There is strong industry demand for Beyond Visual Line of Sight (BVLOS) operations for Specific category unmanned aircraft systems (UAS) and certified category remotely piloted aircraft systems (RPAS) within the UK. As the sector prepares for a vast expansion over the next decade, a crucial enabler for these advanced flights is the development of robust command and control (C2) links. These links must leverage available radio frequencies and telecoms services to best suit each individual operation while guaranteeing the safety of the airspace.

To facilitate this integration, the Civil Aviation Authority (CAA) recently consulted on the C2 link policy concept for operations assessed in Specific Assurance and Integrity Levels (SAIL) 1 to 3 under the UK SORA (Specific Operational Risk Assessment) process. This policy development forms a core part of the Future Air Traffic Management and Air Navigations programme, working to deliver the ambitious aims of the UK government’s Future of Flight Industry Group.

Embracing Existing Standards Proportionately

The CAA’s review of C2 links highlights a practical reliance on existing standards, drawing heavily from the established telecoms sector rather than attempting to reinvent the wheel. Industry feedback strongly supported this approach, with a consensus that the application of any standard must be proportionate to the SAIL, ensuring that low-to-medium risk operations do not face an excessive or stifling regulatory burden.

Respondents emphasised that regulations must strictly govern safety-of-flight C2 data, differentiating it clearly from mission payload data. Several supplementary standards were suggested by the industry to guide operators and designers, including the GSMA reference methods for cellular performance, and specific RTCA guidelines such as DO-377 and DO-278 for ground-based equipment. Moving forward, the CAA plans to draft Acceptable Means of Compliance (AMC) and Guidance Material (GM) that explicitly reference these standards in a proportionate manner, avoiding a one-size-fits-all certification regime.

The Evolution of JARUS RLP and Modern Telecoms

The Joint Authorities for Rulemaking on Unmanned Systems (Jarus) Required C2 Link Performance (RLP) concept, published in 2016, was initially proposed as a baseline framework. However, the aviation and technology sectors warned against a highly prescriptive approach based on this somewhat dated document.

When the Jarus RLP was first drafted, the UK possessed four public mobile networks relying heavily on 2G and 3G technology. Today, 5G networks are undergoing significant deployment, and legacy networks are being switched off. Furthermore, new standards of long-range, low-power wireless networks have emerged, including LTE-M, NB-IoT, and LoRaWAN. The UK is also undergoing a fixed connectivity transformation with pervasive fibre infrastructure, which offers superior reliability for remote pilot control centres.

Because the Jarus RLP was based heavily on traditional air traffic control communications, applying it rigidly to modern, low-SAIL autonomous drones could be excessive. Consequently, the CAA has confirmed it will use the RLP purely as a framework applied proportionately, fully acknowledging the diverse capabilities, multi-connection redundancies, and modern implementations of today’s UAS.

OSO 6: Ensuring C3 Link Performance

Under the UK SORA process, Operational Safety Objective (OSO) 6 ensures that C3 link performance is appropriate for the operation. The CAA’s consultation outlined several key proposals regarding OSO 6 compliance for SAIL 1 to 3 operations.

A primary proposal confirmed that the use of TCP/IP provides sufficient inherent integrity for these risk levels, although operators noted that UDP/IP or proprietary protocols with application-based integrity checking might be preferable in some modern UAS architectures.

Furthermore, operators will be expected to maintain periodic log files of C2 link performance. To avoid disproportionate bureaucracy, this requirement will be scaled according to the complexity of the operation and the UAS implementation. Instead of mandating the continuous logging of every active C2 connection parameter, the CAA will allow operators to utilise service provider data combined with targeted end-to-end communication metrics, such as packet loss and latency. Crucially, the CAA confirmed that no assurance is currently required for OSO 6 at SAIL 1 and 2, streamlining the path for lower-risk innovators.

OSO 13: Managing External Telecoms Services

For OSO 13, which governs external services supporting UAS operations, the proposals addressed the practicalities and limitations of using public telecoms networks, such as cellular data.

A central CAA proposal is that public 4G and 5G network usage should initially be limited to altitudes below 120m (400ft) above ground level. This limitation is necessary because cellular networks are fundamentally optimised for ground-level users. Operations at higher altitudes can cause increased inter-cell switching, latency spikes, and interference that affects the wider mobile network. Exceptions will apply; for instance, when surveying tall structures, UAS can fly higher provided the aircraft remains within 50m horizontally of the structure and no more than 15m above it. Furthermore, private 4G and 5G networks, which can be custom-optimised for aviation, will be evaluated on a case-by-case basis.

To ensure resilience, the CAA proposed the use of UAS-specific SIMs and service plans. However, industry experts noted that mandating UAS-specific plans could negate the redundancy benefits of Mobile Virtual Network Operators (MVNOs) that use eSIMs to roam seamlessly across multiple networks. The CAA has adjusted its stance to mandate that SIMs and service plans simply must be “compatible and appropriate” for UAS use, maintaining technology neutrality.

Cyber-security and the Road Ahead

The integration of drones into public internet and cellular networks brings inevitable cyber-security challenges. The CAA’s proposals for OSO 13 mandate basic cyber-security measures for C2 data routed via the internet, noting that not all 4G or 5G services require internet routing. While the UK National Cyber Security Centre provides broad guidance, the CAA intends to draft proportionate AMC and GM that cover essential protections like peer entity authentication and anti-replay protection, scaling up to more rigorous requirements for SAIL 3 operations.

Ultimately, the CAA’s evolving policy concept for C2 links represents a balancing act between rigorous safety standards and the flexibility needed to foster technological growth. By remaining technology-neutral, performance-based and proportionate, the updated UK SORA framework aims to secure the UK’s position at the forefront of the global aviation and autonomous systems sector.