To uphold aviation safety, Civil Aviation authorities throughout the world mandate the certification of aircrafts, including certain types of UAS/RPAS. Particularly mission critical ones or those with a MTOW above 25 Kg. To verify that the strict applicable safety standards are met. Specifically, the DO-178C, DO-254 and DO-160 standards make it possible to ensure the quality and reliability of both the hardware and the software of airborne systems.
Air travel: the safest means of transportation
Road travel and even trains and boats are subject to frequent accidents. On very rare occasions air crashes also occur. But considering the huge amount of flights per year the accident rate is extremely low; air travel is by far the safest means of transportation.
How did we arrive there?
100 years ago flying was very dangerous. Accidents followed one another. Although this would not deter the fearless aviation pioneers. In the 1940s passenger flights appeared and such risks were no longer acceptable. Therefore, governments worldwide agreed in the 1944 Chicago Convention to regulate air travel by setting up national Civil Aviation authorities, coordinated through the ICAO.
As of today, UAV/RPAS carry no passengers. But still, a fault can cause material and personal damage on the ground. Furthermore, drones might crash with passenger flights causing very serious air incidents. For this reason, Civil Aviation authorities are working in the standardisation and regulation of the UAV area, seeking to achieve there the same safety and reliability levels found in manned aviation. To meet that end, regulations are being developed for drones, following the same approval approach as for other aircraft.
On which criteria is airworthness certification granted?
Every new aircraft model undergoes a gruelling approval process by Civil Aviation to prove that it fulfils the international TSO (Technical Standard Order) standards applicable to every aircraft component. There is however no TSO defined for drones yet; in such cases, DO standards are used to establish the reliability and safety of UAV-installed equipment:
- DO-160G: Environmental characteristics.
- DO-254: Hardware.
- DO-178C: Software.
DO-254 requires a structured HW design methodology along with a scientific reliability analysis to prove that the fault rate is below very strict limits. On the other hand, DO-160G ensures that the system will work properly in the relevant ranges of temperature, altitude, humidity etc. Let us look in more detail into the DO-178C software safety standard.
The DO-178C Standard
It is entitled “Software Considerations in Airborne Systems and Equipment Certification” and it was developed by RTCA Inc. for the FAA – the US Federal Aviation Administration. Later adopted by the rest of the countries. This standard is especially relevant when it comes to the reliability of airborne systems on drones, particularly in critical systems such as the autopilot.
There are distinct levels of DO-178C certification according to how critical the equipment is to safety. 5 levels of Design Assurance Level (DAL) have been defined, according to the consequences of a hypothetical fault:
- DAL-A: Catastrophic. Numerous fatalities and loss of the aircraft.
- DAL-B: Dangerous. Strong impact on safety. Some serious injuries or even fatalities.
- DAL-C: Major. Significant impact on safety. Disturbances to passenger or at most light injuries.
- DAL-D: Minor. Noticeable impact on safety. Inconvenience to passengers.
- DAL-E: No effect. Example: onboard movie screening. DO certification not required.
The standard defines different certification requirements according to the DAL level. DAL-A is the most stringent level and the hardest to achieve. DO-178 require SW developers to follow certain methodologies of quality control and high-reliability SW development. Civil Aviation does a standardised follow-up of the development project at its various stages: planning, design, coding, and validation.
These follow-up meetings are based on a standard set of documents defined in the standard, which the software developer must create. For this reason, very extensive documentation work is required to obtain DO-178C certification. This documentation is sometimes called “certification data pack” and must be submitted to certify the drone system.
DO drone certification is a complex, stringent and costly process. However, it is essential to be able to uphold air safety. Embention is the first company ever to achieve DO certification for a commercial drone autopilot in Europe, and it has the resources and the experience of dealing with drone certification in many countries (the USA, Spain, Germany, Switzerland, Italy…). A certification data pack is available for the Veronte autopilot as a basis to successfully complete DO drone certification. Also, redundant versions are available that eliminate the risk of single hardware failure.