Protecting Trade Secrets With Contractors & Overseas

How to protect trade secrets shared with freelancers, vendors, and overseas manufacturers — NDAs, IP assignment, and compartmentalization.

A manufacturing manager reviewing designs with an overseas supplier on a video call
Every contractor and offshore supplier who touches your know-how is a place your trade secret can leak — bind each one before you share. Shutterstock
Educational guide, not legal advice. This article explains general legal concepts and is not a substitute for advice from an attorney licensed in your jurisdiction. Reading it does not create an attorney–client relationship.

Quick answer: To protect trade secrets shared with contractors and overseas manufacturers, bind every outside party with a written NDA and IP-assignment before you disclose anything — contractors own their work by default, so silence costs you ownership. Then compartmentalize: give each vendor only the slice of your process they need (need-to-know), so no single supplier holds the whole secret. Add choice-of-law and arbitration clauses that are actually enforceable where the contractor sits, and lean on practical controls — split tooling, watermarked files, audits — because trade secret enforcement is far harder across borders than at home.

The moment your recipe, source code, CAD files, or manufacturing process leaves your building, it lands in the hands of people you don’t employ and often can’t easily sue. Freelancers, agencies, component vendors, and offshore factories are where most trade secrets quietly leak — and where the law is weakest just when you need it most.

A trade secret is only protected for as long as you take reasonable measures to keep it secret, and it only exists if it isn’t generally known. Every outside party you share it with is a hole in that wall.

Contractors and offshore suppliers are riskier than employees for three reasons:

  • They aren’t yours. You don’t control their devices, their staff, their turnover, or who they subcontract to.
  • They own their work by default. Unlike employees, independent contractors keep the IP they create unless they sign it over.
  • Enforcement is harder. A vendor across the country — or across the ocean — can be expensive or nearly impossible to pursue, and a leak can’t be un-leaked.

If you’re building your program from scratch, start with the Trade Secret Protection Playbook, then layer the contractor- and supply-chain-specific controls below on top.

Do contractors automatically own the work they create for you?

This is the most expensive misconception in the whole area: paying someone does not make you the owner.

Under U.S. copyright law, an independent contractor owns the copyright in what they create by default. The work made for hire doctrine only makes you the author automatically in two narrow situations: work by an actual employee within the scope of employment, or one of nine enumerated categories (contributions to a collective work, part of a motion picture, a translation, a compilation, and so on) — and only if there’s a signed writing saying so. A logo, a mobile app, or a custom manufacturing spec built by a freelancer usually falls outside those categories.

The result: absent a written assignment, you may hold only an implied, nonexclusive license to use the deliverable — not ownership, not the right to stop the contractor from reusing it, and a shaky claim to any trade secret embedded in it.

The fix is a written agreement with:

  • A present-tense IP assignment — the contractor “hereby assigns” all right, title, and interest in the deliverables and any inventions, not “agrees to assign” later. (States differ on how invention-assignment clauses must be worded — California, for example, restricts them by statute, so tailor the language to the contractor’s jurisdiction.)
  • A work-made-for-hire clause as a backstop, with an assignment fallback for anything the doctrine doesn’t reach.
  • Confidentiality obligations covering everything they see, survive-termination language, and a duty to return or destroy materials.
  • A flow-down clause requiring any subcontractors to sign the same terms.

We cover who ends up owning freelance and startup work in more depth in who owns the IP a freelancer creates and the broader who owns startup IP.

What should a contractor NDA and IP agreement actually say?

An NDA is your single clearest piece of evidence that you treated information as confidential — which is a legal element of the trade secret itself. But a vague, overbroad NDA is one a court may refuse to enforce. A contractor agreement that holds up spells out:

  • A precise definition of Confidential Information — specific enough to be meaningful, broad enough to cover what you’ll share (files, samples, tooling, roadmaps, “negative know-how”).
  • Permitted use only — the contractor may use your information solely to perform the engagement, nothing else.
  • Duration — perpetual for genuine trade secrets; a fixed term (often 2–5 years) for ordinary confidential business information.
  • The IP assignment described above, plus a moral-rights waiver where relevant.
  • Return-or-destroy, no-retention, and audit rights on termination.
  • Injunctive relief language acknowledging that breach causes irreparable harm — courts look for this when granting emergency orders.

Get the mechanics right and you have real leverage; get them wrong and the whole agreement can collapse. Our guide to the NDA that holds up walks through the clauses that decide enforceability, and if you’re sharing an invention before an engagement, see the NDA to sign before pitching an invention.

One caution: an NDA is not a non-compete, and you can’t use one to stop a contractor from working for others — especially in California, which voids most non-competes outright. See NDA vs. non-compete in California.

How do you compartmentalize secrets across multiple vendors?

The most powerful protection isn’t a clause — it’s need-to-know. Compartmentalization means giving each contractor only the slice of information required to do their specific job, so no single party ever holds the complete picture.

In practice:

  • Split the process across suppliers. One factory makes a subassembly, another does final assembly; neither sees how the whole thing goes together. The classic example is keeping the “secret sauce” step in-house and outsourcing only the commodity steps.
  • Redact and abstract. Share the tolerances and interface a vendor needs, not the full design rationale, formula, or source. Send obfuscated or partial CAD files where possible.
  • Segment tooling and inputs. Have critical molds, masks, or key ingredients produced separately so no supplier can reconstruct the whole.
  • Control the files. Watermark documents with the recipient’s identity, use view-only or expiring access, and log every download so a leak is traceable to its source.
  • Limit quantities and samples. Don’t ship more prototypes, tooling, or reference units than a vendor actually needs.

Compartmentalization does double duty: it caps the blast radius of any single breach, and it’s strong evidence of the reasonable measures the Defend Trade Secrets Act (DTSA) and the Uniform Trade Secrets Act (adopted in some form by nearly every state, including California) require. In many overseas relationships, where you may never realistically litigate, it is your primary protection rather than a backup.

Which law and which forum should govern the contract?

When your contractor is in another state or country, two clauses quietly decide whether your NDA is worth anything: choice of law (which jurisdiction’s rules interpret the contract) and choice of forum (where disputes get resolved).

Key considerations:

  • Choice of law. Pick a jurisdiction whose trade secret law is strong and predictable. But know that some states — California among them — will apply their own public policy to void, say, a non-compete no matter what law you chose, so don’t over-rely on a favorable governing-law clause for restrictive terms.
  • Litigation vs. arbitration abroad. A U.S. court judgment is often very hard to enforce in countries that don’t recognize foreign judgments. Arbitration is usually more enforceable internationally because the New York Convention requires 170+ signatory countries to honor arbitral awards. Specify a neutral seat (Singapore and Hong Kong are common for Asia-based suppliers), the rules (ICC, SIAC), and language.
  • Provisional relief. Make sure your clause preserves your ability to seek emergency injunctive relief in court even while arbitration is pending — speed is everything when a secret is escaping.
  • Damages and remedies. State that breach causes irreparable harm and specify liquidated damages or a right to injunctive relief where enforceable.

A brilliantly drafted forum clause is still only as good as your willingness and ability to enforce it — which is why the practical controls above matter so much.

How does enforcement risk change country by country?

Trade secret protection is not uniform worldwide, and the gap between “we have a signed NDA” and “we can actually stop them” varies enormously by jurisdiction.

  • The United States offers a federal civil claim under the DTSA (including, in extraordinary cases, ex parte seizure of stolen secrets) plus criminal liability under the Economic Espionage Act.
  • The EU harmonized protection under the 2016 Trade Secrets Directive, giving reasonably consistent civil remedies across member states.
  • China has strengthened its Anti-Unfair Competition Law — shifting the burden of proof toward defendants in some cases and raising damages — but practical enforcement, evidence-gathering, and local-protectionism concerns still make prevention far more reliable than litigation.
  • Many other jurisdictions have thin or unpredictable trade secret regimes, weak discovery, and slow courts.

Two implications. First, layer in registered IP where you can — a patent or registered design is often easier to enforce abroad than a trade secret, though patenting means public disclosure (see patent vs. trade secret). Second, get local counsel in the supplier’s country before you share anything sensitive; a clause that’s routine in the U.S. may be unenforceable or even illegal elsewhere.

What supply-chain controls actually keep secrets safe?

Contracts set the rules; operations keep the secret. A resilient supply-chain program combines both:

  • Vet before you disclose. Diligence the supplier’s ownership, subcontracting practices, security, and reputation before the first file goes out.
  • Sign first, share second. No confidential information leaves until the NDA and IP assignment are executed — including by subcontractors via flow-down.
  • Minimize what travels. Compartmentalize, redact, and keep the crown-jewel step in-house whenever feasible.
  • Secure the transfer and storage. Encrypted transfer, access controls, watermarking, and download logs on everything shared.
  • Audit and monitor. Reserve inspection rights, watch for gray-market or counterfeit units, and record your key marks with U.S. Customs and Border Protection to block infringing imports.
  • Plan the exit. Contractually require return or destruction of files, tooling, and samples when the relationship ends, and confirm it happened.

For a deeper operational walkthrough of offshore risk, read protecting IP when you manufacture overseas, and to see how these disputes actually resolve, browse our trade secret case archive.

The bottom line

Contractors and overseas suppliers are where trade secrets are most often lost — because they own their work by default, you don’t control their environment, and enforcement gets harder the farther the information travels. Protect yourself on two tracks at once. On paper: sign an NDA plus a present-tense IP assignment before you disclose, with flow-down to subcontractors and a choice-of-law and arbitration setup that’s actually enforceable where the vendor sits. In practice: compartmentalize ruthlessly so no single party holds the whole secret, and control every file, sample, and tool that leaves your walls. The contract gives you a claim; the operational discipline is what makes sure you rarely need it.

This guide is general education, not legal advice, and does not create an attorney-client relationship. Cross-border trade secret and contractor issues turn heavily on the specific jurisdictions and facts involved — consult an attorney licensed in your jurisdiction before sharing sensitive information or drafting agreements.

Frequently asked questions

Do contractors own the work they create for me?

Usually yes, absent a written assignment. Unlike employees, an independent contractor owns the copyright in what they create by default, and "work made for hire" only covers narrow enumerated categories. To own a contractor's deliverables and any inventions, you need a signed agreement with a present-tense IP assignment ("hereby assigns") plus confidentiality terms. Without it, you may only hold an implied license, not ownership.

How do I protect trade secrets when manufacturing overseas?

Bind every foreign supplier with confidentiality and IP-assignment terms before sharing anything, compartmentalize so no single factory sees the whole process, and pick your choice-of-law and forum carefully — often arbitration in a neutral seat. Register key IP locally where you can, since trade secret enforcement varies widely abroad. Practical controls (split tooling, watermarked files, audits) often matter more than the contract.

Does an NDA with a foreign contractor actually work?

It can, but enforceability depends on where you have to sue. A U.S.-law NDA may be hard to enforce against a supplier in a country that won't recognize a U.S. judgment. Specify governing law, an arbitration seat under the New York Convention (enforceable in 170+ countries), and remedies. Pair the contract with need-to-know access limits so a breach can't reach your whole secret.

What is compartmentalization and why does it matter with vendors?

Compartmentalization means giving each contractor or supplier only the slice of information they need to do their job — need-to-know access. If one factory makes a subassembly and another does final assembly, neither sees the complete process. It limits the damage from any single leak, strengthens your "reasonable measures" defense under the DTSA, and is often your only practical protection where legal enforcement is weak.

Lidiia Levitska
About the Author

Lidiia Levitska

International Intellectual Property Attorney

Lidiia Levitska focuses on intellectual property dispute resolution, policy, and advisory work across international institutions and government bodies. From 2021 to 2025 she served at the World Intellectual Property Organization (WIPO), managing arbitration cases and overseeing compliance with the Uniform Domain-Name Dispute-Resolution Policy (UDRP), and earlier led IP policy research as a Senior Policy Officer at the American Chamber of Commerce in Ukraine. She holds an LL.M. in International Intellectual Property Law from Chicago-Kent College of Law and an M.A. in Information Technology Law from the University of Tartu, and was admitted to the Ukrainian Bar in 2019.

More about Lidiia →