When SORA 2.5 was introduced into the EASA framework, the message was clear: this update should make the authorisation process more consistent, reduce room for interpretation, and lower the evidentiary burden for many lower-risk operations. EASA explicitly presented SORA 2.5 as a simplification step, particularly through clearer text, more harmonised implementation, less evidence for many low-risk VLOS cases, and more flexibility around containment. 

That ambition is understandable. And in some parts of the market, it may well help.

But from where I stand, especially looking at public safety, security and critical infrastructure operations, the practical outcome is more mixed. In some cases, it is even moving in the wrong direction.

Because the operators that matter most for Europe’s resilience are not the ones flying the simplest missions. They are the ones trying to build repeatable, cross-border, operationally meaningful drone capability. Think of energy companies, port operators, railway and utility operators, security providers, and public authorities that need drones as part of day-to-day operations. These organisations rarely operate in a single location, in a single country, under a single local interpretation. They operate across borders, across infrastructures, and across regulatory cultures.

And that is exactly where Europe still makes life unnecessarily hard.

One of the big ideas behind SORA 2.5 was to improve consistency. That is also visible in the development history: changes included a move from a more qualitative to a more quantitative ground-risk approach, a restructuring of the methodology, and efforts to reduce ambiguity in how the assessment is built. JARUS’ own summary of changes highlights, for example, the introduction of a more quantitative ground-risk model, the removal of VLOS/BVLOS criteria from Step #2, and a new M1b for VLOS operations. 

On paper, that sounds like progress.

In practice, however, critical infrastructure operators do not experience regulation on paper. They experience it through authorisation lead times, authority feedback, local interpretations, documentation burden, and the feasibility of scaling a concept from one site or country to another.

And here SORA 2.5 does not solve the underlying European problem.

The problem is not only the methodology itself. The problem is that Europe still applies a supposedly harmonised framework through fragmented national lenses.

EASA’s own cross-border guidance makes that clear. For operations in the specific category that are not covered by a standard scenario, an operator must first obtain an operational authorisation from the authority in its state of registration, and then separately provide documentation to the authority in each state of operation, including the original authorisation, updated mitigations where needed, and evidence of compliance with local conditions. The authority in the state of operation then assesses that documentation before the operation may start. 

That may be defensible from a legal and sovereignty perspective. But from an operational and economic perspective, it is a major brake on scale.

For a pan-European energy company, this means that a drone concept proven in one country is not automatically portable to another. For a security company operating across multiple sites, it means duplicate work and duplicated uncertainty. For public safety organisations, it means slower deployment of capabilities that everyone agrees are valuable. And for innovative European operators trying to build BVLOS services, it means that every national border still feels like a regulatory reset.

Yes, there is a route around some of this: the Light UAS Certificate (LUC).

But here again, the theory is better than the practical reality. A Light UAS Operator Certificate can indeed grant self-authorisation privileges, including for PDRA-based operations and, depending on the privileges granted, even broader self-authorisation. 

The issue is that for many operators, especially outside the largest and most mature organisations, the LUC remains a very high threshold. It demands organisational maturity, process discipline and regulatory investment that many perfectly serious infrastructure or security operators do not yet have the time or scale to justify. In other words, Europe offers a pathway to flexibility, but often only after asking industry to climb a mountain first.

That would be easier to accept if the reward at the end was a genuinely scalable European market.

But it is not. Even with harmonised EU rules, operators still run into different national expectations, different evidentiary standards, different interpretations of proportionality, and different levels of comfort with BVLOS concepts. SORA 2.5 may have clarified the framework, but it has not removed the operational friction that matters most.

And this matters because BVLOS is not a niche issue anymore.

For critical infrastructure, BVLOS is often the business case. It is what enables long linear inspections, remote asset monitoring, automated drone-in-a-box deployments, faster emergency response, and efficient scaling over large industrial footprints. Without workable BVLOS, the productivity and safety benefits of drones remain capped. Europe talks a lot about innovation, resilience and strategic autonomy, but we should be honest: if BVLOS remains this fragmented and difficult to scale, we will continue to lose momentum to markets that are more pragmatic in how they operationalise advanced drone use cases.

That comparison with the United States is uncomfortable, but necessary. Europe often has the better theoretical framework. What it lacks is the same level of operational pragmatism and consistency in execution.

My concern is that SORA 2.5 risks being remembered as an improvement for regulatory structure, but not necessarily as an improvement for operational reality.

For lower-risk VLOS operations, some simplification may well be real. EASA explicitly says so. But the sectors that Europe should be enabling most urgently, public safety, security and critical infrastructure, depend disproportionately on operations that sit outside that comfort zone. They need scalable BVLOS pathways. They need faster and more predictable cross-border recognition. They need authorities to interpret proportionality in a way that supports essential operations instead of treating each one as if it were the first of its kind. 

So my call to EASA and the national aviation authorities is straightforward.

If Europe is serious about resilience, strategic autonomy and the protection of critical infrastructure, then it needs to regulate those drone applications accordingly.

That means being more pragmatic, not less.

It means creating a more workable pathway for repeatable BVLOS concepts across Member States. It means reducing the practical burden of cross-border specific-category operations. It means recognising that a mature critical infrastructure operator with proven procedures should not have to start from scratch every time it crosses a border. And it means lowering the real-world barriers between safe operations and scalable deployment.

SORA 2.5 was supposed to make life easier for drone operators.

For the operators that matter most to Europe’s critical future, that promise is still far from fulfilled.

If anything, this is the moment not just to refine the methodology, but to finally apply it with the pragmatism that Europe’s market has been missing for years.

If you are operating drones in critical infrastructure, public safety or security and are navigating the practical challenges of SORA and cross-border authorisations, we would be glad to think along with you. Explore how AirHub supports complex drone operations. Book a demo to see the platform in action.