Thinking About Fail-safe’s

As model flyers we have a number of responsibilities that we must consider before carrying out any flight.


The most obvious and relevant are the basic “endangering” provisions of the Air Navigation Order which require that you do not endanger person or property with your model aircraft and that you do not endanger a full size aircraft or its occupants; essentially it is common sense stuff.


A further requirement that seems to be regularly neglected or misunderstood is the setting of a failsafe on a model aircraft.


Whilst the requirement for a failsafe that brings the throttle to closed or idle on loss or corruption of the radio signal is set out in CAP658 rather than the ANO it is as close to a legal requirement as makes little difference.  While CAP658 is entitled “Model Aircraft:- A Guide to Safe Flying” perhaps “Model Aircraft:- A Guide to Complying with the Air Navigation Order” would be an equally good and accurate title.


The requirement as set out in CAP658 stipulates that where a failsafe facility is available (and it is on pretty much any modern R/C set) the failsafe must be utilised whatever the weight of the aircraft.


For models weighing over 7kg and for those powered by a gas turbine it is an absolute requirement (the original requirement as originally set out a number of years ago related only to models over 7kg).


So, in practical terms it is fairly simple, if your R/C equipment and model support failsafe operation, then you are required to utilise it, in addition to this, if you fly a model weighing over 7kg or powered by a gas turbine you are required to fit a failsafe.


Remember, not only is it a legal requirement but also one of the first aspects that is investigated following a serious accident or an insurance claim.


Why Have a Failsafe?

The fitment of a failsafe performs three vital functions in the event of a loss or corruption of the R/C signal.


The primary purpose is to reduce the potential energy of an aircraft that is no longer responding to commands from the transmitter and is therefore likely to crash.


Taking away the propulsion source can significantly reduce the energy of any impact thereby reducing the potential for injury or damage.


Secondly, the closing of the throttle on loss of signal serves to significantly reduce the potential radius of the impact area, with the primary aim that any impact will be on the “live” side of the flying activity; this is particularly important at displays and public events but also relevant at the club field.


The third aspect of the closing of the throttle is that it prevents an out of control model aircraft from climbing once the signal has been lost and presenting a hazard to full size aircraft or entering controlled airspace.


Know How Your Failsafe Works…….And Check

During my numerous conversations with model flyers and also when I am investigating incidents relating to insurance claims, it is very apparent that a significant number of flyers do not understand how their failsafe operates or how to set it correctly.


Of course the first place to look is the manual for your particular R/C equipment which should take you through the setting of the failsafe as a step by step process.


The important aspect is to never rely on factory settings as even where the operation of the failsafe is pre set in one direction or the other, the radio set still won’t know which way round you have mounted the throttle servo or in what orientation your speed controller operates.


On the majority of 2.4GHz equipment it is the position of the throttle stick when “binding” that defines the failsafe position so it is vitally important that this is checked after any work or alterations have been carried out to the aircraft.


The correct operation of the failsafe should become part of your regular checks at the start of every flying session; it only takes a few seconds and is well worth the effort to ensure that you are operating lawfully.


The method of checking correct operation varies from aircraft to aircraft, for electric models the easiest method is, having carried out pre flight checks as normal, suitably restrain the airframe or remove the propeller (note: if you remove the propeller do not run the motor at full power as you risk damaging the motor) and connect the R/C and flight batteries, ensuring that it can’t move and the area in front is clear, power up the motor to half to three quarter throttle and then turn off the transmitter, with a correctly set failsafe the motor should stop within one to two seconds.


When switching the transmitter back on ensure that the throttle stick is returned to the closed position, the vast majority of speed controllers will have built in protection to prevent “arming” at anything other than throttle closed but it is of course better to cultivate good habits rather than rely solely on technology wherever possible.


On models powered by internal combustion engines it is often possible to see the throttle barrel or carburettor to ensure correct failsafe operation but in cases where it is not possible to physically check that the throttle is closed then the same process as for electric powered aircraft must be utilised.


Whilst pretty much all recently manufactured 2.4GHz radio control equipment has a built in failsafe and much of the “high end” 35MHz equipment also has the capability this doesn’t preclude users of older sets from utilising this important function.  Failsafes are available as separate plug in modules for not much more than the price of a standard servo, these units plug in between the receiver and the throttle servo or between the receiver and the speed controller and perform in exactly the same way as a built in unit.


Power Supply Considerations

Of course the failsafe is only as good as the integrity of the power supply that drives the airborne R/C equipment, if the power supply is compromised on an I/C model then there is nothing to drive the servo to the failsafe position, this has been evidenced recently by a couple of helicopter and one fixed wing “fly-aways” where control was lost but the failsafe was not activated.


Investigation of these incidents revealed that the power supply had failed in each case, a switch failure on one and catastrophic battery failure on the other two (the failure of welded pack joints).


It is possible to purchase an “intelligent” failsafe that utilises an independent power supply to drive the throttle servo to the desired position in circumstances where the power supply to the receiver is compromised; of course the use of such equipment relies on an airframe of sufficient size to carry the additional power supply.


On electric aircraft, the majority of speed controllers default to shut down when there is no signal from the receiver, but not all, check yours.  Also some of the higher specification speed controllers have additional functionality relating to loss of signal and again any such features will be detailed in the manual.


The important factor with any R/C installation is that any system is only as good as the weakest link; the trick is to ensure that all the links are as strong as possible, check and check again.


Additional Functions? 

The majority of R/C systems support a failsafe capability on the throttle channel only; however some of the higher specification sets have the option to determine the position of multiple control functions on loss or corruption of the signal.


Where this option is utilised there are a number of options and the final decision rests with the pilot, such operations as crossed controls, deployment of flaps or full up elevator can all be programmed depending on the perceived requirements and circumstances.


It is worth noting that for gas turbine failsafe operation the BMFA/JMA/GTBA code of practice provides the option for the failsafe to reduce the throttle to idle for three seconds before total shutdown on loss or corruption of the T/X signal (note: where the aircraft is being flown at an event then the specifics of the failsafe setting requirements are to be established by the FDD).


For Gliders?

I am often asked what the failsafe requirements are for gliders; well legally there aren’t any as CAP 658 clearly refers to the throttle function: however there are still relevant options open to glider pilots.


Where airbrakes are fitted it can be very worthwhile to set the airbrakes to deploy on activation of the failsafe as this potentially reduces the energy of the model and again prevents “fly aways”.


Some pilots programme crossed controls in order to bring the aircraft down as quickly as possible (for example full opposite rudder and ailerons combined with full up elevator in order to promote a full spin) but this is entirely down to the personal preference of the pilot.


In Summary


  • Know how your failsafe works.
  • The failsafe must bring the throttle to close or idle on loss or corruption of the radio signal.
  • If your R/C equipment is “failsafe enabled” then you must use it.
  • Models over 7kg must be fitted with a failsafe.
  • Models powered by gas turbine must be fitted with a failsafe.
  • Check the operation of the failsafe at the start of every flying session.
  • For flying displays establishing the correct operation of failsafes should be part of the scrutineering process.



Manny Williamson

Development Officer