An Early Warning System (EWS) for cybersecurity intelligence will provide the capability to share information to provide up to date information to all constituents involved in the EWS. The development of EWSs will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains. This article is the result of a qualitative multiple-case study analysis. It consists of theory development by systematic reviews of academic articles, seven case studies, and cross-case conclusions, from which a set of system requirements and features were established to support a model that promotes information sharing among partners, while also meeting regulatory requirements. Moreover, the final analysis includes the requirements for information sharing within and between partners across organisational boundaries as derived from multi-sector analysis. The study consists of a comprehensive review of information sharing and trust models from within the cyber domain (n > 50), as well as models from other domains, such as healthcare, maritime and critical infrastructure protection.