Confidentiality agreements are evolving. In a world where artificial intelligence (AI), automation and cloud-based tools are changing the way businesses handle sensitive information, it’s essential that NDAs keep pace. That’s why we have updated all our long-form and short-form non-disclosure agreements to better address the risks and realities of digital processing.
These changes reflect how information is now reviewed, analysed, stored and even summarised using emerging technologies. From internal AI tools to external platforms like ChatGPT, the way data is handled has changed. But the need to protect confidential information remains the same.
No use of confidential data with public AI unless explicitly agreed
One of the most important updates introduces a clear restriction: confidential information must not be used with AI tools or automated systems unless the disclosing party has expressly agreed in writing.
This applies to any kind of AI, whether it’s used for summarising, analysing, translating or reviewing documents, and includes both proprietary and third-party systems. Many of today’s widely used platforms retain the information input into them, which means even a quick AI-assisted review could lead to unintentional exposure or loss of confidentiality.
Our updated NDA templates recognise this risk and apply a firm stop to the use of AI in handling confidential data, unless permission is explicitly granted.
A carefully defined exception for private AI use
We also understand that many organisations are turning to private, closed, or internal AI systems to streamline their processes. Our long form NDA templates now allow limited use of such systems, but only where clear conditions are met.
The system must not be publicly accessible. It must be used solely for the purpose of evaluating or negotiating the matter in question. Any outputs must be kept strictly within the recipient organisation and treated as confidential. And appropriate safeguards, both technical and organisational, must be in place.
This ensures that businesses can continue to work efficiently, without compromising the confidentiality obligations at the heart of the agreement.
Acknowledging archived and back-up data
Another important update addresses the retention of confidential data in archived or back-up systems. While recipients must still return or destroy confidential material on request, the updated wording recognises that it’s not always feasible to completely erase data from all systems.
Our revised NDAs now make clear that passive retention, where data is stored but not readily accessible or used, is permitted in secure archives or back-ups, provided strict confidentiality measures remain in place. This reflects current best practice in information governance and avoids unnecessary breaches where deletion isn’t technically possible.
Staying ahead of the curve
These updates ensure that all PaperRock NDAs, both long-form and short-form, remain fit for purpose in an AI-enabled business environment. They strike a balance between flexibility and security, allowing businesses to adopt new technologies while continuing to protect their most sensitive information.
As AI and automation become part of everyday commercial workflows, we expect these kinds of protections to become standard. PaperRock clients already have access to them, right now, in our fully updated NDA templates.
