Safe operation of mini UAVs: A review of regulation and best practices

D.Sanz, J.Valente, J.Colorado, J.D.Hernandez, J.del Cerro and A.Barrientos

d

Abstract Despite the great efforts, current international normative is not uniform or well defined in relation with small and mini UAVs (mUAV). This article proposes a unifying threestep structure that adapts and complements the safety regulation defined by ISO 31000 normative which allows for the evaluation of safety issues from a global view.

procedures to avoid or minimize risks. The main difficulty is determining the applying directives for each individual case. It is important to emphasize that most of the current work devoted to advance on mUAV legislation remains on an early stage. 2.1. Common applying normative Common normative applying to drones (mUAVs) is outlined in the following four documents: ISO 12100: Safety of machinery general principles for design. ISO 14121: Safety of machinery Risk assessment. ISO 31000: Risk guidelines. management Principles and

I. INTRODUCTION In the last decade, there has been an increment of Unmanned Aerial Vehicles (UAV) employment. New areas in the civil sector demand a new generation of autonomous machines with the capability to intelligently assist by means of cooperative labors. The introduction of mUAVs within these scenarios faces several challenges, mainly focusing on the safety requirements. These issues have become a legislation priority for the Air Authorities (AA) in charge of regulating mUAV operation within civilian spaces [1, 2]. Small-scale UAVs fall into a diffuse legal status and their lack of safety polices still remain a concern. It is crucial to incorporate a unified safety-structure within the mUAV flight-mission architecture. This article proposes a methodology that defines three basic steps that could be useful in avoiding hazardous situations. II. LEGAL FRAMEWORK The first step when evaluating the safeness of a UAV system is the legal framework that applies. They contain a preliminary analysis which consists on guidelines and This work has been supported by the Robotics and Cybernetics Research Group at Technique University of Madrid (Spain), and founded under the projects ROTOS: Multi-Robot system for outdoor infrastructures protection, sponsored by Spain Ministry of Education and Science (DPI 2012-17998), and Robot Fleets for Highly Effective Argriculture and Forestry Management, (RHEA) sponsored by the European Commissions Seventh Framework Programme (NMP-CP-IP 245986-2 RHEA). The authors want to thank all the project partners: Agencia Estatal Consejo Superior de Investigaciones Cientficas CSIC (Centro de Automtica y Robtica, Instituto de Ciencias Agrarias, Instituto de Agricultura Sostenible), CogVis GmbH, Forschungszentrum Telekommunikation Wien Ltd., Cyyberbotics Ltd, Universit di Pisa, Universidad Complutense de Madrid, Tropical, Soluciones Agrcolas de precisin S.L., Universidad Politcnica de Madrid UPM (ETS Ingenieros Agrnomos, ETS Ingenieros Industriales), AirRobot GmbH & Co. KG, Universit degli Studi di Firenze, Linstitut de recherche pour lingnierie de lagriculture et de lenvironnement IRSTEA, CNH Belgium, NV, CNH France SA, Bluebotics S.A. y CM Srl.

ISO 13849: Safety of machinery Safety related parts of control systems. All these documents summarize the legal framework of the UAVs but they still need complementary normative based on other standards to fully define and conceive the mUAV system not only as an electronic device but also as a vehicle. 2.2. General UAV normative: the international framework In 2005 several Air Authorities from America and Europe started a major global effort to standardization. In the United States, the FAA imposes a two-step certification process. As a result only drones awarded with the proper certification are allowed for operation. European legislation focuses on addressing UAVs with a take-off weight (MTOW) over 330lb/150kg [11]. The most widely accepted small/light UAVs classification includes the following characteristics: mass, maximum flight ranges, relative altitudes and flight endurance. These characteristics allows for the definition of the following topics: Operational approval: (only applies to drones class I.) Certification demonstrating safe flight, licensing, training and limitations to the system. Full regulations: (only applies to drones class II.) It Requires the Certification of airworthiness, registration, design certification, etc. The main difference between class I and class II vehicles is that Class II are subjected to the Rules of the Air and in coordination with the Air Traffic Management (ATM). Other issues regarding the wing-type of the vehicle and the flight control scheme must also be considered.

The most advanced frameworks for regulating the safe operation of UAVs (civil or military) are located in the UK, France and Austria. Other programs exist in Germany, Croatia, Czech Republic and Sweden [12].The critical issue concerns standardization because the frameworks differ by different regulations. The regulations of Australia [13][14], France [15], Israel [16], Japan [17], UK [18] and USA [19], are the leading normative in this area. They regulate many common aspects, but other regulations are not standardized and they differ and are implemented differently depending on the countrys air authorities. 2.3. On-going normative and proposals. Working groups and organisms involved A common normative does not seem to be feasible in a short/medium period [20]. Apart from the national air authorities, there are many groups attempting to establish a common frame to regulate safety on UAV operation. The documents produced contain recommendations, not official normative. However, they can be considered valid since the most active partners within the UAV community gave been involved in their preparation. such as: the EUROCAE (specially the Working Group 73), USICO, JARUS (Joint Authorities for Rulemaking on Unmanned Systems), ICAO (International Civil Aviation Organization) and UVS International. A proposal report issued by an assembled UAV Task Force assembled by Eurocontrol and the Joint Aviation Authority determines that UAVs should comply with an equivalent level of safety (ELOS) compared to conventionally manned aircraft [21]. III. RISK ANALYSIS Risks are always present. It is important to identify the hazards and evaluate their severity in order to delimit their effects [22]. This process is known as Risk Analysis (RA). Different studies [23], [24], [25], [26], [27] pose alternatives to address RA issues. Some methods of RA based on events, present a deductive structure that analyses the system in terms of effect-to-cause. The disadvantage of these methods is that they do not include the specifications of the system and the reduction procedures within the analysis process. The ISO 12.121-1 standard solves this problem by considering the specifications of the system within the first step of the RA. It also includes how other characteristics of the system could result into new hazards because it takes into account subsystems that might fail. Once the dangers are enclosed the possible risks can be found according to the nature of the danger and the origin of the hazards. They are then evaluated according to ISO 13.849-1 and classified depending on the severity. The Risk Reduction Procedure (RRP) is a non-linear structure that involves a recursive evaluation of the risks, since the introduction of new techniques to minimize or even to avoid the risks may introduce new hazards. The problem with this method is that that you might end up on a loop. To solve this, If it is not possible to adequate the risk level, this

method has a limited number of iterations that force a redefinition of the systems specifications. 3.1. Risk identification Before analyzing the potential hazards, it is necessary to define the limits of operation by enclosing the possible consequences of an accident or failure [29]. It is possible to divide these limits according to their nature: 1. Physical limits: unit and components. 2. Temporal limits: life time. With two kinds of temporal restrictions: a. Short time restrictions: the maximum flight time, the commands response time and the sensors acquisition time. b. Long time restrictions: engines and battery degradation. 3. Environmental limits: flight location and conditions. They are imposed by: a. The drone: wind speed, ambient light b. The legislation: minimum distance from populated areas or from airports/military installations 4. Behavioral limits: operation and procedures. These static limitations lay an important role in avoiding hazardous situations, but they do not cover all the possible hazardous situations evolving the dynamic circumstances that may arise. It is possible to limit the hazards by constraining the characteristics of the flight but it is hard to avoid them. Even if the operation conditions satisfy the normative and the limitations, the main hazard source concerns to the breakdowns. They can be either external or internal. Since breakdowns depend on its sources, they can be classified depending on its origin. Note that the risks are interrelated (so a hazard can be classified in several different groups, and its consequences or problems can be originated from different hazards. 3.2. Risk assessment The second step is to estimate the seriousness and severity of their effects. According to the ISO 14121 and most of the risk evaluation methods [32][33], hazard assessment is a function of two factors: 1. Seriousness of the damage: It evaluates the harm that could be provoked in an accident. Seriousness rate is composed of two factors: a. The severity of the injuries or the health damage. b. The number and affiliation of the agents involved in the event. 2. Probability of damage: It estimates the frequency of occurrence of a hazardous event. Its incident rate is the resultant value of three factors: a. Exposition to the danger. b. Probability of occurrence.

c. Ability to prevent the risk or limiting the damage. The relation between the seriousness of the damage and its probability determine the risk of the component. The summation of the risk estimation for every component and procedure in the system outputs the global risk model. A general evaluation of the selected risk is performed according to all these factors. These factors combined give the Performance Level (PL), which is required for managing the assessed hazard. This parameter refers to the general reliability required by the components/system in order to operate under safety conditions. Both quantity and quality aspects are considered. 3.3. Risk reduction The last step is to analyze and establish possible methods for avoiding or limiting the possible harm. Reliability, robustness and performance requirements are extracted according to the Performance Level (PL) From each PL grade it should be extracted a fuzzy gure for the MMT that expresses the mean time when the rst failure occurs. This determines the quality required for the components. The Diagnostic Coverage (DC) is the ratio between the number of dangerous failures detected and the occasions when the failure mode has been activated. The categories (Cat.) determine the control architecture required for guaranteeing an adequate safety level. According to ISO 12100-1:2003 Depending on the performance phase and the ability to reduce the risk it is possible to: Eliminate the hazard with a safe design with simulations or prototypes, manufacturers can verify, evaluate and enhance the systems performance. This allows for a correction of any hazardous component within the system. The higher the hazard the more sophisticated scheme needed. End the reduction by implementing complementary methods that protect and prevent the system from failures or misuse by adding guard elements, not included in the core of the system, in order to provide a protection service. They do not provide full safeness, but they reduce the exposition and effectiveness of the danger. Impose safety procedures when those measures are not viable or they do not reduce the risk. These extra safety procedures would add guard elements, not included in the core of the system, in order to provide a protection service to reduce the exposition and effectiveness of the danger. CONCLUSIONS The proposed three-step methodology proposed in this article provides a global approach to the low safety interests on the current legislation and each mUAV developer. By performing three actuation levels, this method allows prevention and reduction of many potential risks, as well as a context-adapted response to hazards. The advances presented are a step towards developing safe mUAV systems. REFERENCES [1] JAA/EUROCONTROL, Uav task-force final report. a concept for the european regulations for civil unmanned aerial vehicles (uavs), JAA/EUROCONTROL, Tech. Rep., May 2004. [2] W. Scheneider Jr., Unmanned aerial vehicles roadmap 2002 -2027, Office of the Secretary of Defense. Department of Defense of the United States of America, Tech. Rep., Feb. 2004. [3] A. Barrientos, J. Colorado, J. Del Cerro, C. Rossi, D. Sanz, and J. Valente, Aerial remote sensing in agriculture: A practical approach to area coverage and path planning for fleets of mini aerial robots, Journal of Field Robotics, vol. 28, no. 5, pp. 667 689, 2011. [Online]. Available: http://dx.doi.org/10.1002/rob.20403 [4] J. Valente, D. Sanz, A. Barrientos, J. Del Cerro, A. Ribeiro, and C. Rossi, An air-ground wireless sensor network for crop monitoring, Sensors, vol. 11, no. 6, pp. 60886108, 2011. [Online]. Available: http://www.mdpi.com/14248220/11/6/6088/ [5] K. Hayhurst, J. Maddalon, P. Miner, M. DeWalt, and G. McCormick, Unmanned aircraft hazards and their implications for regulation, in 25th Digital Avionics Systems Conference, 2006 IEEE/AIAA, oct. 2006, pp. 112. [6] UAVM. (2010, August) What is the current regulatory status for civil uav commercial flight? [Online]. Available: http://www.uavm.com/uavregulatory.htm l [7] P. van Blyenburgh, Unmanned aircraft systems: The current situation, in EASA UAS Workshop, Feb. 2008. [8] M. Arjomandi, Classification of unmanned aerial vehicles, The University of Adelaide, Australia, Tech. Rep., 2007. [9] U. International, Unmanned aircraft systems: The current situation, in UAS ATM Integration Workshop -EUROCONTROL, May 2008. [10] R. Loh, Y. Bian, and T. Roe, Uavs in civil airspace: Safety requirements, Aerospace and Electronic Systems Magazine, IEEE, vol. 24, no. 1, pp. 517, jan. 2009. [11] EASA/EC, Regulation 1592/2002 - annex 1 essential airworthiness requirements, EASA, Tech. Rep., 2002. [12] FLYGI, Rules of military aviation (rml). Military Flight Safety Inspectorate - Swedish Armed Forces., Sweden, Tech. Rep., Sept. 2000.

[13] CASA, Ac 101-3: Unmanned aircraft and rockets model aircraft, Civil Aviation Safety Authority, Australia, Tech. Rep., July 2002. [Online]. Available: http://www.casa.gov.au [14] , Civil aviation safety regulations (casr), part 101, Civil Aviation Safety Authority, Australia, Tech. Rep., Jan. 2004. [15] DGA, Uav systems airworthiness requirements (usar), Delegue General pour lArmement, Ministre de la defense, France., Tech. Rep., Jan. 2005. [16] CAAI, Uav systems airworthiness regulations, Civil Aviation Administration of Israel, Israel, Tech. Rep., 2006. [Online]. Available: www.caa.gov.il [17] JUAV, Safety standard for commercial-use, unmanned, rotary-wing aircraft in uninhabited areas, Japan UAV Association, Tech. Rep., Jan. 2005. [Online]. Available: www.juav.org [18] D. Haddon and C. Whittaker, Uk-caa policy for light uav systems (luas), Civil Aviation Authority, UK, Tech. Rep., May 2004. [Online]. Available: www.caa.co.uk [19] FAA, Afs-400 uas policy 05-01, Federal Aviation Authority, USA, Tech. Rep., Sept. 2005. [20] A. Maneschijn, A framework and criteria for the operability of unmanned aircraft systems, Ph.D. dissertation, Stellenbosch University, Dec. 2010. [21] R. Clothier, R. Walker, N. Fulton, and D. Campbell, A casualty risk analysis for unmanned aerial system (uas) operations over inhabited areas, in AIAC12 Twelfth Australian International Aerospace Congress, 2nd Australasian Unmanned Air Vehicles Conference, Melbourne, 2007. [Online]. Available: http://eprints.qut.edu.au/6822/ [22] P. Hokstad and T. Steiro, Overall strategy for risk evaluation and priority setting of risk regulations, Reliability Engineering & System Safety, vol. 91, no. 1, pp. 100111, 2006. [Online]. Available: http://www.sciencedirect.com/science/art icle/pii/S095183200400290X [23] R. Stephens and W. Talso, System safety Analysis Handbook: A Source Book for Safety Practitioners, 2nd ed. System Safety Society, Aug. 1999. [24] FAA, Faa system safety handbook. chapter 9: Analysis techniques, Federal Aviation Administration, USA, Tech. Rep., Dec. 2000. [25] C. Chapman, Project risk analysis and managementpram the generic process, International Journal of Project Management, vol. 15, no. 5, pp. 273 281, 1997. [Online]. Available: http://www.sciencedirect.com/science/art icle/pii/S0263786396000798 [26] J. Kuchar, Safety analysis methodology for unmanned aerial vehicle (uav) collision avoidance systems, in USA/Europe Air Traffic Management R&D Seminars, 2005. [27] S. Celik, Safety process implementation for unmanned aerial systems, in Achieving Systems

Safety, C. Dale and T. Anderson, Eds. Springer London, 2012, pp. 4353. [28] J. Murtha, An evidence theoretic approach to design of reliable low-cost uavs, Masters thesis, Virginia Polytechnic Institute and State University, Blacksburg, Virginia (USA)., July 2009. [29] C. Casarosa, R. Galatolo, G. Mengali, and A. Quarta, Impact of safety requirements on the weight of civil unmanned aerial vehicles, Aircraft Engineering and Aerospace Technology: An International Journal, vol. 76, no. 6, pp. 600606, 2004. [30] K. Hayhurst, J. Maddalon, P. Miner, G. Szatkowski, M. Ulrey, M. DeWalt, and C. Spitzer, Preliminary considerations for classifying hazards of unmanned aircraft systems, Tech. Rep. NASA TM-2007214539, National Aeronautics and Space Administration, Langley Research Center, Hampton, Virginia, Tech. Rep., 2007. [31] M. Dermentzoudis, Establishment of models and data tracking for small uav reliability, Masters thesis, Naval Postgraduate School, Monterey, California (USA)., June 2004. [32] FAA, Faa system safety handbook. appendix b: Comparative risk assessment (cra) form, Federal Aviation Administration, USA, Tech. Rep., Dec. 2000. [33] K. Dalamagkidis, K. Valavanis, and L. Piegl, Evaluating the risk of unmanned aircraft ground impacts, in Control and Automation, 2008 16th Mediterranean Conference on, june 2008, pp. 709 716.