I got a call on a Thursday that I still think about. A startup in Palo Alto — let’s just say they did something with AI models, that’s all you need to know — had just watched a $180M acquisition evaporate. The buyer walked. The valuation cratered. And the reason wasn’t some strategic disagreement or a last-minute regulatory hurdle. It was a translation.
Well, not the translation itself. The process around it.
Their outside counsel had hired a freelance translator to convert the NDA into German. Standard practice. The German side of the deal needed their own-language version. What the lawyer didn’t do — what almost nobody does, honestly — was get the translator to sign a separate confidentiality agreement. The NDA being translated? It bound the two companies. It didn’t bind the translator. That’s not some clever loophole I discovered. It’s just basic contract law. You’re not a party to a contract just because you read it.
So this translator, who had no confidentiality obligation to anyone, worked on a shared family computer. Their partner happened to work at an AI company that competed with the startup. Within three days, the acquisition terms, the proprietary architecture details, the buyer’s identity — all of it was sitting in a competitor’s inbox. The deal died. The startup lost 40% of its valuation almost overnight. And they had zero legal recourse against the translator, who had no insurance, no assets, and technically no obligation to keep anything secret.
That story messed me up for a while. Because the more I looked into how NDA translation actually works in practice, the more I realized this wasn’t some freak accident. It was the norm dressed up as an exception.
Here’s the thing about translating an NDA that most people don’t want to think about: you’re taking the most sensitive document in a business relationship and handing it to someone who is, by definition, outside that relationship. Every security measure the NDA creates — the confidentiality obligations, the restricted access, the penalties for breach — none of them apply to the person doing the translation. Unless you make them apply separately.
And then there’s the other problem, the one that’s harder to spot. Even if the translator is perfectly trustworthy, even if they work in a sealed room with airtight security, the translated NDA might not mean what the original means. Not because the translator made a mistake. Because legal concepts don’t map cleanly across languages and jurisdictions.
I’ll give you an example I’ve run into more than once. Almost every NDA I’ve ever seen contains the phrase “reasonable care.” The receiving party agrees to protect the confidential information with no less than reasonable care. Sounds simple. It’s not. When you translate that into German, you end up with something like “die im Verkehr erforderliche Sorgfalt” — and yes, that’s a real legal term in German. But it’s calibrated to German commercial standards, interpreted by German courts, applied in the context of German business practices. Is it the same standard as “reasonable care” under Delaware law? Probably close. Close isn’t good enough when someone’s trying to enforce an NDA in front of a judge.
Same thing happens with “injunctive relief.” A US NDA will typically say the disclosing party can seek injunctive relief — meaning they can go to court and get an order to stop a breach immediately, before damages are even calculated. It’s the sharpest tooth in the NDA. Translate that to French as “référé” and you’re pointing at a specific procedure under French law. It’s similar in concept, sure. But the timeline is different, the standard of proof is different, the scope of what the court can order is different. The translated NDA looks like it has the same bite. It doesn’t.
And the definition of confidential information itself — the heart of the whole document. NDAs spend real estate carefully drawing the line between what’s covered and what isn’t. Trade secrets: covered. Stuff that’s already public: not covered. Information the receiving party developed on their own: not covered. If a translator nudges that line in either direction — maybe because the target language doesn’t have a clean way to express the exclusion, or because the distinction seems minor — the whole enforceability of the NDA shifts. Broader definition, and the receiving party is on the hook for things they never agreed to. Narrower, and the disclosing party just lost protection they were counting on.
Okay, so the legal side is tricky. The security side is worse.
I found this survey from IAPTI — that’s the International Association of Professional Translators and Interpreters — from 2024. The numbers kind of haunted me. Thirty-four percent of freelance translators work on personal devices that other people in their household also use. Twenty-two percent don’t use any endpoint encryption. And forty-one percent — that’s almost half — keep copies of client documents on their own devices after the project is over. Not because they’re bad actors. They’re just... working the way freelancers work. Without the IT department, the managed devices, the security policies that corporate employees never even think about because someone else handles it.
Think about the actual workflow for a second. Lawyer writes the NDA in English. Emails it to a translator. The translator saves it to their personal laptop — maybe a machine their kid also uses for homework. They work on it at the kitchen table. They back it up to a personal Google Drive because they’ve lost work before and learned the hard way. They email the translation back. Then they keep both files on their hard drive because they might need to reference them if the client comes back with changes. Every step: outside the security perimeter.
And then there’s the machine translation thing, which makes me genuinely angry. I’ve seen lawyers — smart lawyers — paste entire NDAs into DeepL or Google Translate to get a “quick first draft.” Cloud-based MT engines retain the content you upload. They learn from it. You’ve just taken your most confidential document and uploaded it to a server owned by someone who is definitely not a party to your NDA. Under the EU Trade Secrets Directive, information only qualifies as a trade secret if it’s been subject to “reasonable steps” to keep it secret. Feeding it to a public translation API is the opposite of a reasonable step. You might have just torched your own trade secret protection to save two days on a first draft. Think about that for a second.
So what’s the fix? I’ll be honest: it’s not cheap and it’s not fast. But compared to losing a nine-figure deal, it’s nothing.
The translator needs their own confidentiality agreement. Not the NDA they’re translating — that doesn’t cover them. A separate one, with the same scope, the same obligations, the same remedies, governed by the same law. If this sounds like overkill, remember the Palo Alto startup. The translator had zero obligation to keep anything secret. Zero.
Document transfer has to be encrypted and access-controlled. No email attachments. No Dropbox links. Use a platform where the translator gets time-limited access, can’t download to an unencrypted location, and every action is logged. If you’re dealing with EU trade secrets, the transmission method itself has to count as a “reasonable step” under the Directive. Regular email doesn’t cut it.
The translator works on a dedicated, encrypted device. Not a family laptop. Not a shared desktop. If the company makes its own employees use VPNs and encrypted drives for confidential material, the translator should meet the same bar. I know this sounds like a lot to ask of a freelancer. It is. But the alternative is what happened to that startup.
No machine translation. At all. Not for drafts, not for reference, not for “just getting the structure.” I said this already but I’m saying it again because people keep doing it. MT tools retain your content. For NDAs containing trade secrets, this alone can void your legal protection in the EU.
The terminology needs to be calibrated by someone who understands both legal systems, not just both languages. “Reasonable care” and “verkehrserforderliche Sorgfalt” aren’t the same standard, even though they look like they should be. “Injunctive relief” and “référé” aren’t the same remedy. You need a translator who knows that, not a bilingual lawyer who assumes they’re equivalent.
After the translation is done, a lawyer licensed in the target jurisdiction reads it end to end, checking whether every provision would actually hold up in a local court. Does the definition of confidential information meet the local standard? Can the remedies be enforced? Does the governing law clause work? This isn’t a formality. This is the difference between an NDA that protects you and an NDA that looks like it protects you.
And after all of that, the translator destroys every copy and confirms it in writing. The translation provider keeps an audit trail — who saw what, when, how it was secured, when it was destroyed. Under EU law, being able to prove you took “reasonable steps” isn’t optional. The audit trail is your evidence.
The Palo Alto startup lost $180M in enterprise value, plus $2.4M in legal fees, plus $1.1M trying to contain the damage, plus 18 months of market momentum they never got back. The freelancer had no insurance. Total loss: north of $183M. Zero recovery.
A secure translation process for the same documents would have run about $28K. Encrypted platform: $8K. Vetted translators with confidentiality agreements: $10K. German-licensed attorney review: $7K. Destruction and audit trail: $3K.
Twenty-eight thousand dollars. That’s the difference between closing the deal and watching it collapse. Between a protected trade secret and one that’s just out there. Between an NDA that means something and an NDA that’s just expensive paper with a nice signature block.
Artlangs Translation handles secure multilingual NDA translation across 230+ language pairs: translator confidentiality agreements, encrypted document transfer, secure work environments, human-only translation, legal term calibration, enforceability review, and certified destruction with audit trail. Because an NDA is only as strong as the process used to translate it.
