The technical area of the Indian Air Force station in Jammu was attacked with drone delivered improvised explosive devices (IEDs) during the early hours of June 27, 2021. While some districts around the attacked region promptly banned the sale, possession, and use of drones, the Ministry of Civil Aviation (MoCA) adopted a calibrated approach and released the Drone Rules, 2021 within three weeks of the attack. The new rules provide respite from the uncertainty that surrounded the drone industry following the attacks.
MoCA has sought to balance economic opportunities with the risks to public safety posed by drones under the new rules. However, there are still some pertinent concerns including standards for imports, data communication and technology support that need to be addressed to ensure that public safety requirements are aligned since these regulations will govern drone operations in the public domain.
Proposed Regime: Drone Rules 2021
The first comprehensive document outlining the parameters for manufacturing, registering, and operating drones were the Civil Aviation Requirements (CAR) 2018 released in December 2018. CAR was replaced by Unmanned Aircraft System (UAS) Rules 2021 earlier this year in March. Both CAR and UAS received disparaging remarks from civil society organisations and industry experts for placing a heavy hand of regulation on the nascent drone industry. Both regulations did not allow foreign entities or their subsidiaries to be registered as Authorised Persons i.e. as authorised UAS operators or owners in India. They also complicated the requirements for import controls and permissions for production, operation, and research on drones. The new drone rules will supersede UAS rules.
MoCA has significantly simplified the regulatory environment with the present bill. The number of permissions and certifications has been slashed from 25 to six including unique authorisation number, authorisation of R&D organisation, import clearance, and unique prototype identification number, amongst others. It has also eased the operation processes of foreign investors and manufacturers of drones in India. In a bid to facilitate homegrown drone startups and consumers, the process of operating and manufacturing drones has been made inclusive by reducing the fees for issuance of a certificate of airworthiness, unique identification number and listing of remote pilot license. MoCA has also removed the authorisation requirements such as the certificate of airworthiness, unique identification number, remote pilot licence and permission for research and development of drones in India.
Consistent Standards for Import and Operations of Drones
India is currently the third-largest importer of military-grade drones with 6.8 per cent of total UAV imports and its commercial drone market is projected to grow at the compound annual growth rate of 12.6 per cent from 2020 to 2026. According to the recent draft of the bill, the Directorate General of Foreign Trade (DGFT) will be regulating the import of drones and drone components, and the Quality Council of India (QCI) will be providing certificates of airworthiness based on the certification standards developed by QCI. A certificate of airworthiness is required for drones to operate within India.
There has been an inconsistent understanding of minimum standards for safety amongst stakeholders for the public deployment of drones. For instance, No Permission–No Takeoff (NPNT) is a core technology required to ensure safety procedures and determine airworthiness in India. It requires a manufacturer to make significant changes in hardware and software capabilities to equip the drone with NPNT. DJI, one of the largest producers of commercial drones based in China, had raised apprehensions on NPNT as it placed heavy restrictions on drone operations in 2019. DJI has still not adopted the technology. But drones manufactured by DJI were being used by UP, Delhi, and Punjab police during the anti-CAA protests in early 2020. Within India, only a few companies like Aarav Unmanned Systems, Ideaforge, Asteria Aerospace, Skylark Drones, and Throttle Aerospace Systems have complied with NPNT standards till now.
The Government of India continues to be the largest deployer of drones across domains for policing, digital mapping, and monitoring progress in highway projects. It would be vital for the standards for operation and imports to be set by the DGCA in collaboration with QCI to ensure that imports of drones and drone components meet the requirements of the domestic industry and conform with the public safety protocols. Both need to ensure consistent adoption of standards for procurement, and operation of drones along with setting auditing mechanisms to ascertain such discrepancies do not arise, especially in cases of public deployment. In the United Kingdom as well, the police force is subjected to similar safety criteria of drones as the private developers.
Data Communication, Security, and Privacy
MoCA in November 2020 had released a discussion draft on National Unmanned Aircraft System Traffic Management Policy with a dedicated chapter on Unmanned Aircraft System Traffic Management Data Communication, Security, and Privacy. The chapter pushes for data localisation requirements by demanding all types of data including data provided, generated, collected, and analysed by the user along with software and hardware systems to reside in India. It also puts restraints on the access of this data by entities outside India. The previous draft did not allow foreign entities or their subsidiaries to be registered as Authorised Persons i.e. as authorised UAS operators or owners, so the data localisation norms were in sync with UAV rules.
But MoCA has removed this restriction in the present set of rules, presumably to increase foreign investment in the budding drone industry in India. This will provide the necessary fiscal boost required to drive research, development, and innovation in India. Regulatory barriers to R&D have also been removed, for governments, startups, and educational institutions, and could be a major incentive for foreign entities to work in collaboration with domestic industry. The Medicine from the Sky project undertaken by Telangana government in collaboration with World Economic Forum, and HealthNet Global to facilitate delivery of vaccines and medicines is one such example. Along with providing a huge consumer base, India can assist in meeting the labour demands of foreign drone manufacturers as well.
However, a thorough reexamination of localisation requirements is necessary to facilitate such partnerships. The entities investing will not only have to open a data centre, which in itself is capital intensive, but also open factories as software and hardware systems would also have to reside in India along with data, as per the existing policy. This will lead to an increase in compliance costs of foreign entities and could act as a deterrent to entering the market.
Additionally, the chapter also mentions that the provisions of the proposed Personal Data Protection Act will be followed as and when it will be promulgated for maintaining data privacy. Provisions outlining limits to the retention of images of identifiable individuals collected using drones exist in the draft bill as it falls under biometric data. But not all data collected using drones will fall under the sensitive data category. For example, road condition surveys and monitoring of national highway projects would not be classified as sensitive data under the existing bill. Data localisation norms could be relaxed in such cases.
Furthermore, the policy document and the recent draft of the Drones Rules do not address spatial privacy. The violations of spatial privacy that may happen due to the usage of drones in a dense country like India might also lead to the violation of data privacy. A provision prohibiting intentional entry onto the land or airspace of an individual without permission or trespass to capture any visual image, or sound recording, while the plaintiff is engaging in a private, personal, or familial activity and is offensive to a reasonable person should be added to the Drone Rules akin to the Assembly Bill No. 856 in California.
Technology Support for Safety Measures
As with the previous bills on drones, there is an overzealous reliance on Digital Sky Platform. The platform is managed by the Directorate General of Civil Aviation (DGCA). It is designed to be a single-window system to manage activities related to drone management in India including facilitating and simplifying the process of registration for drones, operators and remote pilot training organisations. It aims to facilitate self-generated or automated permissions with minimal human interface.
The platform will be providing the airspace map, segregating it into three zones—red, yellow, and green. Additionally, NPNT technology and real-time tracking of drones would be supported through the platform. NPNT ensures flying of drones in a permitted area of the red or yellow zone is possible only after a permission artefact is granted through the Digital Sky Platform from the DGCA.
However, to achieve the objectives of this ambitious platform, the technological infrastructure behind it needs to be operationalised and strengthened by removing the bugs and simplifying the user interface. This has been a consistent concern from all stakeholders involved since the platform was launched in 2018. Moreover, the platform also needs to build a standardised communication interface for Ground Control Software, unmanned traffic service providers and so on, to interact with registered flight module’s permission artefact provided as part of NPNT.
India is one of the fastest growing markets for commercial drones. The Drone Rules 2021 have addressed majority of the challenges that were limiting the growth of the industry. With the simplified regulatory environment in place, aligning standards for imports, data communication and technology support with public safety requirements will ensure a conducive ecosystem for the Indian commercial drone industry.
This article was first published on ORF.
The author is Junior Fellow at ORF’s Centre for Security, Strategy and Technology. The views expressed in this article are those of the author and do not represent the stand of this publication.