A new peer-reviewed study looks at how EU regulations affect the use of AI and IoT in building energy systems. Published in Buildings (June 2025), and drawing from 64 sources, the paper details how privacy laws, cybersecurity mandates, and liability frameworks are shaping the future of smart building systems.
The study focuses on laws such as the AI Act, the Energy Performance of Buildings Directive (EPBD), and GDPR, and reviews where current rules help or hold back adoption.
Most notably, the study outlines a disconnect: while EU policy pushes for smart and efficient buildings, many buildings are still not using available tools like AI-based retrofits. The authors identify three core challenges.
First, legal uncertainty – including obligations under the AI Act and GDPR – deters adoption. Second, technical hurdles – such as systems that can’t communicate with each other (interoperability) and algorithms that are difficult to interpret (explainability) – continue to slow down adoption. And third, the economic value of digital retrofits is still often underestimated, despite potential energy savings of 20-40%.
Energy efficiency experts weigh in on what these findings mean for building owners and Europe’s decarbonisation plans.
“There’s a clear opportunity here. The EU is mandating smarter buildings, but most owners don’t know where to begin – or they fear they’ll get it wrong,” said Donatas Karčiauskas, CEO of Exergio, a company that develops AI-powered tools for building energy optimization. “We’re seeing a growing interest in AI-based retrofits, yet many still assume the compliance cost is too high. In our experience, you can often unlock 20–30% energy savings without touching the walls.”
But regulation hasn’t kept pace with the tools now available – and that’s where many building owners hesitate. From data collection to automated decisions, smart building systems now fall under several EU laws. The AI Act may classify predictive HVAC software as “high-risk” and require extra documentation and oversight. Meanwhile, the AI Liability Directive broadens who is accountable for algorithm-driven outcomes. These rules are meant to build trust, but often discourage early adoption, especially in smaller buildings, says Karčiauskas.
“Data privacy is essential, but it’s often misunderstood. With the right architecture – things like edge computing, anonymized data, and explainable AI – you can meet all regulatory requirements and still get results. We’ve seen digital upgrades pay for themselves in under 12 months, and still be fully compliant,” explained Karčiauskas.
The authors of the study found that the real barrier is no longer technical performance – it’s trust. Tools like SHAP (which explains algorithm outcomes) and federated learning (which trains AI locally without sharing sensitive data) already support privacy-aware, explainable systems. Yet many building owners still hesitate, unsure whether these upgrades will pass audits or qualify for funding.
“Digital retrofits are often judged by the wrong standards,” added Karčiauskas. “Stakeholders expect 100% certainty from AI, but are fine with ‘good enough’ when it comes to insulation. The difference is that AI lets you measure, adjust, and scale quickly. That kind of flexibility is valuable, especially in older buildings. It’s a resilience tool Europe isn’t using enough.”
The study points to missed economic gains. AI systems that respond to occupancy, weather, and energy prices can cut waste by adjusting systems in real time, unlike conventional setups that follow fixed schedules. These upgrades reduce operating costs and support compliance with EPBD targets. Yet current EU policy still treats advanced AI control as no different from basic automation.
The study concludes that EU regulations are starting to act not only as constraints but also as catalysts. They raise cybersecurity and system compatibility standards, which adds complexity. But at the same time, they push the market toward smarter, safer, and more transparent systems. Framing AI not only as a performance tool but as a pathway to compliance could speed up its adoption in the building sector, according to the study.
“Building energy management systems are already helping cut energy use and emissions across Europe. But their real impact shows when they’re connected to secure, compliant AI systems that deliver immediate results. As key EU policy deadlines approach in 2025, the time to act isn’t next year but now,” concluded Karčiauskas.
