This standard defines a Security Gateway for establishing virtual cross-company data and service spaces. Based on the principles of data sovereignty, the Security Gateway facilitates secure exchange of data and allows providing and using trustworthy data services. The Security Gateway is available in three different variants, specifying different levels of security and protection. It is suited for being used by companies from industries such as finance, healthcare, IT, telecommunications, logistics, or Industrie 4.0 (Industrial Internet). The requirements described in this document relate to the technical features of the Security Gateway. The document does not address the requirements regarding development or secure operation of this component, nor does it relate to other components of the architecture, such as the App Store, the Clearing Entity, or the Broker. The three different levels of security are: Base, Trust, Trust+. The “base” profile meets basic security requirements for communication across company boundaries. A connector that has been certified according to the “trust” profile provides additional security features such as strict isolation of the service containers and mutual verification of integrity. A “trust+” profile connector even provides protection against manipulation by malicious administrators. These security levels comply with ISO/IEC 62443 (particularly ISO/IEC 62443-4-2) but have been extended by including additional requirements deemed necessary for the IDS ecosystem. That makes DIN SPEC 27070 the first initiative specifying requirements regarding a secure gateway for cross-company data exchange in the manufacturing industry.