Airspace Management and UTM Systems Archives - Blakistons

How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft—and what the defence carve?outs really mean

admin.richard — Thu, 06 Nov 2025 18:28:20 +0000

By Richard Ryan, barrister and drone lawyer

How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft — and what the defence carve-outs really mean.

In Brief…

Purely military AI systems are out of scope of the EU AI Act. If an AI system is developed or used exclusively for military/defence or national-security purposes, the Act does not apply. (EUR-Lex)
Dual-use is different. If the same autonomy stack, sensors or models are marketed or used for civilian purposes in the EU (for example, civil UAS, border or law-enforcement tasks), the Act can apply — with stringent duties for “high-risk” systems. (EUR-Lex)
Real-world testing is regulated. Pre-market R&D is generally excluded, but real-world testing isn’t — it requires specific safeguards and registration. (EUR-Lex)
Foundation models (GPAI) have their own rules from 2 Aug 2025; the defence carve-out in the Act is written for AI systems, not explicitly for models. If a model is placed on the EU market generally, the provider’s GPAI obligations can still bite. (EUR-Lex)

Context: sUAS News reports that GA-ASI is showcasing its autonomous fighter portfolio (for example, YFQ-42A CCA, MQ-20 Avenger) at the International Fighter Conference in Rome, 4–6 Nov 2025. This post overlays that scenario with the EU AI Act’s rules.

1) First principles: When does the EU AI Act apply?

The Act has extraterritorial reach. It covers (i) providers and deployers in the EU, (ii) providers placing on the EU market or putting systems into service in the EU — even if they are not established here — and (iii) providers/deployers in third countries where the AI system’s output is used in the EU. (EUR-Lex)

However, Article 2(3) draws a bright line: the Act does not apply to AI systems used exclusively for military, defence or national security. It also does not apply where a system is not placed on the EU market but its output is used in the EU exclusively for those purposes. Recital 24 reiterates this and clarifies that non-defence use falls back under the Act. (EUR-Lex)

What this means in Rome:

A closed, defence-only showcase for European militaries: out of scope.
A civil-use pitch, civil flight trials, or plans to sell autonomy modules to EU civilian buyers: in scope (see the high-risk section below). (EUR-Lex)

2) The key defence carve-outs (and their limits)

Carve-out #1 — Defence/military:

“This Regulation shall not apply to AI systems … used exclusively for military, defence or national security purposes.” (Article 2(3))

Two important nuances:

Exclusivity matters. The moment an autonomy stack or sensor suite is also marketed or used for civilian or law-enforcement tasks, the defence exclusion no longer shields those non-defence uses. (EUR-Lex)
Models vs systems. The text explicitly excludes AI systems for defence; it does not create an explicit defence exclusion for general-purpose AI models. If a GPAI model is placed on the EU market, Chapter V obligations for model providers can still apply — even if one downstream customer is a defence user. (More on GPAI below.) (EUR-Lex)

Carve-out #2 — Pre-market R&D:
R&D before placing on the market is generally outside scope, but real-world testing is not. Testing in real-world conditions triggers a dedicated regime (for example, registration, time limits, informed consent or special conditions for law enforcement, incident reporting). (EUR-Lex)

Carve-out #3 — Emergency derogations (non-defence):
For exceptional public-security reasons (or imminent threats to life/health), market surveillance authorities can authorise temporary use of a high-risk AI system before full conformity assessment — subject to strict conditions. Law-enforcement or civil-protection bodies can also use in urgent cases, then seek authorisation without undue delay. This is not a defence-specific carve-out, but it explains emergency deployments outside the military context. (EUR-Lex)

3) If the defence exclusion doesn’t apply, would autonomous fighters tech be “high-risk”?

Very likely yes — for civil variants or dual-use spin-outs:

Annex I (product-safety route). AI that is a safety component of products covered by sectoral EU safety laws is high-risk where those products need third-party conformity assessment. That list explicitly includes EU civil aviation law (Reg. 2018/1139) — covering unmanned aircraft and their remotely controllable equipment. In a civil-UAS configuration, an autonomy stack acting as a safety component would be regulated as high-risk. (EUR-Lex)
Annex III (stand-alone uses). Separate “high-risk” buckets also capture, for example, remote biometric identification and other sensitive functions (if and where permitted by Union/national law), critical infrastructure safety components, and more. If a fighter-born sensing suite were repurposed for civil border surveillance or public-space identification, you quickly hit these Annex III categories. (EUR-Lex)

What “high-risk” demands in practice
Providers must implement a risk-management system, data governance, technical documentation, logging, transparency/instructions, human oversight, and accuracy/robustness/cybersecurity — then pass conformity assessment, issue an EU Declaration of Conformity, and affix CE marking. Deployers also carry duties (for example, monitoring, data relevance, user notification in some cases). (EUR-Lex)

4) Sensors on show: what about face recognition and other “red lines”?

The EU bans several AI practices outright (from 2 Feb 2025), including:

Untargeted scraping of facial images to build recognition databases.
Biometric categorisation inferring sensitive traits (for example, race, political opinions, religion).
Emotion recognition in workplaces or schools (with narrow safety/medical exceptions).
Predictive “risk assessments” of criminality based solely on personality traits/profiling.
Real-time remote biometric identification (RBI) in public spaces for law enforcement — unless strictly authorised and necessary for narrowly defined objectives (for example, locating a specific suspect in serious crimes, preventing a specific imminent threat, finding missing persons), with prior judicial/independent approval and registration. (EUR-Lex)

Implication for a trade-show demo: training a camera on attendees to test real-time RBI in a public venue would likely be unlawful unless those strict law-enforcement exceptions and procedural safeguards apply — which they typically will not at a commercial defence conference. (EUR-Lex)

5) Real-world testing in the EU (civil or dual-use variants)

If a provider runs real-world flight tests in the EU (outside the defence exclusion), the Act requires — among other things — registration, an EU-established entity or EU legal representative, limits on duration (normally up to six months, extendable once), rules on informed consent (with special handling for law-enforcement tests), qualified oversight, and the ability to reverse/ignore the system’s outputs. Serious incidents must be reported promptly. (EUR-Lex)

6) Foundation models (GPAI): obligations can still attach

From 2 Aug 2025, Chapter V sets baseline transparency and copyright-policy duties for providers of general-purpose AI models (with extra obligations if the model presents systemic risks). The defence exclusion in Article 2(3) is framed for AI systems, not models. So, if a foundation model is placed on the EU market, the model provider can have obligations even if a downstream customer is a defence prime. (Open-source specifics and systemic-risk thresholds also apply.) (EUR-Lex)

7) Timelines you need in Rome (as of 6 Nov 2025)

Entry into force: 1 Aug 2024 (20 days after OJ publication).
Prohibited practices + core chapters (I–II): apply from 2 Feb 2025.
GPAI rules (Chapter V), plus other chapters (III §4, VII, XII, and Article 78): apply from 2 Aug 2025.
General application: 2 Aug 2026 (high-risk regime starts to bite broadly).
Article 6(1) Annex III classification trigger & related obligations: 2 Aug 2027. (EUR-Lex)

8) Enforcement and penalties

Violating prohibited practices (Article 5) can draw fines up to €35m or 7% of worldwide annual turnover, whichever is higher.
Other operator obligations can reach €15m or 3%; supplying misleading information can reach €7.5m or 1% (SMEs benefit from caps). Separate fine scales apply to EU institutions. (EUR-Lex)

9) Practical playbook for IFC attendees

If you are a defence OEM showing autonomy stacks:

Map uses: Defence-only (excluded) vs any civil or law-enforcement pathways (potentially in scope). Document the exclusivity of defence deployments if you rely on the carve-out. (EUR-Lex)
GPAI suppliers: If you place a foundation model on the EU market, expect Chapter V duties regardless of defence customers. (EUR-Lex)
No RBI demos on the show floor. Those prohibitions already apply in 2025. (EUR-Lex)
Planning EU flight tests for civil variants? Prepare for real-world testing conditions (registration, oversight, incident reporting). (EUR-Lex)
For civil UAS commercialisation, treat your autonomy as high-risk (EASA product-safety route), budget time for conformity assessment and CE marking. (EUR-Lex)

If you are a European ministry or agency:

Distinguish military operations (out of scope) from law-enforcement or border uses (in scope; watch RBI limits and high-risk duties). Consider Article 46 emergency derogations only in exceptional and documented cases. (EUR-Lex)

If you are a civil UAS integrator:

Expect the full high-risk package (risk management, data governance, human oversight, cybersecurity, logs, conformity assessment, CE). Build compliance into your system architecture, ML pipelines, safety cases, and ops manuals from day one. (EUR-Lex)

10) Quick decision pathway

Is the use exclusively defence or national security?
Yes: AI system is out of scope.
No: continue. (EUR-Lex)
Is it a civil product or law-enforcement/border use?
Civil product with safety function (for example, civil UAS): High-risk via Annex I ? conformity assessment + CE. (EUR-Lex)
Stand-alone sensitive use (for example, RBI, critical infrastructure): Annex III high-risk or Article 5 prohibition applies. (EUR-Lex)
Is there a GPAI model being placed on the EU market?
Yes: Chapter V duties for model providers from 2 Aug 2025, separate from the defence carve-out for systems. (EUR-Lex)
Is this pre-market testing?
Real-world testing rules apply (registration, oversight, incident reporting). (EUR-Lex)

Bottom line for “Autonomous Fighters in Rome”

A military-only display of GA-ASI’s autonomous fighters is outside the AI Act.
Any civil spin-off (cargo drones, civil surveillance, airport ops) or law-enforcement application in the EU will trigger the Act — often at the high-risk level — together with tight prohibitions around biometric uses in public spaces. Plan your compliance architecture accordingly. (EUR-Lex)

This article is informational and not legal advice. Citations are to the Official Journal text of the Artificial Intelligence Act (Regulation (EU) 2024/1689) for scope (Art. 2), prohibitions (Art. 5), high-risk regime (Ch. III), real-world testing (Arts. 57–61), GPAI (Ch. V incl. Art. 53), timelines (Art. 113), and penalties (Art. 99–101).

About the author — Richard Ryan

Richard Ryan is a UK barrister (Direct Access), mediator and Chartered Arbitrator (FCIArb), and a Bencher of Gray’s Inn. He practises across defence, aerospace, construction, engineering and commodities, with a leading specialism in drone and counter-drone law, unmanned aviation regulation, and AI-enabled safety and compliance. Richard advises government, primes and operators on EU/UK UAS frameworks, BVLOS, U-space/UTM and the EU AI Act. He leads Blakiston’s Chambers and contributes regularly to industry guidance and policy consultations.

The post How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft—and what the defence carve?outs really mean appeared first on Blakistons.

When “Just a Minute” Becomes BVLOS: Legal Lessons for Drone Operators from CHIRP’s September 2025 Reports

admin.richard — Mon, 27 Oct 2025 19:14:43 +0000

By Richard Ryan, Barrister & Drone Lawyer – practical takeaways, not legal advice for your specific situation.

Why this matters

CHIRP’s Drone/UAS FEEDBACK Edition 14 (September 2025) curates incidents that look ordinary until you view them through a law-and-liability lens:
three model-flying events that drifted into unintentional BVLOS, a Mini 2 injury at a carnival, a controller or app freeze mid-mission,
a fatigue-tinged flight that autolanded at 20 percent battery into a tree, and an RTH climb toward powerlines. Each contains avoidable legal exposure
that you can mitigate with better planning, clear roles, and a few settings changes.

The incidents, in plain English – and what the law expects

1) Unintentional BVLOS x3 (BMFA community)

What happened: One EDF jet lost power from a poor solder joint after a user modification; two other flights went BVLOS when sea fog or thermal lift arrived faster than forecast.
Legal frame (UK): The Drone and Model Aircraft Code requires direct VLOS and the ability to determine orientation at all times. If you cannot do that, the flight is non-compliant.
Practical fix: Treat post-purchase alterations as airworthiness-significant and inspect them before each flight. Use BMFA’s SWEETS pre-flight. Adopt a simple “radial scan” habit: eyes out (aircraft and airspace) then quick glance down (controller or map) then eyes out again.

2) Nottingham Carnival injury (Mini 2)

What happened: A minor pressed “land” while the supervising adult was distracted; the drone struck another child who was sitting on someone’s shoulders. Police confiscated the aircraft. No Operator ID was displayed and it was flown over a crowd.
Legal frame (UK): Never fly over crowds or assemblies of people. Label the aircraft with a visible Operator ID. Where injury occurs, expect scrutiny under general endangerment provisions.
Practical fix: Establish a safe TOLA (take-off and landing area) away from the crowd. Use aviation-style handover phraseology: “You have control” / “I have control”. Keep controller audio alerts audible. Supervision of minors must be active and informed by the Code.

3) “My app froze” (Mavic 4 Pro + RC2; 87-waypoint mission)

What happened: Switching to Map View mid-mission froze the Fly app. The pilot used the hardware RTH button to recover the aircraft. Possible overload from running a large waypoint mission while screen-recording.
Legal frame: You remain responsible for safe operation even when the UI hiccups. The defensible question is whether your procedures anticipated foreseeable failures, such as hardware RTH muscle memory, function checks, and reboot-on-the-ground policies.
Practical fix: For long waypoint jobs, test the profile without screen-recording first. Pre-brief the hardware RTH action. Use a visual observer if you will be heads-down.

4) Fatigue and stress (power-line inspection)

What happened: The pilot became disoriented, lost VLOS about 1,700 ft from home, hit 20 percent battery, and, unaware that “land at 20 percent” was set, descended into a tree despite pressing RTH.
Practical fix: Know and brief your low-battery action (RTH vs auto-land vs hover) in the Operations Manual. Use two-crew where terrain or workload increases disorientation risk. Remember UK requirements to maintain VLOS and orientation at all times.

5) RTH vs powerlines (mapping mission)

What happened: An automated flight went off-nominal. On RTH, the aircraft likely contacted an obstacle while climbing. CHIRP notes the perception trap of judging wire clearance at range and reminds that wires sag mid-span.
Practical fix: Set RTH altitude locally before each flight, above towers, tree lines, cranes, and powerlines. Do not rely on obstacle avoidance to detect thin wires. Pre-flight, measure line heights relative to the home point and add margin for sag and wind.

Five legal pillars these cases keep hitting

VLOS is non-negotiable. Keep the aircraft in direct sight and be able to tell its orientation, with a full view of surrounding airspace.
Crowds are out of bounds. “Assemblies of people” are defined by the inability to disperse quickly, not by a headcount.
Operator ID labelling is strict. Visible, legible, on the airframe. Sub-250 g camera drones typically still require an Operator ID.
Endangerment provisions are broad. If someone is endangered or injured, regulators may consider reckless or negligent operation.
Automation is not absolution. You own the outcomes of RTH, low-battery actions, waypointing, and controller limits.

Turn the lessons into a defensible playbook

A. Pre-flight and design for failure

Modified anything? Treat user soldering, adapters, and third-party leads as risk-relevant. Inspect that joint every flight until replaced with a proven assembly. Log the check.
Weather is slippery. Do not rely on one app. Triangulate forecasts. Identify abort gates if visibility closes in (fog, showers, glare). Use SWEETS at the field.
Controller workload. For heavy waypoint missions, disable screen-recording unless proven stable. Rehearse hardware RTH and app-independent control.

B. RTH and battery settings you can defend

Set RTH altitude locally, every time. Clear known obstacles and powerlines. Consider Advanced RTH where available.
Know low-battery behavior. Document thresholds in the Operations Manual, brief them to the crew, and confirm on the controller before take-off.

C. People, roles, and sterile cockpit

Observer next to you for heads-down tasks, with real-time verbal coordination.
Minors at the sticks? Only with active oversight, formal handovers, and never within or over a crowd.
Events and assemblies. Create buffer zones and safe TOLA sites. If a client insists on crowd-proximate shots, the safest and most defensible answer is often no without appropriate authorization and controls.

D. Evidence and reporting (preserve the facts)

After any occurrence, preserve flight logs, app caches, screen recordings, controller settings, and note battery and RTH configuration.
Consider confidential safety reporting to CHIRP in the UK (and NASA ASRS in the U.S.) to help the community learn without blame.

Bottom line

The risk here is ordinary: a conversation at the wrong moment, fog rolling in, a buried setting, an RTH altitude that did not clear wires,
or a controller pushed too hard. The Code’s core duties – VLOS, no crowds, proper ID labelling,
know your automation, and keep records – are your best legal shield when something goes wrong.

BMFA SWEETS: a quick pre-flight check

S — Sun: position now and later; glare; keep VLOS; avoid flying through the sun.
W — Wind: direction/strength/turbulence; safe areas for forced or dead-stick landings.
E — Environment: visibility (rain, mist, fog, fading light), people nearby, RF risks, space to fly a full circuit.
E — Emergencies: plan what you will do if there is a malfunction or airspace incursion; confirm failsafes.
T — Transmitter control: local Tx control and frequencies; correct model; trims/rates; Tx power/voltage.
S — Site rules: club rules, local byelaws, no-fly zones, height and airspace limits.

Note: some older guides use “Eventualities” for the first E. Meaning is the same: think ahead about what could happen and how you will handle it.

This article is general information, not legal advice. If an incident has occurred, speak to counsel at Blakiston’s Chambers before making statements to third parties and preserve all electronic evidence immediately.

Credit and resources

Based on incidents and analysis in CHIRP Drone/UAS FEEDBACK Edition 14 (September 2025).
BMFA pre-flight mnemonic SWEETS: handbook.bmfa.uk/13-general-model-safety
UK Drone and Model Aircraft Code: register-drones.caa.co.uk
Report a safety concern to CHIRP (confidential): chirp.co.uk/aviation/submit-a-report

The post When “Just a Minute” Becomes BVLOS: Legal Lessons for Drone Operators from CHIRP’s September 2025 Reports appeared first on Blakistons.

Navigating the Legal Skies: Overcoming Challenges in Drone Deliveries

admin.richard — Wed, 13 Nov 2024 15:07:47 +0000

Navigating the Legal Skies: Overcoming Challenges in Drone Deliveries

By Richard Ryan, Commercial Drone Lawyer

________________________________________
The drone delivery industry is on the cusp of revolutionising retail and logistics. According to PwC’s report, “Drone Deliveries: Taking Retail and Logistics to New Heights,” we can expect around 5 million business-to-consumer (B2C) drone deliveries worldwide in 2024. This number is projected to soar to 808 million deliveries, valued at $65 billion, by 2034. Major players like Walmart, Amazon, and DHL are already investing heavily in this transformative technology.
While the report provides a comprehensive market analysis and technological overview, it touches only briefly on the legal and regulatory hurdles that businesses must overcome. As a commercial drone lawyer with over two decades of experience, I believe it’s crucial to delve deeper into these legal intricacies to fully harness the potential of drone deliveries.
________________________________________
Bridging the Regulatory Gaps
Identified Gap: The report acknowledges regulatory challenges but lacks a detailed examination of existing frameworks across key markets like the UK, EU, and others.

Recommendation: Businesses should conduct a comparative analysis of international drone regulations. Understanding differences in areas such as Beyond Visual Line of Sight (BVLOS) operations, airspace classifications, and certification requirements is essential. In the UK, for instance, the Civil Aviation Authority (CAA) sets stringent rules that operators must navigate carefully.

Data Protection and Privacy Concerns
Identified Gap: There’s minimal discussion on how drone operations intersect with data protection laws, such as the UK General Data Protection Regulation (GDPR).

Recommendation: Companies must establish protocols to ensure compliance with data protection regulations. This includes securing any data collected during drone operations and being transparent about data usage with consumers. Privacy impact assessments can help identify and mitigate potential risks.

Liability and Insurance Complexities
Identified Gap: The report briefly mentions insurance and liability but doesn’t delve into the allocation of liability in incidents like accidents or data breaches.

Recommendation: It’s vital to understand the legal liabilities for all parties involved—operators, manufacturers, and service providers. Comprehensive insurance coverage is necessary to mitigate risks. Contracts should clearly outline liability clauses to protect the business in case of unforeseen events.

Intellectual Property Rights Protection
Identified Gap: The importance of securing intellectual property (IP) rights for drone technology and software isn’t discussed.

Recommendation: Protecting technological innovations through patents and trademarks is crucial. This not only safeguards the company’s assets but also provides a competitive edge in a rapidly evolving industry.
________________________________________
Legal Issues Requiring Further Explanation

Airspace Usage Rights
Issue: The legalities of low-altitude airspace usage are complex and not fully addressed in the report.
Explanation: In the UK, while airspace up to 500 feet is generally public, property owners have certain rights that could affect drone flights over their land. Clarifying these rights is essential to prevent legal disputes and ensure smooth operations.

Compliance with Aviation Laws
Issue: The process for complying with aviation laws, including obtaining necessary permissions from the CAA, needs more clarity.
Explanation: Detailed guidance on securing operational authorisations, especially for BVLOS flights, is crucial. Understanding the regulatory landscape helps in planning and reduces the risk of non-compliance.

Environmental Regulations
Issue: The report touches on environmental concerns like noise pollution and wildlife impact but doesn’t explore legal obligations in depth.
Explanation: Companies must conduct environmental impact assessments and comply with regulations to mitigate legal risks and foster community acceptance.
________________________________________
Legal Requirements to Overcome Industry Challenges

Standardisation of Regulations
Assistance: Advocate for harmonising drone regulations across different jurisdictions.
Benefit: This will simplify compliance for companies operating internationally and encourage industry growth.

Development of Unmanned Traffic Management (UTM) Systems
Assistance: Support the creation of UTM systems to safely integrate drones into national airspace.
Benefit: Enhanced safety measures can lead to regulatory bodies relaxing certain restrictions, facilitating smoother operations.

Public Engagement and Education
Assistance: Implement programmes to educate the public about drone operations, addressing safety and privacy concerns.
Benefit: Improved public perception can lead to a more favourable regulatory environment and increased consumer acceptance.
________________________________________
Recommendations for Businesses

1. Develop a Comprehensive Legal Compliance Strategy
Craft a detailed framework that addresses all legal aspects of drone operations, including airspace rights, data protection, liability, and environmental compliance.

2. Engage with Regulatory Bodies
Proactively collaborate with the CAA and other authorities to stay updated on regulatory changes and contribute to the development of favourable policies.

3. Invest in Risk Management and Insurance
Implement robust risk management strategies and secure comprehensive insurance to mitigate potential liabilities.

4. Protect Intellectual Property
Secure patents and trademarks for technological innovations to maintain a competitive advantage and prevent infringement issues.

5. Conduct Environmental Impact Assessments
Ensure all operations comply with environmental laws by conducting thorough assessments and implementing necessary mitigation strategies.
________________________________________
Conclusion
The potential of drone deliveries in transforming retail and logistics is immense. However, to fully capitalise on this opportunity, businesses must address the legal and regulatory challenges head-on. By proactively managing these aspects, companies can not only ensure compliance but also enhance operational efficiency and public acceptance.
________________________________________
About the Author
Richard Ryan is a seasoned commercial drone lawyer (direct access barrister) with many years of experience in advising on UAV operations, regulatory compliance, and aviation law. With a deep understanding of the legal intricacies of drone technology, Richard Ryan assists businesses in navigating the complex regulatory landscape to achieve successful drone integration.

The post Navigating the Legal Skies: Overcoming Challenges in Drone Deliveries appeared first on Blakistons.