BLUF: Five surveyed CRE AI platforms — Cherre, VTS, Yardi Virtuoso, Altus ARGUS Assist, ProptechOS — have shipped agentic features in the last 60 days. None of them ship a privacy broker. That gap is not an oversight; it is a deliberate avoidance of differential-privacy budgeting, k-anonymity floors, and per-zone consent jurisdiction tags. For an enterprise legal team running a 2026 procurement review, the privacy broker is the only primitive that converts a fused-occupancy product from "interesting" to "approvable." This piece walks through why the gap exists, what the broker actually does, and what to demand in your RFP.
The Five-Vendor Procurement Table
The competitor radar published 2026-04-28 surveyed Tier-1 AI building / CRE platforms with material agentic launches in March-April 2026. Privacy broker — defined as a runtime gate that enforces differential privacy noise budgets, k-anonymity thresholds, and regional consent rule packs before occupancy data is fused across sources — appears in exactly zero of them.
| Vendor | Agentic feature shipped | HITL? | Privacy broker? | Fused occupancy? |
|---|---|---|---|---|
| Altus ARGUS Assist | Conversational layer on ARGUS Intelligence (Apr 14, 2026) | Yes — recommend-only | No | No (valuation/leasing) |
| VTS Asset Intelligence | Expert-in-the-Loop verification on lease abstraction (Q2 2026) | Yes | No | No (lease only) |
| Yardi Virtuoso (Spring 2026) | Composer build-your-own-agent | Yes | No | No |
| Cherre | Property data graph + agentic SQL | Yes | No | No |
| ProptechOS | MCP-native CRE endpoint, RealEstateCore base | Yes | No | Partial (no consent layer) |
Density and VergeSense — both occupancy-pure-play vendors — have explicitly declined to fuse badge data with sensor data, citing "regulatory exposure" in their 2025 enterprise FAQs. That is not a feature gap. It is a decision to stop short of the wedge.
Why the Gap Exists: Three Structural Reasons
1. Privacy budgeting is a runtime contract, not a checkbox
Differential privacy is not "we anonymize the data." It is a per-query noise budget — typically expressed as ε (epsilon) — that is consumed every time a derived statistic is exposed. A real privacy broker has to:
- Allocate an ε-budget per zone per day (e.g., ε = 1.0/zone/day under Laplace noise).
- Track consumption across every fused product downstream (HVAC, cleaning, reception, space planning).
- Refuse the next query when the budget is exhausted, even if the requesting agent has clearance.
- Reset on a calendar boundary (UTC midnight, local midnight per jurisdiction, or rolling 24h).
None of the surveyed vendors expose this as a configurable contract because none of them have to. Their products do not fuse occupancy across sources at runtime. They process one source at a time — lease, valuation, work order — and the privacy question collapses to "do you have the contract."
2. K-anonymity floors break point-solution UX
K-anonymity says: never expose a statistic where the underlying group has fewer than K individuals. K=5 is the working floor for U.S. building occupancy. K=10 is increasingly demanded under EU AI Act Annex III for high-risk deployments.
For a point solution, this floor often kills the product. "Show me the four people who entered conference room 4B at 14:32" is a feature; "show me the zone-level aggregate across at least 5 occupants" is a different product. A privacy broker enforces the floor at the gate, which means upstream agents must be designed to consume aggregates, not identities. That is an architecture choice made before the first agent is built.
3. Jurisdiction packs are a maintenance burden
A working consent rule pack must currently cover, at minimum:
- GDPR Article 9 (special category data — biometric, location patterns)
- BIPA (Illinois, USD $1,000/$5,000 per-incident liability)
- Colorado SB-205 / SB-021 biometric (effective July 2025)
- CCPA / CPRA (California)
- EU AI Act Annex III (high-risk systems, effective Feb 2025; full Annex III from Aug 2026)
- Singapore PDPA + AI Verify (relevant for APAC enterprise tenants)
- Hong Kong PDPO
- Japan APPI (revised 2024)
- Australia Privacy Act (March 2024 amendments)
Each rule has a different definition of consent, retention, and legal basis. A vendor that ships in three jurisdictions and uses the same data flow in all three is, almost by definition, out of compliance in at least one. The privacy broker is the runtime layer that switches enforcement based on the zone's jurisdiction tag — and it is the piece that has to be engineered, audited, and redeployed every time a new ruling lands.
What the Broker Actually Does (Without Exposing Implementation IP)
The privacy broker sits between the sensor ingestion layer and any downstream agent that consumes occupancy. Functionally:
- Occupancy broadcast pattern: Every 15 minutes, the broker emits a privacy-gated occupancy envelope to all subscribed sibling agents. The envelope contains aggregates, not identities — and only the aggregates that pass the K-anonymity floor and have ε-budget remaining for that zone.
- Per-zone consent tag: Each zone carries a jurisdiction code (e.g.,
jurisdiction=EU-DE,jurisdiction=US-CO) and aconsent_on_fileflag. Agents that subscribe to the broadcast receive only the zones they are licensed for. - ε-budget exhaustion behavior: When a zone's daily budget is used, the broker silently substitutes the last-known cohort statistic (within bounded staleness) instead of computing a fresh value. Downstream agents see no error; they see a frozen aggregate. This preserves uptime without violating the contract.
- DPIA-required gates: For EU/UK deployments above 50 occupants per zone, the broker refuses to start without a referenced Data Protection Impact Assessment ID. The check happens at boot, not at query time.
That is four primitives. None of them are research-grade — Laplace noise has been textbook for a decade, k-anonymity is older than that, and DPIAs are a published GDPR requirement. The IP is not the math. The IP is enforcing all four at runtime, across multiple downstream agents, without breaking the user experience. That is what a privacy broker is for.
What to Put in Your 2026 Procurement RFP
If you are evaluating a CRE AI platform that touches occupancy in any form (HVAC, space utilization, cleaning routing, security, badge fusion, comfort surveys), demand the following in writing before the technical demo:
- Show me your ε-budget configuration. What is the default ε per zone per day? How is it consumed? What happens at exhaustion?
- Show me your k-anonymity floor and how it is enforced. Who can override it? Is the override logged?
- List every jurisdiction your consent rule pack covers, and the date each rule pack was last updated. (A pack older than 6 months is a red flag — Colorado SB-205 alone has driven three vendor settlements in 2025.)
- Show me a sample DPIA artifact for an EU deployment of this platform. (If they cannot, they have not deployed in the EU.)
- What is the audit trail for an ε-budget exhaustion event? Can your legal team replay it?
If the vendor's answer to any of these is "we do not currently expose that as a runtime contract," the platform is not approvable for fused occupancy in regulated jurisdictions. Period. The work to bolt it on later is not a sprint; it is a rebuild.
The mmWave Pairing — Why the Window Is Closing
The pairing argument matters because mmWave 60 GHz radar (Butlr, Occuspace) reached ~99% occupancy detection precision in Q1 2026 deployments without capturing PII. That hardware is the input layer that finally makes the broker economically viable. You can run privacy-preserving fusion against radar-derived counts where you previously had to fuse against badge swipes.
The competitor radar reads this as: the wedge product is a fused-occupancy intelligence layer (HVAC + cleaning + reception + space-planning all consuming the same broadcast) running on mmWave + sensor inputs, gated by the broker. The window before Density or VergeSense ship a broker of their own is the next 12-18 months. After that, the gap closes — and the moat is harder to argue from a procurement seat.
The Procurement-Side Bottom Line
Three things to take to your next CRE AI vendor meeting:
- "Privacy broker" is now a procurement term, not a marketing one. The five Tier-1 vendors above have all shipped agents. None of them ship a broker. That distinction will be in your 2026 RFPs whether you put it there or not, because your legal team will put it there.
- Differential privacy and k-anonymity are not features. They are runtime contracts. Ask for the ε-budget number. If the vendor cannot quote it, the contract does not exist.
- Jurisdiction packs are a maintenance signal. A platform with a 6-month-stale consent rule pack is a platform that will be out of compliance in at least one of your tenant markets within a quarter. Make the rule pack version a contract deliverable.
The privacy broker is a small piece of code with a large surface of legal liability behind it. It is the piece that makes fused occupancy approvable. Without it, the rest of the platform — however clever the agents are — is a procurement headache that ends in legal review rather than purchase order.
Related reading
- The IPMVP Verification Framework for AI Smart Buildings — the methodology layer that pairs with the privacy broker for full enterprise approvability.
- BaaS Platform Wars 2026 — three deployment archetypes and where the privacy layer sits in each.
- Talk to the AISB agent — bring your vendor list and we'll walk it through the broker checklist with you.
Editorial standard: every claim in this piece is anchored to a named vendor product launch or a published regulation. Sources: CRE Competitor Radar 2026-04-28, GDPR Article 9, Colorado SB-205 (effective July 2025), EU AI Act Annex III (full applicability August 2026), CRE Daily Briefing 2026-04-30 (mmWave precision 99%). Internal architecture references intentionally generalized — broadcast pattern and ε-budget framing only, no implementation specifics.