Today, our big question is : what is a trade secret ? That’s a key concept to fully understand Intellectual Property. So, let’s dig into it. A trade secret is any confidential information that provides economic value by remaining undisclosed and is actively kept secret through reasonable safeguards.
What is a trade secret : key concept and definition
However, context matters before rules bite.
Furthermore, a trade secret, according to Article 2 of the EU Trade Secrets Directive, means information that (i) is secret, (ii) has commercial value because it is secret, and (iii) is subject to reasonable steps to remain secret.
This tripartite test, mirrored by WIPO and echoed in EPO commentaries, forces founders to audit assets methodically. Only when all three limbs are satisfied does the law confer protection.
Meanwhile, in industry practice, the notion embraces “hard” R&D outputs such as manufacturing methods and “soft” data like pricing algorithms. Start‑ups often underestimate how broad the category is; customer insight can be as valuable as a catalyst formula. Ideas spark progress. Early audits let teams rank assets and set lean budgets for protection—strong passwords and crisp NDAs cost less than one lost contract.
Moreover, ownership is straightforward: whoever lawfully controls the information at the moment of misappropriation is the right holder. Founders must therefore assign pre‑existing know‑how to the company during investment rounds. Investors now demand a trade‑secret schedule listing core confidential assets and current safeguards.
Furthermore, cross‑border commerce amplifies the stakes. While the Directive obliges every Member State to offer civil remedies, evidential rules vary. Germany allows swift ex parte seizures; France expects fuller disclosure. Planning enforcement strategy in advance saves days when a leak erupts.
In addition, digital transformation multiplies leakage vectors. Remote work and cloud collaboration mean sensitive files may live on personal devices or external servers. Encryption at rest, multifactor authentication and intrusion detection must be coupled with contracts obliging vendors to match internal standards; otherwise the “reasonable steps” prong collapses.
Similarly, human resources play a frontline role. Exit interviews remind departing staff of continuing confidentiality, while onboarding spells out social‑media limits. WIPO studies show more than 80 % of leaks originate from insiders, often inadvertently.
In short, supply chains deserve scrutiny. One lax subcontractor can expose an entire process. Vendor questionnaires should probe ISO 27001 status and incident‑response readiness; contracts must permit audits and mandate breach notices.
Additionally, periodic internal audits reinforce compliance. Audit teams sample project folders, quiz staff and stress‑test drills. Findings feed board dashboards, prompting funds for encryption upgrades or refresher courses.
common missteps to avoid
On balance, relying on implied confidentiality is risky. Forgetting access controls, omitting NDAs in employment contracts or uploading code to GitHub during fundraising are classic unforced errors. Courts look for proactive controls—password‑protected servers, clean‑desk rules, tiered access logs. Absent proof, judges assume the data was not truly secret (see EUIPO case notes).
Strategic choices: secrecy versus patents
Meanwhile, entrepreneurs face a strategic crossroads: patent or stay silent? An invention disclosed in a patent application becomes public 18 months after filing; secrecy ends, but you gain a 20‑year monopoly. A trade secret stays hidden indefinitely yet vanishes the moment it leaks. Which path suits a start‑up whose AI model lives on a locked server?
Additionally, timeline, reversibility and detectability drive the decision. If rivals can reverse‑engineer a product once sold, secrecy collapses. Conversely, if the know‑how never leaves your server, secrecy shines. Litigation also differs: patent infringement is strict liability; trade‑secret theft demands proof of misappropriation.
In Europe, public grants such as Horizon Europe now require an IPR plan explaining how trade secrets will be safeguarded. Smart consortia agree publication rules at proposal stage to avoid last‑minute fights over conference papers.
Real‑world example: Coca‑Cola’s syrup recipe has remained secret for over 130 years through physical vaults and NDAs. Conversely, Pfizer patented its COVID‑19 vaccine because large‑scale production invited reverse engineering and regulatory disclosure. There is no one‑size‑fits‑all answer.
Moreover, jurisprudence is evolving. In 2024 the CJEU held in RH v AB that the burden of proof can shift to the defendant once the claimant shows prima facie secrecy and value. Contemporaneous documentation—access logs, confidentiality legends, board minutes—has never been more valuable.
Meanwhile, damages awards are climbing. A Milan court recently granted €12 million plus royalties against a supplier who copied a textile‑coating process, criticising basic password failures. Judges are losing patience with security theatre.
Furthermore, licensing strategy needs thought. Patent licences are public and easier to police; licensing a trade secret demands audit rights, milestone reporting and staged disclosure to limit exposure. Choose secrecy when reverse engineering is hard and internal controls are strong.
Does EU registration exist for trade secrets?
No. Protection arises automatically if the Directive’s three criteria and reasonable safeguards are met; nothing is filed at EUIPO.
Can employees use skills learned on the job?
Yes. General know‑how and professional skills belong to the individual. Only specific confidential information under a duty of secrecy remains off‑limits.
What remedies are available after theft?
Courts may grant injunctions, award damages, order destruction of infringing goods and seize leaked media; see national implementations of Directive 2016/943.
Furthermore, insurers now offer policies covering forensic costs, PR crisis management and legal action after trade‑secret theft. Premiums drop sharply when robust safeguards are demonstrably in place.
On balance, every enterprise should maintain a living trade‑secret policy reviewed annually. KPIs might track classified assets, NDA coverage, access‑revocation time and breach‑response speed. Metrics turn lofty policy into daily discipline.
