Smart building IoT: HVAC lighting access control AI

A smart building system has four main layers: the sensor network (occupancy sensors, environmental sensors, energy meters, access readers) that collects real-time data; the Building Automation System (BAS) or Building Management System (BMS) that provides supervisory control of HVAC, lighting, and mechanical systems; an IoT integration platform that aggregates data from disparate systems into a unified data model; and an analytics and AI layer that processes the data to optimise energy consumption, predict maintenance needs, and provide occupant experience insights. A digital twin is increasingly added as a visualisation and simulation layer.

AI-driven building management systems typically achieve 20–40% energy savings on HVAC (the largest energy consumer in commercial buildings) and 40–60% savings on lighting. Total building energy savings of 20–35% are commonly reported in case studies, with some deployments achieving higher savings in buildings that had poor baseline controls. The savings come from demand-based control (only conditioning occupied spaces), predictive pre-conditioning (using building thermal mass to shift energy consumption to low-tariff periods), and continuous optimisation that adapts to actual usage patterns rather than fixed schedules.

BACnet (Building Automation and Control Networks) is the dominant open standard protocol for building automation systems, covering HVAC controllers, fire alarm systems, lighting controls, and energy management. BACnet/IP (running over standard Ethernet/IP networks) is the modern version. It is important because it enables interoperability between building systems from different vendors — a BACnet-compliant HVAC controller from Carrier can be integrated into a Johnson Controls or Siemens BMS without custom integration work. BACnet is specified in ASHRAE Standard 135 and is mandatory in many public building projects globally.

Daylight harvesting is a smart lighting technique where photosensors measure the amount of natural daylight entering a space and automatically dim artificial lighting to maintain a target lux level while maximising natural light use. As daylight increases (as the sun rises or clouds clear), artificial lighting dims proportionally. As daylight decreases, artificial lighting brightens. In perimeter zones of commercial buildings with good glazing, daylight harvesting can reduce lighting energy consumption by 30–60% during daylight hours. It requires photosensors, dimmable luminaires, and a lighting control system that supports closed-loop control.

Smart buildings provide the granular, real-time data that makes credible ESG reporting possible. Energy meters by zone provide Scope 1 and Scope 2 emissions data at building and floor level. Water meter data supports water conservation reporting. Occupancy data enables energy intensity (kWh per occupant or per square metre) benchmarking. Smart building platforms can automatically generate reports aligned with GHG Protocol, GRESB (Global Real Estate Sustainability Benchmark), ENERGY STAR, and BREEAM standards, replacing manual data collection with automated meter data integration.

IoT building systems create several cybersecurity risks: network intrusion via unsecured building controllers (HVAC systems have been used as entry points to corporate networks); physical safety risks from manipulated control systems (temperature, access control, fire suppression); ransomware targeting building management systems; and data privacy risks from occupancy and access control data. Mitigations include strict network segmentation between OT (operational technology) and IT networks, mandatory authentication for all device management interfaces, regular firmware updates, monitoring for anomalous control commands, and inclusion of building systems in the organisation's vulnerability management programme.

The WELL Building Standard is a certification framework focused on occupant health and wellbeing across ten concepts: Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community. Smart building technology directly supports multiple WELL requirements: CO₂ and PM2.5 monitoring for Air quality compliance; tunable white lighting and daylight harvesting for the Light concept; temperature and humidity control within WELL-defined comfort ranges for Thermal Comfort; and acoustic monitoring for Sound standards. WELL certification requires verified measurement data, which smart building sensor systems can provide continuously.

Mobile credentials use a smartphone as the access control credential, replacing physical keycards. The phone communicates with an access control reader via Bluetooth Low Energy (BLE) or NFC. A mobile credential app (from vendors like HID, Allegion, or ASSA ABLOY) stores a digital credential issued by the building management system. Employees tap their phone to the reader or use hands-free BLE detection (the door unlocks as they approach). Benefits include eliminating physical card issuance and loss, remote credential provisioning and revocation, and the ability to grant temporary access to visitors via push notification without physical interaction.