work should define confidential information to expressly include all of the following categories:
- Training datasets — raw, cleaned, annotated or otherwise processed data collections used to train or fine-tune a model, including the methodology used to source and label them.
- Model weights and checkpoints — the numerical parameters of any trained model, including intermediate checkpoints and distilled or quantised variants.
- Prompts and system prompts — engineering instructions, retrieval configurations, chain-of-thought patterns, and structured prompt libraries that define a model's behaviour in production.
- Evaluation benchmarks and results — internal benchmarks, red-teaming findings, safety evaluations, and comparative performance data.
- Data pipelines and infrastructure — the technical architecture used to collect, process, store and serve training data and model outputs.
- AI roadmap and research — unpublished research, model architectures under development, planned capability improvements, and commercial strategy relating to AI products.
- Third-party data licences — the identity of data suppliers, licence terms, and any restrictions on how licensed data may be used in training.
Common AI and data NDA scenarios
| Scenario | Information shared | NDA type |
|---|---|---|
| AI vendor partnership or API integration | Customer's business logic, data architecture, use-case requirements; vendor's model capabilities, APIs, roadmap | Mutual NDA — information flows both ways |
| Sharing training data with a model provider | Proprietary labelled dataset, annotation methodology, performance benchmarks | One-Way NDA (you as disclosing party) |
| Receiving an AI model or tool for evaluation | Vendor's model weights, system prompts, API architecture | One-Way NDA (you as receiving party) |
| Bespoke AI development under contract | Customer's data, requirements, business logic; developer's methodology and proprietary tools | Freelancer NDA with IP assignment — resolves ownership of custom outputs |
| Employing an AI engineer or data scientist | Training data, model architecture, internal benchmarks, research roadmap | Employee NDA with IP assignment |
| Investor pitch with AI core IP | Model architecture, dataset strategy, performance metrics, commercial pipeline | Investor NDA with non-circumvention |
NDA vs data processing agreement — understanding the difference
The most common source of confusion in AI partnerships is the relationship between an NDA and a data processing agreement (DPA) under the UK GDPR. The two documents serve entirely different functions and neither substitutes for the other.
An NDA is a contract that creates a confidentiality obligation: the receiving party agrees not to use or disclose specified information outside the agreed purpose. A DPA under the UK GDPR is a controller-processor agreement required by law when personal data is shared with an organisation that processes it on your instructions. The DPA governs lawful basis, data subject rights, international transfers, breach notification, and processor obligations.
If your AI training dataset, evaluation set or production data pipeline contains personal data — names, email addresses, IP addresses, device identifiers, or any information relating to identified or identifiable individuals — you need a data processing agreement in addition to an NDA. The Information Commissioner's Office (ICO) can impose fines for using personal data in AI training without lawful basis and appropriate contractual protections. Get independent legal advice before sharing personal data with any AI partner.
Duration and trade secret survival for AI assets
The standard 2–3 year NDA confidentiality term that is appropriate for general business information is usually insufficient for core AI assets. A proprietary dataset curated over years, or a model that took months and significant compute to train, represents a durable competitive advantage — its value does not expire on a fixed date.
For AI trade secrets — training data, model weights, and proprietary methodologies — the NDA should include trade-secret survival language: 'confidentiality obligations in respect of trade secrets survive the termination of this agreement for as long as the information remains a trade secret.' This mirrors the indefinite protection available under the Trade Secrets (Enforcement, etc.) Regulations 2018 and is consistent with UK judicial guidance on the enforceability of long-duration confidentiality obligations.
General confidential information — commercial terms, roadmap discussions, internal benchmarks — can remain on a fixed term (typically 3–5 years). The two tiers should be defined separately in the agreement.
Open source and AI: the licence interaction
A growing number of AI models are released under open-weight licences — Meta's LLaMA family, Mistral, and others. If your AI product is built on an open-weight foundation model, the licence conditions governing that model interact with your NDA strategy in ways that require attention.
Most open-weight licences permit fine-tuning and commercial deployment but restrict redistribution or sub-licensing. If your NDA purports to prevent the other party from using knowledge derived from a publicly available open-weight model, it will be unenforceable to that extent. What remains protectable is your proprietary fine-tuning dataset, your specific fine-tuning methodology, your system prompt engineering, and your evaluation benchmarks — the layer you added on top of the public model, not the public model itself.
Conversely, if you have trained a proprietary model from scratch on non-public data, the full scope of trade secret protection is available, and your NDA should be drafted to reflect that.
Employees and contractors in AI teams
AI engineers, data scientists, machine learning researchers, and annotation specialists typically have access to the most valuable confidential assets in a company: training corpora, model architecture choices, unpublished research, and system prompts. An employee NDA for AI roles should explicitly list these categories in the confidential information definition.
IP assignment is critical. The default position under UK employment law is that inventions made by employees in the normal course of their employment belong to the employer. But the boundary is not always clear — particularly for side projects, open-source contributions, or research conducted at home on personal equipment. The NDASafe Employee NDA includes an IP assignment clause that clarifies ownership within the employment relationship.
For contractors and freelance data scientists — who may simultaneously work for multiple clients — the IP position is different. Absent an explicit assignment, work product created by a UK contractor belongs to the contractor, not the commissioning business. The NDASafe Freelancer NDA includes an IP assignment clause specifically for this scenario: it transfers ownership of all project deliverables — including custom fine-tuned models, labelled datasets, and any derivative work — to the commissioning business.
The UK does not yet have comprehensive AI-specific legislation. The government's current approach is sector-led regulation via existing bodies (ICO, FCA, CMA) rather than a single AI Act. The AI Safety Institute (now DSIT) focuses on frontier model risk, not routine AI commerce. For practical purposes in 2026, the main legal framework governing UK AI partnerships is the existing law of contract (including NDAs), intellectual property law, and UK GDPR — not AI-specific rules. Monitor the government's AI Opportunities Action Plan and any forthcoming legislation.
NDASafe Mutual, Freelancer and Employee NDA templates are the right starting points for UK AI and data partnerships. All include IP assignment options and trade secret survival language. £29 each or £79 for all eight — editable Word documents, delivered instantly.