In 2012, the UK drone sector was still relatively small. Multirotors existed, commercial aerial work was growing, and the Civil Aviation Authority’s focus was broadly understandable: keep unmanned aircraft away from people, aircraft, congested areas and controlled airspace, and require permission for higher-risk or commercial activity.
By 2026, the picture has changed dramatically. The UK now has a layered system of registration, Flyer IDs, Operator IDs, Open/Specific/Certified categories, operational authorisations, SORA assessments, Operational Safety Objectives, containment evidence, Remote ID, UK class markings, SAIL markings, Recognised Assessment Entities for Flightworthiness, and a growing family of CAP 722 guidance documents.
The question is no longer whether drones should be regulated. They clearly should be. The real question is whether UK drone regulation has moved from proportionate safety management into a culture of compliance expansion, where each new risk produces another document, certificate, marking scheme, or approval pathway.
The early years: simple rules, clear principles
The CAA’s CAP 722 has existed since the early 2000s, but the period around 2012 was still comparatively simple. CAP 722’s revision history shows the fifth edition was published in August 2012, with updates to terms, definitions, procedures and human factors material. The major structural changes came later, particularly in 2015, when the document was completely restructured and the Operating Safety Case process became central to permissions for more complex unmanned aircraft operations. (Civil Aviation Authority)
That older approach had faults, but it had one major strength: it was relatively understandable. Operators generally knew the basics: remain visual line of sight, keep clear of people and property, stay away from airports, and seek CAA permission for commercial or higher-risk work. It was not perfect, but the compliance burden was still recognisable to small operators and manufacturers.
The 2015 introduction of the OSC process was arguably the first major paperwork escalation. It asked operators to explain their concept of operations, aircraft systems, safety mitigations and operational procedures. For serious commercial work, that made sense. But it also began the shift from “fly safely and demonstrate competence” towards “produce a large body of evidence to prove that you might fly safely.”
2018–2019: airport restrictions made sense
One of the more defensible changes was the strengthening of airport flight restriction zones. Following the increasing public concern around drones near airports, the UK introduced clearer height restrictions and restrictions around protected aerodromes. CAA guidance published in 2019 explained the 400 ft limit and the expanded Flight Restriction Zone system, including airport traffic zones and runway protection areas.
This was a sensible area for regulation. Airports are one of the few places where even a small drone can create a serious aviation hazard. The 2019 changes extended restriction zones to include runway protection extensions, commonly described as 5 km by 1 km zones from runway ends, which was aimed at protecting aircraft during take-off and landing. (GOV.UK)
Very few responsible drone operators would argue against clear airport restrictions. Flight Restriction Zones are a good example of regulation targeted at a real and obvious risk.
The problem is that this targeted logic has not always been maintained elsewhere.
2020 onwards: the European-style category system arrives
The next major shift came with the adoption of the European-style framework: Open, Specific and Certified categories. The idea was logical on paper. Low-risk operations sit in the Open Category. More complex or higher-risk operations sit in the Specific Category. Very high-risk operations fall into the Certified Category.
But the practical effect was another layer of complexity. Instead of a relatively direct permission process, operators now had to understand subcategories, registration requirements, competency requirements, operational authorisations, risk assessments, mitigations and supporting guidance.
CAP 722 itself has also become part of a much wider ecosystem. The current CAP 722 page describes it as CAA guidance and policy for unmanned aircraft system operations, but the CAA drone publications area now includes a large family of related documents, including CAP 722, CAP 722A, CAP 722D, CAP 722G, CAP 722H, CAP 722J, CAP 722K, CAP 722L and further supporting publications. (Civil Aviation Authority)
The CAA is careful to say CAP 722 is guidance rather than law. But for operators, manufacturers and consultants, guidance often becomes quasi-law. If a CAA document says something “should” be done, then in practice it can become very difficult to obtain an authorisation without doing it.
2025–2026: class marks, Remote ID, SORA and SAIL marking
By 2026, the regulatory stack becomes even heavier.
The CAA has confirmed UK class marking requirements for drones, with UK0 to UK6 classes setting product requirements such as reliability, geo-awareness, Remote ID, flashing lights, labelling and conformity assessment. The CAA says this is intended to support clearer and simpler rules, but it also introduces another product compliance layer for manufacturers and importers. (Civil Aviation Authority)
Remote ID is another example. The CAA describes Remote ID as a system that transmits identification and location information from a drone, usually by Wi-Fi or Bluetooth, to support police and enforcement activity. From 2026 and 2028, different categories of aircraft and operations become subject to Remote ID requirements, including requirements linked to UK class-marked aircraft. (Civil Aviation Authority)
Again, the purpose is understandable. Enforcement agencies need tools to identify irresponsible operators. But the practical burden falls on everyone, including responsible operators who are already registered, insured, trained and operating under permissions. RID also has technical flaws which would need addressing as currently it is to easy to Fake RID for a drone.
Then there is UK SORA. The CAA’s SORA process requires operators to assess ground risk, air risk, operational volume, contingency volume, ground risk buffer, adjacent areas, Specific Assurance and Integrity Level, Operational Safety Objectives, containment requirements and supporting evidence. (Civil Aviation Authority)
For complex operations, risk assessment is necessary. But SORA risks becoming a paperwork machine. Instead of one coherent safety case, an operator can end up managing a web of documents, evidence references, OSO compliance statements, containment arguments, aircraft evidence, operational evidence, training evidence and maintenance evidence.
The introduction of SAIL Mark certificates and Recognised Assessment Entities for Flightworthiness adds another layer again. The CAA says RAE(F)s assess technical features and flightworthiness, while SAIL Mark certificates demonstrate that a UAS meets requirements linked to UK SORA SAIL levels. (Civil Aviation Authority) CAP 722K, first issued in March 2025, sets out policy and administrative guidance for UAS designers and RAE(F)s seeking SAIL Mark certification. (Civil Aviation Authority)
This is where many manufacturers and operators start to ask whether regulation has crossed a line. If a drone already uses standard components, radio modules, electronics and systems that have their own conformity evidence, how many times should the same basic compliance be rechecked? At what point does a safety process become a market barrier?
The safety record question
The most uncomfortable question for regulators is this: where is the fatality record that justifies the scale of expansion?
The CAA’s 2024 Annual Safety Review says there were around 720,000 registered RPAS users, made up of approximately 450,000 Flyer IDs and 270,000 Operator IDs. It should be noted people that stop flying drones still have Flyer IDs for years after they have stopped flying so the answer to how many are actually operating or flying drones will be closer to 270,000 operator ID number overall.
It also reports around 2,500 operational authorisations and 21,000 remote pilots with competency qualifications. In 2024, the CAA recorded 55 RPAS accidents and serious incidents, a 31% decrease from 2023. (Civil Aviation Authority)
The same review states that fatal injury reports in 2024 represented 0.02% of all occurrence reports and that all of those fatal injury reports involved general aviation aircraft. (Civil Aviation Authority)
That does not mean drones are risk-free. A falling aircraft can injure someone. A drone near an airport can create serious consequences. The AAIB and CAA rightly require reporting of accidents and serious incidents, and the CAA says occurrence reporting is intended to support safety learning rather than blame. (Civil Aviation Authority)
But if the UK civilian multirotor sector has not produced the kind of fatality record that was once feared, then the regulatory response should be tested against real evidence. Rules should be proportionate to actual harm, not hypothetical worst-case scenarios layered on top of one another indefinitely.
Has regulation gone too far?
In some areas, no. Airport Flight Restriction Zones make sense. Basic registration makes sense. Competency tests make sense for heavier or higher-risk drones. Operational authorisations make sense for operations near people, infrastructure, controlled airspace or complex environments.
But the broader direction is harder to defend.
The UK has moved from a relatively simple safety model to a compliance stack. A responsible operator or manufacturer now faces not just operational rules, but class markings, Remote ID, SORA, SAIL, RAE(F) assessments, evidence matrices, OSO mapping, containment arguments, competency levels and a growing CAP 722 document family.
This is regulatory bloat.
The danger is that the system starts to reward paperwork more than safety. A small manufacturer can spend months producing evidence packs, paying consultants, chasing assessments and cross-referencing guidance documents, while an irresponsible operator can still buy a cheap drone and ignore the rules entirely.
That is the core failure of over-complex regulation: it burdens the compliant while doing little to stop the reckless.
Are policymakers just justifying their jobs?
It is probably too simplistic to say CAA policymakers are merely trying to justify their jobs. The CAA has statutory duties. It has to respond to government, public concern, airport disruption, international rulemaking, police enforcement needs and rapid technology change.
But it is fair to ask whether the policy culture has become self-expanding. Every new framework creates new guidance. Every guidance document creates new interpretation. Every interpretation creates a need for consultants, assessors, templates, evidence packs and further CAA review.
At some point, the process becomes its own industry.
The CAA should be challenged to answer a simple question for every new requirement: what specific risk does this reduce, and what evidence shows that the reduction is worth the cost?
If the answer is clear, the rule should stay. If the answer is vague, the rule should be simplified or removed.
A better way forward
The UK does not need deregulation. It needs proportional regulation.
Keep airport restrictions. Keep sensible height limits. Keep registration and competency where the aircraft or operation presents a real risk. Keep operational authorisations for complex work.
But reduce duplication. Stop turning every safety concern into another certificate or marking scheme. Make SORA usable by normal operators, not just consultants. Ensure SAIL marking does not become an innovation tax. Review guidance regularly and remove obsolete layers. Most importantly, measure regulatory burden against actual accident and injury data.
The drone industry has matured. The rules should mature too.
From 2012 to 2026, UK drone regulation has gone from broad safety principles to a dense compliance ecosystem. Some of that evolution was necessary. Much of it now looks excessive.
If the goal is safer skies, regulation must remain clear, targeted and evidence-led. If the result is simply more forms, more marks, more certificates and more cost, then the system is no longer just managing risk. It is manufacturing bureaucracy.
Related
Discover more from sUAS News
Subscribe to get the latest posts sent to your email.