Drones will be affected by a new European regulation setting burdensome obligations which could considerably impact their future development.

The Council of Europe signed off the new EU Regulation on drones. The new Regulation will repeal the existing legislative framework on civil aviation safety and in particular Regulation (EC) No 216/2008 “on common rules in the field of civil aviation and establishing a European Aviation Safety Agency” (the so called “Basic Regulation”). The Basic Regulation on civil aviation safety excluded from its application the “unnamed aircraft systems” (UAS) – commonly known as “drones” – with less than 150 kg weight, that were regulated by national legislation.

The new Regulation will provide new EU wide rules on civil aviation safety for drones of all sizes, except those used for “state” operations (e.g. military, customs, police, firefighting, etc.), introducing a proportionate and risk based approach, depending on aircraft’ characteristics and weights, designed to make the EU aviation sector to grow. The

Regulation will also revise the mandate of the European Aviation Safety Agency (EASA) in the field, increasing its powers.

But let’s do a step back.

Where does this Regulation come from?

In recent years, the increased used and development of UAS has been extremely fast, challenging traditional aviation.

Drones are aircraft that operates from remote without crew or pilot on board. Drones were originally developed for military use, but drones’ technology has been developing rapidly in recent years, so that even private individuals use drones for leisure and recreation.

Drones are now used for a range of activities from photography and filming in movie sets, to rescue operations, pipeline inspections and farming with crop spraying. Few days ago, in Turin, drones were used for a public show in place of fireworks. In England, researchers are developing drones able to autonomously inspect and repair potholes in roads! In the very near future drones will be also used for public transports. Only few days ago, a famous German car manufacturer, a leader in the aerospace industry and the German ministry have teamed up with a memorandum of understanding to develop an “Urban Airmobility”.

The above scenario is opening a new chapter in the history of aerospace, with wide range of possibilities and variety of new commercial services. According to the European Commission, the drone industry could create about 150,000 jobs in the EU by 2050.

In this scenario a significant number of National Aviation Authorities have started establishing new aviation safety legislations regulating the use of drones in their national airspace. However, to bring legal certainty and consistency across EU, on 7 December 2015 the EU Commission proposed a revision of the EU legislative framework, to be ready for the challenges expected beyond 2020. The outcome of such proposal is the new Regulation in question, thanks to which the European Union will regulate civil operations of all kind of drones, whilst national regulations on civil operations of drones lighter than 150 kg will be progressively replaced.

What do these new rules on drones say?

The new rules on drones will provide the basic principles to ensure safety, security, privacy and the protection of personal data.

To tackle these risks the Regulation introduces new rules that are proportionate and risk-based, designed to reduce boundaries and encourage innovation.

For example, sport and recreational aviation will be subject to simpler approval procedures than those applicable for commercial air transport. On the other hand, higher-risk drone operations will require certification. In addition, according to the Regulation “in light of their limited risk to civil aviation safety, aircraft that are of simple design or operate mainly on a local basis, will remain under the regulatory control of the Member States.

As a general principle, the new rules state that drones must be safely controllable and maneuverable and should be operated without putting people at risk. Based on risk, some drones would need for example additional features, such as automated landing in case the operator loses contact with the drone or collision avoidance systems.

All drones should be also designed to take into account privacy by design and by default.There will also be rules on the noise and emissions generated by drones, as is the case for any other aircraft.

To help identify drones’ operators, in case of incidents or privacy violations, they need to be enrolled in national registers and their drones marked for identification. This would not apply to operators of the smallest drones. Also, some drone operators would be required to attend training before they can operate a drone.

Finally, the Regulation also extends the EASA’s mandate to safety-related aspects of security, such as cyber security, and to the protection of the environment, inspections powers, certifications and enforcement tasks etc.

On the above key principles of the Regulation, the EU Commission and the EASA will develop more detailed EU rules, such as maximum altitude and distance limits for drone flight, and which drone operations and drones would need to be certified based on the risk they pose. The rules would also determine the minimum age for operating drones, which operators need additional training and to be registered and which drones would need to have additional safety features, etc.

In this regard the EASA has already published “prototype” regulations, based on the EASA Opinion 01/2018 published of the 6 February 2018. In short, the new framework proposed by EASA introduces three categories of operations (open, specific and certified) according to the level of risks involved. A different regulatory approach will be adopted for each category. Low-risk operations (open category) will not require any authorization, but will be subject to strict operational limitations, such as maximum altitude. For medium risk operations, operators will have to require an authorization from the national aviation authority on the basis of a standardized risk assessment or a specific scenario (specific category). Finally, in case of high risk operations, classical aviation rules will apply (certified category).

Impact on “aviation law”, but also on other fields of law

These new rules on drones are very interesting for lawyers: “aviation law” is a very specialist area, but with entry into the market of the drones, rules on aviation will now intertwine with many other fields of law and in particular with privacy.

The risks to privacy and data protection are essentially related to the availability on the UAS of a camera or another sensor that is able to record personal information. Most of the UAS available on the market, even if they are very small, are equipped with cameras. In this scenario, on 18 June 2015, the Article 29 Working Party has issued an opinion on privacy impacts by the use drones. According to the Working Party, “several privacy risks may arise in relation to the processing of data (such as images, sound and geolocation relating to an identified or identifiable natural person) carried out by the equipment on-board a drone. Such risks can range from a lack of transparency of the types of processing due to the difficulty of being able to view drones from the ground to, in any event, a difficulty to know which data processing equipment are on-board, for what purposes personal data are being collected and by whom”. According the Working Party, drones’ operations should necessarily comply with the purpose limitation and data minimisation principles, avoiding collection of unnecessary information, and data subjects should be informed of the processing carried out. Similarly, all suitable security measures should be adopted, as well as deletion or anonymization of personal data which is no more necessary. Drones should be developed taking into account the privacy by design and privacy by default principles. Finally, awareness should be raised among drones’ users, for example by compelling manufactures to include sufficient information within the packaging relating to the potential intrusiveness of these technologies.

Taking into consideration the Working Party Opinion, the new Regulation introduces several provisions on privacy, in particular:

  • UAS and operators should be registered, to identify operators and information on the processing of personal data by the aircraft;
  • The operator and the remote pilot of an UAS must be trained on privacy;
  • the UAS must have specific features and functionalities that take into account the principles of privacy by design and by default.

What’s next?

The new Regulation will be signed by EU institutions and published in the EU Official Journal, probably by the end of July and it will enter into force 20 days after publication. In addition, by the end of the year, the European Commission will adopt two regulations covering more detail aspect of UAS operations.

Stay tuned for more updates and details on the content of the new regulations…drones rules are about to take off!