10 steps to achieving Specific Operations Risk Assessment

Safety is a key parameter in design which shall be considered since the very beginning of any Unmanned Aerial System (UAS) design development in order to obtain authorisation to fly. Unexpected losses of communication or sudden propulsion failures are only two of the several major concerns to be taken into consideration when designing and operating a UAV, and this is why the vast majority of aviation authorities (e.g. EASA, FAA) are building a framework in which drones can operate safely. EASA, for instance, has been working on two regulations: EU Regulation 2019/945 on “Unmanned Aircraft Systems and on third-country operators of Unmanned Aircraft Systems”, and EU Regulation 2019/947 on the “Rules and procedures for the operation of unmanned aircraft”, which specifies the methodology for drone Specific Operation Risk Assessment. ​

The applicability date of the EU regulation 2019/947 is 31 December 2020, although it will take into consideration a transition period in certain circumstances for those drones operating in the ‘open’ category. Nonetheless, from 2021 all operations in the ‘specific’ category may only be conducted after authorisation has been given by the National Aviation Authority. From January 2022, all national authorisations and certificates will be converted to the new EU system, and in January 2023, all operations in the ‘open’ category and all drone operators will have to be compliant with both EU Regulation 2019/945 and EU Regulation 2019/947. Those drones operating in the ‘specific’ category are, therefore, the ones which face the most urgent needs in order to show compliance with European regulations, as they will probably have to perform a Specific Operations Risk Assessment to receive authorisation to fly.

According to the EU Regulation 2019/947, operations in the ‘specific’ category may be conducted after authoristation has been given by the National Aviation Authority (e.g. AESA in Spain, DGCA in France, and FOCA in Switzerland). In order to gain this authorisation, the UAS operator shall conduct an operational risk assessment to prove that all phases of flight are safe, a process known as SORA. However, there are few occasions in which is not necessary to perform a full risk assessment. This option is available if any of the below-listed conditions are met:

• If the UAS operation has a lower intrinsic risk, a declaration may be submitted when the operation comply with the standard scenarios (STSs) defined by the National Aviation Authority (NAA). Spain, for instance, defines only 2 STSs according to the DOUE-L-2020-80743, which are:
  • STS-01: VLOS operating below 120 metres over controlled ground area in a populated environment and with a class CE C5 UAS.
  • STS-02: BVLOS with visual observers, operating below 120 metres, at a distance of no more thank 2 kms, over a controlled ground area in a sparsely populated environment and with a class CE C6 UAS.
• If there is a predefined risk assessment (PDRA) provided by EASA which already contains the mitigations and provisions required to obtain authorisation.
• If the UAS operator holds a Light UAS operator Certificate (LUC)

The Specific Operations Risk Assessment (SORA) is a 10-steps process aiming to evaluate the risks and determine the acceptability of a UAS operation in the ‘specific’ category.

The SORA process starts with the ‘ConOps description‘ phase, where relevant operational and technical information is provided to characterise the scenario in which the UAS will fly. Right after that, the operational scenario is properly defined, thus allowing identification of the Ground Risk Class (GRC) and the Air Risk Class (ARC). On the one side, the Ground Risk Class, which can range from 1 (lowest risk) to 10 (highest risk) depends essentially on three factors:

• Dimensions of the UAS
• Operation carried out in VLOS or BVLOS
• Operation conducted over a controlled ground area, over sparsely populated areas, or in populated areas.

On the other side, the Air Risk Class represents the rate at which the UAS would encounter a manned aircraft in typical generalized civil airspace, and it can range from ARC-a (lowest risk) to ARC-d (highest risk).

Strategic and tactical mitigations might be applied to reduce both GRC and ARC, as the combination of both risk classes will determine the Specific Assurance and Integrity Level (SAIL), representing the level of confidence that the UAS operation will remain under control. As shown below the GRC shall be no more than 7 in order to conduct and operation in the specific category, otherwise the operation would enter in the ‘certified’ category.

In the next step, a series of Operational Safety Objectives (OSOs) to be complied with are listed. Each OSO demands a particular degree of robustness which depends strictly on the SAIL level. An example of an OSO is, for instance, that a “UAS is designed considering system safety and reliability”, for which at least, a Functional Hazard Assessment (FHA) shall be conducted only to show a low level of assurance. Higher levels of assurance could include additional safety analyses such as complete System Safety Assessments (SSA) or systems to monitor reliability of the UAV such as the Failure Reporting, Analysis, and Corrective Action System (FRACAS). In the final stages of the SORA, the risk of infringing adjacent areas on the ground or adjacent airspace is addressed, and all the documentation is compiled in a Comprehensive Safety Portfolio, which is delivered to the competent authority.

Once the Specific Operations Risk Assessment is completed, the National Aviation Authority will grant an operational authorisation if they conclude that:

• The operational safety objectives take account of the risks of the operation.
• The mitigation measures, the competence of the personnel involved and operation, and the technical features of the UAV are adequate and sufficiently robust to keep the operation safe.
• The UAS operator has provided a statement confirming that the intended operation complies with any applicable Union and national rules relating to it, in particular, with regard to privacy, data protection, liability, insurance, security and environmental protection.