SORA Risk Assessment: Global Framework Comparison 2026

🐣 SORA: The Risk Framework Everyone Needs

Piyo looks confused. "SORA? Is that a person?"

What is SORA?

SORA = "Specific Operations Risk Assessment"

It's a framework to:

1. Identify hazards (what could go wrong?)
2. Assess severity (how bad if it happens?)
3. Evaluate likelihood (how often would it happen?)
4. Implement mitigation (how do we reduce risk?)
5. Determine acceptability (is the risk acceptable?)

Developed by: Netherlands, with support from EASA, ICAO

SORA Framework Basics

Risk Matrix (Severity × Likelihood = Risk Level):

	Low Likelihood	Medium Likelihood	High Likelihood
Catastrophic	Medium Risk	High Risk	Unacceptable
Severe	Low Risk	Medium Risk	High Risk
Moderate	Low Risk	Low Risk	Medium Risk
Minor	Low Risk	Low Risk	Low Risk

SORA Process:

1. Baseline Risk: Assume no mitigations
2. Mitigation Strategy: Add controls (barriers, training, equipment)
3. Residual Risk: Risk after mitigations
4. Approval Decision: Accept, require more mitigation, or deny

9-Country SORA Approach

🇬🇧 United Kingdom

Feature	Details
Framework Adoption	CAA uses EASA SORA guidelines; integrated into OpAuth process
Methodology	Structured risk assessment; documentation required
Operator Responsibility	Operator must conduct and document SORA
Hazard Categories	People, property, aircraft, environmental
Mitigation Options	Technical, operational, organizational controls
Approval Authority	CAA Special Flight Permission (SFP) review
Common Mitigations	Barriers, spotters, observer, RTK, insurance, training
Documentation	5–15 page risk assessment typical

---

🇩🇪 Germany

Feature	Details
Framework Adoption	LBA aligns with EASA SORA (strict interpretation)
Methodology	Detailed hazard analysis; engineering focus
Operator Responsibility	Operator documents risk; LBA reviews thoroughly
Hazard Categories	People, property, aircraft, airspace, environment
Mitigation Options	Technical preferred; operational as backup
Approval Authority	LBA with possible expert consultation
Common Mitigations	Parachute systems, redundant electronics, RTK, perimeter barriers
Documentation	10–20 page assessment; engineering-level

🇫🇷 France

Feature	Details
Framework Adoption	DGAC uses simplified SORA; less rigid than Germany
Methodology	Structured but flexible approach
Operator Responsibility	Operator submits risk assessment; DGAC verifies
Hazard Categories	People, property, aircraft, environment (standard)
Mitigation Options	Balanced: technical + operational acceptable
Approval Authority	DGAC can approve with reasonable mitigations
Common Mitigations	Spotters, barriers, insurance, training, modest tech
Documentation	5–10 page assessment (typical)

🇳🇱 Netherlands

Feature	Details
Framework Adoption	ILT developed SORA with EASA; original framework owner
Methodology	Structured; detailed quantitative risk analysis
Operator Responsibility	Operator conducts SORA; ILT facilitates
Hazard Categories	People, property, aircraft, airspace, environment
Mitigation Options	Technical, operational, organizational (all acceptable)
Approval Authority	ILT reviews; reasonable acceptance threshold
Common Mitigations	Comprehensive: barriers, RTK, observers, insurance, contingency
Documentation	8–15 page assessment

🇸🇪 Sweden

Feature	Details
Framework Adoption	Transportstyrelsen uses SORA; conservative interpretation
Methodology	Detailed; aerospace industry standard
Operator Responsibility	Operator documents; Transportstyrelsen scrutinizes deeply
Hazard Categories	People, property, aircraft, airspace, environmental, noise
Mitigation Options	Technical preferred; high bar for operational mitigations
Approval Authority	Transportstyrelsen (very selective approval)
Common Mitigations	Redundant systems, RTK, parachute, insurance, training
Documentation	15–25 page detailed assessment

🇦🇺 Australia

Feature	Details
Framework Adoption	CASA developed similar framework (pre-SORA); now SORA-aligned
Methodology	Risk management approach; practical assessment
Operator Responsibility	Operator submits risk assessment; CASA reviews
Hazard Categories	People, property, aircraft, environment (standard)
Mitigation Options	Balanced: all mitigation types acceptable if justified
Approval Authority	CASA (industry-cooperative; reasonable approval threshold)
Common Mitigations	Spotters, barriers, insurance, RTK, training
Documentation	5–10 page assessment (practical, not overly bureaucratic)

🇳🇿 New Zealand

Feature	Details
Framework Adoption	CAA NZ uses SORA approach; accessible interpretation
Methodology	Structured; practical risk assessment
Operator Responsibility	Operator submits assessment; CAA reviews
Hazard Categories	People, property, aircraft, environment
Mitigation Options	All types acceptable if effectively justified
Approval Authority	CAA NZ (cooperative; reasonable approval threshold)
Common Mitigations	Spotters, barriers, insurance, RTK, contingency planning
Documentation	5–10 page assessment

---

🇨🇦 Canada

Feature	Details
Framework Adoption	Transport Canada moving toward SORA alignment
Methodology	Risk management; practical, outcome-focused
Operator Responsibility	Operator submits risk assessment; Transport Canada reviews
Hazard Categories	People, property, aircraft, environment
Mitigation Options	All types acceptable; practical focus
Approval Authority	Transport Canada (reasonable approval threshold)
Common Mitigations	Spotters, barriers, insurance, RTK, contingency
Documentation	5–10 page assessment

---

🇯🇵 Japan

Feature	Details
Framework Adoption	MLIT developing SORA-aligned framework
Methodology	Structured; beginning to use SORA terminology
Operator Responsibility	Operator submits via DIPS system; MLIT reviews
Hazard Categories	People, property, aircraft, environment
Mitigation Options	Technical preferred initially; operational growing
Approval Authority	MLIT (increasingly sophisticated review)
Common Mitigations	Spotters, barriers, insurance, RTK, training
Documentation	5–10 page assessment (DIPS-formatted)

---

SORA Assessment Comparison

Country	Rigidity	Technical Bias	Operational Mitigations	Approval Threshold	Doc Length
🇸🇪 SE	Very high	Strong	Discouraged	Very high	15–25 pages
🇩🇪 DE	High	Strong	Accepted	High	10–20 pages
🇬🇧 UK	High	Moderate	Accepted	High	5–15 pages
🇮🇪 NL	Moderate	Moderate	Balanced	Moderate	8–15 pages
🇯🇵 JP	Moderate	Strong	Growing	Moderate	5–10 pages
🇨🇦 CA	Moderate	Weak	Strong	Moderate	5–10 pages
🇦🇺 AU	Low	Weak	Strong	Moderate	5–10 pages
🇳🇿 NZ	Low	Weak	Strong	Moderate	5–10 pages
🇫🇷 FR	Low	Moderate	Strong	Moderate	5–10 pages

---

FAQ: SORA Risk Assessment

Q1: Do I have to conduct a SORA assessment? Poppo: "It depends on your country and operation type:"

Country	Always Required	Sometimes	Never
🇬🇧 UK	OpAuth operations	Exemptions possible	Recreational only
🇩🇪 DE	Commercial operations	Residential inspection	Recreational only
🇫🇷 FR	Complex operations	Simple visual	Recreational only
🇦🇺 AU	Category 2+; over-people	Category 1; simple ops	Recreational < 2kg
🇳🇿 NZ	Category 2+; over-people	Category 1; simple ops	Recreational < 2kg
🇨🇦 CA	SFOC operations	Exemptions	Recreational
🇯🇵 JP	All commercial	DIPS-waivered ops	Recreational

Q2: How do I write a SORA assessment? Poppo's 10-Step Process: Step 1: Define the Operation
• Drone model & weight
• Location & altitude
• Duration & frequency
• Environmental conditions
• Operator experience

Step 2: Identify Hazards
• List all potential failures:
• Loss of control
• Battery failure
• Signal loss
• Propeller damage
• Weather deterioration

Step 3: Assess Severity (0–4 scale)
• 0 = No injury
• 1 = Minor injury (scrapes, small fractures)
• 2 = Serious injury (lost limb equivalent)
• 3 = Fatality or major property damage (€500K+)
• 4 = Multiple fatalities or catastrophic (€5M+)

Step 4: Assess Likelihood (1–5 scale)
• 1 = Extremely unlikely (< 1 in 1M chance)
• 2 = Unlikely (1 in 100K–1M)
• 3 = Moderate (1 in 1K–100K)
• 4 = Likely (1 in 100–1K)
• 5 = Very likely (> 1 in 100)

Step 5: Calculate Initial Risk
• Risk = Severity × Likelihood
• 16–20 = Unacceptable (redesign required)
• 12–15 = High (mitigations mandatory)
• 6–11 = Medium (mitigations recommended)
• < 6 = Low (acceptable as-is)

Step 6: Identify Mitigations

For each hazard, list controls:

• Technical: Redundant systems, parachutes, RTK, lights
• Operational: Spotters, barriers, distance rules, weather limits
• Organizational: Training, insurance, contingency plans

Step 7: Assess Mitigation Effectiveness

For each mitigation, estimate risk reduction:

• Remove 50% of risk?
• Remove 75%?
• Remove 90%?

Step 8: Calculate Residual Risk
• Apply mitigation effectiveness
• New risk = Original risk × (1 – effectiveness)
• Target: Residual risk < 6 (low/acceptable)

Step 9: Determine Acceptability
• Residual < 4: Acceptable (low risk)
• 4–6: Acceptable with conditions (insurance, training)
• 6–8: Marginal (more mitigations needed)
• > 8: Unacceptable (operation redesign required)

Step 10: Document Everything
• Write 5–15 page report
• Include:
• Operation description
• Hazard matrix
• Mitigation strategies
• Residual risk calculation
• Approval authority information

Tools Available:
• EASA Concept Paper (free): https://www.easa.europa.eu/
• Netherlands SORA Tool (free): https://www.nl-sora.org/ (original)
• Consultants: €500–€2,000 to write assessment for you
Q3: What's the difference between "baseline risk" and "residual risk"? Poppo's Explanation: Baseline Risk = Risk without any mitigations
• Assume drone will fail at some point
• Assume people could be in path
• Worst-case scenario assessment

Example: Rooftop inspection baseline = High Risk
• Drone could lose control
• Could hit people below
• Could damage property
• No mitigations assumed

Residual Risk = Risk after all mitigations applied
• Assume spotters in place
• Assume people warned away
• Assume RTK backup
• Assume insurance

Example: Same rooftop with mitigations = Low Risk
• Spotters watch for hazards
• Barriers keep people back
• RTK reduces control loss chance by 95%
• Insurance covers remaining risk

Q4: What mitigations does each country prefer? Poppo's Country Breakdown: Technical Mitigations (Preferred in Germany, Sweden):
• Parachute systems (active or ballistic)
• Redundant propulsion/batteries
• RTK/GNSS backup systems
• Electronic geofencing
• Advanced obstacle detection
• Failsafe automatic landing

Cost: +€2,000–€10,000 per mitigation Operational Mitigations (Preferred in Australia, New Zealand, Canada):
• Spotters/observers
• Physical barriers/distance rules
• Weather limits (wind speed, visibility)
• Airspace coordination
• Training requirements
• Contingency planning

Cost: +€500–€2,000 (mostly labor) Organizational Mitigations (Universally Required):
• Insurance (€1,000–€5,000/year)
• Training/certification (€500–€1,500)
• Risk assessment documentation (€200–€2,000)
• Emergency procedures manual (€100–€500)

Regional Preference Matrix:

Region	1st Choice	2nd Choice	3rd Choice
🇪🇺 EU	Technical	Organizational	Operational
🇦🇺🇳🇿	Operational	Technical	Organizational
🇨🇦	Operational	Technical	Organizational
🇯🇵	Technical	Operational	Organizational

---
Q5: What's a good residual risk target? Poppo's Guidance: Risk Acceptance Levels (by operation type):

Operation	Target Residual Risk	Example
Recreational (private)	< 4 (low)	Back-garden flying
Professional (simple)	< 6 (low–moderate)	Aerial photography, roof inspection
Professional (complex)	< 8 (moderate)	Event filming, delivery trial
Critical infrastructure	< 4 (low)	Power line inspection, emergency response
Over populated areas	< 3 (very low)	Urban delivery pilots

Regulatory Thresholds:
• 🇦🇺 AU: Accepts up to ~8 (risk-tolerant)
• 🇫🇷 FR: Accepts up to ~7 (permissive)
• 🇬🇧 UK: Targets < 6 (moderate caution)
• 🇩🇪 DE: Targets < 5 (cautious)
• 🇸🇪 SE: Targets < 4 (very cautious)

Q6: Can I use someone else's SORA assessment as a template? Poppo: "Not directly, but it helps:" What You Can't Do:
• Copy another operator's assessment verbatim
• Submit same assessment for different operation
• Claim someone else's mitigations as your own

What You Can Do:
• Use structure/format as template
• Reference similar operations
• Cite published mitigations (e.g., EASA guidance)
• Quote best practices from other assessments
• Work with consultant who reviews multiple cases

Reality: Most SORA assessments are 70–80% similar in structure. Differences are:
• Specific hazards to your location
• Your mitigation strategy
• Your operator experience/training
• Your equipment specs

Q7: How often do I need to update my SORA assessment? Update Triggers:

Trigger	Frequency	Action
Regulatory change	Annual check	Update risk categories if rules change
Incident/near-miss	As-needed	Revise mitigation; resubmit
Equipment change	Per change	Update technical mitigations
Location change	Per location	New assessment for different area
Operator change	Per change	Update experience/training level
Risk evidence	If emerging data	Revise severity/likelihood if needed

General Rule: Review annually; update if operation changes significantly.
Q8: What happens if my SORA is rejected? Poppo's Recovery Path: Rejection Reasons (typical):
1. Insufficient mitigations (risk still too high)
2. Unrealistic mitigations (claimed effectiveness not supported)
3. Missing documentation (hazards not identified)
4. Non-compliance with local rules (operation violates airspace restrictions)
5. Operator experience (insufficient training documented)

Recovery Steps:
1. Contact Regulator: Get specific feedback on rejection
2. Analyze Feedback: Understand specific concerns
3. Enhance Mitigations: Add technical or operational controls
4. Rewrite Assessment: Incorporate new mitigations with evidence
5. Resubmit: Include cover letter explaining changes
6. Follow Up: Expect approval in 2–4 weeks (typically)

Approval Rate: ~70–80% on first submission (with consultant help: ~90%)
Q9: Can I operate while SORA is pending approval? Poppo: "No. Here's why:" Legal Status:
• SORA Approved: You have authority to operate (with conditions)
• SORA Pending: You do NOT have authority to operate
• SORA Rejected: You cannot operate (redesign required)

Exception: If regulator grants interim permission (rare; typically for emergency response only) Timeline Impact: Must plan 4–8 weeks approval time before intended operation date.
Q10: Is SORA required if I'm using exemptions? Poppo: "Usually yes; here's the breakdown:"

Scenario	SORA Required
Full commercial authorization	Yes (mandatory)
Exemption (low-risk operations)	Maybe (depends on country)
Exemption (over-people ops)	Yes (typically)
Exemption (airspace waiver)	Yes (typically)
Recreational < 2kg, no payment	No (exempt)
Emergency response (government)	Maybe (often waived)

Key Takeaway: SORA is Risk Insurance

Piyo's Final Question: "So SORA is just paperwork?" Poppo's Answer:

"No. SORA forces you to think through every failure scenario and how you'll prevent it. It's the difference between 'hoping nothing goes wrong' and 'proving nothing bad can happen.' Regulators love it because it shows professionalism."

SORA's Real Value:

✅ Systematically identifies hazards (what you missed) ✅ Quantifies risk (so you know your actual exposure) ✅ Mandates mitigations (prevents wishful thinking) ✅ Documents decisions (protects you legally if incident occurs) ✅ Builds confidence (regulators, clients, insurers, yourself)

MmowW Support:
Last Updated: April 2026 Accuracy: Based on latest EASA SORA guidance and country-specific implementations SORA continues evolving. Check EASA and your regulator's latest guidance annually.