On Tuesday, February 20, 2018, which is tomorrow (I know, I’m confused, too. I’m just a space lawyer and always find time travel stories fairly irritating. Seriously, look at the top of the Federal Register page: it says the 20th. It reached my inbox last week. Someone has acquired serious temporal powers.), the Federal Register published/will publish a notice from the FAA containing the criteria the FAA used to issue a safety approval to Millennium Engineering and Integration Company. The safety approval applies to Millennium’s “ability to provide its Flight Analyst Workstation (FAWS) as a component of the process to build flight rules, generate the Mission Data Load (MDL),and verify the MDL prior to loading it onto a launch vehicle’s autonomous flight safety unit (AFSU).”
The FAA’s rules in 14 C.F.R. 414.35 provide that when the FAA issues a safety approval it “will publish in the Federal Register a notice of the criteria that were used to evaluate the safety approval application, and a description of the criteria.” The FAA provides a list of the criteria by name.
What is a safety approval? It is not an authorization. It is neither a license nor a permit, and it does not authorize the conduct of any specific activity. Instead, it provides a finding that whatever the safety approval applies to is acceptable to the FAA for licensing purposes.
The law that Congress passed and the FAA must implement states that the FAA
may establish procedures for safety approvals of launch vehicle, reentry vehicles, safety systems, processes, services, or personnel (including approval procedures for the purpose of protecting the health and safety of crew, government astronauts, and space flight participants, to the extent permitted by subsections (b) and (c)) that may be used in conducting licensed commercial space launch or reentry activities.
51 U.S.C. 50905(a)(2). (If memory serves, safety approvals were given that name to avoid confusion with aviation certification processes. Congress didn’t want the regulators to feel that they had to model safety approvals on aircraft or airmen certifications.) Although the FAA does not say which category Millenium’s system falls under, it would appear that Millennium’s work station is part of a “safety system…that may be used in conducting licensed commercial space launch…activities.”
As background, recall that a launch or reentry operator must obtain an FAA license to launch or reenter a launch or reentry vehicle. When the FAA reviews the operator’s license application it assesses a host of factors. Those include the regulations that the FAA Notice announces Millennium satisfies. One of those regulations, 14 C.F.R. § 417.309(h), requires a launch operator’s computing system, software or firmware that perform a safety critical function to undergo the analysis needed to ensure reliable operation and satisfy 14 C.F.R. § 417.123. The FAA determined that the ability of Millennium’s workstation as a component of the process to build flight rules, and to generate and verify a mission data load can satisfy 14 C.F.R. § 417.123(b)(d) and (e). Those regulatory provisions require a launch operator to identify all safety-critical functions associated with its computing systems and software, and to develop and implement computing system and software development, validation, and verification plans.
There is one point of confusion. Initially, the FAA states that Millennium received its safety approval for its ability to provide a workstation that performed the functions described. Later, the FAA speaks of the safety approval applying to the workstation itself. Since the statute lists, among other things, safety systems, as eligible for safety approvals, it seems most likely that the safety approval applies to the workstation as a part of a process, but that is supposition on my part.
Confusion aside, what all this means in terms of the big picture is that when a launch operator applies for a license for the launch of a launch vehicle with an autonomous flight safety unit that uses the elements identified in Millennium’s safety approval, the launch operator should not have to repeat to the FAA a demonstration that Millennium has already made. The safety approval only applies to the identified elements and regulatory provisions. A launch operator would still have to demonstrate satisfaction of the remainder of the FAA’s requirements.
A safety approval is not mandatory, but possessing one might save launch and reentry customers time and paperwork in the long run.