Landmark Proposed Rule May Open American Skies to Expanded Commercial Drone Deployments

For years, the deployment of unmanned aircraft systems (UAS), or drones, in U.S. airspace has been constrained by regulations that limited how those devices operated when they strayed beyond the sightline of their human controller. Heretofore, regulations required drone operators to receive individual waivers or exemptions when using drones “beyond their visual line of sight,” known as BVLOS. Industry has felt that these regulations have hampered widespread UAS usage in areas such as package delivery, surveying, and farming, among others.

On August 7, 2025, the Federal Aviation Administration (FAA) and the Transportation Security Administration (TSA) took a major step toward expanding the deployment of drones in U.S. airspace by jointly releasing a Notice of Proposed Rulemaking (NPRM) that would establish comprehensive, performance-based regulations for UAS operations beyond visual line of sight. Developed in response to the 2024 FAA Reauthorization Act and years of industry input, the proposal is set to transform commercial drone operations, manufacturing, and supporting services.

This is our first in a series of client alerts covering the broad scope of this rule. Stay tuned for further updates and programming from the Crowell & Moring team on this landmark rulemaking.

I. Overview: Why This Rule Matters

• • • Expanding Routine BVLOS Operations – The NPRM moves away from a reliance on waivers and exemptions and creates a regulatory pathway for routine low-altitude BVLOS drone operations, including package delivery, agriculture, aerial surveying, civic interest (public safety), recreation, and flight testing. The rule would primarily cover operations that occur at or below 400 feet above ground level, from pre-designated and access-controlled locations, and would require FAA approval for the area of intended flight.
    • Enabling Scalable UAS Traffic Management – The rule introduces a regulatory framework for “Automated Data Service Providers” (ADSPs) entities that support scalable BVLOS operations by providing services such as strategic deconfliction, conformance monitoring, and UAS Traffic Management (UTM). Operators may serve as their own ADSP or contract with another company for ADSP services.
    • Aligning with Congressional and Executive Mandates – The proposal implements the 2024 FAA Reauthorization Act, President Trump’s June 2025 Executive Order titled “Unleashing American Drone Dominance”, and years of industry and Aviation Rulemaking Committee (ARC) recommendations.

II. Key Regulatory Provisions for UAS Operators

• • • New Part 108: BVLOS Operations Framework – The proposed rule would require operators to obtain either an operating permit (for lower risk, limited-scale operations) or an operating certificate (for higher risk, larger-scale or more complex operations) to fly BVLOS. FAA would issue permits for lower-risk operations (e.g., package delivery, agriculture, civic interest, training, recreation), while certificates would require more thorough FAA review and oversight for higher-risk activities.
    • Airworthiness Acceptance & Aircraft Standards – Drones up to 1,320 lbs. (including payload) may be approved under the new airworthiness acceptance process. The proposed rule would require BVLOS drones to receive an “airworthiness acceptance” determination through a “streamlined” FAA process based on industry consensus standards. Manufacturers would be required to test aircraft to these standards, develop operational limitations, and provide maintenance instructions. The rule would also require drones to have lighting and to broadcast Remote ID.
    • Operational Categories & Risk Mitigations – The rule introduces five population-density categories for operations over people, each with increasing operational restrictions and required mitigations (e.g., strategic deconfliction, detect-and-avoid, right-of-way rules, lighting, and recordkeeping). It would prohibit operations over large, open-air gatherings.
    • Safe Separation & UTM Integration – Operators must use ADSPs to ensure safe separation from other drones and manned aircraft. Drones must yield to all manned aircraft broadcasting their position via the aviation surveillance technology known as Automatic Dependent Surveillance–Broadcast (ADS-B), through which an aircraft determines its position via satellite navigation or other sensors and periodically broadcasts its position. The rule would also prohibit drones from interfering with airport, heliport, or vertical take-off and landing (or, VTOL) operations.
    • Personnel & Training – Operators must designate an “operations supervisor” (responsible for overall safety, security, and compliance) and, as needed, “flight coordinators” (directly overseeing aircraft operations). The rule would impose tailored knowledge and training requirements on both roles, but the rule would not require the roles be filled by individual FAA airman or those with remote pilot certifications.
    • Maintenance, Recordkeeping & Reporting – Operators must follow manufacturer maintenance protocols and keep detailed records of each flight (date, time, duration, registration number, purpose, flight path, personnel, landing location), mechanical issues, maintenance, alterations, and personnel training. Operators must report flight data, unplanned landings, security breaches, loss of control, automated data service failures, and property damage over $500.
    • Security & TSA Vetting – Operators must implement physical and cybersecurity policies to prevent unauthorized access to facilities, networks, and data, and prepare for and respond to cyber-attacks. TSA will require operations supervisors, flight coordinators, and other covered personnel to undergo what TSA refers to as a “Level 3 Security Threat Assessment,” which includes a rigorous check of an individual’s criminal and immigration history. Permitted and certificated package delivery operators must obtain a TSA security program before conducting operations.

III. Automated Data Service Providers (ADSPs) & UTM

• • • Part 146: Certification of ADSPs – Entities providing services for BVLOS operations (e.g., UTM, strategic deconfliction, conformance monitoring) must obtain FAA certification and authorization for each service, with requirements scaled to the risk level the entities support. Operators can provide these services themselves or contract others for them.
    • Cybersecurity, Quality Management & Software Updates – ADSPs must implement robust cybersecurity and change management processes, maintain quality management systems (including a safety management system (SMS)), and adhere to strict software update/versioning and notification rules. They must keep records of compliance, test data, and software revisions.
    • Data Exchange & Interoperability – Authorized services must be interoperable, secure, authenticated, and provide non-repudiation to support safe, scalable UAS integration and ensure reliable data exchange among operators and the FAA.

IV. Industry Impact: Who Is Affected?

• • • Commercial Drone Operators – Entities seeking to scale BVLOS operations for delivery, inspection, agriculture, and public safety, among others, must transition from waivers and exemptions to the new permit and certification regime and update their compliance infrastructure.
    • UAS Manufacturers – All BVLOS-capable drones must meet new airworthiness acceptance standards, provide required documentation, maintenance instructions, and support operational recordkeeping and reporting.
    • ADSPs/UTM Providers – ADSPs and UTM service providers must pursue FAA certification and authorization, implement SMS and cybersecurity programs, and comply with ongoing oversight, reporting, and record retention rules.

V. Compliance Deadlines & Next Steps

• • • Public Comment Period – Comments are due by October 6, 2025. The FAA and TSA encourage stakeholders to submit feedback on operational requirements, technical standards, risk categories, and regulatory burdens.
    • Preparation Steps – Operators and manufacturers should begin reviewing their fleet, compliance programs, personnel training, security protocols, and data management systems for alignment with the proposed requirements.

VI. Key Takeaways

• • • The NPRM represents a paradigm shift for U.S. drone BVLOS operations, moving from case-by-case waivers to risk-based, scalable regulation that will likely result in much the wider use of drones in American skies.
    • Operators, manufacturers, and service providers must prepare for new certification, documentation, security, and oversight requirements, including those impacting cybersecurity, SMS, and detailed data reporting.
    • ADSP/UTM certification and integration will be essential for enabling routine, safe, and interoperable BVLOS operations at scale.
    • The FAA and TSA request stakeholder engagement during the comment period.
    • The NPRM marks a critical step toward the FAA’s publication of a final rule on BVLOS, which the Trump Administration directed be published by February 1, 2026.

The Crowell Transportation team can assist clients prepare public comments to the proposed rule, which are due October 6, 2025, and will continue to monitor Part 108 rulemaking process and report on key regulatory requirements and comments submitted.