Open standards are critical for IoT adoption in modern commercial real estate, by ensuring that diverse devices and systems can work together, open standards lay the foundation for smart building development.
Without open standards, devices operate in silos, making integration more complex, but open standards eliminate these barriers by providing a shared framework for communication and interoperability between IoT systems.
“Beyond interoperability, open standards help combat market fragmentation and vendor lock-in, ensuring that enterprises are not tied to a single manufacturer’s proprietary ecosystem. This encourages a competitive and dynamic marketplace, where businesses can select best-in-class solutions based on performance, security, cost, and feature set—rather than vendor limitations,” reads our latest smart buildings research.
Open Standards for Building Automation Protocols
Building automation relies on specialized protocols that allow building systems to communicate, thereby forming the foundation of smart buildings. The most notable modern automation protocols are “open” which has accelerated their adoption in commercial buildings.
BACnet is one of the most widely used building automation protocols worldwide. Developed by ASHRAE in the 1990s to be an open standard, it remains popular with innovations such as ‘Secure Connect’ and ISO standardization.
KNX is another popular protocol for both residential and commercial use, especially in Europe. KNX also continues to develop, with its evolution into IP-based and wireless networking.
Other automation protocols exist within commercial building technology but haven’t maintained similar levels of penetration. Established in the 1990s, LonWorks is a robust peer-to-peer networking architecture but proprietary constraints in an increasingly open world have limited widespread adoption. 1970s Modbus, meanwhile, saw widespread adoption but lacks built-in security mechanisms, making it vulnerable to IoT cyber threats.

Open Standards within Application Layer Protocols
“Within IoT architectures, application layer protocols are critical for moving data between devices, gateways, and cloud or enterprise systems in a standardized way. These protocols sit atop the network transport and define how IoT messages are formatted, transmitted, and interpreted by applications,” explains our new study, which compares the distinct purposes and strengths of each.
Message Queuing Telemetry Transport (MQTT) is a lightweight publish/subscribe messaging protocol that is widely adopted in IoT applications for its efficiency in real-time data transmission. The Constrained Application Protocol (CoAP) is also lightweight, but designed specifically to facilitate efficient communication among devices with limited resources, such as sensors and actuators.
Unlike lightweight MQTT and CoAP, the Advanced Message Queuing Protocol (AMQP) was designed for robust messaging in enterprise systems, providing features like guaranteed delivery, routing, and transactions. Others, such as OPC Unified Architecture, offer reliable machine-to-machine communication protocols from industrial automation, and are significant for IoT where industrial-grade systems or complex integrations are involved.
Maturing IoT Security Standards
Several standards guide IoT security in commercial buildings, covering everything from high-level organizational practices to technical requirements for devices. Our new research report reviews all critical security standards and frameworks, assessing the implications of recent development in each.
ISO/IEC 27001 is one of the most established international standards for information security management systems (ISMS) and is often the baseline for many companies involved in smart building IoT to demonstrate their overall commitment to security.
The U.S. National Institute of Standards and Technology (NIST) has also been very active in producing guidelines for IoT security and is in the process of updating its flagship Cybersecurity Framework (CSF) to incorporate more IoT and supply chain content.
The European Telecommunications Standards Institute (ETSI) provides its EN 303 645 security standard as a baseline for consumer IoT devices. Despite the “consumer” label, many of its principles apply broadly to IoT devices used in any environment, including commercial buildings.
And, the ISA/IEC 62443 series leverages its experience enhancing cybersecurity in Industrial Automation and Control Systems (IACS) to provide reliable security open standards for building automation systems.
Open Standards & Converging Frameworks
“Having common protocols is key to enabling interoperability; the other, equally important part is having common data models and ontologies to describe devices, equipment, and the data they generate,” explains our latest smart building research.
Key frameworks like Brick Schema, Project Haystack, and RealEstateCore (REC) are collaborating, via ASHRAE 223P and other liaisons, to enhance interoperability.
For a building owner or systems integrator, this will be welcome news and a clear indication that the industry is moving toward consensus on how to represent building IoT data. Ultimately, the hope is that in a few years, a well-aligned set of frameworks will emerge to reduce confusion and drive the industry forward.
“As the IoT ecosystem matures, industry groups are driving greater standardization and interoperability across platforms. With multiple protocols and frameworks in play, efforts are underway to ensure seamless device integration, regardless of manufacturer or underlying technology,” continues our new report exploring the key initiatives advancing interoperability and all the important smart building developments in recent years.