In early years, two quite distinct approaches to safety design and licensing were developed. The first has been associated with Frank Farmer (Farmer, 1967), who argued that the fundamental rule of engineering design requires recognizing the desirable inverse relationship between accident frequency and expected accident consequences. This method was elaborated by E. Siddall and others and then applied to the licensing of the first large-scale CANDU power plant. In this formulation, accidents of all types can be presented (Meneley, 1999) on a frequency versus consequence plot (Fig. 10.6). The initial Canadian approach was later modified to an intermediate

method combining the initial probabilistic formulation with specific require­ments to be applied separately to systems used to operate the plant, and secondly to an independent set of so-called Special Safety Systems whose only functions were to respond to abnormal conditions so as to shut off the chain reaction, close the containment envelope, and continue cooling the fuel. The current licensing regime in Canada continues in this same style, even though many detailed requirements have been added to the original concept.

The second approach to licensing was to first establish a set of so-called General Design Criteria for Nuclear Power Plants (USNRC, 2010) and then to judge licence applications in terms of their success in meeting these criteria. In this approach there was no explicit appeal to accident frequency, even though the underlying logic can be interpreted as such. This approach is still used in the USA and in many other countries; however, it has been augmented in many respects, especially through the introduction of speci­fications requiring detailed probabilistic analytical tools. This probabilistic approach builds on the work presented in the original report (Rasmussen et al., 1975). Figure 10.7 shows a very brief indication of the original results. Note that it estimated the risk of operation of 100 large nuclear plants to be similar in magnitude to the existing risk of fatalities caused by meteorite strikes. Other naturally occurring risks were found to be several decades larger. In spite of this highly reassuring finding, fear of nuclear energy has for more than 25 years barred the further adoption of this safe, economical, and sustainable energy source in the United States, and largely in Western Europe. There is a fundamental lesson in this experience for nations that choose nuclear energy and seek to justify that choice to their citizens (see Section 10.3.4).

The extensive background experience in setting and then meeting safety standards in operation, as described in this section, has produced a well — codified set of international standards and guides for safe operation that can be used with confidence by organizations ready to join in the worldwide nuclear energy enterprise.