Legal and Ethical Recommendations

  • María de Miguel Molina
  • María Ángeles Carabal Montagud
Open Access
Part of the SpringerBriefs in Law book series (BRIEFSLAW)


European countries have fragmented regulations about the manufacture and operation of civil drones; therefore, European institutions are trying to combine all these regulations into a common one by 2019. Until this common framework arrives, not only law but also ethics can give guidelines to the industry to satisfy national standards as well as users’ concerns. The European Aviation Safety Agency promotes the highest common standards of safety and develops common safety rules at the European level. This agency and its national equivalents monitor the activity of producers and operators, but, depending on the size of the drone, this activity could cover regulation measures or ethical recommendations. In this sense the aim of our analysis is to categorize the types of hard–soft regulations that we find in the European Union. Our study is based on a content analysis from four sources of information: scientific papers, policies and regulation proposals from the European Union, the regulation and co-regulation of some European countries, and the self-regulation of some drone companies’ associations. In general, few countries have chosen self-regulation as a solution to the problems, although in other economic sectors there are positive experiences. With our results we would like to give advice to the European industry as well as providing academia and policy makers with new insights.

1 Introduction

Different regions and countries in the European Union have diverse ways of regulating their commercial and professional activities. In some regions legal regulation is prominent, and there are different normative tools to regulate every economic activity in a detailed manner (the French model, regulation-centred countries). Therefore, individual freedom and organizational decision making are reduced, because legal regulation covers the majority of cases. This is the case of countries such as Spain or Belgium. On the other hand, other regions develop less regulation but use courts’ interpretation more, based on previous experiences (the Anglo-Saxon model, jurisprudence-centred countries), giving more freedom to individuals and organizations but less legal security in some cases. For example, this is the situation of the United Kingdom (UK).

However, in the last years, new hybrid models have proposed joint decision making among companies (self-regulation) or between companies and stakeholders, such as the public administration (meta-regulation or co-regulation). These models enhance reflexion and comparison of the “best practices” to follow some excellent organizations to ensure more ethical decision making when legal regulation cannot cover every single case. Some economic and third-sector organizations, such as videogames or sportive competitions, have developed their own rules or soft law in combination with the public administration.

According to Coglianese and Mendelson (2010: 152), and depending on the tool that we use (self-regulation or co-regulation), the organization’s discretion increases or diminishes in a pyramid, from freedom to regulation.

As we saw in the chapter “Spain-UK-Belgium Comparative Legal Framework”, the regulation of small drones (less than 150 kg) depends on their national regulations. Safety parameters play a key role in the design of civil UASs or RPASs (unmanned aircraft controlled remotely by a pilot, that is, aircraft controlled by a pilot who is not on board). These parameters apply to the producers and the offer of different services by the operators.

Moreover, drones produce other concerns about their use regarding people’s personal data (privacy) (Smith 2015). This is mainly an ethical issue on which policy makers should work with stakeholders (Finn and Wright 2016), especially in the case of micro-drones or indoor drones that do not require a flight licence or training to be used. However, the European data protection regulations serve to reinforce this aspect of drones’ use.

According to Stöcker et al. (2017), by 2016 more than 80% of the 65 countries with national regulations legislated about drones for 2 reasons: the increasing technology and high-profile safety incidents. Even small mistakes could result in crashes that threaten the health, well-being, and property of the public (Rao et al. 2016).

By now it seems that the necessity of visual line of sight (VLOS) and the lateral distance of the pilot (normally 500 m) are the main shared parameters. Moreover, the minimum lateral distances to people are in the range of 30–150 m.

Nevertheless, as technology is very difficult to regulate, other tools, such as co-regulation and self-regulation, although soft instruments, are useful alternatives for the manufacturers and operators of civil drones (Stöcker et al. 2017). Therefore, we could classify the best practices that fit better with each type of regulation: legal regulation, co-regulation, and self-regulation.

2 Drones’ European Legal and Ethical Framework

As Clarke (2014a: 291) highlights in relation to the drone surveillance sector, “the aviation industry has operated for the last seven decades within the framework provided by an international convention, resulting in considerable similarities across almost the entire world”, but “no such cohesive influence exists in the field of …” other regulations, such as for civil drones. Furthermore, he is quite critical of soft forms of regulation, as he underlines that the impact of organizational and industry self-regulation is very limited.

Moreover, “despite its theoretical promise, co-regulation too appears unlikely to satisfy the need. Formal regulation therefore appears to be essential” (Clarke 2014a: 291). He gives examples of other successful sectors, and in Clarke (2016: 153) he shows some co-regulation initiatives that could provide more commitment to the drone sector in the short–medium term, due to the fact that in “co-regulation … industry or user organisations perform regulatory functions within a framework set by a government agency”. That is because interaction among stakeholders may produce a consensus on a public policy approach in an area in which there is considerable uncertainty (Freeman and Freeland 2014).

As a starting point, and agreeing with Stöcker et al. (2017), all drone regulations have one common goal: “minimizing the risks to other airspace users and to both people and property on the ground”. They propose to analyse the different parts that national regulations cover:
  • Technical requirements (regarding the product);

  • Operational limitations (regarding the operator: distance to airports/strips, limitations to flying over people, limitations over congested areas, prohibited areas, maximal flying height, visual line of sight, beyond visual line of sight, and so on);

  • Administrative procedures (certificates, registration, insurance);

  • Human resource requirements (qualification of pilots);

  • Implementation of ethical constraints (here they include requirements for data protection and privacy).

Thus, as we can observe, the majority of concerns are related to safety, and they only give ethical concerns in relation to privacy. Safety tests are necessary before marketing a drone, and different key attributes of the product should be checked (Clarke 2014b). However, from our point of view, safety can also be included in ethical limitations. Moreover, different current regulations, at least in the European Union, can cover privacy issues.

Regarding data protection, the current European Directive guarantees rights of access, rectification, erasure, and blocking. In addition, the new Directive and Regulation on Data Protection (to commence at the end of May 2018) include the same standards (European Parliament 2016a, b). However, to apply them, it is essential to inform the subjects. Besides, the necessary storage measures should be adopted when processing, according to the European Union Directive.

As mentioned in the chapter “Spain-UK-Belgium Comparative Legal Framework”, the European Union has developed some documents to clarify the regulation of civil drones. The current national harmonization actions undertaken by the EASA define riskless open and riskier specific categories. The main European documents are the following:
  • Riga Declaration on remotely piloted aircraft (drones), “Framing the future of aviation”, Riga, 6 March 2015 (European Commission 2015).

  • EASA (European Aviation Safety Agency). A-NPA 2015-10. Introduction of a regulatory framework for the operation of drones. 31 July 2015 (EASA 2015).

  • European Union (2015). Opinion 01/2015 on privacy and data protection issues relating to the utilisation of drones, 16 June. Article 29, Data Protection Working Party, 01673/15/EN WP 231 (European Union 2015).

  • Juul (2015) Civil drones in the European Union. PE 571.305. Members’ Research Service, European Parliamentary Research Service (Juul 2015).

To reach a common legal framework, the European Union has developed several stakeholder consultations, although no legislation has been approved yet.

Furthermore, in other regions, such as the United States, Kaminski (2016) underlines the efforts of the National Telecommunications and Information Administration (NTIA) at the Department of Commerce to host multi-stakeholder negotiations on consumer privacy around drones for industry self-regulation and co-regulation. Moreover, in some specific sectors, the different stakeholders should be informed of the advantages of using drones. For example, Sandbrook (2015) remarks on the importance of identifying the social risks of drones for biodiversity conservation and how they could be mitigated to ensure good ethical practice and minimize the risk of unintended consequences. Accordingly, self-regulation and co-regulation could be adjusted to the different actors’ needs.

Industrial manufacturers and professional users are expected to play a key role and contribute to the decision regarding whether UAVs will be a tool for everyone or just for professionals (Stöcker et al. 2017). Codes of conduct are the most-used self-regulation tool to set rules and standards, such as the promises by companies to regulate themselves in the general interest of society (Laudon and Laudon 2016). Some associations of manufacturers and operators of drones have developed codes of conduct (Arkin 2016) that could also provide guidance to the regulators of in-place legal standards and practices (Freeman and Freeland 2014).

As drones’ technology changes fast, new organizations’ adoption of drone technologies must be paired with clear articulation of their ethical use and full transparency with the public (Culver 2014). For example, information security seems to have received less attention in regulations. However, some measures could be designed by default (Coopmans 2014) to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction (Braun et al. 2015). Some security concerns include hacking, hijacking, cyber-attacks, or other types of vulnerability. Thus, the encryption of communications among all the devices could permit secure computer–RPAS communication and avoid unauthorized access by third parties. For example, there is the possibility of data anonymization, such as pixels to avoid facial recognition when using a camera (Ruchaud and Dugelay 2015).

3 Drones’ National Legal and Ethical Frameworks

Following the analysis of the three European countries involved in the AiRT project, we have compared Spain, the UK, and Belgium. The situation in the different European countries is very similar. Normally co-regulation is used to provide the drones’ pilots with practical training, while self-regulation in general is not developed in a specific code of conduct.

The training of drones’ operators is a key factor for the industry (Clarke 2016). Requiring operators to be licensed and have insurance can impose standards and ensure safety (Luppicini and So 2016).

As a detailed legal study was undertaken in the chapter “Spain-UK-Belgium Comparative Legal Framework”, we focus our analysis on ethical tools (Table 1):
Table 1

Co-regulation and self-regulation initiatives in Spain, the UK, and Belgium





Regulatory body




Normative identification

Law 18/2014 Section 6

The Air Navigation Order 2016 (Article 94)

Royal Decree of 10 April 2016


AESA (practical training)

CAA (permissions for small drone operators)

BCAA (practical training)





Source Own elaboration

In Spain the National Agency of Aerial Safety (AESA) works with different organizations to provide pilots with practical training. In this sense authorization for training is given to (AESA 2017):
  • Drone manufacturers

  • Organizations authorized by a drone manufacturer

  • Licensed operators with their own pilots

  • Authorized training organizations (ATOs).

After the training and its assessment (as described by the AESA), these organizations have to send the Agency a dossier containing all the required official documents. This certificate should specify the drone type and model that the person is able to pilot. The certificate it is not necessary in all cases, although it could add value in the case of professional work. Moreover, licensed pilots normally contract insurance, and this constitutes another trust guarantee.

On the side of self-regulation, even though the Spanish Association of RPAS (AERPAS) is the biggest companies’ association as it includes manufacturers and operators, it has no code of conduct. There is a smaller association, AEDRON (2016), the Spanish Association of Drones and Similar, just for operators, which has developed one. According to it, some interesting points that the regulation does not cover are:
  • To help other pilots in the case of necessity;

  • To identify the environmental impacts of the activity in order to minimize them;

  • To use biodegradable materials and recycle them correctly;

  • To sign the operation’s zone correctly.

In the UK, as well as in the previous case, the Civil Aviation Authority (CAA) does not provide training but gives this task to the national qualified entities (NQEs) to assess the competence of people operating small unmanned aircraft (CAA 2015). That is the standard permission to conduct commercial operations with a small unmanned aircraft (drone) weighing 7 kg or less.

Regarding self-regulation, the Association of RPAs (ARPAS-UK 2017) has its own code of conduct. The code, which is very brief and general, is built on three specific themes: safety, professionalism, and respect. Nevertheless, some of its statements could be useful:
  • To report incidents to the police, national authority, or relevant industry body;

  • To ensure that RPASs will be piloted by individuals who are properly trained and competent to operate the aircraft or its systems;

  • To ensure that RPAS flights will be conducted only after a thorough assessment of the risks associated with the activity. Reliability, performance, and airworthiness are established standards.

The case of Belgium is the same. The Belgium Civil Aviation Authority (BCAA) does not provide training, but the Direction Générale Transport Aérien (DGTA) gives this competence to certain organizations (approved training organizations—ATOs). According to article 35 of the Royal Decree of 10 April 2016 on the use of unmanned aircraft in Belgian airspace, the candidates for the position of instructor must meet the following prerequisites:
  • Hold a valid remote pilot license;

  • Have completed a teaching and learning course;

  • Have flight experience of at least 100 h as a remote pilot.

A flight instructor candidate who meets the previous cumulative conditions must pass a practical examination before becoming an RPAS examiner designated by the DGTA. The RPAS flight instructor rating is valid for a period of three years (SPF Mobilité et Transports 2015).

Concerning self-regulation, the BeUAS—La Fédération Belge de l’Aviation Télépilote or Belgian Unmanned Aircraft System Association—just provides a “Charter” (BeUAS 2017) containing a few ethical principles. Among them, we highlight the following:
  • Always fly over people with permission;

  • Always bear in mind the type or class of drone in use;

  • Do not fly a drone at night;

  • Respect the operating manual at all times if applicable, knowing the drone’s limits and adapting the flight in function.

To sum up, we can observe that self-regulation is focused on operators and the main concerns regarding the ethical aspects of their work are the following:
  • To work in a helpful environment, prioritizing safety all the time;

  • To minimize the environmental impacts;

  • To give all the necessary information and request permission to the people affected by the activity;

  • To report incidents;

  • To pilot when there is the competence and training to do so in a safe way, respecting the operating manual;

  • To analyse the risks associated with the activity, bearing in mind the class of drone in use and the limits.

We think that these measures are in line with the draft of the new European Union regulation but could be useful while that regulation is being approved and implemented.

4 Industry Perceptions

We conducted focus groups in Spain, the UK, and Belgium during February 2017 to contrast with the creative industry the concerns about safety and security when using civil drones for their work. Each group was formed by six to seven expert informants from different sectors, and half of them have a pilot drone license. In total we collected information from twenty people.

The participants attribute the most importance to the experience of the pilot, particularly regarding professional work. For them, trust can be gained when there is training and insurance to cover any eventuality. Additionally, an encrypted Wi-Fi connection is necessary in all cases to give information to the subjects when recording.

Furthermore, the role of the producers is more focused on default measures and giving advice and instructions to the operators.

5 Conclusions

From our point of view, manufacturers and operators are different actors, even though the traditional way of distinguishing standards is to categorize them into active and passive measures all together for both groups. Manufacturers are key actors, as they develop safety and security measures, but operators can just use them, so they are less involved in the design of the product. Manufacturers should work with operators and other stakeholders to improve those measures, because knowing actors’ concerns can add considerable value to the product.

Manufacturers could be more centred on safety by default and security by default in designing drones to avoid risky situations in their use. Operators should have the appropriate training to avoid any risk, even for small drones. Maybe if the industry is able to develop very precise drones, the pilots could be inexperienced, but at this moment we think that these cases should be reduced to indoor environments where the risks can be better assessed.

Even if ethics and codes of conduct can help manufacturers and operators of drones, co-regulation whereby public agencies could give some kind of certificate would be an additional element to reinforce other kinds of work in which flight licenses are not compulsory.

As we have observed, in the European countries, co-regulation now is only centred on operators and practical training. The participation of other stakeholders to ensure safety and security is not included. However, other agencies could be involved in the industry, for example to ensure information security, product safety, or data protection by applying different best-practice standards.

Moreover, on the side of regulation, and following Rao et al. (2016: 89), the introduction of compulsory specific insurance could be helpful to create a registry of devices to link each drone to its owner and to help to assign responsibility for illegal activities. On the same line, Boucher (2016: 1409) stresses that citizens see drone regulations as analogous to car regulations; therefore, they should have “mandatory licensing, registration of devices, and mandatory third-party insurance”. For him the current focus on public acceptance of civil drone development will move to the development of civil drones that are acceptable to society.

The European Union (2015) recommends that producers can help by giving advice on their packaging and using codes of conduct to self-regulate the industry. Other tools, such as impact assessment or the participation of a Data Protection Officer, could improve clients’ reliability. The industry could be proactive in case regulation is not enough.


  1. AEDRON (2016) Code of conduct. Accessed 18 July 2017
  2. AESA (2017) Practical training, authorised organizations. Accessed 18 July 2017
  3. Arkin RC (2016) Ethics and autonomous systems: perils and promises. Proc IEEE 104(10):1779–1781CrossRefGoogle Scholar
  4. ARPAS-UK (2017) Code of conduct. Accessed 17 July 2017
  5. BeUAS (2017) BeUAS charter. Accessed 20 July 2017
  6. Boucher P (2016) ”You wouldn’t have your granny using them”: drawing boundaries between acceptable and unacceptable applications of civil drones. Sci Eng Ethics 22:1391–1418CrossRefGoogle Scholar
  7. Braun S, Friedewald M, Valkenburg G (2015) Civilizing drones: military discourses going civil? Sci Technol Stud 28(2):73–87Google Scholar
  8. Clarke R (2014a) The regulation of civilian drones’ impacts on behavioural. Comput Law Secur Rev 30(3):286–305CrossRefGoogle Scholar
  9. Clarke R (2014b) Understanding the drone epidemic. Comput Law Secur Rev 30(3):230–246CrossRefGoogle Scholar
  10. Clarke R (2016) Appropriate regulatory responses to the drone epidemic. Comput Law Secur Rev 32(1):152–155CrossRefGoogle Scholar
  11. Coglianese C, Mendelson E (2010) Meta-regulation and self-regulation. In: Baldwin R, Cave M, Lodge M (eds) The Oxford handbook of regulation. Oxford University Press, Oxford, pp 146–168Google Scholar
  12. Coopmans C (2014) Architecture requirements for ethical, accurate, and resilient unmanned aerial personal remote sensing. In: 2014 International Conference on Unmanned Aircraft Systems (ICUAS), pp. 1–8Google Scholar
  13. Culver KB (2014) From battlefield to newsroom: ethical implications of drone technology in journalism. J Mass Media Ethics Explor Quest Media Moral 29(1):52–64CrossRefGoogle Scholar
  14. European Aviation Safety Agency (EASA) (2015) Advance notice of proposed amendment 2015-10, A-NPA. Accessed 6 July 2017
  15. European Commission (2015) Riga Declaration on remotely piloted aircraft (drones) “Framing the future of aviation”. Accessed 18 July 2017
  16. European Parliament (2016a) Directive (EU) 2016/680 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework (Decision 2008/977/JHA). Accessible via EUR-LEX. Accessed 18 July 2017
  17. European Parliament (2016b) Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Accessible via EUR-LEX. Accessed 18 July 2017
  18. European Union (2015) Opinion 01/2015 on privacy and data protection issues relating to the utilisation of drones. Article 29 Data Protection Working Party, 01673/15/EN WP 231. Accessible via the European Commission. Accessed 18 July 2017
  19. Finn RL, Wright D (2016) Privacy, and ethics for civil drone practice: a survey of industry, regulators and civil society organisations. Comput Law Secur Rev 32(4):577–586CrossRefGoogle Scholar
  20. Freeman PK, Freeland RS (2014) Politics & technology: U.S. policies restricting unmanned aerial systems in agriculture. Food Policy 49(1):302–311CrossRefGoogle Scholar
  21. Juul M (2015) Civil drones in the European Union. PE 571.305. Members’ Research Service, European Parliamentary Research Service. Accessible via European Parliament. Accessed 18 July 2017
  22. Kaminski ME (2016) When the default is no penalty: negotiating privacy at the NTIA. Denver Univ Law Rev 93(4):925–949Google Scholar
  23. Laudon KC, Laudon JP (2016) Management information systems: managing the digital firm. Pearson, HarlowGoogle Scholar
  24. Luppicini R, So A (2016) A technoethical review of commercial drone use in the context of governance, ethics, and privacy. Technol Soc 46:109–119CrossRefGoogle Scholar
  25. Rao B, Gopi AG, Maione R (2016) The societal impact of commercial drones. Technol Soc 45:83–90CrossRefGoogle Scholar
  26. Ruchaud N, Dugelay JL (2015) Privacy protection filter using StegoScrambling in video surveillance. In: CEUR workshop proceedings, vol 1436. Accessed 18 July 2017
  27. Sandbrook C (2015) The social implications of using drones for biodiversity conservation. Ambio 44(4):636–647CrossRefGoogle Scholar
  28. Smith ML (2015) Regulating law enforcement’s use of drones: the need for state legislation. Harv J Legis 52(2):423–454Google Scholar
  29. Stöcker C, Bennett R, Nex F, Gerke M, Zevenbergen J (2017) Review of the current state of UAV regulations. Remote Sens 9(5):459–485CrossRefGoogle Scholar
  30. SPF Mobilité et Transports (2015) Instructeur ou examinateur RPAS. Accessed 20 July 2017

Copyright information

© The Author(s) 2018

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  • María de Miguel Molina
    • 1
  • María Ángeles Carabal Montagud
    • 1
  1. 1.Universitat Politècnica de ValènciaValenciaSpain

Personalised recommendations