The smart home continues to evolve, and with it comes a growing need for simpler, more accessible onboarding. Zigbee has delivered trusted, scalable mesh networking for years, yet the option for secure out-of-band commissioning has traditionally required a separate hub or gateway, introducing cost and complexity. Zigbee Direct solves this challenge by integrating standardized BluetoothⓇ Low Energy (BluetoothⓇ LE)-to-Zigbee bridging into Zigbee devices, empowering users to securely commission and manage products using their existing BluetoothⓇ LE devices. This approach streamlines onboarding, reduces deployment costs, and makes the Zigbee experience more accessible for both consumers and professional installers—ultimately lowering barriers to entry for a smart home market projected to reach $140.6 billion after 2025, as reported by Mordor Intelligence in its Smart Home Hub Market analysis.
A More Intuitive, Smartphone-Driven Commissioning Experience
At the heart of Zigbee Direct is a commitment to making commissioning simple, intuitive, and aligned with the way people use their devices. Instead of relying on specialized hardware or proprietary tools, it enables a seamless, app-based experience similar to pairing a BluetoothⓇ accessory. The architecture centers on two roles: the Zigbee Direct Device (ZDD) and the Zigbee Virtual Device (ZVD). The ZDD, such as a bulb, plug, or sensor, includes an IEEE 802.15.4 radio for Zigbee mesh networking and a BluetoothⓇ LE radio for direct interaction with mobile devices. The ZVD runs on a smartphone, installer tablet, or any BluetoothⓇ LE-enabled device, acting as the BluetoothⓇ LE central and incorporating a lightweight Zigbee stack allowing it to “speak Zigbee” over an authenticated BluetoothⓇ LE connection. This design creates a consistent, app-driven commissioning process, reducing the learning curve for new users and expediting setup of multi-device systems.
At a technical level, the communication path between the ZVD and the ZDD is defined through two standardized GATT services ensuring interoperability across device types and vendors. In addition, a security service is used to create a secure link between the ZVD and ZDD. The Commissioning Service provides the structured interface for forming or joining networks, adjusting permit-join settings, and receiving commissioning updates, forming a basis for secure connection and network control. Complementing this, the Tunnel Service offers a high-speed transport layer for encapsulating Zigbee messages within BluetoothⓇ LE packets, allowing smartphones to send Zigbee commands before a device joins the ecosystem. Together, these services deliver a smoother experience for consumers and a more capable, flexible workflow for integrators and professional installers.
Zigbee Network Control with Zigbee Direct
Zigbee Direct exposes a Zigbee device’s application layer over BluetoothⓇ LE, effectively allowing a controller without a Zigbee radio to act as a proxy Zigbee client. The ZDD runs a dual-protocol stack, with BluetoothⓇ LE handling the transport of commands and Zigbee handling execution on the 802.15.4 network. On the BluetoothⓇ LEside, the ZVD implements a Zigbee Direct–defined GATT service that encapsulates Zigbee Cluster Library (ZCL) frames or attribute operations. When a controller issues a command, such as an On/Off, Level Control, or Identify request, it is tunneled into this GATT service and sent over BluetoothⓇ LE to the device. The Zigbee Direct layer on the device parses the incoming data, maps it to the appropriate ZCL command, and injects it into the local Zigbee application framework. From there, the command is processed exactly as if it had arrived over the Zigbee radio, allowing the device to update its state, control hardware outputs, or generate Zigbee messages toward other nodes if needed. This architecture cleanly separates transport (BluetoothⓇ LE) from function (Zigbee), enabling direct control of Zigbee behavior using ubiquitous BLE-capable controllers while preserving standard Zigbee application semantics, making Zigbee Direct well-suited for local, point-to-point control, diagnostics, and advanced device management within an existing Zigbee network.
Security Designed for the Real World
Security remains a cornerstone of Zigbee Direct, preserving the strong protections defined in the broader Zigbee architecture. The design intentionally avoids traditional BluetoothⓇ pairing, which can create unnecessary friction and introduce vulnerabilities. Instead, Zigbee Direct employs a two-stage security model, balancing ease of use with robust protection. The provisioning stage is reserved for factory-new devices and uses pre-shared keys, such as installation codes, to authenticate the ZVD, restricting access to commissioning functions. Once a device is part of a Zigbee network, the authorization stage enables secure ongoing control by deriving cryptographic keys from the Zigbee Network Key or the Trust Center Link Key. The BluetoothⓇ LE link itself is treated as untrusted, with all meaningful protections implemented at the Zigbee application layer. Each session uses fresh AES-128 keys negotiated through modern protocols such as ECDHE or SPEKE, ensuring forward secrecy, while mandatory replay counters and AES-CCM authenticated encryption protect the confidentiality and integrity of every packet.
Expanding the Zigbee Experience for Consumers, Installers, and Legacy Networks
The practical impact of Zigbee Direct is significant for consumers and professionals. For everyday users, it transforms onboarding into a familiar, app-driven experience, with smartphones serving as the natural entry point into the ecosystem, greatly reducing setup friction for smart home beginners. Professional installers benefit from using tablets and mobile devices as universal commissioning tools, enabling full-site configuration without specialized hardware. In real deployments, Zigbee Direct can reduce installation time by up to 60% and eliminate the need for dedicated commissioning hubs, typically costing $200–$500 per project. It also protects existing investments, as a single Zigbee Direct–enabled device can act as the secure BluetoothⓇ LE entry point for an entire legacy mesh, enabling modern workflows without replacing established networks.
Zigbee Direct strengthens the Zigbee ecosystem without altering its core principles or introducing competing variants. As a feature fully integrated into Zigbee, it extends the capabilities of the established mesh rather than replacing it. This continuity reinforces Zigbee’s long-standing strengths—robust, secure, and scalable connectivity—now made more accessible through mobile-first workflows. The result is a commissioning model aligned with current user expectations while maintaining the reliability and interoperability defining Zigbee across global markets.
A Meaningful Step Toward a More Accessible, Interoperable IoT
As the demand for connected solutions continues to grow, simplifying the onboarding experience becomes critical to drive adoption and unlock the full value of smart environments. Zigbee Direct delivers a modern and secure pathway for smartphones and tablets to interact directly with Zigbee devices, offering both convenience and confidence. By reducing friction, strengthening security, and expanding accessibility, Zigbee Direct marks an important evolution in the Alliance’s commitment to advancing open, interoperable, and intuitive IoT connectivity, helping bring the benefits of Zigbee to more homes, businesses, and industries around the world.1
Learn More About Zigbee Direct
A feature of Zigbee that simplifies onboarding and control of Zigbee devices directly via Bluetooth Low Energy, and simplifies the user experience with Zigbee networks. Learn more and start building with Zigbee Direct today!
1 Credits to Aniss Abdellaoui, Application engineer chez at STMicroelectronics and Marius Munder, Principal Architect at Silicon Labs