As of 31 December 2020, national rules for flying unmanned aircrafts (“UAS”), commonly referred to as drones, are being replaced by a common European regulatory framework.
The new regulation(1) lays down basic principles for ensuring safety, security and privacy, and protection of personal data. All UAS operators will need to register themselves with the National Aviation Authority of the EU country of their residence (“NAA”) unless they operate a drone from a so-called "Open" category that weighs less than 250 g and has no camera or other sensor able to detect personal data, or is a toy (even with a camera or other sensor). This registration will be recognised throughout the whole European Union and the drone operators will be able to use their drones seamlessly in any of the Member States. Once the registration is completed, the drone operator will obtain a registration number which must be placed on all his/her drones. Besides, most of UAS pilots will have to pass an obligatory online examination.
The regulation makes no distinction between commercial and non-commercial UAS operations, instead it provides three main risk-based categories: Open, Specific, and Certified. It also introduces technical requirements and rules for drones used in operations set out in the regulation (such as geo-awareness and remote identification).
The Open category represents low-risk UAS operations that do not require any prior authorisation. However, certain limits apply. Drones within the Open category must weigh no more than 25 kgs and must belong to one of the classes set by European legislation(2), be privately built, or fall within the legacy drones category(3). They can fly almost everywhere, except over assemblies of people, or areas that the state has forbidden by imposing a restriction on the flight of drones, and must remain within the visual line of sight of the remote pilot below the altitude of 120 m. On top of that, the remote pilot must be at least 16 years old (the minimum age can be lowered by Member States). The Open category is also divided into three sub-categories that reflect the variety of training required as well as examinations.
The Specific category covers medium-risk operations (those that do not comply with the limits of the Open category) and the UAS operators within this category are generally required to obtain an operational authorisation from the NAA based on a performed risk assessment. To ease the situation, a number of standard scenarios with lists of mitigation measures will be created, and the operators will only need to declare or demonstrate compliance.
The Certified category includes cases of high-risk operations (such as flying over assemblies of people, transporting people, carrying dangerous goods, etc.) that present similar risks in that of manned aviation; therefore, UAS certification, a licensed remote pilot and an operator approved by the competent authority are required.
The regulation also emphasises that all drone operators and remote pilots are required to comply with European and national rules regarding privacy and data protection. The drone operations must be carried out with the least interference with the privacy and personal data of individuals on the ground, and any personal data collected must be handled in compliance with the principles, requirements and individual rights laid down in the General Data Protection Regulation.
(1) Commission Implementing Regulation (EU) 2019/947 of 24 May 2019 on the rules and procedures for the operation of unmanned aircraft
(2) Commission Delegated Regulation (EU) 2019/945 of 12 March 2019 on unmanned aircraft systems and on third-country operators of unmanned aircraft systems
(3) Article 20 of the Commission Implementing Regulation (EU) 2019/947 of 24 May 2019 on the rules and procedures for the operation of unmanned aircraft.