Live BVLOS autonomous swarm flight trials sit at the intersection of three unsettled regulatory regimes. This is the user story for an assurance-grounded workbench that lets a joint review panel issue — or defensibly refuse — a Military Permit to Fly with traceable rationale at speed.
a Lead Inspector in the UK MAA's RPAS Regulatory Branch — sitting on a joint review panel with CAA Airspace, ATM & Aerodromes and Flight Operations Inspectorate counterparts — responsible for granting or refusing a Military Permit to Fly and the associated Flight Trials Instruction for a BVLOS autonomous swarm operating across both segregated Danger Area and non-segregated airspace.
an assurance-grounded joint Approval Workbench that ingests the safety case, JARUS SORA, AMLAS/SACE autonomy assurance, DAA evidence, C2 link analysis, swarm-behaviour envelope and CAP 1616 artefacts; cross-checks against RA 1000 / 1600 / 2300, DEFSTAN 00-970 Pt 9, CAP 722/A/B, JSP 936 Pt 1, and AOP-15 / Article 36; flags residual risk and weak traceability; and produces a structured decision record in engineering English.
I can issue — or defensibly refuse — an MPTF for the live BVLOS swarm trial with confidence that ALARP has been demonstrated, that Meaningful Human Control and Duty Holder accountability are intact, that third-party airspace users and the public below are not exposed to unacceptable risk, and that a transparent audit trail exists for the RTSA, DASB, Ministers, and any future Service Inquiry or AAIB investigation.
Autonomous swarm flight trials sit in the awkward intersection between three unsettled regulatory regimes: BVLOS in non-segregated airspace (CAA, CAP 722B), RPAS airworthiness and flight test (MAA, RA 1600 / 2335), and AI/autonomy assurance (JSP 936 Pt 1, AMLAS, SACE). No single rulebook covers a swarm cleanly. Approvals today are bespoke, slow, and consume senior-inspector bandwidth that the UK has too little of — particularly with the Protector RG Mk1 transition, GCAP/Tempest early airframe work, and Project Alvina's attritable-mass experimentation all converging through 2026–2028.
Chairs the joint review panel; signs the decision record.
Airspace integration, third-party risk, CAP 1616.
Owns residual safety risk once Permit issued.
Accountable for AI-assisted onboard decision-making.
Owns live trial execution on the day.
MAA-CTS / QinetiQ / DAIC — autonomy specialism.
8 criteria · liftable into a backlog or specification-by-example workshop
Identify required artefacts, map to RA 1600/2300, DEFSTAN 00-970 Pt9, CAP 722/A/B. Produce a red/amber/green coverage matrix with page-level pointers.
Verify GRC, ARC, M1–M3 mitigations, derived SAIL, and all 24 OSOs. Any unmet OSO blocks a green rating without explicit panel rationale.
Sensor performance, closure geometries, Well Clear derivation, ASTM F3442 / EUROCAE ED-267 alignment. Tested envelope must enclose operational envelope.
Link budget, latency, RF/GNSS resilience, crypto posture. Loss-of-link behaviours that need swarm consensus post-loss are flagged high-risk.
Simulation + live-flight coverage of the collective state space. Geofencing at agent and swarm level. Extrapolation triggers panel decision.
NOTAM, electronic conspicuity, TDA/TRA validity, third-party risk over inhabited areas. Out-of-volume legs cannot turn green.
AMLAS / SACE-aligned case with ODD, data provenance, drift monitoring. JSP 936 Pt 1 RAISO sign-off. Meaningful Human Control explicit at every layer.
Structured record: regulatory basis, evidence, residual risk, ALARP, conditions, review triggers, signatures. Every claim traceable to artefact + paragraph.