Defence Archives - Blakistons

How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft—and what the defence carve?outs really mean

admin.richard — Thu, 06 Nov 2025 18:28:20 +0000

By Richard Ryan, barrister and drone lawyer

How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft — and what the defence carve-outs really mean.

In Brief…

Purely military AI systems are out of scope of the EU AI Act. If an AI system is developed or used exclusively for military/defence or national-security purposes, the Act does not apply. (EUR-Lex)
Dual-use is different. If the same autonomy stack, sensors or models are marketed or used for civilian purposes in the EU (for example, civil UAS, border or law-enforcement tasks), the Act can apply — with stringent duties for “high-risk” systems. (EUR-Lex)
Real-world testing is regulated. Pre-market R&D is generally excluded, but real-world testing isn’t — it requires specific safeguards and registration. (EUR-Lex)
Foundation models (GPAI) have their own rules from 2 Aug 2025; the defence carve-out in the Act is written for AI systems, not explicitly for models. If a model is placed on the EU market generally, the provider’s GPAI obligations can still bite. (EUR-Lex)

Context: sUAS News reports that GA-ASI is showcasing its autonomous fighter portfolio (for example, YFQ-42A CCA, MQ-20 Avenger) at the International Fighter Conference in Rome, 4–6 Nov 2025. This post overlays that scenario with the EU AI Act’s rules.

1) First principles: When does the EU AI Act apply?

The Act has extraterritorial reach. It covers (i) providers and deployers in the EU, (ii) providers placing on the EU market or putting systems into service in the EU — even if they are not established here — and (iii) providers/deployers in third countries where the AI system’s output is used in the EU. (EUR-Lex)

However, Article 2(3) draws a bright line: the Act does not apply to AI systems used exclusively for military, defence or national security. It also does not apply where a system is not placed on the EU market but its output is used in the EU exclusively for those purposes. Recital 24 reiterates this and clarifies that non-defence use falls back under the Act. (EUR-Lex)

What this means in Rome:

A closed, defence-only showcase for European militaries: out of scope.
A civil-use pitch, civil flight trials, or plans to sell autonomy modules to EU civilian buyers: in scope (see the high-risk section below). (EUR-Lex)

2) The key defence carve-outs (and their limits)

Carve-out #1 — Defence/military:

“This Regulation shall not apply to AI systems … used exclusively for military, defence or national security purposes.” (Article 2(3))

Two important nuances:

Exclusivity matters. The moment an autonomy stack or sensor suite is also marketed or used for civilian or law-enforcement tasks, the defence exclusion no longer shields those non-defence uses. (EUR-Lex)
Models vs systems. The text explicitly excludes AI systems for defence; it does not create an explicit defence exclusion for general-purpose AI models. If a GPAI model is placed on the EU market, Chapter V obligations for model providers can still apply — even if one downstream customer is a defence user. (More on GPAI below.) (EUR-Lex)

Carve-out #2 — Pre-market R&D:
R&D before placing on the market is generally outside scope, but real-world testing is not. Testing in real-world conditions triggers a dedicated regime (for example, registration, time limits, informed consent or special conditions for law enforcement, incident reporting). (EUR-Lex)

Carve-out #3 — Emergency derogations (non-defence):
For exceptional public-security reasons (or imminent threats to life/health), market surveillance authorities can authorise temporary use of a high-risk AI system before full conformity assessment — subject to strict conditions. Law-enforcement or civil-protection bodies can also use in urgent cases, then seek authorisation without undue delay. This is not a defence-specific carve-out, but it explains emergency deployments outside the military context. (EUR-Lex)

3) If the defence exclusion doesn’t apply, would autonomous fighters tech be “high-risk”?

Very likely yes — for civil variants or dual-use spin-outs:

Annex I (product-safety route). AI that is a safety component of products covered by sectoral EU safety laws is high-risk where those products need third-party conformity assessment. That list explicitly includes EU civil aviation law (Reg. 2018/1139) — covering unmanned aircraft and their remotely controllable equipment. In a civil-UAS configuration, an autonomy stack acting as a safety component would be regulated as high-risk. (EUR-Lex)
Annex III (stand-alone uses). Separate “high-risk” buckets also capture, for example, remote biometric identification and other sensitive functions (if and where permitted by Union/national law), critical infrastructure safety components, and more. If a fighter-born sensing suite were repurposed for civil border surveillance or public-space identification, you quickly hit these Annex III categories. (EUR-Lex)

What “high-risk” demands in practice
Providers must implement a risk-management system, data governance, technical documentation, logging, transparency/instructions, human oversight, and accuracy/robustness/cybersecurity — then pass conformity assessment, issue an EU Declaration of Conformity, and affix CE marking. Deployers also carry duties (for example, monitoring, data relevance, user notification in some cases). (EUR-Lex)

4) Sensors on show: what about face recognition and other “red lines”?

The EU bans several AI practices outright (from 2 Feb 2025), including:

Untargeted scraping of facial images to build recognition databases.
Biometric categorisation inferring sensitive traits (for example, race, political opinions, religion).
Emotion recognition in workplaces or schools (with narrow safety/medical exceptions).
Predictive “risk assessments” of criminality based solely on personality traits/profiling.
Real-time remote biometric identification (RBI) in public spaces for law enforcement — unless strictly authorised and necessary for narrowly defined objectives (for example, locating a specific suspect in serious crimes, preventing a specific imminent threat, finding missing persons), with prior judicial/independent approval and registration. (EUR-Lex)

Implication for a trade-show demo: training a camera on attendees to test real-time RBI in a public venue would likely be unlawful unless those strict law-enforcement exceptions and procedural safeguards apply — which they typically will not at a commercial defence conference. (EUR-Lex)

5) Real-world testing in the EU (civil or dual-use variants)

If a provider runs real-world flight tests in the EU (outside the defence exclusion), the Act requires — among other things — registration, an EU-established entity or EU legal representative, limits on duration (normally up to six months, extendable once), rules on informed consent (with special handling for law-enforcement tests), qualified oversight, and the ability to reverse/ignore the system’s outputs. Serious incidents must be reported promptly. (EUR-Lex)

6) Foundation models (GPAI): obligations can still attach

From 2 Aug 2025, Chapter V sets baseline transparency and copyright-policy duties for providers of general-purpose AI models (with extra obligations if the model presents systemic risks). The defence exclusion in Article 2(3) is framed for AI systems, not models. So, if a foundation model is placed on the EU market, the model provider can have obligations even if a downstream customer is a defence prime. (Open-source specifics and systemic-risk thresholds also apply.) (EUR-Lex)

7) Timelines you need in Rome (as of 6 Nov 2025)

Entry into force: 1 Aug 2024 (20 days after OJ publication).
Prohibited practices + core chapters (I–II): apply from 2 Feb 2025.
GPAI rules (Chapter V), plus other chapters (III §4, VII, XII, and Article 78): apply from 2 Aug 2025.
General application: 2 Aug 2026 (high-risk regime starts to bite broadly).
Article 6(1) Annex III classification trigger & related obligations: 2 Aug 2027. (EUR-Lex)

8) Enforcement and penalties

Violating prohibited practices (Article 5) can draw fines up to €35m or 7% of worldwide annual turnover, whichever is higher.
Other operator obligations can reach €15m or 3%; supplying misleading information can reach €7.5m or 1% (SMEs benefit from caps). Separate fine scales apply to EU institutions. (EUR-Lex)

9) Practical playbook for IFC attendees

If you are a defence OEM showing autonomy stacks:

Map uses: Defence-only (excluded) vs any civil or law-enforcement pathways (potentially in scope). Document the exclusivity of defence deployments if you rely on the carve-out. (EUR-Lex)
GPAI suppliers: If you place a foundation model on the EU market, expect Chapter V duties regardless of defence customers. (EUR-Lex)
No RBI demos on the show floor. Those prohibitions already apply in 2025. (EUR-Lex)
Planning EU flight tests for civil variants? Prepare for real-world testing conditions (registration, oversight, incident reporting). (EUR-Lex)
For civil UAS commercialisation, treat your autonomy as high-risk (EASA product-safety route), budget time for conformity assessment and CE marking. (EUR-Lex)

If you are a European ministry or agency:

Distinguish military operations (out of scope) from law-enforcement or border uses (in scope; watch RBI limits and high-risk duties). Consider Article 46 emergency derogations only in exceptional and documented cases. (EUR-Lex)

If you are a civil UAS integrator:

Expect the full high-risk package (risk management, data governance, human oversight, cybersecurity, logs, conformity assessment, CE). Build compliance into your system architecture, ML pipelines, safety cases, and ops manuals from day one. (EUR-Lex)

10) Quick decision pathway

Is the use exclusively defence or national security?
Yes: AI system is out of scope.
No: continue. (EUR-Lex)
Is it a civil product or law-enforcement/border use?
Civil product with safety function (for example, civil UAS): High-risk via Annex I ? conformity assessment + CE. (EUR-Lex)
Stand-alone sensitive use (for example, RBI, critical infrastructure): Annex III high-risk or Article 5 prohibition applies. (EUR-Lex)
Is there a GPAI model being placed on the EU market?
Yes: Chapter V duties for model providers from 2 Aug 2025, separate from the defence carve-out for systems. (EUR-Lex)
Is this pre-market testing?
Real-world testing rules apply (registration, oversight, incident reporting). (EUR-Lex)

Bottom line for “Autonomous Fighters in Rome”

A military-only display of GA-ASI’s autonomous fighters is outside the AI Act.
Any civil spin-off (cargo drones, civil surveillance, airport ops) or law-enforcement application in the EU will trigger the Act — often at the high-risk level — together with tight prohibitions around biometric uses in public spaces. Plan your compliance architecture accordingly. (EUR-Lex)

This article is informational and not legal advice. Citations are to the Official Journal text of the Artificial Intelligence Act (Regulation (EU) 2024/1689) for scope (Art. 2), prohibitions (Art. 5), high-risk regime (Ch. III), real-world testing (Arts. 57–61), GPAI (Ch. V incl. Art. 53), timelines (Art. 113), and penalties (Art. 99–101).

About the author — Richard Ryan

Richard Ryan is a UK barrister (Direct Access), mediator and Chartered Arbitrator (FCIArb), and a Bencher of Gray’s Inn. He practises across defence, aerospace, construction, engineering and commodities, with a leading specialism in drone and counter-drone law, unmanned aviation regulation, and AI-enabled safety and compliance. Richard advises government, primes and operators on EU/UK UAS frameworks, BVLOS, U-space/UTM and the EU AI Act. He leads Blakiston’s Chambers and contributes regularly to industry guidance and policy consultations.

The post How Europe’s new AI rulebook would (and wouldn’t) touch autonomous combat aircraft—and what the defence carve?outs really mean appeared first on Blakistons.

Airprox 2024294 – What Actually Happened at RAF Lakenheath?

admin.richard — Fri, 27 Jun 2025 13:41:37 +0000

Airprox 2024294 – What Actually Happened?

On the night of 22 November 2024 at 21:51 UTC, a National Police Air Service (NPAS) EC135 helicopter operating near RAF Lakenheath reported multiple “drones” manoeuvring around it. In reality, the objects were USAF F15 fighters engaged in authorised night training in Class G airspace (surface–FL150), coordinated by Lakenheath Approach (“Overlord”).

Summary of Key Facts:

Closest Point of Approach (CPA): 1 NM horizontal / 1900 ft vertical separation (recorded).
ATC Services:
- EC135 – Basic Service (no traffic information guaranteed).
- F-15s – Traffic Service (received information about the EC135).
Misidentification Factors:
- EC135’s TCAS did not display the F-15s.
- F-15 lighting did not resemble standard civil aircraft lighting.
- The crew believed the lights were drones due to their apparent behaviour and lack of TCAS confirmation.

The UK Airprox Board (UKAB) concluded that there was no risk of collision (Risk Category E) and attributed the report to misidentification and situational awareness breakdown rather than unsafe flying.

Why This Matters to Drone Operators

1. Misidentification Risk

Even experienced police aircrew using EO/IR cameras mistook military jets for drones. This shows how easily drone operators can be blamed for aerial events they weren’t involved in.

2. Electronic Conspicuity Limitations

The EC135’s TCAS did not detect the F-15s despite them squawking Modes A and C. This highlights the ongoing limitations of EC systems in complex or mixed-use airspace, particularly at night.

3. ATC Service Levels – Know the Difference

Under a Basic Service, ATC is not required to provide traffic information. Drone operators should consider requesting a Traffic Service or Deconfliction Service for BVLOS, urban, or sensitive operations.

Public Perception: A Persistent Challenge

“Drone blame” is the default: Unidentified lights in the sky are often assumed to be drones, fuelling public concern and regulatory overreaction.
Poor understanding of airspace rules: The public often assumes ATC sees and controls everything — which is untrue in Class G.
Coordination gaps: The police helicopter tasking was not pre-notified to the USAF. This shows the need for better operational coordination.

Risk Assessment for UK Drone Operations

Potential Scenarios and Risk Levels:

Misidentification by other aircraft:
- Likelihood: Medium
- Severity: Low to Medium
- Risk Level: Moderate overall, but High reputationally
No traffic info under Basic Service:
- Likelihood: Medium
- Severity: Medium
- Risk Level: Moderate
Public/media backlash from perceived near-miss:
- Likelihood: High
- Severity: High
- Risk Level: High (especially for commercial operators)

Key Mitigations for Drone Operators:

Use dual EC systems (ADS-B OUT and ground-based detect-and-avoid).
Maintain a telemetry and flight log archive for every operation.
Pre-notify military ATC when operating near MOD airspace.
File CANPs, NOTAMs, or Temporary Danger Areas when applicable.
Train pilots to request an upgrade to Traffic Service where required.

Legal and Regulatory Observations

SERA.3205 and ANO Article 239 set the standard for proximity liability. Keep compliance well-documented.
Expect growing pressure for mandatory electronic conspicuity, with incidents like this cited in policy.
If blamed in media or police statements without evidence, drone operators may have grounds for defamation or economic loss claims. Get legal advice promptly.

Final Thoughts

This wasn’t a drone incident — but it could have been perceived as one.

The lesson? Control the narrative by controlling the data.
Record everything. Secure it. Share it when necessary. With the right evidence, drone operators can protect themselves from false blame and help improve UK airspace safety.

About the Author

Richard Ryan is a UK barrister and aviation lawyer specialising in drone regulation, UAS integration, and counter-drone law. A Fellow of the Chartered Institute of Arbitrators, he advises police forces, government bodies, and commercial operators on airspace compliance and emerging UTM frameworks. He is also completing a PhD on airspace integration and unmanned traffic management at Cranfield University.

The post Airprox 2024294 – What Actually Happened at RAF Lakenheath? appeared first on Blakistons.

Thales: Under the Microscope – The Watchkeeper Drone Saga and Corruption Allegations

admin.richard — Sat, 23 Nov 2024 08:52:10 +0000

Thales: Under the Microscope – The Watchkeeper Drone Saga and Corruption Allegations

By Richard Ryan, drone lawyer

Thales, a multinational defence giant, is no stranger to controversy. Recently, reports emerged that the company is under investigation for corruption, raising significant questions about its corporate governance and accountability. At the centre of this scrutiny lies the Watchkeeper drone, a troubled program that epitomizes the challenges and pitfalls of large-scale defence procurement projects.
________________________________________
The Watchkeeper Drone: A Costly and Controversial History

The Watchkeeper drone, based on Israel’s Hermes 450 UAV, was touted as the future of battlefield intelligence, surveillance, and reconnaissance for the British Army. However, the program has been plagued by delays, budget overruns, and performance issues since its inception.
Commissioned in 2005 at an initial cost of £800 million, the project’s total expenditure skyrocketed to over £1.2 billion, as reported by the UK’s National Audit Office. Despite the hefty price tag, Watchkeeper has often failed to meet operational expectations. By 2018, the system had yet to achieve full operational capability, more than a decade after its original delivery date of 2010.
One critical issue was its inability to secure full certification to fly in UK airspace due to safety concerns, significantly limiting its utility. Moreover, operational mishaps, including multiple crashes during training exercises, further tarnished its reputation. The Guardian reported that in one incident, a Watchkeeper drone crashed on a Welsh golf course, prompting concerns over the program’s safety protocols.
________________________________________
The Corruption Investigation: What We Know

Reports of Thales being under investigation for corruption add a new dimension to the Watchkeeper saga. Although details of the investigation are still emerging, sources such as The Times indicate that it may involve bribery and misappropriation of funds linked to defence contracts, potentially implicating both current and former executives.
Under UK law, corruption investigations can have severe consequences for a company, including:
1. Legal Penalties: Companies found guilty under the Bribery Act 2010 face unlimited fines, while individuals could face up to 10 years’ imprisonment.
2. Contractual Fallout: Being under investigation could jeopardize Thales’ eligibility for future defence contracts, both domestically and internationally, particularly in markets with strict compliance requirements like the United States.
3. Reputational Damage: A corruption investigation inevitably erodes public and governmental trust, potentially affecting shareholder confidence and market performance.
________________________________________
Legal Implications for Thales

Thales faces significant legal and commercial challenges if the corruption allegations are substantiated. Under the Bribery Act, the company could be held liable for failing to prevent bribery, unless it demonstrates that it had “adequate procedures” in place to prevent such misconduct.
Further, Thales may also be subject to debarment from public contracts under EU and UK procurement rules, which could lead to billions in lost revenue. This is particularly critical given that defence contracts form the backbone of Thales’ business.
________________________________________
Wider Issues in Defense Procurement

The Watchkeeper program and the ongoing investigation highlight broader systemic issues in defence procurement, including:
• Lack of Oversight: Complex projects like Watchkeeper often lack stringent oversight, leading to inflated budgets and delays.
• Technology Challenges: Over-reliance on unproven or adapted technologies frequently results in performance shortfalls.
• Ethical Concerns: Allegations of corruption in defence contracts underscore the need for greater transparency and compliance measures within the industry.
The UK Ministry of Defence (MoD) has faced criticism for failing to hold contractors accountable, even as taxpayers shoulder the financial burden of projects like Watchkeeper.
________________________________________
Conclusion: Lessons from the Watchkeeper Saga

The Thales investigation and the history of the Watchkeeper drone serve as a cautionary tale for defence procurement and corporate governance. As the investigation unfolds, it will be critical to monitor its impact on Thales’ operations and the broader defence industry.
Transparency, accountability, and stringent compliance measures are essential to restoring trust in defence contracting, particularly when public funds are at stake. For Thales, the road ahead will be challenging, as it seeks to navigate the legal, financial, and reputational repercussions of this unfolding scandal.
Sources such as The Guardian and The Times will likely continue to provide updates on this evolving story, which is sure to reverberate across the defence sector for years to come.
________________________________________
About the Author

Richard Ryan is a highly experienced barrister and legal researcher specialising in drone & counter law, commercial litigation, and regulatory compliance. With over 20 years of legal expertise, Richard Ryan has built a distinguished career advising drone operators, multinational corporations, defence companies, and government agencies. Currently a barrister at a leading Chambers, Richard Ryan specialises in privacy and drone law, offering tailored legal solutions to clients in emerging sectors such as urban air mobility (eVTOL) and counter-drone technologies.

The post Thales: Under the Microscope – The Watchkeeper Drone Saga and Corruption Allegations appeared first on Blakistons.