(a) An applicant for RLV mission safety approval shall submit procedures -
(1) That ensure RLV mission risks do not exceed the criteria set forth in §§ 431.35, 450.169, and in § 450.101(a)(4) and (b)(4) for nominal and non-nominal operations;
(2) That ensure conformance with the system safety process and associated hazard identification and risk assessment required under § 431.35(c);
(3) That ensure conformance with operational restrictions listed in paragraphs (c) through (e) of this section;
(4) To monitor and verify the status of RLV safety-critical systems sufficiently before enabling both launch and reentry flight to ensure public safety and during mission flight unless technically infeasible; and
(5) For human activation or initiation of a flight safety system that safely aborts the launch of an RLV if the vehicle is not operating within approved mission parameters and the vehicle poses risk to public health and safety and the safety of property in excess of acceptable flight risk as defined in § 431.35.
(b) To satisfy risk criteria set forth in § 431.35(b)(1), an applicant for RLV mission safety approval shall identify suitable and attainable locations for nominal landing and vehicle staging impact or landing, if any. An application shall identify such locations for a contingency abort if necessary to satisfy risk criteria contained in § 431.35(b)(1) during launch of an RLV. A nominal landing, vehicle staging impact and contingency abort location are suitable for launch or reentry if -
(1) For any vehicle or vehicle stage, the area of the predicted three-sigma dispersion of the vehicle or vehicle stage can be wholly contained within the designated location; and
(2) The location is of sufficient size to contain landing impacts, including debris dispersion upon impact and any toxic release.
(c) For an RLV mission -
(1) [Reserved]
(2) The projected instantaneous impact point (IIP) of the vehicle shall not have substantial dwell time over densely populated areas during any segment of mission flight;
(3) There will be no unplanned physical contact between the vehicle or its components and payload after payload separation and debris generation will not result from conversion of energy sources into energy that fragments the vehicle or its payload. Energy sources include, but are not limited to, chemical, pneumatic, and kinetic energy; and
(4) Vehicle safety operations personnel shall adhere to the following work and rest standards:
(i) A maximum 12-hour work shift with at least 8 hours of rest after 12 hours of work, preceding initiation of an RLV reentry mission or during the conduct of a mission;
(ii) A maximum of 60 hours worked in the 7 days, preceding initiation of an RLV mission;
(iii) A maximum of 14 consecutive work days; and
(iv) A minimum 48-hour rest period after 5 consecutive days of 12-hour shifts.
(d) In addition to requirements of paragraph (c) of this section, any unproven RLV may only be operated so that during any portion of flight -
(1) The projected instantaneous impact point (IIP) of the vehicle does not have substantial dwell time over populated areas; or
(2) The expected number of casualties to members of the public does not exceed 1 × 10−4 given a probability of vehicle failure equal to 1 (pf=1) at any time the IIP is over a populated area;
(e) Any RLV that enters Earth orbit may only be operated such that the vehicle operator is able to -
(1) Monitor and verify the status of safety-critical systems before enabling reentry flight to assure the vehicle can reenter safely to Earth; and
(2) Issue a command enabling reentry flight of the vehicle. Reentry flight cannot be initiated autonomously under nominal circumstances without prior enable.
[Docket No. FAA-1999-5535, 65 FR 56658, Sept. 19, 2000, as amended by Docket No. FAA-2014-0418, Amdt. No. 431-4, 81 FR 47027, July 20, 2016; Doc. No. FAA-2019-0229, Amdt. 431-7, 85 FR 79717, Dec. 10, 2020]