A general counsel I spoke with last year described her NDA inbox the way an emergency room nurse describes a Friday night. Most of what comes in is fine. A small fraction is genuinely dangerous.
The problem is never the dangerous ones. The problem is that you have to look at all of them to find the dangerous ones, and there are forty of them today, and you have a board deck due at three.
That gap, between the volume you have to look at and the volume that actually needs you, is what NDA triage exists to close. So when people ask what is NDA triage, the honest answer is that it is not review and it is not redlining.
It is the sorting step that runs before review. It answers one question: does this NDA need a human at all, and if so, which human and how urgently?
Most teams misdiagnose this. They feel the pain, decide "review is too slow," and go shopping for a contract review tool. For the wider picture of where this sits, see how legal AI for in-house counsel handles the routine volume. But the win is rarely in reading each NDA faster. The win is in not reading most of them at all.

TL;DR
- NDA triage is the sort, not the review. It decides whether an NDA can auto-clear, get fast-tracked, or needs to be escalated to a human. The redline comes after, and only for the ones that survive the sort.
- It exists because of a volume problem, not a quality problem. NDAs are roughly 30% of in-house legal teams' daily work, and most are routine. Lawyers drown in the routine ones.
- Good triage is measured by deflection, how many NDAs it lets you safely not read, not by how thorough its clause analysis is.
- The pipeline is: intake, classify, route, auto-clear or escalate, audit. Each step is boring. The discipline is in the routing rules, not the AI.
- "Minutes" does not mean the AI got smarter. It means the AI handled the easy 80% so a human only sees the 20% with real deviations.
- Once you understand the sort, evaluating a triage tool is a separate exercise, and a much easier one.
Part of our document tools, redline, and matrix guide series.
For related document-tools coverage, see What an NDA Triage AI Is Actually Doing (And How to Evaluate Yours in 2026) and How to Build an NDA Playbook Your AI Can Actually Enforce.
What is NDA triage?
The volume problem in one number
Here is the statistic that explains the entire category. According to the 2025 Contracting Benchmark Report (cited by Ironclad), NDAs make up around 30% of in-house legal teams' daily work. And roughly 90% of them are on the company's own paper, the standard template the company itself drafted, yet they still pull legal in about 30% of the time.
Sit with that for a second. A third of legal's day goes to a document type that is, in the overwhelming majority of cases, the company's own boilerplate coming back essentially unchanged.
The lawyer is not exercising judgment on those. They are confirming that no judgment is required. That confirmation is the tax.
The cost adds up in ways that are easy to ignore one NDA at a time. Ironclad's piece, drawing on the same benchmark data and Gartner, puts the cost to draft, review, and negotiate a single NDA at somewhere between $114 and $456, with typical execution stretching to around five days.
Multiply by the volume and you get a real line item spent largely on documents that needed a glance, not a lawyer.
WorldCC research, summarized by Radiant Law, reaches the same place from a different angle: reviewing everyday low-value contracts can run to roughly £5,000 per contract once you count all the touches, with average review time stretching past 30 days.
NDAs are the archetype of the low-value, high-volume contract. They are individually trivial and collectively crushing.
This is why triage is a sorting problem before it is anything else. The pain is not that each NDA is hard. The pain is that there are too many easy ones standing between you and the few hard ones.

Triage is a sort, not a review: most NDAs never need a lawyer's attention.
What triage actually is: a sort, not a review
The cleanest way to understand triage is to separate it from the two things it gets confused with.
Triage decides what happens to an NDA. Clear it, fast-track it, or escalate it. It is a routing decision.
Review is the substantive work that happens to the NDAs triage decides need it. Reading the confidentiality definition, checking the term, deciding whether the indemnity is acceptable.
Redlining is the output of review. The tracked changes, the counter-proposal.
Most of the legal AI marketing you see lives in the review and redline layers. That is the photogenic part: watch the AI mark up a contract. But triage sits one step earlier, and it is the step that determines whether the expensive layers ever run.
An NDA that auto-clears never gets reviewed, because it does not need to be. The redline tool, however good, is irrelevant to it.
This is the part most teams get backwards. They optimize for clause-analysis accuracy, the depth and cleverness of the review, when the return on investment lives in the routing decision. The ROI is in the roughly 30% of work that never needed a lawyer's attention and now does not get it.
A useful analogy: triage is the spam filter, not the email client. You do not judge a spam filter by how beautifully it renders the messages it lets through. You judge it by how many junk messages it kept out of your inbox without quarantining anything that mattered.
NDA triage is the same instrument pointed at contracts. Its job is to keep the routine ones off your desk while never quietly clearing one that should have been escalated.
What a good sort looks like, step by step
Strip the vendor polish away and a working NDA triage pipeline is five unglamorous stages. The intelligence is real, but it lives in the routing rules, not in the model being a genius.
1. Intake
The NDA arrives. From an inbox, a contract portal, a shared drive, an e-signature handoff. The first job is mechanical: capture the document, normalize it (a scanned PDF and a Word file have to become the same thing to the system), and attach the context that the sort will need.
Who sent it? Is the counterparty already in your system? Is this our paper or theirs?
That last question matters enormously. An NDA on your own template, returned unchanged, is the single highest-confidence auto-clear there is. An NDA on the counterparty's paper is, by default, a different risk tier.
2. Classify
The AI reads the document and tags it. Is this mutual or one-way? Whose paper? Which clauses are present (definition of confidential information, permitted use, exclusions, term and survival, return or destruction, remedies, governing law)? Which are missing? Which deviate from the company's standard position?
This is the layer most people picture when they think "NDA AI." It is genuinely useful and, as the companion piece on evaluating NDA triage tools lays out in detail, it is also mostly a well-crafted prompt and a frontier model.
The classification is the input to the decision. It is not the decision.
3. Route
Now the rules engine takes the classification and decides the lane. This is the heart of triage, and it is deliberately not the AI's call alone. Most teams run three lanes, sometimes labeled green/yellow/red or Tier 1/2/3. The labels do not matter; the routing logic does:
| Lane | What lands here | Action | Typical share |
|---|---|---|---|
| Auto-clear (green) | Our paper, returned with zero or trivial changes | Clear without a human, log it | 50-70% |
| Fast-track (yellow) | Our paper with minor, pre-approved deviations (term cut from three years to two, a standard carveout added) | Light human glance, or auto-clear with logging | 15-30% |
| Escalate (red) | Their paper, or our paper with material deviations (one-sided indemnity, missing independent-development carveout, non-standard governing law) | Route to a lawyer with the specific flags surfaced | 10-25% |
The shares above are the working ranges teams aim for, not a fixed benchmark; your own mix depends on how much of your inbound volume is on your own template. The boundaries between these lanes are policy decisions, made once, by a lawyer. The AI applies them at volume. That division of labor is the whole trick.
4. Auto-clear or escalate
The auto-clear lane is where deflection happens, and it is the number that actually measures whether your triage is working. If 60% of inbound NDAs auto-clear safely, you have cut the human-touch volume by more than half.
If only 10% clear because the rules are timid or the classification is noisy, you have built an expensive notification system that still makes a lawyer look at almost everything.
Escalation is the other half. When an NDA is escalated, good triage does not just say "this one needs you." It says why: here are the three clauses that deviate, here is the company's standard position on each, here is the proposed counter.
The human starts from a flagged, contextualized document, not a blank read. That is where the "minutes" come from. The lawyer is not reading faster; they are reading less, and starting further along.
5. Audit
Every decision gets logged. Which NDA, which lane, which clauses were flagged, who approved the clear, what the recommended edit was. This is not bureaucratic overhead. It is the thing that lets you trust the auto-clear lane at all.
If you cannot reconstruct why an NDA was cleared without a human, you cannot defend the system the first time one slips through, and one eventually will. The audit trail is what turns "the AI cleared it" into "the AI cleared it under rule X that a partner signed off on in March."
The standard positions a sort checks
Every triage flow is only as good as the positions it sorts against. These are the clauses a sort reads on every NDA, each with a standard position and the deviation that pushes it toward escalation. This list is also the spine of an NDA playbook the AI can enforce.
| Clause | Standard position | Deviation that escalates |
|---|---|---|
| Mutual vs one-way | Mutual where both sides share | One-way obligation on you only |
| Definition of confidential information | Marked or reasonably identifiable | Everything-is-confidential, no exceptions |
| Permitted use / purpose | Tied to the stated deal | Open-ended or undefined purpose |
| Term and survival | 2-3 years, trade secrets survive longer | Indefinite, or 5-plus years on ordinary info |
| Return or destruction | On request or at termination | No obligation, or onerous certification |
| Independent development carveout | Present | Missing (a common silent trap) |
| Remedies | Injunctive relief, no penalty clause | Unlimited damages or liquidated penalties |
| Governing law | A state your team knows | A non-standard or foreign forum |
| Non-compete / non-solicit | Absent from an NDA | Embedded restrictive covenant |
A worked example
Say a vendor returns your mutual NDA on your own template, but their markup changes one line. The original read:
"The receiving party shall hold Confidential Information in confidence for a period of three (3) years from the date of disclosure."
Their version:
"...for a period of three (3) years, and shall indemnify the disclosing party against any and all losses, including consequential and punitive damages, arising from any disclosure."
The classify step tags this: our paper, mutual, term unchanged, but a new uncapped indemnity with consequential and punitive damages. That last clause maps to the remedies row above, and the standard position is injunctive relief without a penalty clause. So the route is not auto-clear. It is escalate, and the flag the lawyer sees is one line: "Uncapped indemnity added (consequential + punitive damages); standard position is injunctive relief only. Suggested counter: strike the indemnity, rely on equitable remedies." The lawyer opens a one-clause decision, not a four-page read.
Where triage fits in the wider NDA review process
People search "NDA review process" and "NDA triage" expecting the same thing. They are not. The review process is the full lifecycle: intake, review, negotiate, approve, sign, store. Triage is the first decision inside intake, the one that decides whether the rest of the process even runs for a given document.
A typical in-house NDA review process runs intake, then a substantive review of the key clauses (the same discipline you would apply across any in-house contract review), then negotiation over redlines, then internal approval, then execution and storage. A single NDA draft commonly takes a day or more to clear once you count the review and the back-and-forth (a practitioner range, not a hard benchmark). Triage collapses the front of that timeline: the routine NDAs skip review and negotiation entirely and go straight to execution, so the slow window only ever applies to the escalated minority.
Where the sort quietly goes wrong
Two failure modes account for most disappointing triage deployments, and neither is "the AI is not smart enough."
The first is timid routing. Teams are nervous about auto-clearing anything, so they set the rules so conservatively that almost everything escalates. The result is a tool that classifies beautifully and deflects nothing.
The lawyers are still looking at forty NDAs a day, now with prettier annotations. If your auto-clear rate is in the single digits, you did not build triage. You built a labeling system.
The second is the governing-law and definition mismatch that classification alone misses. An NDA's confidentiality definition and its choice-of-law clause are not independent. Whether a broad definition of "confidential information" is even enforceable can turn on the trade-secret statute of the governing state.
State Uniform Trade Secrets Act enactments differ in their edges, and they are real, citable law: Massachusetts has its own framework at Mass. Gen. Laws ch. 93, sec. 42D; Arizona's trade-secret provisions sit at A.R.S. 44-405; New Jersey's enactment lives at N.J. Stat. 56:15-5. A triage layer that knows the NDA says "governed by Arizona law" can check the definition against the actual Arizona statute rather than against a generic notion of what trade-secret law says.
This is the one place a statutes lookup earns its seat in the pipeline. You do not need a case-law engine to do it; you need the actual text of the governing state's trade-secret code.
A neutral statutes API over the U.S. Code, the CFR, and all fifty state codes is enough to let a triage flow verify a governing-law-versus-definition mismatch against the statute instead of guessing. It is a narrow, boring capability, and it is precisely the kind of check that separates a sort that catches the dangerous 5% from one that waves them through.
Why "in minutes" is a claim about humans, not robots
Vendors love the minutes framing. Softonic reported cutting NDA processing time and reducing outside-counsel costs by around 40% using LinkSquares triage, a vendor-reported figure worth taking as directional rather than gospel. Gartner, in the Ironclad data above, projects AI in contract lifecycle management can cut review time by roughly half.
Those numbers are real, but the mechanism is widely misread. The speedup does not come from the AI reviewing an individual NDA faster than a lawyer would. It comes from the AI handling the easy 80%, the our-paper-unchanged stack, so that the lawyer only ever opens the 20% with genuine deviations, and opens those already flagged.
"Minutes" is an aggregate statement about the queue, not a per-document benchmark. The robot did not get smarter. It absorbed the boring volume so the human's attention landed only where judgment was actually required.
This is also why triage is the right first AI use case for corporate counsel and a terrible vanity metric. If a vendor demos a gorgeous redline on a single tricky NDA, they are showing you the review layer.
Ask instead: out of a hundred typical inbound NDAs, how many clear without a human, and how do I audit the ones that did? That is the question triage actually answers.
How this connects to the rest of the stack
Triage is the front door. A few neighbors are worth knowing about.
For the high-volume case, where you are staring at a folder of two hundred NDAs rather than one at a time, the relevant tool is bulk extraction into a grid: every NDA as a row, every key term as a column, so you can sort and filter the whole pile at once.
That is what a document matrix does, and it is the natural workspace for the classify step at scale. Codified firm positions, the "what counts as a trivial deviation" rules, live well as a reusable skill or playbook that the triage flow applies consistently.
And because NDAs are confidential information almost by definition, the data-flow question is not optional. Wherever an NDA goes during triage, the counterparty's confidences go with it, the same data-protection scrutiny you would bring to DPA review, which is its own analysis worth doing before you route a single document through any vendor; we mapped that terrain in where your legal AI data actually goes.
When you are ready to actually choose a tool, the evaluation companion to this piece walks through the levels of capability, what a leaked triage system prompt reveals about the moat (it is not the prompt), and the specific questions to put to a vendor before signing.
This post is the layer before that one. Understand the sort first, then go shopping.
The honest take
NDA triage is the rare legal AI category where the value is genuinely large and the technology is genuinely modest. The hard part was never teaching a model to read a confidentiality clause.
The hard part is admitting that most of your NDA work does not need you, then building a disciplined sort that proves which ones do, and trusting it enough to let the rest clear. Teams that frame it as "make review faster" buy a sharper scalpel for a problem that needed a filter. Teams that frame it as "stop reading the routine ones" get their afternoons back.
Measure your triage by what it lets you ignore. That is the whole game.
FAQ
What is NDA triage in simple terms? NDA triage is the quick sort that decides what happens to each inbound NDA before anyone reviews it: auto-approve the clean ones on your own template, fast-track the ones with minor pre-approved changes, and escalate their paper or anything with a material deviation to a lawyer. It answers whether an NDA needs a human at all, not what the redline should say.
What is the difference between NDA triage and the NDA review process? The NDA review process is the full lifecycle: intake, review, negotiate, approve, sign, store. Triage is the first decision inside intake. It decides which NDAs skip the rest of the process and which ones enter it. Triage is the filter; review is the work that happens to whatever the filter lets through. The companion piece on evaluating NDA triage tools goes deeper on the review layer.
What are the three NDA triage tiers? Most teams run auto-clear, fast-track, and escalate, sometimes labeled green, yellow, and red, or Tier 1, 2, and 3. Auto-clear is your own paper returned unchanged. Fast-track is your paper with minor pre-approved deviations. Escalate is the counterparty's paper or any material deviation that needs a lawyer's judgment.
What clauses does NDA triage check? The standard set is mutual versus one-way, the definition of confidential information, permitted use, term and survival, return or destruction, the independent-development carveout, remedies, governing law, and any embedded non-compete or non-solicit. Each has a standard position, and the deviation from it is what moves an NDA out of the auto-clear lane.
How do you measure whether NDA triage is working? By deflection, the share of inbound NDAs that auto-clear safely without a human. Sub-10% means you built a labeling system, not triage. North of 50% on routine inbound NDAs is where the time savings live. The clause analysis being thorough is secondary to the routing being decisive.
Can NDA triage be fully automated? The sort can be highly automated for NDAs on your own template that match your playbook, with logging so you can audit every auto-clear. The escalated minority still needs a lawyer. The point of triage is not removing the human, it is making sure the human only sees the documents that actually need judgment.
Why does NDA triage make review faster? Not because the AI reads any single NDA faster than a lawyer. Because it absorbs the routine volume, so a lawyer only ever opens the small share with genuine deviations, and opens those already flagged with the standard position and a suggested counter. The "minutes" claim is about the queue, not one document.
Vaquill AI runs the sort with AI contract review and playbook-driven routing, then handles bulk NDA classification across an inbound stack in the Document Matrix. See /features/document-matrix.
New legal AI guides, weekly.
Further Reading
NDA Triage AI: How AI NDA Review Works and How to Evaluate a Tool (2026)
Read postIntelAgree vs DocuSign CLM (and Ironclad, ContractWorks): AI Contract Management Compared
Read postDocuSign CLM Redlining vs AI Contract Review
Read postHow to Draft a PI Demand Letter and Build the Chronology With AI
Read postTop 13 Legal Redline Software Tools (2026)
Read postHow to Build an NDA Playbook Your AI Can Actually Enforce
Read post
Co-Founder & CEO · Attorney
Arshita leads product and strategy at Vaquill, building the legal AI suite that solo, small-firm, and in-house US lawyers use to run a matter end to end.