Carly Waddleton is a Co-Founder and Chief Customer Officer at OneReg, a New Zealand-based aviation compliance platform. With a background spanning agritech entrepreneurship and environmental regulation, she has grown through three roles at OneReg – from implementation, to operations, to CCO. Under her leadership on the customer side, the company has secured a landmark partnership with Air New Zealand (including a 5% equity stake), expanded into the UK, Australia, and the Middle East.
In our conversation for Dreamix's "State of Aviation" column, Waddleton shares her view on why compliance in aviation has been treated as an afterthought for far too long, and what operators risk by standing still.
Key Takeaways
- Compliance is now a strategic function. The most forward-thinking operators have stopped treating regulatory work as background admin. Instead, they're weaving it into how they measure performance and manage risk across the business.
- Culture compounds faster than product wins. Asked about her proudest achievement, Waddleton pointed to the people and culture. In one of the least diverse sectors globally, attracting and retaining talent across backgrounds has been the engine behind every other milestone.
- AI governance belongs inside existing safety frameworks. Airlines and airports are already using AI for rostering, maintenance, and operations – but the rules are still catching up. Operators who fold AI documentation into their current compliance structures will be far better positioned than those who treat it as a separate workstream.
- The timeline for going digital is shrinking fast. Within two to three years, regulators will expect digital evidence as standard. Operators still relying on manual processes will face steeper audit costs, slower approvals, and growing difficulty attracting younger talent.
Q: You joined OneReg in its early days and have grown through three roles – from implementation, to operations, to Chief Customer Officer. What drew you to the company, and how have the needs of aviation operators changed along the way?
Waddleton: What drew me to OneReg was the chance to rethink how compliance is done in aviation. So much of the industry was relying on spreadsheets, disconnected systems, and processes built around "tick-box" compliance, rather than creating something that genuinely improves operations and safety. We believed operators deserved more than that.
From the beginning, our vision as founders was to build software with compliance embedded by design – not as an add-on or an afterthought. In aviation, compliance touches everything, so the systems operators use every day should naturally support that, rather than creating extra admin and complexity around it.
Having worked across implementation, operations, and now as Chief Customer Officer, I've seen how operators' expectations have changed too. Early on, the focus was often digitising manual processes. Today, customers want technology that gives them confidence, visibility, and control across their operation. They're looking for smarter ways to manage risk, stay ahead of regulatory change, and free up teams to focus on running the business – not chasing paperwork.
The biggest shift is that compliance is no longer viewed as a standalone function sitting in the background. It has become a strategic part of operational performance and business resilience. That's where we see the industry continuing to move, and it's exactly why we built OneReg the way we did.
Q: Air New Zealand took a 5% equity stake in OneReg alongside adopting the platform across its operations. What did that partnership mean for OneReg, and how has it shaped the company's direction?
Waddleton: The Air New Zealand partnership was a turning point, and the fact that they took equity alongside adopting the platform was the strongest signal we could have asked for. A national carrier doesn't put its name behind something it isn't completely confident in.
Inside the company, what it really did was raise our bar. Working with an operator at that scale forces you to think about edge cases, integrations, governance, and resilience in ways you might not if your early customers are smaller. It made us a more disciplined product organisation.
The partnership is also genuinely two-way. Their teams give us honest product feedback and are helping to co-create the future of our platform. It has pushed us toward a direction where we can design and build for the most complex operators while staying accessible to smaller ones.
Q: You're now expanding into the UK, Australia, and the Middle East. Regulatory frameworks across these regions are quite different – how do you balance building a platform that works across jurisdictions without losing depth in any single one?
Waddleton: The honest answer is that you build the platform around the things that don't change, and you make everything else configurable. The fundamentals of aviation compliance – risk-based oversight, evidence, traceability, who's authorised to do what – are remarkably consistent whether you're under the CAA, CASA, the GCAA, or others. The differences sit in the specifics: form numbers, reporting cadence, exposition structures, language. All of which are flexible in the OneReg platform.
So our approach is a universal core engine with regional configuration layered on top, built with people who actually live in those regions. We hire and partner locally. We don't pretend to be CASA experts from a desk in Auckland – we work hard to build deep relationships and working partnerships with aviation providers and regulators in each region we expand into. Depth in each jurisdiction is non-negotiable, even when it takes longer to build.
Q: OneReg recently became a female-majority company in an industry where women still hold a small fraction of technical and leadership roles. Beyond the milestone itself, how has that diversity tangibly influenced the way you build products and work with customers?
Waddleton: I think diversity has had a very real impact on the way we build products. When you have a team made up of people with different backgrounds, experiences, and ways of thinking, you naturally design for a broader range of users and operational realities. You ask different questions, challenge assumptions earlier, and spot gaps that a more homogeneous team might miss.
That's especially important in aviation software, where the people using the product can range from compliance managers and pilots to operations teams and executives. We've always wanted OneReg to feel intuitive and practical in the real world, not just technically capable. Having diverse perspectives in the room helps us build software that genuinely fits how operators work day to day, rather than forcing them to adapt around the technology.
The other thing we've seen is the impact it has on talent. Becoming a female-majority company has absolutely changed who wants to work here. We're attracting incredible people – including senior women from across aviation and technology – who are looking for an environment where they can have influence, challenge ideas, and help shape the future of the industry. That diversity of thought ultimately makes us a stronger partner for our customers too.
Q: Working daily with airports and airlines across multiple regions gives you a unique perspective. What do you see as the biggest trends and challenges shaping aviation right now?
Waddleton: A few things stand out. The first is the workforce challenge. Aviation is losing decades of expertise to retirement faster than it's replacing it. That has direct compliance implications, because so much of it has historically lived in the heads of senior engineers, operations and quality leads. Capturing and operationalising that knowledge before it walks out the door is urgent.
The second is regulatory acceleration. Regulators are putting through more change in shorter cycles – sustainability reporting, AI governance, fatigue management, cyber.
The third is a shift in how performance is measured. Audit findings used to be the main scorecard. Now we're seeing leading operators and regulators talk about predictive indicators, real-time risk pictures, and proactive intervention. That requires very different infrastructure underneath it.
And lastly is the rapid acceleration of AI capability. One of the greatest opportunities we see is in AI-assisted decision-making across the operation, but to explore that potential most effectively, you need operational data flowing into one source of truth in real time. Digitising procedures, manual processes and evidence capture has to happen first before AI can run atop the information for meaningful insights and actions.
Q: Building a platform for a safety-critical industry requires a very specific kind of technology expertise. What have you learned about what it takes to build and scale a product in aviation – where the margin for error is essentially zero?
Waddleton: The first thing I learned is humility. In SaaS generally, you can ship, learn, iterate. In aviation, a bug isn't a bug – it's a finding, a grounded aircraft. So the rhythm of how you build is fundamentally different. You treat every release as a materially important event. And you build for auditability from the first line of code, not as a feature you bolt on later.
I've learned that embedding domain experts everywhere in the business is our key to success. We have people with aviation backgrounds in all teams – not just as advisors, but doing the day-to-day work in product, engineering, and customer-facing roles. They're passionate about improving safety and efficiency in this industry specifically, and they understand the operational worlds of our customers in a way that can't be taught without direct aviation experience.
Q: As airlines and airports adopt AI in their operations, new questions around regulation, ethics, and accountability come with it. How does OneReg help operators navigate the compliance side of AI?
Waddleton: AI is interesting because the regulatory frameworks are still being written, but operators are already deploying it – for crew rostering, predictive maintenance, customer operations. There's currently a significant gap between what's possible and what's clearly governed.
What we help with is essentially the evidence layer. If an operator is using AI to make or inform safety-related decisions, they need to demonstrate what model is in use, what data trained it, who approved it, when it was last reviewed, and how human oversight is structured. That's compliance work, and it looks a lot like the documentation discipline aviation already has – it just needs to be applied to a new class of asset.
We're also tracking emerging frameworks closely – EASA's AI roadmap, the EU AI Act, what CASA and the CAA are signalling – so our customers aren't scrambling to retrofit their governance later. The operators who will navigate this best are the ones who treat AI governance as a continuation of their existing safety management system, not a separate problem.
Q: Looking back at your time at OneReg, what's one achievement you're most proud of?
Waddleton: It's tempting to point to the Air New Zealand partnership or our international expansion, but the achievement I'm proudest of right now is the team and culture we've built. In an industry that hasn't historically been especially diverse, building a place where exceptional talent from all backgrounds want to come and stay – and where everyone does the best work of their career – feels like the foundation everything else is built on.
The customer wins matter, of course. But culture is the thing that compounds, and I think it underpins all other achievements.
Q: Looking ahead two to three years – what does the compliance landscape look like if digital adoption continues at its current pace, and what happens to operators who don't make the shift?
Waddleton: In two to three years, I think we'll look back at this period as the point where digital compliance stopped being a competitive advantage and became table stakes. Regulators are already moving toward accepting digital evidence as the primary record, and in some jurisdictions they'll expect it. The audit cycle itself will compress – from periodic intensive audits toward something closer to continuous oversight, supported by data the operator already has.
For operators who make the shift, that's actually a better world – fewer surprises, lower cost of compliance, more capacity for the safety work that matters.
For operators who don't, the gap widens fast. Higher audit costs, slower regulatory approvals, harder hiring – younger workforces don't want to work in paper-based environments – and ultimately a competitive disadvantage on insurance and capital. The window where you could put off going digital indefinitely is rapidly closing.
