Folie 1
advertisement
WENRA ongoing work on (new) reactors Fabien FERON (Autorité de sûreté nucléaire – France) French representative to RHWG 22 May 2013 WENRA & new reactors 1 1 Agenda • A few words about WENRA • WENRA and existing reactors – Safety reference levels – PSR & LTO – Lessons learned from Fukushima Daiichi accident • WENRA and new reactors – Safety objectives for new NPPs – Common positions on selected key safety issues (booklet) • WENRA / MDEP interface 222 May 2013 LR WENRA & new reactors 2 2 WENRA (1/4) • WENRA is a network of Chief Regulators of EU countries with NPPs and Switzerland as well as of other interested European countries which have been granted observer status. • Original Terms of Reference signed on 4 February 1999 • In 1999 WENRA comprised of the heads of nuclear regulatory bodies from 10 countries. • The main objectives of WENRA at that time were to develop a common approach to nuclear safety and to provide an independent capability to examine nuclear safety in applicant countries. • Today (from March 2003) 17 countries are represented in WENRA.. • The main objectives of WENRA are – to develop a common approach to nuclear safety, with a commitment to continuous improvement of nuclear safety – to provide an independent capability to examine nuclear safety in applicant countries and – to be a network of chief nuclear safety regulators in Europe exchanging experience and discussing significant safety issues. 22 May 2013 WENRA & new reactors 3 WENRA (2/4) Members & observers • Members – – – – – – – – – – – – – – – – – • Observers – – – – – – – – Belgium Bulgaria Czech Republic Finland France Germany Hungary Italy Lithuania Romania Slovak Republic Slovenia Spain Sweden Switzerland The Netherlands United Kingdom 22 May 2013 Armenia Austria Denmark Ireland Luxemburg Norway Poland Russian Federation – Ukraine WENRA & new reactors 4 WENRA (3/4) Working groups • Two working groups were launched to harmonise safety approaches between countries in Europe – – Reactor Harmonisation Working Group (RHWG) and – Working Group on Waste and Decommissioning (WGWD). • The mandate of the working groups was to analyse the current situation and the different safety approaches, compare individual national regulatory approaches with the IAEA Safety Standards, identify any differences and propose a way forward to possibly eliminate the differences. The proposals were expected to be based on the best practices among the most advanced requirements for existing power reactors and nuclear waste facilities. – Working group dealing with inspection practices (WIG) was established and its mandate is fulfilled (report published in March 2012) – Ad-hoc working groups (as needed) • The aim is to continuously improve safety and to reduce unnecessary differences between the countries. 22 May 2013 WENRA & new reactors 5 WENRA (4/4) Publications (www.wenra.org) • • • WENRA – WENRA Conclusions arising from the Consideration of the Lessons from the TEPCO Fukushima Dai-ichi Nuclear Accident (May 2012) – The proposal by the WENRA Task Force about “Stress tests” specifications (Apr 2011) – WENRA statement on safety objectives for new nuclear power plants (Nov 2010) – Revised WENRA Terms of Reference (Mar 2010) – WENRA policy statement on harmonised safety approches (Dec 2005) RHWG – WENRA report on the safety of new NPP design (April 2013) – WENRA Position Paper on Periodic Safety Reviews (April 2013) – RHWG Booklet on Safety of new NPP designs: call for stakeholder comments (Nov 2012) – Pilot study on Long term operation (LTO) of nuclear power plants (Mar 2011) – Progress towards harmonisation of safety for existing reactors in WENRA countries (Jan 2011) – Safety Objectives for New Power Reactors: call for stakeholder comments (Sept 2009) – RHWG - Safety Reference Levels (January 2008) – RHWG - Safety Reference Levels (Modifications of March 2007) – RHWG - PSA Explanatory Note (March 2007) – WENRA Reactor Safety Reference Levels (January 2007) – Harmonisation of Reactor Safety in WENRA countries (Main Report, January 2006) WGWD – WGWD draft disposal report: call for stakeholder comments (Nov 2012) – New decommissioning safety reference levels: call for stakeholder comments (Dec 2011) – Waste and spent fuel storage safety reference levels report (version 2.1) (Feb 2011) – WGWD - Decommissioning Safety Reference Levels Report (version 1.0, working document) (March 2007) 22 May 2013 WENRA & new reactors 6 Agenda • A few words about WENRA • WENRA and existing reactors – Safety reference levels – PSR & LTO – Lessons learned from Fukushima Daiichi accident • WENRA and new reactors – Safety objectives for new NPPs – Common positions on selected key safety issues (booklet) • WENRA / MDEP interface 222 May 2013 WENRA & new reactors 7 7 WENRA & existing reactors Safety reference levels (1/3) Purpose and scope • Definition of harmonization: “No substantial differences between countries from the safety point of view - in generic, formally issued, national safety requirements, - and in their resulting implementation on Nuclear Power Plants.” Timeframe • Work initiated in 1999 • Pilot study (1999-2002) – 6 safety issues – 9 participating countries – Report published in 2003 • Main study (2003-2005) – 18 safety issues – 17 participating countries – Report published in 2006, stakeholders’ comments • Scope – Existing reactors only – Nuclear safety only – Focuses on requirements upon the licensees, not on regulatory practices • The harmonization study does not cover all safety aspects, only those where differences in safety could be expected • Balanced in terms of level of details 22 May 2013 WENRA & new reactors for • Reference Levels revised in 2007 then • • in January 2008 National action plans to harmonize Report on harmonization status published in January 2011 • On-going revision to take into account Fukushima Daiichi accident lessons learned 8 WENRA & existing reactors safety reference levels (2/3) Methodology • Selection of 18 “safety issues”, classified into 5 “safety areas” (safety management, design, operation, safety verification, emergency preparedness) – On the basis of their relevance for harmonization purposes Lessons learned/feedback • Large projects have been undertaken to “transpose” the RLs into the national regulatory documents • Considerable progress has been made since 2006 towards harmonization – Some work still going on in some WENRA countries – It has also resulted in safety improvements on some NPPs • For each issue, development of a set of “Reference Levels” (295 in total) – Mainly on the basis of the IAEA Safety Standards • Transparent • The most exhaustive joint international use of the IAEA Safety Standards – In a few cases, using existing national requirements – Reflecting best practices (“highest quartile”) • The RLs do not constitute new regulatory standards, they are a tool for harmonization 22 May 2013 WENRA & new reactors • dialogue with the stakeholders at the European level, In particular with the industry (creation of ENISS) This project has been possible due to: – The commitment to harmonization of each WENRA member – The framework based on voluntary cooperation – The atmosphere of openness and mutual trust 9 WENRA & existing reactors Safety reference levels (3/3) Safety area Safety management Design Operation Safety verification Issue Number of RLs Issue A – Safety Policy 295 reference Issue B – Operating Organization levels Issue C – Management System Issue D – Training and Authorization of (NPP) staff Issue E – Design of existing Reactors Issue F – Design extension of existing reactors Issue G – Safety Classification of Structures, Systems & Components Issue H – Operational Limits and Conditions Issue I – Ageing Management Issue J – System for Investigation of Events & Operational Experience Feedback Issue K – Maintenance, In-Service, Inspection & Functional Testing Issue LM – Emergency Operation & Severe Accident Management Guidelines Issue N – Contents and updating of Safety Analysis Report Issue O – Probabilistic Safety Analysis 8 15 23 15 44 12 7 19 8 Issue P – Periodic Safety Review Issue Q – Plant modifications Issue R – On-site Emergency Preparedness Emergency preparedness Issue S – Protection against internal fires 22 May 2013 WENRA & new reactors 16 20 14 16 16 9 15 18 20 10 WENRA & existing reactors Long term operation and PSR (1/2) • Pilot study on Long term operation (LTO) of nuclear power plants (March 2011) – 2 reasons for limiting the lifetime of a plant could be: • • it appears that at a given time, the plant will no more comply with its currently applicable regulatory requirements; or implementation of the safety enhancements that the regulator considers necessary for the plant to be further operated are not carried out. – There is no real cliff edge effect neither in the level of safety or technical degradation due to ageing when reaching the original design lifetime. (The licensee may be able to justify operation beyond the original design lifetime.) – PSR is an appropriate time to assess LTO. – Technical ageing of components is one aspect of the LTO and is covered by existing documents and international standards (IAEA…) not a priority topic for WENRA. – In PSR for existing reactors, WENRA safety objectives for new NPPs and other relevant modern standards should be used as a reference with the aim of identifying reasonably practicable safety enhancements. • Regarding safety enhancements that will be required for long term operation, one important element in the evaluation of what is “reasonable” will be the remaining time for which the considered plant will be operated before final shutdown. • Despite the fact that existing reactors undergo PSR as a result of which safety enhancements are implemented, it is likely that there will remain a difference between the safety level of oldest and newest reactors (e.g. : core melt prevention and mitigation) – Whether this difference is acceptable or not in the long term implies not only technical judgment but also political, economical and financial considerations which are clearly out of the scope of the RHWG work 22 May 2013 WENRA & new reactors 11 WENRA & existing reactors Long term operation and PSR (2/2) • RHWG position paper on Periodic Safety Review (March 2013) – A strong PSR process is a very important contributor to continuous improvement of safety of nuclear power plants. – WENRA reference revels (RLs) for existing NPPs cover the topic of PSR in Issue P. – Need to undertake a comprehensive analysis of all potential plant faults and hazards as part of the PSRs using both deterministic and probabilistic methods in a complementary manner to provide as full coverage of all safety aspects as possible. • On multi-unit sites, the plant should be considered as a whole in safety assessments and interactions between different units need to be analysed. – In addition, the review must consider any issues that might limit the future life of the facility or its components and explain how they will be managed. – All reasonably practicable improvement measures shall be taken by the licensee as a result of the review. – The need for improvements can also occur anytime between PSRs and significant issues that may put at risk the safety of the plant shall be addressed without delay. 22 May 2013 WENRA & new reactors 12 WENRA & existing reactors RLs update in light of TEPCO Fukushima accident (1/2) • WENRA Conclusions arising from the Consideration of the Lessons from the TEPCO Fukushima Daiichi Nuclear Accident (March 2012) – WENRA is ready to tackle further issues as necessary on the basis of the lessons learned from the Fukushima accident. WENRA’s commitment is to proceed along the path of defining or revising existing RLs as well as developing guidance documents for practical use by regulators. T.1 Natural hazards • WENRA will produce updated harmonised guidance for the identification of natural hazards, their assessment and the corresponding assessment for “cliff-edge” (margins) effects. RLs will be updated accordingly. T.2 Containment in Severe Accident • WENRA will review RLs in light of the various measures identified to prevent containment overpressurisation, including those relevant for hydrogen mitigation and containment venting, and modify them if necessary. T.3 Accident Management • WENRA will review RLs in light of the various measures identified in relation to organisational and material arrangements for preventing or mitigating a significant radiological release, and modify them if necessary. – The results from the stress tests and conclusions from the CNS 2012 will be incorporated as soon as hey become available. 22 May 2013 WENRA & new reactors 13 WENRA & existing reactors RLs update in light of TEPCO Fukushima accident (2/3) Extraordinary meeting of the CNS (August 2012) Newly national published or under development regulation or regulatory guidance “generated” by Fukushima accident. This would allow RHWG (and the WGs) to consider them as potential RLs. WENRA WG T1 WENRA WG T2 WENRA WG T3 WENRA WG I3 Each WG work is focused on the topic it address, not on a specific issue (e.g. : issue LM for WG T-3 on accident management) of the RLs Booklet on new NPPs 22 May 2013 IAEA review/revision of safety standards : DS462DO for revision of IAEA requirements IAEA Gap analysis was performed against requirements published (or approved) mid-2011. RLs were established taking into account 2007 safety standards WENRA & new reactors EU stress tests ENSREG peer review report + ENSREG compilation of (EU wide + national) recommendations ENSREG peer review report covered quite well the topic. National reports could be considered as national gap analysis. 14 WENRA & existing reactors RLs update in light of TEPCO Fukushima accident (3/3) • The goals of the review/revision of RLs (January 2008 version) are: – To have a full review of all RLs but only in relation to Fukushima lessons learned • take into account impact of IAEA SSR 2-1 (Design of NPP – 2012) on Issues E (design basis) and F (design extension) • take into account of new requirements published by IAEA since 2008 (based on IAEA gap analysis performed at the end of 2011) – To ensure RLs are still consistent after the update – To ensure RLs are still balanced (high level vs detailed level of expectations) – To have a new WENRA commitment on the RLs, to ensure their implementation at operating plants in WENRA countries • Timeframe for the process: – New/updated RLs will be submitted to WENRA in November 2013 to be cleared for stakeholder comments. 22 May 2013 WENRA & new reactors 15 Agenda • A few words about WENRA • WENRA and existing reactors – Safety reference levels – PSR & LTO – Lessons learned from Fukushima Daiichi accident • WENRA and new reactors – Safety objectives for new NPPs – Common positions on selected key safety issues (booklet) • WENRA / MDEP interface 222 May 2013 WENRA & new reactors 16 16 WENRA & new reactors Safety objectives (1/3) • WENRA work on new reactors safety initiated in 2008 • Based on a review of the existing national and international (IAEA) documentation, which showed consistency among the documents on the main lines of expected safety improvements: – – – – – – – – Reinforce the defence-in-depth (each level and their independence) Extend the design (include severe accidents, as a new level of defence) Reduce the necessity of off-site measures in case of accident Consider safety issues in existing plants Increase components and systems diversity Increase protection against hazards Pay more attention to security and safety/security interface Better consider management of safety • Development of WENRA safety objectives • RHWG report (scope, methodology, proposed objectives, areas of improvements, potential quantitative targets…) released in January 2010 • Stakeholders consultation through WENRA website • WENRA statement released in November 2010 22 May 2013 WENRA & new reactors 17 WENRA & new reactors Safety objectives (2/3) • O1. Normal operation, abnormal events and prevention of accidents • Reducing the frequency of abnormal events • Better controlling abnormal events • O2. Accidents without core melt • No or only minor off-site radiological impact • Reducing, as far as reasonably achievable, the core damage frequency • Reducing, as far as reasonably achievable, the radioactive releases from all sources • Reducing the impact of external hazards and malevolent acts • O3. Accidents with core melt • Reduce potential releases, also in the long term – Accidents leading to large or early releases: practically eliminated – Other core melt accidents: only limited protective measures in area and time 22 May 2013 WENRA & new reactors • O4. Independence between all levels of defence-in-depth • Enhancing the effectiveness of the independence • O5. Safety and security interfaces • Integration, seeking synergies between safety and security • O6. Radiation protection and waste management • Reducing as far as reasonably achievable – Individual and collective doses – Radioactive discharges to the environment – Quantity and activity of radioactive waste • O7. Leadership and management for safety • The licensee shall have sufficient in house technical and financial resources • From the design stage, all organisations 18 WENRA & new reactors Safety objectives (3/3) • Use in UK GDA process : ONR Summary of the detailed design assessment of the Electricité de France SA and AREVA NP SAS UK EPRTM nuclear reactor (Step 4 of the GDA process) - 14 December 2011 – “In 2009, a set of safety objectives for new power reactors (Reference 22), updated in November 2010. ONR was active in the development of these objectives and we consider them to be in line with our own SAPs, and therefore are included within GDA. As a result, we conclude that, once the GDA Issues have been dealt with, and the GDA Assessment Findings adequately addressed, the UK EPR™ will meet the WENRA safety objectives for new reactors.“ • 22 WENRA statement on safety objectives for new nuclear power plants Western European Nuclear Regulators’ Association November 2010 Available via www.wenra.org • Use in France for the review of Atmea 1 safety options (31 January 2012) – ASN opinion : “Having regard to the safety objectives defined in November 2010 by the Western European Nuclear Regulators’ Association (WENRA) for new nuclear power plants ; “ – ASN staff report: “ASN staff did not, at the safety options stage, identify any incompatibilities between the safety options for the ATMEA1 reactor and the safety objectives as set out by WENRA. However, this will require confirmation in the event of a possible creation authorisation application as, so far: • • the location site for the reactor is unknown, which implies that the scale of the external hazards (both natural and human) and the demographic and natural environment (in the context of the possibilities for effective counter-measures) are unknown; the operator and the detailed design of the installation are still unknown.” 22 May 2013 WENRA & new reactors 19 WENRA & new reactors Report setting common positions (1/28) • The WENRA safety objectives are by nature high level. When the WENRA statement was published in November 2010, it was already recognized that supplementing them with some more detailed common positions on selected issues would help to clarify the meaning. • The 2013 WENRA report (“booklet”) sets out the common positions established by the RHWG on the selected key safety issues. – The safety issues were chosen on the basis that they were particularly relevant to the expectations for new reactors in comparison with existing reactors. – The topics were selected so that they would be relevant for the design of new reactors, constitute an entity and also to make it possible to complete the work by the end of 2012, taking into account the resources of the RHWG. • The report presents WENRA safety expectations for the design of new NPPs. – These expectations are defined in addition to the recent design requirements presented in international texts such as the ones presented in IAEA SSR-2/1. – The work was initiated and also a major part of the work was carried out before the TEPCO Fukushima Daiichi accident the report discusses also some considerations based on the major lessons from this accident, especially concerning the design of new NPPs, and how they are covered in the new reactor safety objectives and the common positions. 22 May 2013 WENRA & new reactors 20 WENRA & New reactors Report setting common positions (2/28) 01 Introduction 02 WENRA safety objectives for new nuclear power plants 03 Selected key safety issues 03.1 Position 1: Defence-in-depth approach for new nuclear power plants 03.2 Position 2: Independence of the levels of Defence-in-depth 03.3 Position 3: Multiple failure events 03.4 Position 4: Provisions to mitigate core melt and radio-logical consequences 03.5 Position 5: Practical elimination 03.6 Position 6: External hazards 03.7 Position 7: Intentional crash of a commercial airplane 04 Lessons Learnt from the Fukushima Dai-ichi accident 04.1 External hazards 04.2 Reliability of safety functions 04.3 Accidents with core melt 04.4 Spent Fuel Pools 04.5 Safety assessment 04.6 Emergency preparedness in design Annex 1 WENRA Statement on Safety Objectives for New Nuclear Power Plants, November 2012 22 May 2013 WENRA & new reactors 21 WENRA & new reactors Report setting common positions (3/28) • First phase – – – – – Intentional crash of a commercial airplane Defence-in-Depth approach for new nuclear power plants Independence of Defence-in-Depth levels Practical elimination Provisions to mitigate accidents with core melt and their radiological consequences • Second phase – Multiple failure conditions – External hazards • Third phase : consistency with lessons learned from Fukushima accident Some technical exchanges with ENISS/EUR/interested vendors while developing the positions (3 meetings) • Stakeholder consultation through WENRA website (late 2012) • Final version endorsed by WENRA (March 2013) 22 May 2013 WENRA & new reactors 22 WENRA & new reactors Report (4/28) - Defense in depth (1/2) • For new reactor designs, there is a clear expectation to address in the original design what was often “beyond design” for the previous generation of reactors, such as multiple failure events and core melt accidents, called Design Extension Conditions (DEC) in IAEA SSR-2/1. • The scope of the related safety demonstration has to cover all risks induced by the nuclear fuel, including all fuel storage locations, as well as the risks induced by other relevant radioac-tive materials. • The phenomena involved in accidents with core/fuel melt (severe accidents) differ radically from those which do not involve a core melt core melt accidents should be treated on a specific level of DiD. • In addition, for new reactors, design features that aim at preventing a core melt condition and that are credited in the safety demonstration should not belong to the same level of DiD as the design features that aim at controlling a core melt accident that was not prevented. • Single initiating events and multiple failure events are two complementary approaches that share the same objective: controlling accidents to prevent their escalation to core melt conditions multiple failure events are a part of the 3rd level of DiD, but with a clear distinction between means and conditions (two sub-levels in DiD level 3). 22 May 2013 WENRA & new reactors 23 WENRA & new reactors Report (5/28) - Defense in depth (2/2) 22 May 2013 WENRA & new reactors A frame for the other WENRA positions 24 WENRA & new reactors Report (6/28) : Independence of the levels of DiD (1/2) • There shall be independence to the extent reasonably practicable between different levels of DiD so that failure of one level of DiD does not impair the defence in depth ensured by the other levels involved in the protection against or mitigation of the event. • This deals with the independence between systems, structures and components (SSCs) important to safety, allocated to different levels of DiD. It does not aim to address independence between SSCs important to safety within a level of DiD nor administrative/procedural aspects. • Independent SSCs for safety functions on different DiD levels shall possess both of the following characteristics: – the ability to perform the required safety functions is unaffected by the operation or failure of other SSCs needed on other DiD levels; – the ability to perform the required safety functions is unaffected by the occurrence of the effects resulting from the postulated initiating event, including internal and external hazards, for which they are required to function. • The means to achieve independence between levels are adequate application of diversity, physical separation (structural or by distance) and functional isolation • Attention shall be paid to the design of auxiliary and support systems (e. g. electrical power supply, cooling systems) and other potential cross cutting systems. 22 May 2013 WENRA & new reactors 25 WENRA & new reactors Report (7/28) : Independence of the levels of DiD (2/2) • DiD level 3 should be independent to the extent reasonably practicable from levels 1 and/or 2 • This independence is so that the failure of SSCs used in normal operation and/or in anticipated operational occurrences does not impair a safety function required in the situation of a postulated single initiating event or of a multiple failure event resulting from the escalation of such failures during normal operation or a level 2 event. • DiD sublevels 3a and 3b should be independent to the extent reasonably practicable from each other • For the safety analyses of postulated multiple failure events, credit may be taken from SSCs used in case of postulated single initiating events as far as these SSCs are not postulated as unavailable and are not affected by the multiple failure event in question; • SSCs specifically designed for fulfilling safety functions used in postulated multiple failure events (additional safety features) should not be credited for level 3.a event analyses for the same scenario. • DiD level 4 (Complementary safety features) should be independent to the extent reasonably practicable from all the other levels • Specific considerations on : emergency AC power supply , separation of cables, reactor protection system an other I&C aspects, containment, reactor pressure vessel 22 May 2013 WENRA & new reactors 26 WENRA & new reactors Report (8/28) : Multiple failure Events (1/3) • Design provisions considered in level 3.b for postulated multiple failures shall further decrease the frequency and/or mitigate consequences of sequences beyond those considered in the design basis for existing reactors so far, such as anticipated transients with-out scram (ATWS) or station black out (SBO) scenarios. • The report only addresses multiple failures resulting from common cause failures, affecting the same safety or safety related system. – Other common cause failures affecting different safety (or safety related) systems are not postulated. – Are not considered random failures that affect simultaneously several safety (or safety related) systems. – Are not considered failures affecting one or several safety (or safety related) systems due to external or internal hazard (e.g. earthquake, flooding, fire); • Multiple failure events to be considered at the design stage are characterized as: – a postulated common cause failure or inefficiency of all redundant trains of a safety system needed to fulfill a safety function necessary to cope with an anticipated operational occurrences (AOO) or a single PIE, or – a postulated common cause failure of a safety system or a safety related system needed to fulfill the fundamental safety functions in normal operation. 22 May 2013 WENRA & new reactors 27 WENRA & new reactors Report (9/28) : Multiple failure Events (2/3) • Methodology of identification of multiple failure events – Starts with a list of AOO and PIE and the identification of (safety or safety related) systems needed to cope with them – Covers all operational states and includes failures of spent fuel cooling – Mainly deterministic procedure, supported by PSA Selection of a reasonable number of limiting (bounding) cases • Any general cut-off frequency should be justified, considering in particular the overall core damage frequency (CDF) aimed at. • Design expectations – Safety assessment of the selected multiple failures events is performed according to a deterministic approach – Addressing multiple failure events emphasizes diversity in the design provisions of the third level of DiD (sublevel 3b) – The expectations for the additional safety features on the sublevel 3b of the DiD do not have to be as stringent as for sublevel 3a but they should have sufficient redundancy of active components to reach adequate reliability. 22 May 2013 WENRA & new reactors 28 WENRA & new reactors Report (10/28) : Multiple failure Events (3/3) Examples of postulated common cause failures of safety systems needed to fulfill a safety function necessary to cope with an AOO or a single PIE Denotation Postulated Initiating Event Loss of a safety system Small LOCA Medium head safety injection Small LOCA Low head safety injection Station blackout Loss of off-site power Emergency power supply Total loss of feed water Loss of main feed water Emergency feed water supply ATWS Anticipated Transient Fast shutdown LOCA Examples of postulated common cause failures of safety systems needed to fulfill the fundamental safety functions in normal operation 22 May 2013 Denotation Initiating condition Loss of a system Loss of RHR normal operation Residual heat removal Loss of UHS normal operation Ultimate heat sink Loss of CCW/ECW normal operation Component cooling water / essential cooling water Loss of spent fuel pool cooling normal operation Spent fuel pool cooling WENRA & new reactors 29 WENRA & new reactors Report (11/28) : core melt & radiological consequences (1/6) • The goal behind WENRA safety Objective O3 is that the NPPs have to be designed in such a way that even in case of an accident with core melt “only limited protective measures in area and time are needed for the public and that sufficient time is available to implement these measures”. • Core melt accidents (severe accidents) have to be considered when the core is in the reactor, but also when the whole core or a large part of the core is unloaded and stored in the fuel pool. • Provisions have to be taken to prevent accidents which would require protective actions for the public that could not be considered as limited in area and time (large release) and also to prevent accidents which would require protective actions for the public for which there would not be sufficient time to implement these measures (early release). • Any reasonably achievable solution which would further reduce the radiation doses of workers or the population or environmental consequences should be implemented. • In such an accident, the reactor containment structure is the main barrier for protecting the environment from the radioactive materials maintain its integrity throughout the course of such an accident. • In addition to the containment structure there have to be complementary safety features included in the design of the plant and procedures implemented to mitigate the consequences of core melt accidents. 22 May 2013 WENRA & new reactors 30 WENRA & new reactors Report (12/28) : core melt & radiological consequences (2/6) • In order to reliably maintain the containment barrier – Complementary safety features (DiD level 4) specifically designed for fulfilling safety functions required in postulated core melt accidents shall be • independent to the extent reasonably practicable from the SSCs of the other levels of DiD. • safety classified and adequately qualified for the core melt accident environmental conditions for the time frame for which they are required to operate; – It shall be possible to reduce containment pressure in a controlled manner in a long term taking into account the impact of non-condensable gases – Containment heat removal during core melt accidents shall be ensured. – If a containment venting system is included in the design, the safety margins in containment dimensioning shall be such that it should not be needed in the early phases of the core melt accident, to deal with the containment pressure due to the non-condensable gases accumulating in the containment; – If included in the design, the containment venting system shall not be designed as the principal means of removing the decay heat from the containment; – The systems and components necessary for ensuring the containment function in a core melt accident shall have reliability commensurate with the function that they are required to fulfil. This may require redundancy of the active parts; – The strength of the containment (including the access openings, penetrations and isolation valves) shall be high enough to withstand, with sufficient margins to consider uncertainties, static and dynamic loads during core melt accidents that have not been practically eliminated – There shall be appropriate provisions to prevent the damage of the containment due to combustion of hydrogen 22 May 2013 WENRA & new reactors 31 WENRA & new reactors Report (12/28) : core melt & radiological consequences (3/6) • In order to reduce the release of radioactive substances: – there shall be provisions to reduce the amount of fission products in the containment atmosphere in case of the core melt accident; – there shall be provisions to reduce the pressure inside the containment; • if a containment venting system is included in the design to reduce the containment pressure in a core melt accident, it shall have a filtering capability; – the containment penetrations should be surrounded by secondary structures to collect the potential leakages from the containment. • Any instrumentation required to decide on countermeasures shall be included in the design. This instrumentation shall – be safety classified, adequately qualified for environmental conditions – have reliability commensurate with the function to be fulfilled. 22 May 2013 WENRA & new reactors 32 WENRA & new reactors Report (13/28) : core melt & radiological consequences (4/6) • Analysis methodology – Deterministic analyses shall cover core melt scenarios starting from all operational states. Postulated core melt accidents are typically considered with realistic assumptions and best estimate methodologies. • Adequate methods have to be utilised in order to show the robustness and reliability of the approach. • On-site and off-site radiological consequences shall be analysed using stated and justified assumptions. • Any possible influence from and on other nuclear facilities in the vicinity of the plant shall be analysed. – The probabilistic safety assessment (PSA) is complementary to the deterministic analyses. • Comprehensive level 2 PSA of sufficient scope shall be carried out to demonstrate that the containment function can be shown to be reliable to meet WENRA Safety Objective O3. • PSA shall also be used to demonstrate that the selection of accident sequences for deterministic calculations is adequate for the design of severe accident provisions. 22 May 2013 WENRA & new reactors 33 WENRA & new reactors Report (14/28) : core melt & radiological consequences (5/6) • For the design stage of a new NPP, to achieve WENRA Safety Objective O3 on the 4th level of the DiD, the following interpretations of limited protective measures are provided (specified zones are not meant to be used for emergency preparedness planning): – Immediate vicinity of the plant: based on the analysed consequences of postulated core melt accident, the design goal should aim at having a radius of this immediate vicinity zone towards the lower end of the IAEA suggested precautionary action zone (PAZ) range i.e. 3 km (evacuation zone) – Limited sheltering and iodine prophylaxis: based on the analysed consequences of the postulated core melt accident, the design goal should be to avoid a need for sheltering and iodine prophylaxis beyond the zone towards the lower end of the IAEA suggested urgent protective action planning zone (UPZ) range i.e. 5 km (sheltering zone). – No long-term restrictions in food consumption: based on the analysed consequences of the core melt accident, agricultural products beyond the sheltering zone should generally be consumable after the first year following the accident. – Sufficient time: Sufficient time is interpreted so that protective measures should be initiated early enough. Sufficient time to implement these protective measures is different for each measure and for each accident scenario and depends on the location of the reactor. Sufficient time for each measure shall be estimated and considered in the design of a reactor and during the site licensing. 22 May 2013 WENRA & new reactors 34 WENRA & new reactors Report (15/28) : core melt & radiological consequences (6/6) • WENRA interpretation of limited protective measures – To achieve WENRA Safety Objective O3, it is expected that the off-site radiological impact of accidents with core melt which are not practically eliminated only leads to limited protective measures in area and time – no permanent relocation, no long term restrictions in food consumption, no need for emergency evacuation outside the immediate vicinity of the plant, limited sheltering – Iodine prophylaxis is not mentioned in Objective O3 list of protective measures, but it shall also be limited in area and time. – Sufficient time shall be available to implement these measures. Design goal : Lower end of 3-5 km Measure Design goal: Lower end of 5-30 km Evacuation zone Sheltering zone Beyond sheltering zone No No No Evacuation May be needed No No Sheltering May be needed May be needed No Iodine Prophylaxis May be needed May be needed No Permanent relocation 22 May 2013 WENRA & new reactors 35 WENRA & new reactors Report (16/28) : practical elimination (1/3) • Accident sequences that are practically eliminated have • • a very specific position in the DiD approach because provisions ensure that they are extremely unlikely to arise so that the mitigation of their consequences does not need to be included in the design. According to WENRA safety objective O3, all accident sequences which may lead to early or large radioactive releases must be practically eliminated. The justification of the “practical elimination” should be primarily based on design provisions where possible strengthened by operational provisions. 22 May 2013 WENRA & new reactors 36 WENRA & new reactors Report (17/28) : practical elimination (2/3) SAFETY DEMONSTRATION Events considered to occur and consequences considered in the design Single postulated initiating events DiD level 3a Design basis* 22 May 2013 Multiple failure events DiD level 3b Confined fuel melt DiD level 4 Events which have to be practically eliminated, as would lead to large or early radioactive release Initiators (reactor vessel rupture…) Design extension* * Comparable to IAEA SSR 2.1 WENRA & new reactors Consequenti al faults (severe reactivity increases accidents…) Practical elimination 37 Fuel melt sequences challenging the confinement WENRA & new reactors Report (18/28) : practical elimination (3/3) • Means of practical elimination – It is physically impossible for the accident sequence to occur – The accident sequence can be considered with a high degree of confidence to be extremely unlikely to arise • The justification of the “practical elimination” should be primarily based on design provisions where possible strengthened by operational provisions. – The most stringent requirements regarding the demonstration of practical elimination should apply in the case of an event/phenomenon which has the potential to lead directly to a severe accident (i.e. to pass from DiD level 1 to level 4). – For engineered provisions the practical elimination can be done for instance by providing substantial increase of the protective means reliability. – Practical elimination of a condition cannot be claimed solely based on compliance with a general cut-off probabilistic value – Any additional reasonable practicable design features to lower the risk should be implemented Appropriate sensitivity studies should be included to confirm that sufficient margin to cliff edge effects exist. The degree of substantiation provided for a practical elimination demonstration should take account of the assessed frequency of the situation to be eliminated and of the degree of confidence in the assessed frequency (uncertainties associated with the data and methods shall be evaluated in order to underwrite the degree of confidence claimed). • Practical elimination provisions shall remain in place and valid throughout the plant lifetime. For example, in-service inspection and other periodic checks may be necessary. 22 May 2013 WENRA & new reactors 38 WENRA & new reactors Report (19/28) : external hazards (1/3) • External hazards addressed in the report are those natural or man-made (excluding malicious acts) hazards to a site or facilities that originate externally both to the site and its processes • • • External hazards can simultaneously affect the whole facility, including back-up safety systems including systems to manage severe accidents The licensee may have very little or no control over the initiating event Widespread failures and hindrances to human intervention may occur. The general design basis is that used to define the events that have been taken into account in the design and associated design basis analysis • Safety expectation – For new reactors external hazards should be considered as an integral part of the design • Level of detail and analysis provided should be proportionate to the contribution to the overall risk. – External Hazards considered in the general design basis of the plant should not lead to a core melt accident (Objective O2 i.e. level 3 DiD). – Accident sequences with core melt resulting from external hazards which would lead to early or large releases should be practically eliminated (Objective O3 i.e. level 4 DiD). For that reason, rare and severe external hazards, which may be additional to the general design basis, unless screened out, need to be taken into account in the overall safety analysis. This may be done by showing that all relevant safety SSCs required to cope with an external hazard are designed and adequately qualified to withstand the conditions related to that external hazards. 22 May 2013 WENRA & new reactors 39 Rare and severe external hazards are additional to the general design basis, and represent more challenging or less frequent events. This is a similar situation to that between Design Basis Conditions (DBC) and Design Extension Conditions (DEC); they need to be considered in the design but the analysis could be realistic rather than conservative. WENRA & new reactors Report (20/28) : external hazards (2/3) • Safety demonstration – Identification of external hazards (generic + site specific) – Screening of external hazards • Each identified hazard should be selected for analysis if – It is physically capable of posing a threat to nuclear safety – The frequency of occurrence is higher than pre-set criteria The pre-set frequency criteria may differ depending on the analysis that is to be undertaken (general design basis, rare or severe external hazards, PSA) • Screening process should explicitly consider correlated events and combinations of events. – Determination of hazards parameters – All of the external hazards that are selected should be characterized in terms of their severity/magnitude and duration – Characterisation of the external hazard shall be conservative for the general design basis analysis and could be realistic/best estimate for rare and severe external hazards analysis and PSA. – Analysis considerations (uncertainties, cliff-edge, consequential effects, climate change, multitple unit site…) 22 May 2013 WENRA & new reactors 40 WENRA & new reactors Report (21/28) : external hazards (3/3) 22 May 2013 WENRA & new reactors 41 WENRA & new reactors Report (22/28) : Intentional airplane crash (1/2) • Despite measures taken to prevent the intentional crash of a commercial airplane, this event should be considered in the design of new reactors. • Such crash should not lead to core melt accident and therefore not cause more than a minor radiological impact (Objective O2) – Releases could however exceed those considered in other events not involving core melt Safety functions required to bring and maintain the plant in a safe state shall be protected adequately • Direct and indirect effects of crash shall be considered – effects of direct and secondary impacts on mechanical resistance of relevant safety structures and systems – effects of vibrations on relevant safety structures and systems – effects of combustion and/or explosion of airplane fuel on the integrity of the relevant safety structures and systems – Fires caused by airplane fuel shall be assessed as different kinds of fire ball and pool fire combinations. – Other consequential fires due to the airplane crash shall be addressed. • Airplane fuel shall not enter buildings (or relevant part of buildings) containing nuclear fuel or housing key safety function. 22 May 2013 WENRA & new reactors 42 WENRA & new reactors Report (23/28) : Intentional airplane crash (2/2) • Safety demonstration – A realistic approach can be followed in the analysis • Use of best estimate material properties and state-of-the-art analytical methods. • Realistic failure criteria could be used. • Not necessary to consider other coincident failure of plant and equipment. – Sensitivity analysis shall be performed to confirm sufficient margin to cliff edge effects. – The effect of the event on the ability of plant personnel and off-site services to fulfill necessary actions shall be taken into account. 22 May 2013 WENRA & new reactors 43 WENRA & new reactors Report (24/28) : TEPCO Fukushima accident (1/5) • The Fukushima Daiichi accident demonstrates/confirms – the importance of properly implementing the DID principle (Positions 1, 2 and 3), • getting the design basis for external hazards right, • providing adequate protection against external hazards – the need to ensuring strong PSR process together with independent regulatory body to drive it. – the need to have comprehensive safety analysis using both deterministic and probabilistic methods in a complementary manner to provide as full coverage of all safety factors as possible. – the need, in the safety assessment, for specific considerations for multi-unit sites and to address long term aspects. • The Fukushima Daiichi accident also demonstrates the importance of – adequate on-site resources that are adequately qualified against external hazards and the effects of core melt accidents. – a control room and emergency response centre adequately protected against external hazards. – cooling and integrity of spent fuel pools as well as for the reactors. – siting, as it has design implications, in particular in terms of securing sufficient diverse electrical and cooling supplies. 22 May 2013 WENRA & new reactors 44 WENRA & new reactors Report (25/28) : TEPCO Fukushima accident (2/5) • External hazards need to take account of rare and severe • hazards (Position 6). Reliability of safety functions – Decay heat removal • The NPP shall have arrangements to enable the decay heat removal in rare and severe hazards (Position 6). For this situation, protection of necessary electrical power supplies has to be ensured. Consistently with the DiD approach (Position 1), loss of the primary ultimate heat sink or access to it should be considered in the design. • The primary and alternative means for decay heat removal in an emergency should function independently. – Ensuring the energy supply • Where safety functions of NPPs rely on AC power, diverse emergency AC power supply shall be required as a part of DiD sub-level 3.b additional safety features (Positions 2 and 3). • Need for increasing the reliability of electrical power supply at NPPs and securing adequate battery capacity. • The correct fail-safe position of safety related equipment, in case of loss of energy supply, needs to be considered in the design, taking into account potential conflicting demands on this equipment. 22 May 2013 WENRA & new reactors 45 WENRA & new reactors Report (26/28) : TEPCO Fukushima accident (3/5) • Accidents with core melt – Accidents with core melt which would lead to early or large releases should be practically eliminated (Position 5). – Accidents with core melt need to be considered in the design of NPPs. Complementary safety features (Position 2) which ensure the adequate integrity of the containment in case of an accident leading to a core melt need to be included in the design (Position 4). – Filtering capability for the containment venting, if any, to remain within containment ultimate pressure strength (Position 4). – Provisions for hydrogen management shall be implemented (Position 4). – Robust complementary safety features (DiD level 4) specifically designed for fulfilling safety functions required in postulated core melt accidents should be independent to the extent reasonably practicable from the SSCs of the other levels of DiD (Positions 2 and 4). – The need to manage large volumes of contaminated cooling water and filtered containment venting over longer periods of time should be included in the design and accident management considerations. 22 May 2013 WENRA & new reactors 46 WENRA & new reactors Report (27/28) : TEPCO Fukushima accident (4/5) • Spent fuel pools – The accident also highlighted the need for adequate safety and the design of spent fuel pools. • This implies that single initiating events, multiple failure events (Position 3), internal hazards as well as external hazards (Position 6) should be properly ad-dressed. • In addition to having adequate instrumentation and control for the spent fuel pool, also under accident conditions, WENRA considers that both the DiD approach (Position 1, Position 3) and the practical elimination of accidents with early or large release (Position 5) are fully applicable for fuel storage pools. – The primary approach for spent fuel pools shall be to “practically eliminate” (Position 5) the possibility of extensive fuel damage due to mechanical, thermal or chemical effects. – The structural integrity of the spent fuel pools needs to be ensured, as needed to maintain sufficient water level in the pools in case of rare and severe external hazards (Position 6). 22 May 2013 WENRA & new reactors 47 WENRA & new reactors Report (28/28) : TEPCO Fukushima accident (5/5) • Safety assessment – A strong and effective periodic safety review process is very important for continuous improvement of safety of NPPs. – Long term accident mitigation measures should be considered in deterministic and probabilistic safety assessments and consideration given to the reliability and sustainability of the measures. – On multi-unit sites, the plant should be considered as a whole in safety assessments • Interactions between different units need to be analysed. • Hazards that may affect several units need to be identified and included in the analysis (Position 6). • Emergency preparedness in design – Events disrupting the regional infrastructure and affecting several units at the same site can have a significant adverse impact on the implementation of the required accident management actions. – Accessibility, functionability and habitability of the control room and of the emergency response centre have to be ensured. • This will require adequate protection against rare and severe external hazards. – Suitably shielded and protected spaces shall be provided to house necessary workers under postulated core melt accident conditions. – Accessibility of local control points required for manual actions has to be ensured. – Reliability and functionality of the on-site and off-site communication systems, equipment measuring releases, radiation levels and meteorological conditions need to be ensured, taking into account conditions related to rare and severe external hazards. 22 May 2013 WENRA & new reactors 48 Agenda • A few words about WENRA • WENRA and existing reactors – Safety reference levels – PSR & LTO – Lessons learned from Fukushima Daiichi accident • WENRA and new reactors – Safety objectives for new NPPs – Common positions on selected key safety issues (booklet) • WENRA / MDEP interface 222 May 2013 LR WENRA & new reactors 49 49 WENRA / MDEP interface (1/3) • Some members of MDEP are also members of WENRA • Finland, France, UK • 2010 MDEP annual report • “The MDEP STC has had the benefit of presentations on WENRA activities at meetings. In addition, WENRA documents are recognized as a valuable source of information and insights and can assist the MDEP STC in selecting future topics. In the area of safety goals, MDEP recognizes the work already underway by the WENRA-RHWG in this area” – Previous meeting in January 2010 (O. Gupta) on the development of safety objectives for new NPPs • “MDEP has begun to consider the addition of new topics and how they could be addressed by the program. The criteria that will be used in evaluating whether an activity should be undertaken as part of MDEP include: … any new MDEP activity should not duplicate similar efforts that are already ongoing or are planned to be undertaken by other more appropriate organizations such as the CNRA/WGRNR (or other NEA WGs), IAEA, GIF, WENRA, etc. except where MDEP could contribute to the ongoing work of these groups.” • “MDEP is using its influence to initiate change and will contribute to the success of other initiatives including those of IAEA, NEA and WENRA.” 22 May 2013 WENRA & new reactors 50 WENRA / MDEP interface (2/3) • 2011-2012 MDEP report • WENRA attended to the 2nd MDEP conference (Paris, September 2011) • “MDEP will used the following criteria to evaluate whether a proposed activity should be undertaken as part of MDEP (in the form of a working group for a new generic topic or a subcommittee of STC: … any new MDEP activity should not duplicate similar efforts that are already ongoing or are planned to be undertaken by other more appropriate organizations such as the CNRA/WGRNR (or other NEA WGs), IAEA, GIF, WENRA, etc. except where MDEP could contribute to the ongoing work of these groups.” • RHWG would welcome MDEP input, as part of stakeholder • consultation, when developing WENRA documents RHWG encourages the use of WENRA safety objectives and report when developing MDEP common positions – MDEP design specific working groups » EPR Working Group » AP1000 Working Group » APR1400 Working Group – MDEP issue specific working groups » Digital Instrumentation and Controls Working Group (DICWG) 22 May 2013 WENRA & new reactors 51 WENRA / MDEP interface (3/3) Collective discussion 22 May 2013 WENRA & new reactors 52 Thank you. RHWG Fabien Féron 22 May 2013 WENRA & new reactors 53 WENRA Existing reactors : Long term operation and PSR Safety level (new reactors) Benchmark for PSRs – modern standards including new reactors Safety level Impractical enhancement Continuous improvement Reasonably practicable safety enhancement (required) PSR Safety level (existing reactors) Original safety level Original safety requirements Time 10 years 20 years The concept of continuous improvement. 22 May 2013 WENRA & new reactors 54 ANNEX : WENRA safety objectives for new reactors (1/4) • O1. Normal operation, abnormal events and prevention of accidents – reducing the frequencies of abnormal events by enhancing plant capability to stay within normal operation. – reducing the potential for escalation to accident situations by enhancing plant capability to control abnormal events. • O2. Accidents without core melt – ensuring that accidents without core melt induce[1] no off-site radiological impact or only minor radiological impact (in particular, no necessity of iodine prophylaxis, sheltering nor evacuation[2]). – reducing, as far as reasonably achievable, • the core damage frequency taking into account all types of credible hazards and failures and credible combinations of events; • the releases of radioactive material from all sources. – providing due consideration to siting and design to reduce the impact of external hazards and malevolent acts. [1] In a deterministic and conservative approach with respect to the evaluation of radiological consequences. 22 May 2013 WENRA & new reactors 55 [2] However, restriction of food consumption could be needed in some scenarios. ANNEX : WENRA safety objectives for new reactors (2/4) •O3. Accidents with core melt – reducing potential radioactive releases to the environment from accidents with core melt[1], also in the long term[2], by following the qualitative criteria below: • accidents with core melt which would lead to early[3] or large[4] releases have to be practically eliminated[5] ; • for accidents with core melt that have not been practically eliminated, design provisions have to be taken so that only limited protective measures in area and time are needed for the public (no permanent relocation, no need for emergency evacuation outside the immediate vicinity of the plant, limited sheltering, no long term restrictions in food consumption) and that sufficient time is available to implement these measures. [1] For new reactors, the scope of the safety demonstration has to cover all risks induced by the nuclear fuel, even when stored in the fuel pool. Hence, core melt accidents (severe accidents) have to be considered when the core is in the reactor, but also when the whole core or a large part of the core is unloaded and stored in the fuel pool. It has to be shown that such accident scenarios are either practically eliminated or prevented and mitigated. [2] Long term: considering the time over which the safety functions need to be maintained. It could be months or years, depending on the accident scenario. [3] Early releases: situations that would require off-site emergency measures but with insufficient time to implement them. [4] Large releases: situations that would require protective measures for the public that could not be limited in area or time. [5] In this context, the possibility of certain conditions occurring is considered to have been practically eliminated if it is physically impossible for the conditions to occur or if the conditions can be considered with a high degree of confidence to be extremely unlikely to arise (from IAEA NSG1.10). 22 May 2013 WENRA & new reactors 56 ANNEX : WENRA safety objectives for new reactors (3/4) • O4. Independence between all levels of defence-in-depth – enhancing the effectiveness of the independence between all levels of defence-in-depth, in particular through diversity provisions (in addition to the strengthening of each of these levels separately as addressed in the previous three objectives), to provide as far as reasonably achievable an overall reinforcement of defence-in-depth. • O5. Safety and security interfaces – ensuring that safety measures and security measures are designed and implemented in an integrated manner. Synergies between safety and security enhancements should be sought. • O6. Radiation protection and waste management – reducing as far as reasonably achievable by design provisions, for all operating states, decommissioning and dismantling activities : • individual and collective doses for workers; • radioactive discharges to the environment; • quantity and activity of radioactive waste. 22 May 2013 WENRA & new reactors 57 ANNEX :WENRA safety objectives for new reactors (4/4) • O7. Leadership and management for safety – ensuring effective management for safety from the design stage. This implies that the licensee: • establishes effective leadership and management for safety over the entire new plant project and has sufficient in house technical and financial resources to fulfil its prime responsibility in safety; • ensures that all other organizations involved in siting, design, construction, commissioning, operation and decommissioning of new plants demonstrate awareness among the staff of the nuclear safety issues associated with their work and their role in ensuring safety. 22 May 2013 WENRA & new reactors 58 WENRA New reactors : safety objectives (3/4) These 7 safety objectives are derived from the IAEA Safety Fundamentals document (SF-1) which establishes ten safety principles (SP) IAEA SF-1 safety principles SP 3 Leadership and management for safety SP 5 Optimization of protection SP 6 SP 7 Limitation of risks to individuals Protection of present and future generations SP 8 Prevention of accidents 22 May 2013 WENRA safety objectives O1 O3 O4 O5 O6 WENRA & new reactors O2 59 O7 DiD according to IAEA (1/3) 1996 22 May 2013 WENRA & new reactors 60 DiD according to IAEA (2/3) Levels of DiD Objective Essential means Associated plant condition categories (for explanation - not part of original table) Level 1 Prevention of abnormal operation and failures Conservative design and high quality in construction and operation Normal operation Level 2 Control of abnormal operation and detection of failures Control, limiting and protection systems and other surveillance features Anticipated operational occurrences Level 3 Control of accident within the design basis Engineered safety features and accident procedures Design basis accidents (postulated single initiating events) Level 4 Control of severe plant conditions, including prevention of accident progression and mitigation of the consequences of severe accidents Complementary measures and accident management Mitigation of radiological consequences of significant releases of radioactive material Off-site emergency response Level 5 22 May 2013 WENRA & new reactors Multiple failures Severe accidents 61 DiD according to IAEA (3/3) (1) The purpose of the first level of defence is to prevent deviations from normal operation and the failure of items important to safety. – – – – 2012 This leads to requirements that the plant be soundly and conservatively sited, designed, constructed, maintained and operated in accordance with quality management and appropriate and proven engineering practices. To meet these objectives, careful attention is paid to the selection of appropriate design codes and materials, and to the quality control of the manufacture of components and construction of the plant, as well as to its commissioning. Design options that reduce the potential for internal hazards contribute to the prevention of accidents at this level of defence. Attention is also paid to the processes and procedures involved in design, manufacture, construction and in-service inspection, maintenance and testing, to the ease of access for these activities, and to the way the plant is operated and to how operating experience is utilized. This process is supported by a detailed analysis that determines the requirements for operation and maintenance of the plant and the requirements for quality management for operational and maintenance practices. (2) The purpose of the second level of defence is to detect and control deviations from normal operational states in order to prevent anticipated operational occurrences at the plant from escalating to accident conditions. – – 22 May 2013 This is in recognition of the fact that postulated initiating events are likely to occur over the operating lifetime of a nuclear power plant, despite the care taken to prevent them. This second level of defence necessitates the provision of specific systems and features in the design, the confirmation of their effectiveness through safety analysis, and the establishment of operating procedures to prevent such initiating events, or else to minimize their consequences, and to return the plant to a safe state. WENRA & new reactors (3) For the third level of defence, it is assumed that, although very unlikely, the escalation of certain anticipated operational occurrences or postulated initiating events might not be controlled at a preceding level and that an accident could develop. – – In the design of the plant, such accidents are postulated to occur. This leads to the requirement that inherent and/or engineered safety features, safety systems and procedures be provided that are capable of preventing damage to the reactor core or significant off-site releases and returning the plant to a safe state. (4) The purpose of the fourth level of defence is to mitigate the consequences of accidents that result from failure of the third level of defence in depth. – The most important objective for this level is to ensure the confinement function, thus ensuring that radioactive releases are kept as low as reasonably achievable. (5) The purpose of the fifth and final level of defence is to mitigate the radiological consequences of radioactive releases that could potentially result from accident conditions. – This requires the provision of an adequately equipped emergency control centre and emergency plans and emergency procedures for on-site and off-site emergency response. 62
