This document specifies cybersecurity requirements for protecting the privacy of premises and personally identifiable information through the use of the HES gateway and related HES standards. This document applies a set of principles including those specified in ISO/IEC 29100 that are applicable to the HES gateway such as consent, purpose legitimacy, collection limitation, data minimization, retention, accuracy, openness, and individual access.