Associated Elements provided by physical and digital infrastructure will support advanced UAS ecosystems. New FAA guidance addressing requirements for these elements present a path forward to scalability and highlights associated challenges.
A recent FAA Aviation Safety Memorandum (“Memo”) confirms what ResilienX and other industry experts have long understood; integrating UAS into the national airspace (NAS) is nontrivial, and requires an ecosystem approach. This approach has led to differing views regarding UAS type certification such as which elements of the ecosystem fall within the type certification? For elements which fall outside of the type certification umbrella, but are still within the safety case for complex operations, what are the requirements?
To answer these questions, first consider this guidance from the FAA Memo:
A UAS is defined as a UA and its associated elements (AE), including communication links and the components that control the UA, that are required to operate the UAS safely and efficiently in the national airspace system. The AE discussed in this memo are those elements that are not airborne or directly affixed to the aircraft.
Where appropriate, the FAA will issue a type certificate for the UA, and the FAA may approve use of the AE through operating limitations and operational approvals (i.e., waivers, exemptions, and/or operating certificates).
While the AE items themselves will be outside the scope of the UA type design, the TC applicant must provide sufficient specifications for any aspect of the AE that could affect airworthiness, including a complete and unambiguous definition of the elements and their interface with the UA, so that their availability or use is readily apparent.
While core AE such as communications links and ground control stations are called out, additional risk-mitigating AE are generally needed to expand operations, particularly for flight beyond visual line-of-sight (BVLOS). For example, no matter how performant a communications link, it will not mitigate weather risks. Therefore, for BVLOS operations, a weather service AE will likely be required. Also, most AE are unlikely to have independent links to the UA and therefore, reliable communications demand consideration for most AE. UAS Traffic Management (UTM) services may also provide AE as means to reduce operational limitations via risk reduction.
The FAA Memo presents a roadmap to scalability, stating that once an AE has been approved as a risk mitigation for one craft/operations combo, it will likely be usable for similar craft/operations.
The AE specifications included as operating limitations in the type certificate and the flight manual would likely be similar for all type-certificated UA and consistent between operating parts[…]
For operations outside of part 107 (e.g., parts 91, 135, or 137), which are more complex, the FAA may provide relief from regulations with conditions and limitations that identify additional specifications to mitigate a possible adverse safety impact.
The FAA may establish additional specifications that are pertinent to the operation of a particular UAS in the operational approval (e.g., exemption or waiver) conditions and limitations, commensurate with the proposed concept of operations and the operating rules from which the FAA is granting relief, such as beyond visual line-of-sight operations or operations which leverage an operating certificate. Certain AE specifications will likely be similar for type certificated UA covered by this memorandum.
The FAA provides a path for UA type certification, and accommodates additional operational envelops via AE to mitigate operational risks. This regime including CONOPS, architecture, and functional/performance requirements are packaged into a safety case for advanced operational waivers such as for BVLOS operations. Once deployed, the FAA obligates the operator to ensure operational compliance with the approved safety case:
The operator is responsible for continued compliance with the operating rules and any conditions and limitations of a waiver or exemption […] Rescission of the exemption or waiver would be the FAA’s primary tool for compliance and enforcement with AE specifications.
Although the operator is responsible for assuring that flight remains within safety case limitations underpinning a waiver, it becomes increasingly difficult as the operator engages 3rd party AE to mitigate various operational risk. Reflecting on the above weather service discussion, most operators are challenged to determine if the subscribed weather service is working correctly. As this ecosystem grows in complexity into the UTM ecosystem envisioned by the FAA and NASA, the operator may also become increasingly responsible for monitoring the health, integrity, and performance of various AE proposed for surveillance, communications, navigation, weather, traffic management, contingency management, etc.
Appendix B of the Memo, “AE Specifications in Operating Limitations and Operational Approvals,” considers some operator requirements for successful compliance. A few of these requirements include:
A requirement that the operator documents and maintains the configuration of the integrated system (such as identifying the UA and associated elements, including communication links and the components that control the unmanned aircraft) that is necessary for each operation to be conducted safely.
A requirement that the operator has an error reporting, evaluation and mitigation program in order to maintain compliance with operating rules and conditions and limitations. The operator must evaluate any failures, anomalies, or other in-service problems to ensure that they do not represent a system deficiency that will result in a subsequent noncompliance with regulations or conditions and limitations. If a failure, anomaly or in-service problem may result in subsequent noncompliance, the operator would be required to correct the issue to prevent that noncompliance and would be required to report the issue and correction to the FAA.
A requirement that the operator documents and maintains a method to assure that each associated element of the UAS continues meet all AE specifications during all flight operations…
When using associated elements that are services provided by a third party (such as a communications link), this assurance may include qualification and in-service monitoring criteria to detect out-of-compliance performance and initiate corrective action (such as avoiding new operations into areas of known coverage gaps until such time as the communication service provider verifies that the gap is eliminated).
The Memo recognizes there will be an ecosystem of systems and services enabling complex BVLOS UAS operations. The FAA delineates where UA type certification stops and AE begin but does not prescribe exact AE means of compliance—instead, it offers areas of consideration for operator and AE providers, as well as examples of the types of requirements.
Based on our experience with the FAA, this approach does not come as a surprise to ResilienX. In fact, for the past three years we have been building a product containing the tools and services to meet these requirements. The ResilienX FRAIHMWORK® (Fault Recovery and Isolation, Health Monitoring frameWORK) provides this capability including the following:
- Ecosystem configuration management
- Health, integrity, and performance monitoring of the various AE
- In-type system-wide safety assurance to mitigate faults, failures, and adverse conditions in-time to make a difference
- Digital maintenance tracking and logging
As ResilienX continues to deploy FRAIHMWORK into UTM and AAM ecosystems across the US, we are looking to work with operators looking to realize this FAA guidance and the various AEs which make up the ecosystem and will need to be monitored.
Indeed, ResilienX uniquely provides the capabilities and leadership supporting the approval of various AE within the ecosystem and that will need to be monitored. As ResilienX continues to deploy FRAIHMWORK into UTM and Advanced Air Mobility (AAM) ecosystems, we are seeking engagement with operators looking to realize this FAA guidance.
ResilienX is a software company developing safety assurance solutions for autonomous ecosystems. Founded in 2018 in Syracuse, NY, they are focused on ensuring the safe integration of UAS into existing airspace systems and transforming mobility around the world.
Contact Ryan Pleskach, [email protected].