What is the difference between an exception, an exclusion, and a carve-out in an NDA?

They usually mean the same basic idea: situations where information does not count as confidential under the NDA.

Should an NDA require proof for “we already knew this”?

Yes. Without proof, that exception is easy to abuse and hard to challenge later.

Can AI catch missing NDA exceptions or carve-outs?

AI can help flag missing standard exceptions, weak proof rules, and overly broad loopholes. It works best when it checks the exact clause wording against industry-standard model agreements.

You can upload a contract and get an assessment, which includes a 'Sign with confidence' score that rates the fairness & risk level of a contract relative to industry-standard model agreements, plus details of the most severe risks flagged by Vesk, for free. You can then choose to generate a secure redline package, delivered through a secure NDA Deal Room. You are allowed a certain number of free secure redline packages per month, depending on your account type.

Do I need an account?

Yes. You need to create an account to access your secure redline package, delivered through a secure NDA Deal Room, with export-ready files and a secure deal room link.

Which industry-standard model agreements does Vesk benchmark against?

Vesk calibrates contracts against industry-standard model agreements, primarily (but not exclusively) those from Common Paper and Bonterms. (Note: Vesk is not endorsed by or affiliated with Common Paper or Bonterms.)

Does Vesk support other contract types or only NDAs?

Vesk currently supports only NDAs, but we plan to eventually support a wide range of business contract types. DPAs & MSAs are coming soon.

Does Vesk replace a lawyer?

No. Vesk is a software tool and does not provide legal advice or replace a lawyer for complex or high-stakes matters.

NDA exceptions / carve-outs clause

An exceptions clause in an NDA says when information does not count as confidential. You may also see it called exclusions or carve-outs.

If the exceptions are missing, vague, or too broad, people may argue that information is not covered when it should be, or use the clause as an escape hatch around the NDA's confidentiality rules. This page explains what to look for and what to ask for.

Quick answer

An exceptions clause limits when someone can say information is not confidential. In a strong NDA, the exceptions are clear, narrow, and based on standard rules.

If the exceptions are missing, unclear, or too broad, the clause can weaken the NDA more than it first appears.

Common red flags include:

only documents marked "Confidential" count as confidential
the public-information exception does not say the information must become public without a breach
the NDA lets someone say "we already knew this" without proof
the third-party source exception applies even if the source was not allowed to share the information
the independent-development exception is vague or does not require written records
the NDA treats a whole mix of information as non-confidential just because one piece is public
the clause allows law-required sharing without notice when notice is legally allowed
the clause could allow sharing more information than the law really requires
the clause allows reuse of ideas someone remembers after seeing confidential information

Want help checking the actual wording?

Vesk reviews the actual exceptions language in customer-drafted NDAs and helps you spot broad loopholes, weak proof rules, missing limits, and carve-outs that quietly undercut the rest of the NDA.

Glossary (quick definitions)

Definition:

The exceptions clause explains when information does not count as confidential under the NDA.

Why it matters:

It sets the boundaries for when someone can say information is not confidential.
It helps prevent weak "escape hatch" arguments later.
If the exceptions are too broad, they can swallow much of the protection the NDA seems to give.
If they are missing or unclear, it can be hard to know what still must be protected.

Common red flags:

The NDA treats only marked documents as confidential.
The public-information exception does not say the information must become public without a breach.
The NDA allows a "we already knew it" claim without proof.
The third-party exception applies even if the source was not allowed to share it.
The independent-development exception is vague or has no written-records requirement.
The NDA allows reuse of remembered ideas or know-how in a broad way.

What a reasonable clause looks like:

Public information is excluded only if it became public without a breach.
"Already knew it" applies only if the other side can show real proof from before the disclosure.
Third-party information is excluded only if the source had the right to share it.
Independent development applies only if the work was done without using the confidential information.
The clause does not allow broad loopholes or remembered-ideas language to undercut the NDA.

What to look for

Below are common problems people miss and what to look for.

Red flag	Why it's risky	What to ask for
The clause says only marked documents count as confidential.	Real work includes calls, demos, drafts, and files that may not all be labeled perfectly.	Protect information that is obviously confidential and add a practical rule for labeling information that is not obvious.
The public-information exception does not say the information must become public without a breach.	Information could lose protection even if it became public because someone broke the NDA.	Say public information is excluded only if it became public without a breach of the NDA.
The clause allows a “we already knew this” claim without proof.	Anyone can say they knew something already if the clause does not require real evidence.	Require written records or other clear proof from before the disclosure.
The third-party source exception applies even if the source was not allowed to share the information.	Information can lose protection because it came through the wrong channel.	Say the exception applies only if the source had the right to share the information.
The independent-development exception is vague or does not require written records.	Later work can be labeled “independent” even when the confidential information influenced it.	Say the work must be developed without using the confidential information and, where reasonable, backed by written records.
The clause allows broad remembered-ideas wording.	That can become a loophole for reusing details learned under the NDA.	Remove broad remembered-ideas wording or limit it tightly to general skills and general know-how.

Why not use ChatGPT or an AI contract assistant?

Chatbots and lighter-weight AI tools can help you review a contract faster, but they usually stop short of giving you a negotiation-ready output. For founders and business operators, the hardest part often comes after the review step: turning suggested changes into a real redline, explaining those edits clearly, and sending them back with confidence. Vesk is designed to take you further through that workflow for supported contract types.

Chatbots and AI contract assistants

Better if you want a flexible, lower-cost starting point
More sensitive to prompt wording and less consistent across repeated runs
Often produce suggestions or summaries rather than a sendable package
You still have to redline the Word document and defend the changes yourself

Vesk

Better if you want an end-to-end NDA review, redlining, and negotiation workflow
Designed for more consistent NDA review across repeated runs
Benchmarks against industry-standard model agreements to help catch what matters
Delivers a secure redline package with Word files, a negotiation brief, and a deal room

Calibrated against industry-standard agreements including Common Paper and Bonterms. Not endorsed by or affiliated with either.

What’s included in a secure redline package

Reviewing a contract is only part of the job. You still need a clear, professional way to send changes back and explain them, especially when the other side has procurement or in-house counsel. That is often the most stressful part for founders and business operators without legal training. A secure redline package is designed to make that step more organized, more defensible, and easier to handle with confidence. A secure redline package includes:

✓

A negotiation brief that explains and supports the requested edits

✓

A downloadable redlined Word .DOCX file with Track Changes on

✓

A downloadable clean Word .DOCX file with the requested edits accepted

✓

A secure deal room link you can review yourself or share with the counterparty

Trust & privacy

Vesk is a software tool, not a law firm. Vesk does not provide legal advice.

Vesk does not use your contracts or data to train its AI models. Vesk retains documents for no more than 30 days and deletes them earlier on request.

FAQs

Last updated: 2026-03-20