Standard 922 - RPAS Safety Assurance - Canadian Aviation Regulations (CARs)

From: Transport Canada

Division I - General

922.01 Application

This standard applies to persons making declarations referred to in section 901.194 of the Canadian Aviation Regulations (CARs).

This standard describes the technical requirements that persons making a declaration are required to meet in accordance with section 901.194 of the CARs. Under section 901.201 of the CARs, the person making the declaration is required to retain a current record of the results of, and the reports related to, the verifications that they have undertaken to ensure that the model of the system meets the applicable technical requirements. An RPAS for which no declaration has been made cannot be used to conduct operations referred to in section 901.69 and 901.97 of the CARs. For an RPAS to be eligible to conduct these operations, declarations must be made, and acceptance letter requirements must be satisfied as listed in Table 1 below.

TABLE 1 – Declaration and Acceptance Letter Requirements by Operation
CAR Reference RPAS size Classification Operational Description Standards Requiring Declaration Acceptance Letter Requirement
901.69 (a) Small VLOS operation in controlled airspace 922.04 No
901.69 (b) Small VLOS operation at a distance of less than 100ft (30m), but more than 16.ft (5m) from any person not involved in the operation 922.05 No
901.69 (c) Small VLOS operation at a distance of less than 16.4ft (5m) from any person not involved in the operation 922.06 No
901.69 (d) Small Sheltered Operation in Controlled Airspace 922.04 No
901.69 (e) Medium VLOS operation at a distance of more than 500ft (152.4m) from any person not involved in the operation. 922.08 (1, 2) No
901.69 (f) Medium VLOS operation at a distance of less than 500ft (152.4m) but more than 100ft (30m) from any person not involved in the operation 922.07 Yes
901.69(g) Medium VLOS operation at a distance of less than 100ft (30m) from any person not involved in the operation. 922.07 Yes
901.69 (h) Medium VLOS operation in controlled airspace. 922.04,
922.08 (1, 2)		 No
901.87(a) Small BVLOS operation in uncontrolled airspace and at a distance of not less than 1km from a populated area 922.08 (1, 2),
922.09,
922.10*,
922.11,		 No
901.87(a) Medium BVLOS operation in uncontrolled airspace and at a distance of not less than 1km from a populated area 922.08 (3, 4, 5, 6),
922.09,
922.10*,
922.11,		 No
901.87(b) Small BVLOS operation in uncontrolled airspace and over a sparsely populated area, or at a distance of less than 1km from a populated area. 922.07,
922.09,
922.10*,
922.11,
922.12		 Yes

* When an operation is performed in atypical airspace as defined in AC903-001, or if an operation is performed in accordance with Standard 923 – Vision Based DAA (as per CAR 901.97(2)), then a declaration against standard 922.10 is not required.

Definitions

The words and expressions used in these standards have the same meaning as in the CARs.

Division II – Technical Requirements

922.02 Basic Operations

[Reserved]

922.03 Operations over Critical Infrastructure

[Reserved]

922.04 Operations in Controlled Airspace

Information Note: These technical requirements are applicable to RPAS declarations for operations referred to in section 901.69 (a) and (d) of the CARs.

Information Note: The required accuracy for operations within controlled airspace is identified for purposes of communications with other users of the airspace (e.g., control tower) to provide a minimum confidence related to the altitude and position reports from an RPAS pilot.

Required Accuracy

  • 1. The remotely piloted aircraft system must indicate the lateral position of the remotely piloted aircraft to the pilot with an accuracy of at least +/- 10 m while operating within the controlled airspace.
  • 2. The remotely piloted aircraft system must indicate the altitude of the remotely piloted aircraft to the pilot with an accuracy of at least +/- 16 m while operating within the controlled airspace.

922.05 Operations near People

Information Note: These technical requirements are applicable to RPAS declarations for operations referred to in section 901.69 (b) of the CARs.

Information Note: Where any function of an RPAS is essential to, or can affect, continued safe flight and landing of the Remotely Piloted Aircraft (RPA), that function, and the equipment performing the function, including the RPA control station, the command-and-control links and any other system elements that may be required during flight operation, will be considered as part of the RPAS for the purposes of establishing RPA limitations.

Protections against Injury to Persons on the Ground

  • 1. The occurrence of any single failure of the RPAS which may result in a severe injury to a person on the ground within 30 m of the RPA in operation must be shown to be remote.

Warning and Alerts

  • 2. Systems, controls, and associated monitoring and warning means must be designed to minimize RPAS pilot errors that could create additional hazards.

922.06 Operations over People

Information Note: These technical requirements are applicable to RPAS declarations for operations referred to in section 901.69 (c) of the CARs.

Information Note: Where any function of an RPAS is essential to, or can affect, continued safe flight and landing of the RPA, that function, and the equipment performing the function, including the RPA control station, the command-and-control links and any other system elements that may be required during flight operation, will be considered as part of the RPAS for the purposes of establishing RPA limitations.

Protections against Injury to Persons on the Ground

  • 1. No single failure of the RPAS may result in a severe injury to a person on the ground within 5 m horizontal of the RPA in operation.
  • 2. The occurrence of any combination of failures of the RPAS which may result in a severe injury to a person on the ground within 5 m horizontal of the RPA in operation must be shown to be remote.

Warning and Alerts

  • 3. Systems, controls, and associated monitoring and warning means must be designed to minimize RPAS pilot errors that could create additional hazards.

922.07 Safety and Reliability

  • 1. The RPAS, including any configurable elements, when considered separately and in relation to other systems, must be designed and installed such that:
    • a. The RPAS when considering operational limitations, meets the reliability targets outlined in Table 1 based on the maximum kinetic energy that can be achieved by the RPA;
    • b. Catastrophic failure conditions are shown to be extremely improbable and do not result from a single failure; and,
    • c. The probability of a failure condition resulting in a severe injury to persons not involved in the operation is shown to be extremely remote.
  • 2. RPA structures and components shall be designed such that they allow for safe operation of the RPA throughout the entire operational envelope defined by the applicant.
  • 3. Systems, controls, and associated monitoring and warning means used to alert the crew of unsafe system operating conditions must:
    • a. Enable the remote crew to take action to minimize any hazard resulting from the unsafe condition; and,
    • b. Be designed to minimize RPAS pilot errors that could create additional hazards.
  • 4. Non-safety critical systems, equipment, and payload shall not adversely affect any safety critical system.
Table 1

Classification 

Reliability Objective 

P(x) – Probability of Failure 
 

RPA KE <700 J 

RPA KE <34 kJ 

RPA KE <1084 kJ 

Catastrophic 

Extremely Improbable 

10^-4 

10^-5 

10^-6 

Hazardous 

Extremely Remote 

10^-3 

10^-4 

10^-5 

Major 

Remote 

10^-2 

10^-3 

10^-4 

Minor 

Probable 

10^-2 

10^-2 

10^-3 

No safety affect 

No requirements 

No requirements 

No requirements 

No requirements 

922.08 Containment

Low Robustness Containment Requirements

  • 1. No single failure of the RPAS shall result in operation outside of the operational volume.
  • 2. Any failure of a system whose operation is required to meet (1) shall be annunciated to the operator.

High Robustness Containment Requirement

  • 3. No single failure of the RPAS shall result in operation outside of the operational volume.
  • 4. The probability that the RPA leaves the operational volume due to any combination of failures of the RPAS shall be shown to be extremely remote (Hazardous).
  • 5. Any failure of a system whose operation is required to meet (3) and (4) shall be annunciated to the operator.
  • 6. Software and Airborne Electronic Hardware whose development errors could lead to operation outside of the operational volume shall be developed to an industry standard or methodology recognized by TCCA.

922.09 Command and Control Link Reliability and Lost Link Behaviour

  • 1. The RPAS must be designed such that:
    • a. the probability of occurrence of any combination of failures which may result in a loss of control of the RPA at any point in flight is shown to be remote or less.
    • b. the RPA behaves predictably and consistently if positive control is lost and in a manner that assists pilots in minimizing the probability the RPA will create a hazard.

922.10 Detect, Alert, and Avoid Systems

  • 1. Annunciated loss of function of the detect and avoid system shall be shown to be remote.
  • 2. Un-annunciated loss of function or hazardously misleading guidance from the detect and avoid system shall be shown to be extremely remote.
  • 3. The means to detect conflicting occupied air traffic and take action to avoid them must be shown to meet the following system risk ratios.

Airspace Description

Air Risk Class

Required System Risk Ratio

Below 400ft AGL within class F Advisory Airspace.

ARC-c

<=0.33

Below 400ft AGL within Class G airspace and beneath controlled airspace that starts at 1500ft AGL or lower.

ARC-c

<=0.33

Below 400ft AGL, within Class G Airspace and greater than 5nm from any airport, heliport or aerodrome published in the CFS/WAS.

ARC-b

<=0.66

When an operation is performed in atypical airspace as defined in AC903-001, or if an operation is performed in accordance with Standard 923 – Vision Based DAA (as per CAR 901.97(2)), then a declaration against standard 922.10 is not required.

922.11 Control Station Design

This section applies to systems and equipment intended for crew members' use in operating the RPAS. These systems and equipment, individually and in combination with other such systems and equipment, shall be designed so that qualified crew members trained in their use can safely perform all the tasks associated with the systems' and equipment's intended functions in all intended operational environments. Equipment and systems used by crew members to safely operate the RPAS must meet the following requirements:

  • 1. Controls must be provided to allow accomplishment of all the tasks required to safely perform the equipment's intended function, and information must be provided to the crew that is necessary to accomplish the defined tasks.
  • 2. Controls and information intended for the crew's use must:
    • a. Be provided in a clear and unambiguous manner at a resolution and precision appropriate to the task;
    • b. Be accessible and usable by the crew in a manner consistent with the urgency, frequency, and duration of their tasks; and,
    • c. Enable crew awareness, if awareness is required for safe operation, of the effects on the remotely piloted aircraft or systems resulting from crew actions.
  • 3. Operationally relevant behavior of the equipment must be:
    • a. Predictable and unambiguous; and
    • b. Designed to enable the crew to intervene in a manner appropriate to the task.
  • 4. To the extent practicable, equipment must incorporate means to enable the crew to manage errors resulting from the kinds of crew interactions with the equipment that can be reasonably expected in service. This paragraph does not apply to any of the following:
    • a. Skill-related errors associated with manual control of the RPA;
    • b. Errors that result from decisions, actions, or omissions committed with malicious intent;
    • c. Errors arising from a crew member's reckless decisions, actions, or omissions reflecting a substantial disregard for safety; and,
    • d. Errors resulting from acts or threats of violence, including actions taken under duress.

922.12 Demonstrated Environmental Envelope

  • 1. The RPAS shall have an environmental envelope under which the RPAS can safely operate and that has been demonstrated by ground and flight testing.
  • 2. Demonstration test points shall include, at a minimum, coverage of the following aspects of the environmental envelope:
    • a. account for all configurations and for all phases of flight of the RPAS, including acceptable failures or degradation of components and systems and any environmental factors specific to the concept of operation(s)
    • b. include the operationally safe range for:
      • (i) meteorological conditions
      • (ii) any other external factors specific to the concept of operations that may adversely affect safety of the operation.
      • (iii) EMI and HIRF.
      • (iv) external factors that may adversely affect safety such as g-loading, aircraft attitudes, crosswind, night, operating latitude, urban airflow, proximity to items of inspection or to infrastructure.
    • c. account for inadvertent exceedance of the demonstrated environmental envelope before detection can be realized and corrected and where the limiting condition cannot be prevented.
    • d. any safety related limitations for storage and transportation.

Report a problem with this page

Date modified: