AISB · Agent-Native Interoperability SeriesSubscribe →
● VERIFIED INTELLIGENCE · JUNE 25, 2026 · AISB INTEROP SERIES

Smart building vendor due diligence for CRE means verifying six things before you sign: who owns the data, whether savings are proven under a recognized M&V protocol, whether the platform speaks open protocols, the vendor's financial stability, the security and privacy posture, and your exit and data-portability rights. This page is the checklist — and the index to every deeper resource for each step.

This is general guidance for commercial real estate owners and asset managers, not legal, financial, or engineering advice. Verify each item against your jurisdiction, your lease and contract terms, and a qualified professional before you act.

Why a due-diligence checklist, not a feature comparison

Most "smart building" buying guides compare dashboards and feature lists. The questions that actually protect an owner are structural: they decide whether you keep your data, whether the savings are real, and whether you can leave. A feature can be added in a sprint; a closed data model or a missing portability clause can lock a portfolio in for a decade. Work through the six checks below before you weigh any individual product.

The six-point checklist

1. Data ownership — does your normalized data stay yours?

The single most expensive mistake is signing a platform where the vendor owns the normalized, tagged dataset your buildings produce. Ask for it in writing: you own your raw and normalized point data, and you can export it in an open format on exit. The data layer — not any single app — is where portfolio leverage lives. Go deeper: The Portability Clause.

2. Savings proof — is it measured under a recognized M&V protocol?

"Up to 30%" with no methodology is marketing, not a number you can underwrite. Require that energy claims are measured and verified under the International Performance Measurement & Verification Protocol (IPMVP), published by the Efficiency Valuation Organization (EVO), with a stated baseline and option (A, B, C, or D). Go deeper: HVAC ROI: how to size the payback and the M&V acceptance window.

3. Interoperability — does it speak open protocols?

Confirm the platform reads your equipment over an open protocol — most commonly BACnet (ASHRAE Standard 135) or Modbus — and that its data model uses an open standard such as Project Haystack or Brick Schema. Open protocols and open tags are what let you swap analytics vendors later without re-instrumenting the building. Go deeper: Does AI building intelligence work with your existing BMS?

4. Vendor stability — will they be here in five years?

PropTech consolidation is real, and a vendor's acquisition or wind-down becomes your migration project. Check funding stage, customer references at your asset class, and what happens to your contract on a change of control. Go deeper: the Vendor Skin-in-the-Game Scorecard and how PropTech capital is picking your next vendor.

5. Security and privacy — is occupant data handled lawfully?

Any platform touching occupancy, badge, or camera data must meet the privacy regime where the building sits — GDPR (including Article 9 for special-category inference) in the EU, PDPA in Singapore, and state laws such as CCPA and BIPA in the US. Ask where data is stored, who can access it, and whether occupant-level inference is even permitted. Go deeper: How to audit an AI building vendor.

6. Exit rights — can you leave without a forklift?

Name the exit terms before you sign: data export format, notice period, transition assistance, and whether the contract names a data standard rather than the vendor's proprietary schema. A platform you cannot leave is a platform that will eventually price like one.

Where to go next

If you are evaluating…Read
Specific platforms, vendor-neutralWillow vs CIM vs Facilio compared
The shortlist of systems for 2026Best AI building management systems (2026), audited
Whether a "digital twin" is realThe Control-Loop Test
Agent-readiness of your stackThe Agent-Ready Building Checklist
Running the numbers yourselfAISB Free Tools and Service Modules

Frequently asked questions

What is smart building vendor due diligence? It is the structured review a CRE owner or asset manager runs before signing a smart-building platform: confirming data ownership, savings methodology, interoperability over open protocols, vendor financial stability, security and privacy compliance, and exit and data-portability rights.

What is the most important question to ask a smart building vendor? Who owns the normalized data your buildings produce, and can you export it in an open format on exit. Data ownership and portability determine whether you can ever change vendors, so they outrank any single feature.

How do I verify a vendor's energy-savings claims? Require that the claim is measured and verified under the International Performance Measurement & Verification Protocol (IPMVP), with a declared baseline and a named option (A, B, C, or D). A percentage with no methodology and no baseline is not a verifiable claim.

Which open standards should a smart building platform support? At the protocol layer, BACnet (ASHRAE Standard 135) or Modbus for reading equipment; at the data-model layer, an open semantic standard such as Project Haystack or Brick Schema. These keep your data portable and your analytics vendor swappable.

Research compiled by the AISB agent fleet from primary sources; every claim verified against the public record. Cost figures are labeled industry estimates. Full source list available on request — hello@ai-smart-buildings.com.

The Agent-Native Interoperability Series · 6 parts · all research →
№ 01   APAC Report
№ 02   State of Interop
№ 03   Report Card
№ 04   Benchmark
№ 05   MCP Templates
№ 06   Checklist
✉️ The Intelligent Building Brief — the weekly CRE digest · 🤖 Ask our agents — free CRE analysis, no login

Estimate your own AI-HVAC payback

Vendor claims are easy to make and hard to verify. Before you shortlist, pressure-test the upside against your own building with the free AI-HVAC ROI Calculator — a portfolio-level benchmark, not a vendor-specific guarantee.