The Specific Operations Risk Assessment (SORA) has long been the cornerstone for assessing drone flights in the Specific category. Developed by JARUS and adopted across Europe and beyond, SORA provides the risk‑based framework for UAS operations that don’t fit into the Open category.

With the formal publication of SORA 2.5 under EASA’s AMC/GM for Regulation (EU) 2019/947, several significant changes have been made, drawing from lessons learned with version 2.0. The goal is greater clarity, more consistent assessments, and a smoother process for operators and authorities alike.

Below is a summary of the most important updates and what they mean in practice.

More Structure, Less Ambiguity

One of the most visible changes is how the documentation is organized. In SORA 2.0, overlapping annexes and redundant attachments sometimes caused confusion. In 2.5, the summary is integrated into the main document, and there is a clearer distinction between “Requirements” and “Guidance”. This helps both operators and authorities see exactly what is mandatory versus advisory.

Another practical improvement: the set of documents operators must submit is now more clearly defined. Every application must now include, at minimum, an Operations Manual, a compliance matrix, and the official application form. To improve consistency across submissions, EASA now publishes a recommended template structure for the OM, which promotes more uniform authorisations.

In terms of process, 2.5 splits the approval flow into two phases: first the operator submits basic risks and assumptions, then follows up with a full safety evidence package. This avoids running into major rework if assumptions are later challenged.

From 11 Steps to 10 - Containment Moved Earlier

SORA 2.5 reduces the assessment steps from 11 to 10, reordering parts of the logic to make risk progression more intuitive. Containment - the measures to confine consequences of a drone failure - has been moved ahead of the OSOs (Operational Safety Objectives), so now containment is evaluated before many of the OSO requirements. This better aligns with how risk really accumulates and is mitigated.

Also, the term CONOPS (“Concept of Operations”) has been replaced by Detailed Operational Information. That means operators must now follow clearer templates and guidance on what exactly needs to go into that document, making submissions more consistent across the board.

A Quantitative Approach to Ground Risk

One of the most substantive changes is in how ground risk (GRC) is assessed. While SORA 2.0 relied heavily on qualitative judgment, 2.5 introduces a quantitative model that factors in population density, speed, and the concept of a critical area - the zone around the mission where a loss of control could have consequences.

EASA has even developed a Critical Area Assessment Tool (CAAT) to help operators show that their actual risk is lower than baseline tables might suggest. This gives more flexibility, if you can prove your design or route is safer, you gain fewer constraints.

In a further nod to proportionality, small drones (≤ 250 g and ≤ 25 m/s) are now automatically placed in the lowest ground risk class (GRC 1). Drones up to 900 g at slower speeds enjoy some relaxed mitigation requirements when applicable.

Mitigation & Safety Objectives: ERP Moves In

The way mitigation is structured has changed considerably. Under 2.5:

• M1 mitigation (ground risk lowering) is now refined into M1A (sheltering), M1B (operational limits), and M1C (ground observation).

• M2 still handles impact reduction techniques.

• Importantly, the Emergency Response Plan (ERP) is no longer a “bonus” mitigation (as M3). It has been removed from the mitigation tier and is now treated as one of the OSOs (safety objectives). In other words, every operation must incorporate a credible ERP as part of its safety case — it is no longer optional.

Containment also gets more nuanced: operators must now define whether containment is Low, Medium, or High, using parameters like maximum size, speed, population density of adjacent areas, and SAIL level.

On the OSO front, the number of objectives has been reduced from 24 to 17 by merging redundancies. The label “Optional” has been removed and replaced with “Not Required (NR)” to avoid confusion. Each OSO now also indicates which stakeholder is responsible (operator, manufacturer, or training provider), improving accountability

The Safety Portfolio Gets Stronger

The Comprehensive Safety Portfolio (CSP) - the dossier that ties everything together- is more robust in 2.5. It must now clearly show how external service providers (for example U-space providers) contribute to the safety case, typically through Service Level Agreements (SLAs). This change helps authorities see the full chain of responsibility rather than only internal parts of your operation.

What Did Not Change (Yet)

As of now, the air risk (ARC) evaluation model remains largely the same. While discussions exist about a future quantitative air-risk model, that is expected in SORA 3.0, currently slated for around 2027.

The strategic and tactical mitigation logic is still preserved, SORA 2.5 refines rather than overhauls the framework. Some qualitative flexibility remains where data (for instance, population maps) are unavailable.

What This Means for Operators & Authorities

For operators, SORA 2.5 offers more structure and less ambiguity. Your safety case, mitigation paths, and documentation are more clearly defined. But with clarity comes the need to review existing authorisations - you will need to assess whether your assumptions, margins, and OSOs still hold under the new regime.

Authorities now have a stronger footing to evaluate submissions and make consistent decisions. The removal of optional “ERP credit,” clearer roles for OSOs, and stricter vendor integration via CSP will likely reduce back-and-forth and improve review efficiency.

Still, the industry must watch how national authorities adapt 2.5 in their own guidance and implementation timelines. As of publication, a transitional period is expected. Some operators using 2.0-based authorisations will likely be able to continue until renewal, but future filings should use 2.5.

How We Can Help

At AirHub Consultancy, we guide organisations through every step of the SORA process. Whether you’re navigating the shift from SORA 2.0 to 2.5, preparing a new operational authorisation, or engaging with competent authorities. We support with drafting your operational and technical documentation, performing quantitative ground risk assessments, building robust mitigation strategies, and integrating ERP and containment plans that meet the latest OSO expectations. Our in‑house expertise ensures your operation is both safe and compliant, no matter how complex or high‑risk. Combined with the AirHub Platform, which helps you visualise population density, map your critical areas, and structure your documentation, we offer a complete ecosystem to streamline your approval process and scale your drone operations with confidence.