There’s a particular kind of frustration that comes from practising in a field that everyone assumes is covered by a law that, on close reading, barely mentions it. Drone law is one of those fields. People hear “AI Act” and “drones” in the same breath and assume the two slot neatly together; that the great European regulatory machine has, somewhere in its 113 articles, a tidy chapter telling me when my client’s counter-UAS system crosses a line. It doesn’t. And the gap between what people assume and what the text actually says is where most of my work now lives.
The newsletters keep landing in my inbox with their countdowns. The latest one fixes on 2 August; the date the AI Office acquires real teeth over general-purpose AI models. I read these updates the way a coastal town reads tide tables: not because every wave matters to me, but because I need to know which ones will reach the door. So let me work through what this particular tide actually touches, from the perspective of someone who spends their days arguing about machines that fly.
Start with the thing that makes drones legally interesting in the first place: autonomy is a spectrum, and the law hates spectrums.
A consumer quadcopter holding position in a breeze is running control loops that would have been called “artificial intelligence” in a 1980s research paper. A military loitering munition selecting between candidate targets is doing something most people would unhesitatingly call AI, and find alarming. Between those two poles sits an enormous, messy middle; obstacle avoidance, automated return-to-home, “follow me” tracking, swarm coordination, automated target recognition that merely flags rather than decides. Where on that spectrum does a drone become an “AI system” in the meaning of Article 3?
This matters enormously and almost nobody asks it cleanly. The Act’s definition turns on a system that infers, from inputs, how to generate outputs that influence environments. Plenty of drone autonomy stacks meet that bar comfortably. Plenty of others; deterministic flight controllers executing fixed logic; arguably don’t. I have sat across the table from engineers who insist their navigation system is “just maths,” and they’re not entirely wrong, but “just maths” is also a fair description of every neural network ever trained. The line is not where intuition puts it.
Here is where I watch clients relax too early.
The AI Act contains an exclusion for systems used exclusively for military, defence or national security purposes. Counter-drone work, in particular, loves to shelter under this. The reasoning goes: we detect and defeat hostile UAS, this is inherently a security function, therefore the Act doesn’t reach us. Lovely. Except “exclusively” is doing ruthless work in that sentence, and the dual-use reality of this entire sector makes the exclusion far narrower than people want it to be.
The same RF-detection and optical-tracking stack that protects an airbase gets sold, with a different sticker, to protect a stadium, a prison, a private estate. The moment that system has a civilian commercial life; the moment it is placed on the EU market for protecting critical infrastructure rather than fighting a war; the exclusion frays. And critical infrastructure protection is precisely the kind of use the high-risk classification regime is built to capture. A counter-UAS platform that automatically classifies an incursion and cues a response near an airport is not obviously outside the high-risk net just because its cousin wears camouflage.
The targeted consultation on the high-risk classification guidelines, open until late June, is therefore not abstract bureaucracy to me. Those guidelines are where the boundary between “this is a security tool, leave it alone” and “this is a high-risk system, document everything” will actually get drawn through worked examples. Anyone in this sector who isn’t reading those drafts is choosing to be surprised later.
Now the part that genuinely changes behaviour on the ground.
Article 50’s transparency obligations don’t care about risk tiers. They bite on situations; and one of those situations is biometric categorisation, another is emotion recognition, and another is content that interacts with or affects people. Picture the increasingly common deployment: a drone with a camera doing crowd monitoring, perimeter patrol, or event security. The instant that payload starts categorising people by biometric attributes, the deployer owes the exposed individuals notice. You cannot quietly run biometric categorisation from 120 metres up and treat the altitude as a privacy shield. The obligation attaches to what the system does, not to how far away the lens sits.
I find this is the provision that catches operators off guard, because it cuts against the entire instinct of aerial surveillance, which is to be unobtrusive. The law is, in effect, telling a category of drone operator that unobtrusiveness is now sometimes unlawful. That is a genuinely interesting collision between the technology’s reason for existing and the regulation’s reason for existing, and it is going to generate litigation.
There was a small piece of news in the recent updates that I suspect most readers skimmed: the establishment deadline for regulatory sandboxes has been pushed from August 2026 to August 2027.
For most industries that’s a footnote. For drones it’s meaningful, because the sandbox model is arguably better suited to unmanned aviation than to almost any other AI domain. We already have a mature culture of supervised, geographically-bounded testing; segregated airspace, specific operational risk assessments, temporary danger areas. A regulatory sandbox is conceptually just that culture extended from airworthiness into algorithmic compliance. The delay means the one mechanism that could let a counter-UAS startup test automated-response logic on real incursions, under supervision, with some shelter from fines, won’t materialise on the original timetable. The companies most in need of a structured way to prove their systems are safe will spend another year improvising compliance instead. Whether that protects the public or merely protects incumbents is the kind of question I find genuinely unresolved.
The honest summary I give, stripped of comfort, runs roughly like this. The August date isn’t your date; it’s aimed at the makers of large general-purpose models, and most drone autonomy doesn’t live there. But the regime those powers belong to is the same regime whose high-risk rules and Article 50 duties absolutely will reach you, and the classification guidelines being drafted right now are where your fate gets decided. Don’t wait for enforcement to tell you which side of the line you’re on. The structured dialogue the AI Office favours means the first contact is likely to be a request for documentation, not a fine; which means the clients who survive comfortably are simply the ones who wrote the documentation before anyone asked.
Drones made autonomy visible; something you can point at in the sky. That visibility is exactly why this sector will be among the first places the AI Act’s abstractions get tested against physical reality. I’d rather my clients be the test case that wins than the cautionary one. The tide tables are right there in my inbox. The only real choice is whether to read them.
This is not legal advice; if you’re making compliance decisions about a specific system, get advice tailored to it.
About the author
Richard Ryan is a Direct Access Barrister at Blakiston’s Chambers, and a chartered arbitrator and accredited mediator, specialising in drone and counter-drone law. He advises operators, manufacturers, UTM providers, insurers and public bodies across the full UAS spectrum — regulatory permissions and BVLOS approvals, C-UAS deployment at airports, prisons and critical infrastructure, data and privacy, liability and high-value disputes. Instruct him directly or through solicitors.