Flying drones for work or fun in the UK? Then you should be up to date with SORA.

It’s the new method to check drone flight risks. On April 23, 2025, the UK swapped out the old Operating Safety Case (OSC) paperwork for UK SORA.  It scores how risky a flight is (ground and air risk) and spits out the safety steps you need. The Civil Aviation Authority (CAA) calls it a way to classify risk and set safety goals for each mission. It’s not a new law, but a standard way to comply with existing rules.

Why the fuss?

Well, two teams flying the same route should end up with the same safety checklist, making things fair and clear. The CAA and industry like this because SORA is “more transparent and consistent” than the old OSC style. In fact, this JARUS SORA system is used by dozens of countries worldwide. The UK took the latest JARUS SORA v2.5 as its base, tweaking it for our crowded skies.

In this guide, we will look at:

  • What UK SORA actually is and how it fits into UK drone rules.
  • When you can use UK SORA, when you can’t, and why that matters for you.
  • How the core building blocks GRC, ARC, SAIL and OSOs work together 
  • How the new digital SORA Application Service walks you through risk modelling and evidence step by step.
  • The main similarities and differences between UK SORA and EU SORA if you work across borders.
  • An example operation and practical tips to make SORA part of your everyday planning.

What is UK SORA and Where Does It Sit?

SORA stands for Specific Operations Risk Assessment.

In simple terms, it is a structured way to show the CAA that your operation is safe enough for the risk it creates. It turns your operation into numbers, classes and clear safety objectives instead of loose narrative.

The UK has taken JARUS SORA v2.5 and adapted it into UK SORA, published as CAP 3017 in July 2024. UK SORA is used as an Acceptable Means of Compliance (AMC) to UK Regulation (EU) 2019/947, Article 11, so it sits under the familiar EU-style drone rules, just in UK form.

The CAA also ran a separate consultation, CAP 3016, to set out the policy and the small but important UK differences from the JARUS baseline.

You still have the three categories you know:

  • Open for low-risk flights.
  • Specific for operations that need an authorisation.
  • Certified for very high-risk operations.

SORA only applies to the Specific category.

Operations That UK SORA Does Not Cover

CAP 3017 is very clear. You cannot use UK SORA when your operation:

  • Carries people on board.
  • Uses an unmanned aircraft with a largest dimension over 40 metres.
  • Has a maximum cruise speed above 200 m/s.
  • Operates above FL660.
  • Uses swarm operations.
  • Uses multiple simultaneous operations (MSO) in one approval.

For those cases, you are pushed towards the Certified category or other bespoke arrangements with the CAA.

Timeline And The New Digital Application Service

In 2024, the CAA launched a new digital platform (often called DSCO) for standard PDRA applications. That change cut average lead times from around 13 days to about 30 minutes, and 82% of users who gave feedback said they were “very satisfied”.

From 23 April 2025, Operational Authorisations based on UK SORA are being processed through this same digital UK SORA Application Service.

Existing OSC-based authorisations stay valid until they expire. But new complex operations now move to SORA through the digital service.

The SORA Building Blocks

SORA has four core pieces:

  • Ground Risk Class (GRC)
  • Air Risk Class (ARC)
  • Specific Assurance and Integrity Level (SAIL)
  • Operational Safety Objectives (OSOs)

Let’s break them down.

Operational Volume, Contingency Volume And Buffers

Before GRC or ARC, UK SORA defines how you think about your airspace.

In CAP 3017, the operational volume is split into:

  • A flight volume where the drone is meant to fly in normal conditions.
  • A contingency volume around it for abnormal situations.
  • A ground risk buffer on the surface around the contingency volume.

The idea is simple.

If you lose control, the aircraft should still land inside that wider ground buffer, not somewhere random miles away.

The document also defines:

  • The adjacent area on the ground, where the drone might land after leaving the operational volume during loss of control.
  • The adjacent airspace, where the drone may end up in the air if it leaves the planned zone.

These concepts feed directly into the ground and air risk calculations.

Ground Risk Class (GRC)

GRC is about one simple question:

“If you fall out of the sky, who could you hurt on the ground?”

UK SORA uses a qualitative ground risk model, based on JARUS SORA v2.5.

The process is:

  1. You define your intrinsic GRC (iGRC) from:
    • Aircraft size and maximum speed.
    • Ground footprint of the operation.
    • Population density under that footprint.
  2. You then apply strategic ground mitigations:
    • Flying in low-population areas.
    • Avoiding third-party gatherings.
    • Using shelters or overhead cover.
  3. These mitigations may step the GRC down by one or more classes.

The final GRC is a value from 1 to 7, where 1 is low risk and 7 is very high risk for people on the ground.

Check CAP 3017 for Table 3 on qualitative GRC and Annex B to tell you how much each mitigation buys you.

Air Risk Class (ARC)

ARC asks a different question:

“How likely are you to hit a manned aircraft?”

The UK uses an updated qualitative air risk model. CAP 3017 explains that the UK version changes the JARUS model in three ways:

  1. The initial ARC flowchart focuses on:
    • Type of encounter.
    • Airspace ruleset.
    • Whether traffic is “known” or “recognised”.
  2. The flowchart is used even when no encounter rate data are available.
  3. Strategic and tactical mitigations are tuned to UK reality, with references to UK flight information services and military low-flying coordination.

You start with an initial ARC (ARC-a lowest to ARC-d highest) based on airspace and expected manned traffic. Then you apply:

  • Strategic mitigations (e.g. separation from ATS routes, altitude restrictions).
    Tactical mitigations (e.g. surveillance, VOs, ATS services).

These can reduce ARC, as long as they meet the quantitative or qualitative criteria in the SORA Annexes C and D

Specific Assurance And Integrity Level (SAIL)

Now we mix ground and air.

The SAIL is a combined risk score.

JARUS and UK SORA use a matrix of final GRC vs ARC to produce SAIL. The result is a level from I to VI, where I is low risk and VI is very high risk. 

  • Low GRC and low ARC usually give SAIL I or II.
  • High GRC and high ARC can give SAIL V or VI.

SAIL matters because it drives:

  • Which OSOs apply.
  • How strong each mitigation must be.
  • How much independent review is needed.

CAP 3017 also explains how the CAA will check OSOs by SAIL level. For example, for SAIL I, it will always check OSOs 8, 9, 13, 16 (if relevant), 17 and 23. For SAIL II, it also checks OSOs 1 and 6. From SAIL III upwards, all relevant OSOs are checked systematically.

So SAIL is not only a label. It controls the level of scrutiny.

Operational Safety Objectives (OSOs)

OSOs are the detailed safety requirements.

JARUS SORA v2.5 defines 24 OSOs in Annex E. UK SORA adopts that list, then describes its own expectations in CAP 3017.

Examples:

  • OSO 1 – The UAS operator is competent and proven.
  • OSO 2 – The UAS is manufactured by a competent entity.
  • OSO 5 – The UAS is designed for system safety and reliability.
  • OSO 8 – Operational procedures are defined, validated and followed.
  • OSO 9 – Remote crew are trained and current.
  • OSO 23 – Environmental conditions are considered and managed.

Each OSO also has a robustness requirement, which combines:

  • Integrity – how strong the measure is.
  • Assurance – how strong the evidence is.

For low SAIL, you might meet some OSOs with declarations and basic documentation. For high SAIL, you may need tests, independent inspections, or third-party assessments.

In the UK, you can also use:

  • A Recognised Assessment Entity (RAE(F)) to assess your aircraft and systems.
  • A future SAIL Mark certificate from a manufacturer, showing that a UAS design meets specific SAIL-level criteria.

Those tools can take some of the burden off individual operators.

How The UK SORA Application Service Works

The UK SORA process is designed as a two-phase digital journey.

The UK SORA Application Service:

  • Runs in the CAA’s digital DiSCO platform.
  • Guides you with step-by-step screens.
  • Has a built-in SORA calculator.
  • Splits the process into risk modelling first, then evidence upload later.

Phase One – Describe And Model The Operation

In phase one, you:

  1. Describe the operation and CONOPS:
    • Where you fly.
    • How high.
    • What the drone does.
    • Who is on the ground.
    • What airspace you cross.
  2. Input aircraft data:
    • Weight and dimensions.
    • Maximum speed.
    • Systems like parachutes or flight termination.
  3. Input mitigations you plan to use.

The tool then calculates:

  • GRC based on population and containment.
  • ARC based on airspace and encounter type.
  • The resulting SAIL.

It also shows the list of OSOs and mitigations that apply at that SAIL.

So by the end of phase one, you know the exact safety “shopping list” before you start digging through documents.

Phase Two – Provide Evidence

In phase two, you:

  • Upload documentation for each required OSO.
  • Attach test reports, procedures, training records and system descriptions.
  • Add any third-party reports (for example from an RAE(F)).

The CAA will check evidence systematically according to SAIL, and may add tactical checks based on safety intelligence, novelty or design complexity.

So your job is simple in theory:

  • Follow the calculator output.
  • Build a clean evidence set.
  • Keep it tightly mapped to each OSO.

UK SORA Versus EU SORA

Both the UK and EU base their systems on JARUS SORA v2.5, published in June 2024.

But the way they plug it into law and process is slightly different.

Key Similarities

  • Same ground risk idea, using iGRC and mitigations.
  • Same air risk structure with ARC and strategic/tactical mitigations.
  • Same SAIL scale from I to VI.
  • Same OSO list in Annex E.

So if you learn SORA concepts once, they largely transfer.

Factor UK SORA EU / EASA SORA
Legal basis Used as AMC to UK Regulation (EU) 2019/947, Article 11. Implemented through CAP 3017 and CAA SORA policy. Used as AMC/GM to EU Regulation 2019/947, with EASA guidance and national authority processes.
Digital tooling Uses a UK SORA Application Service on the CAA’s digital DSCO platform. Step-by-step calculator and upload system. No single EU-wide portal. Each national authority runs its own process. EASA provides templates and guidance.
Air risk model Uses an updated UK qualitative ARC model. Initial ARC flowchart focuses on encounter type, ruleset and known traffic. Works even without encounter-rate data. Uses the JARUS SORA ARC approach directly. States may add local rules, but there is no common EU flowchart.
High-risk design approvals UK SORA does not require type certification in SAIL V and VI and does not issue DVRs. Evidence is assessed through OSOs, SAIL and optional RAE(F) or SAIL Mark. EASA requires extra design approvals. For SAIL I–II, a declaration against design OSOs is enough. For SAIL III, compliance with a specific Means of Compliance. For SAIL IV, a Design Verification Report (DVR). For SAIL V–VI, a Part 21 type certificate is required.
Third-party roles Uses Recognised Assessment Entities (RAE(F)) for airworthiness and system assessments, and plans SAIL Mark certificates for designs. Uses EASA directly for DVRs and type certificates. No RAE concept at EU level; national authorities and EASA share responsibilities.
Existing OSCs / legacy approvals OSC-based authorisations remain valid until expiry. New complex approvals migrate to SORA through the digital service from 2025. Many states used OSC-style documents before SORA. They are being gradually phased into SORA-based authorisations as SORA 2.5 comes into force.

So, if you plan cross-border operations, you will see the same logic but different paperwork routes.

How Many Drones Are We Talking About?

To understand why SORA matters, it helps to see the scale.

The CAA Safety Review 2024 shows:

  • Around 720,000 active registered flyers and operators in 2024.
  • That is a 21.4% increase year on year.
  • About 450,000 Flyer IDs and 270,000 Operator IDs.
  • Over 21,000 remote pilots with formal competency.
  • More than 2,500 active Specific Category Operational Authorisations.

An earlier CAA-backed industry report in 2023 already reported around 500,000 registered “operators and flyers” and about 7,000 Specific category authorisation applications per year, meaning drone users already outnumbered traditional general aviation pilots.

So you are not working in a niche any more.

On misuse, ProtectUK reported over 6,000 drone-related incidents to police in 2023, across the UK. Only about 11% of those were crimes; the rest were nuisance or concern reports.

So most flying is lawful and safe, but the volume is high enough that risk assessment frameworks like SORA become important.

Example Of Working With UK SORA 

Now, what does this all mean when you are planning a real operation?

Imagine you are planning a BVLOS inspection of a long power line, crossing mixed farmland and a few villages.

In the UK SORA Application Service you will:

  1. Describe your CONOPS.
  2. Define the flight volume, contingency volume and ground buffer.
  3. Enter the UAS data: mass, wingspan or rotor span, maximum speed.
  4. Answer questions about population density and ground environment.
  5. Answer questions about airspace and expected manned traffic.
  6. Declare strategic mitigations (route choice, time of day, shelters).
  7. Declare tactical mitigations (surveillance, FIS, observers, detection).

The tool then gives you:

  • An intrinsic GRC, then a final GRC after mitigations.
  • An initial ARC, then final ARC once mitigations are applied.
  • The resulting SAIL.
  • The full OSO list that must be met at that SAIL.

You then check:

  • Does the SAIL match your expectations for that mission?
  • Do you have evidence for each OSO, or do you need extra testing?
  • Is there a benefit in using a SAIL-marked UAS if available?

Practical Tips For Teams

A few practical habits help a lot here.

Map your typical missions.

Group operations into patterns: short VLOS inspections, BVLOS corridors, urban jobs, etc. For each pattern, run a SORA model and note the usual SAIL and OSOs.

Standardise your evidence packs.

Instead of writing a new story every time, create controlled templates for:

  • Operations manuals and checklists.
  • Training and competency records.
  • Maintenance and configuration logs.
  • Test reports for containment or parachute systems.

Align training with SAIL levels.

As the UK rolls out revised remote-pilot competency tiers aligned with SORA, match your internal currency and checking to those requirements.

Watch the design side.

If manufacturers start offering SAIL-marked aircraft, they can save you time, especially at SAIL III and above, because some OSO evidence shifts to the manufacturer.

Use expert help when needed.

For higher SAIL missions, a good RAE(F) report can make CAA review smoother and help you avoid blind spots in your system design.

UK SORA is a structured, numbers-backed way for the CAA and industry to talk about risk in the same language.

From your side, the best move is to get comfortable with the building blocks: GRC, ARC, SAIL and OSOs, and to treat the digital application service as a modelling tool, not just a form.

If you understand how your operations push those sliders, you can design missions, training, and fleets that sit in a sensible SAIL band, with evidence ready before you even log in.

That is when SORA stops feeling like a hurdle and starts feeling like a design tool for the kind of operations you really want to fly.