Brian Sims

The Evolving Landscape of Drone Regulation

THE COMMERCIAL use of drones is growing at a staggering rate. From security through to transport and delivery and videography through to agriculture, the potential applications for unmanned aircraft systems (UAS) are seemingly limitless. Laurence Clarke takes a look at the latest developments in terms of certification and compliance.

PricewaterhouseCoopers (PwC) has estimated that, by 2030, there will be over 76,000 UAS (ie drones) in the UK’s skies being used by commercial organisations and the Government. What’s more, within the same time frame, there are currently predicted to be over 600,000 jobs in the drone economy.

This rapid growth is no doubt fuelled – at least in part – by the expansion of Beyond Visual Line of Site (BVLOS), both in terms of potential application and the technology available.

In April of this year, the Civil Aviation Authority (CAA) granted the very first approval to trial the concept of routine BVLOS operations, in turn allowing BVLOS deployments to take place without the need for prior pre-flight authorisation. This permission is seen by many as the starting point for mass market availability of long distance deployments, fuelling the next major stage of growth for the industry.  

Sector growth exceeds regulatory development

As is often the case in rapid sector expansion, regulation and legislation is somewhat lagging behind when compared to the rate of advancement of the industry itself.

While this rate of growth is fantastic news for those working within or engaging with the drones sector, it’s something of a regulatory nightmare for those individuals trying to pin down the requirements at any fixed point in time. The moment pen hits the paper – and, admittedly, goes through several committees, before during and after – the needs of the sector have altered and the proposed regulatory framework becomes outdated.

If this situation were not challenging enough, it must also be noted that the term ‘drone industry’ is something of a misnomer – essentially existing as several unique industries, each with specific requirements, branching from a singular core technology – amplifying the hurdles to standardisation through regulation. 

It’s perhaps for these very reasons that current thought processes in terms of regulation come with anticipated timelines commencing from 2022 onwards.

With no fixed legislative or regulatory mast upon which a drone organisation can hitch their sail, what remains are the broad strokes requirements outlined by the CAA, itself an organisation whose primary focus is that of aviation safety as opposed to specific elements of organisational compliance. The inevitable outcome of this is the significant variance in quality standards between drone organisations of all sizes.

Data management

All that said, there’s a potential solution to this issue provided through a consideration of data protection and privacy requirements. It’s touched upon within the CAA’s Drone Code and, indeed, fundamental to the majority of drone deployments.

Regulation and frameworks guiding the recording, capture and management of data have advanced rapidly over recent years. From the General Data Protection Regulation through to more specific and data-type format dependent guidelines, the core aim has been to improve organisational accountability and public awareness when it comes to appropriate data usage.

Data that’s captured as part of drone deployments should be considered no differently. The Government linked office of the Biometrics and Surveillance Camera Commissioner has embraced this concept within the recognised Surveillance Camera Code of Practice.

The latter was issued by the Secretary of State under Section 30 of the Protection of Freedoms Act 2012 to ensure that the use of cameras in public places is properly regulated, Human Rights and data protection compliant and only used in pursuit of a specified purpose. Over time, the application of the key principles within the Code of Practice has expanded to encompass a wide array of recording devices, including – but not limited to – both public and private sector drones.

Certification against the Code of Practice evidences a commitment to Best Practice with regards to data usage and privacy, providing external verification of organisational compliance with UK requirements inclusive of points 20 through to 25 of the aforementioned Drone Code.

There are three key benefits to this recognition. First, there’s public reassurance regarding the appropriateness of data collection and management obtained as part of a drone flight or deployment. Second, there’s organisational reassurance that all data obtained is in line with Best Practice UK privacy and surveillance guidelines. Third, there’s verifiable evidence of data management compliance that can be referenced in either in response to potential challenges and/or information requests or in support of bids and tenders to help distinguish from the competition.

Certification process: how does it work?

It’s fair to suggest that any quality improvement orientated framework is only ever as good as its assessment and monitoring. Drone organisations looking to be certificated against the Surveillance Code of Practice must pass through a two-stage process of independent audit and verification.

First, the organisation must be externally audited against the principles of the Code of Practice by a United Kingdom Accreditation Service accredited certification body such as IQ Verify. This requirement is in place to ensure the impartiality and comprehensiveness of the audit process.

Second, the auditing body is required to submit its audit report to the Office of the Biometrics and Surveillance Camera Commissioner for validation and formal decision-making.

Once certification has been granted, companies are listed on the publicly available .gov register of certificated organisations. Maintenance of this listing is subject to a satisfactory annual audit having been conducted by the external certification body. This process of monitoring and re-audit ensures that continued certification is contingent upon the ongoing maintenance of the original standards of approval.

Product of value and necessity

For those committed to raising standards and organisational accountability, the Surveillance Camera Code of Practice seemingly presents an accessible starting point for organisational regulation, not least owing to the relevance of visual data processing considerations across the full span of the industry.

Certification allows an organisation to evidence a commitment to reputable quality standards, while the inclusion of a public-facing register allows any external party to independently verify organisational compliance in real-time.

There is, however, a difference between an effective regulatory framework being made available and true industry regulation having been achieved. This gap is bridged by widespread industry adoption, whether driven by legislative requirements or more commercially focused pressures: the two are not necessarily mutually exclusive. Where organisational legislation is absent, as is largely the case within the present drone industry, regulatory implementation relies upon there being an evidence of real world value. Value that might drive conformity and framework adherence through operational efficacy and/or competition.

On to the key question, then. Does this certification make any real world difference? To understand true value, the most objective approach is to speak to those working within the sector. Individuals who live and breathe the subject matter, understand formal certification and can speak with confidence on the strengths and weaknesses of the industry as a whole.

Focusing on the private sector for whom the definition of ‘value’ is often more commercially anchored, we recently chatted with the representatives of two drone companies specialising in different areas/purposes of drone deployment and who’ve recently gained certification against the Surveillance Code of Practice.

TLP Ltd, the drone security specialist, has recently become the first commercial drone company specialising solely in security to be awarded the Surveillance Camera Commissioner’s third party certification mark for its usage of drones.  This means that drones are being used proportionately, effectively and transparently by the business and in pursuit of a legitimate aim.

When asked why this certification was valuable, Chris Flannagan (CEO of TLP Ltd) stated: “We applied for certification because we wanted to demonstrate to our clients and the public that our internal policies and procedures for the collection, management and retention of visual and audio data has been independently audited against a set of regulated standards.”

Flannagan added: “The Surveillance Camera Commissioner’s certification is a voluntary process. This was an important factor for TLP Ltd as we can demonstrate to our clients and members of the public that our commitment to their privacy and any trepidation about the commercial drone industry is taken very seriously. TLP Ltd already took these concerns seriously and had robust internal policies in place to manage such concerns. Voluntary certification elevates these robust internal policies to a level whereby people can have confidence in TLP Ltd’s drone operations.”

Further, Flannagan noted: “We’re able to demonstrate accountability and transparency in our drone operations to our clients and members of the public. This is against a set of independently assessed standards which they can view and, if they deem it necessary, they can raise concerns about privacy both directly to the company and to the Surveillance Camera Commissioner.”

Value of certification

In the October 2020 edition of Security Matters (‘Eye in the Sky’, pp28-30), we reported that Crowded Space Drones had become the very first private sector organisation to have achieved certification against the Surveillance Camera Code of Practice.

Andrew McQuillan, director of Crowded Space Drones, had the following to say about the value of this certification: “When conducting any form of surveillance for public authorities, transparency of compliance is crucial to both the authority and the public. We are exceptionally proud [to have gained this certification] as it not only gives our clients confidence that we comply with all legislation in this area, but also enables public trust in our work.”

He went on to state: “The Surveillance Camera Code of Practice audit has already driven positive change for our business. This includes the deployment of over ten improvement actions, primarily aimed at helping both our own team members and the general public at large to understand precisely how standards relate to their interaction with our work.”

Finally, McQuillan observed: “We also fully anticipate a growing commercial value with regards to future tendering success. Formal certification against recognised standards provides a method for streamlining this process, allowing UAS organisations to quickly differentiate themselves from the competition.”

With consideration of the comments provided above by some of the early industry adopters of this standard, the answer to the ‘Is it worth it?’ question becomes quite clear. Formal certification does appear to make a difference, both operationally and commercially: the core tenets of perceivable value.

Accountability and transparency

Certification against the Surveillance Camera Code of Practice, then, appears to tick all the boxes for the first real step towards better regulation across the breadth of the drone industry.

It exists now. The Code of Practice has been successfully deployed within the remit of the usage and/or processing of images and data for over half a decade. It’s recognised. The Code of Practice is linked to the UK Government through the office of the Biometrics and Surveillance Camera Commissioner. It’s relevant. Data management principles are applicable across the full spectrum of the drone industry and of growing importance to all types of businesses and consumers alike.

Further, it has validity. Certification relies upon an in-depth and impartial process of audit and external validation, both through the certification body and the Surveillance Camera Commissioner. It requires continual assessment. The continuation of certification is dependent upon the maintenance of standards over time, thus providing a real-time view of organisational data compliance.

It includes a public facing register. Transparency and accountability are fundamental to empowering choice and public awareness. It can also lead to real benefits from operational efficacy through to tender success. Public reassurance as to the appropriateness of data management can make a particularly big difference.

Fraser Sampson, recently appointed as the Biometrics and Surveillance Camera Commissioner, has had a good deal to say about the value of certification and the likely trajectory of the industry going forward: “People are generally excited to welcome the benefits that technology is offering our lives,” asserted Sampson, “but in this area they rightly want to see the technological advancement matched by an increased level of accountability and assurance. The Code provides that accountability and assurance in a way that’s easy to adopt, audit and update and to the same standards as followed by the police and local authorities. This is an important step for the industry because the Code of Practice has become well established and is probably starting to shift from being what was once a source of competitive advantage to a legitimate expectation among users and the wider public.”

Sampson has also said: “Over the coming months I shall continue to work with the insurance community in seeking the help of the CAA to promote the essential role of certification against the Code of Practice within the broader drone industry.”

Under the spotlight

Organisational data management is increasingly under the spotlight and the use and/or processing of imagery and data collected through drone flight is no different in this regard.

In a competitive landscape that’s currently sparse with regulatory involvement, evidencing data compliance and external oversight through certification against the Surveillance Camera Code of Practice presents a unique opportunity to stand out where it matters.

Where achieving certification presents an organisational advantage, be it commercial or operational, the relevance and prevalence of Code of Practice certification will continue to expand at a rate equal to the opportunities it affords. These are, after all, the key driving forces behind any form of pre-regulatory industry evolution.

Laurence Clarke is Director of IQ Verify (

Company Info


64 High Street, RH19 3DE
East Grinstead
RH19 3DE

04478 18 574309

Login / Sign up