The overall approach to safety in IRIS may be represented by the following three-tier approach:

1. The first tier is the safety-by-design™, which aims at eliminating by design the possibility for an accident to occur, rather than dealing with its consequences. By eliminating some accidents, the corresponding safety systems (passive or active) become unnecessary as well.

2. The second tier is provided by simplified passive safety systems, which protect against the still remaining accidents and mitigate their consequences.

3. The third tier is provided by active systems, which are not required to perform safety functions (i. e. are not safety grade) and are not considered in deterministic safety analyses, but do contribute to reducing the core damage frequency (CDF).

XIII — 3.1. First tier

The first tier is embodied in the IRIS ‘safety-by-design’™. Nuclear power plants consider a range of hypothetical accident scenarios. The IRIS ‘safety-by-design’™ philosophy is a systematic approach that aims—by design—at eliminating altogether the possibility for an accident to occur, i. e. to eliminate accident initiators, rather than having to design and implement systems to deal with the consequences of the accident. It should be noted that the integral configuration is inherently more amenable to this approach than a loop-type configuration, thus enabling safety improvements not possible in a loop reactor. To give only the most obvious example, loss of coolant accidents caused by a large break of external primary piping (LBLOCA) are eliminated by design since no large external piping exists in IRIS. Additionally, in cases where it is not possible or practical to completely eliminate potential initiators of an accident, safety-by-design™ aims at reducing the severity of the accident’s consequences and the probability of its occurrence. As a result of this systematic approach, the eight Class IV design basis events (potentially leading to most severe accidents) that are usually considered in LWRs, are reduced to only one in IRIS, with the remaining seven either completely eliminated by design, or their consequences (as well as probability) reduced to a degree that they are no longer considered Class IV events.

The second tier consists of the passive safety systems needed to cope with the still-remaining potential accidents. Notably, the elimination of the possibility for some accidents to occur enables simplifications of IRIS design and passive safety systems, resulting simultaneously in enhanced safety, reliability, as well as economics. In other words, the increased safety and improved economics support each other in the IRIS design.