The Spanish test and certification centre EU Drone Port has introduced Fail-Safe – a software/hardware system designed to maintain the safety of a drone operation in case it may be compromised.
Fail-Safe actions are configured in a drone’s flight control system to protect the flight being made. The actions control a flight’s recovery or termination.
The flight controller is responsible for sending orders to the different components of the aircraft so that it can carry out the flight, but for this to work correctly, it must also collect a series of data that will help it validate that everything is being done correctly. These input data come from different components of the aircraft, such as:
-
- Gyroscopes and inertials
-
- GNSS (GPS, GLONASS, GALILEO, etc.)
-
- Battery voltage and amperage controllers
- Communication link
All of these systems execute hundreds of calculations per second and the flight controller is responsible for interpreting them and making decisions to continue carrying out the flight.
Low battery
When the aircraft does not have enough battery to perform the flight, the Fail-Safe configured in the flight controller will inform the pilot of the battery status and will initiate a procedure to return to the takeoff point. If the battery status is very low, the drone will begin a flight termination procedure by performing a landing at the point where it is located.
Loss of communication link
In this case, the flight interface must continually show us the status of the quality of the link we have with the aircraft and alert us if it is degrading and this may cause problems during the flight. When the link is finally interrupted, the Fail-Safe programmed in the flight controller must automatically execute a link recovery procedure. This procedure normally consists of an increase in flight height and a return to the takeoff point. By increasing altitude and reducing distance, the pilot should be able to recover the aircraft control signal and, if desired, cancel Fail-Safe and continue executing the flight.
If the link cannot be recovered, the aircraft will initiate a flight termination maneuver at the takeoff point, which will cause the aircraft to land.
Flight outside operational volume
If the aircraft leaves the defined flight volume or crosses the geo-awareness barriers and is detected by the flight controller with its GNSS, the aircraft must alert the pilot and, as programmed, interrupt the flight and return within the defined limits.
Manual activation
Another very typical resource is to manually activate a Fail-Safe through the control interface of the aircraft or the transmitter. The pilot has this option and can use it whenever he believes it is necessary, whether due to observing some strange behavior in the aircraft, not being able to continue piloting (for example, glare, dizziness, etc.) or activating it to avoid continuing to pilot or test that the system works correctly.
Others
The flight controller may have other Fail-Safe programmed, such as in cases where it detects any malfunction of the engines, flight stabilization, interference, etc. Depending on the manufacturer, the aircraft could interrupt the flight by landing, returning to the take-off point or simply informing the pilot.
UAS certification
The use of Fail-Safe is necessary in certified UAS, where it is not only analysed that they exist, but also how they communicate with the pilots through sound alerts, messages in the flight interface, light indicators, etc. The procedures for using Fail-Safe must be duly documented in the aircraft user manual and the pilot must know them perfectly before performing any flight.
For more information visit:
