"We need to stop people from sharing our documents." The moment someone says that, the conversation drifts into watermarking, DRM, copy protection, and a dozen other technologies that sound similar but solve different problems. Here's how to pick the right one.

The problem you're actually trying to solve

Before picking a technology, be specific about what you're worried about. Is it:

Casual leakage — someone forwarding a document to a colleague without thinking?
Deliberate leakage — someone deciding to send the document to a journalist or competitor?
Unauthorised printing or copying?
Attribution — knowing WHO leaked it if a leak happens?

Different technologies solve different parts of this list.

Watermarking

Watermarks overlay visible text or images on the document — usually the viewer's name, email, timestamp, and sometimes a session ID. They don't prevent anything; they just make leaks easier to trace. The theory is that a person considering leaking a document will think twice if their name is stamped across every page.

Watermarking is excellent for attribution and deterrence of deliberate leakage. It's useless against casual forwarding (the watermark goes along with the forwarded file but nobody reads it), and it's ineffective against determined attackers who can remove watermarks with basic image editing.

DRM (Digital Rights Management)

DRM actually controls what the recipient can do — prevent printing, prevent copying, prevent saving. It typically works by only allowing the document to be viewed inside a controlled viewer (a proprietary app or a browser-based reader) that enforces the restrictions.

DRM is good at preventing casual misuse — your recipient can't accidentally attach the file to an email because they never actually received the file. It's also good at preventing printing and local copying. But it's useless against screenshots, and sophisticated users can always find workarounds (physical camera photo, screen recording, etc.).

The reality: you need both

For most B2B use cases, the right answer is: dynamic watermarking (for attribution) inside a controlled viewer (for preventing casual copying) with a strong audit trail (for post-incident investigation). Full DRM with print prevention is overkill for most use cases and creates usability problems that often get disabled in practice.

The honest conclusion

No technology will stop a determined insider from leaking a document they've legitimately viewed. The best you can do is make it hard, trace it when it happens, and ensure there are legal consequences. For 95% of use cases, watermarks plus audit trails plus an NDA is the right combination.