This report presents a description of design features used to achieve defence in depth in eleven concepts of small and medium sized reactors (SMRs), representing different reactor lines. The descriptions are structured to follow the definitions and recommendations of IAEA safety standard Safety of Nuclear Power Plants: Design [7], with some references made to other IAEA safety standards and publications, such as [8, 12, 13].

The selected SMRs represent different reactor lines, intended for different applications, and targeting different deployment timeframes. The reactor lines considered are pressurized water reactors — the KLT-40S, the IRIS, the CAREM-25, the SCOR, and the MARS — targeted for cogeneration or electricity production; pressurized boiling light water cooled heavy water moderated reactors — the AHWR — targeted for electricity generation with potable water production; a high temperature gas cooled reactors — the GT-MHR — targeted for electricity generation and advanced non-electrical applications, including complex cogeneration with bottoming cycles; sodium cooled and lead cooled fast reactors — the 4S-LMR and the SSTAR and the STAR — LM — targeted for electricity production or cogeneration; and a non-conventional very high temperature design — the CHTR — targeted for hydrogen production and other advanced non-electrical applications. Design descriptions, design status, targeted deployment dates, and applications of the SMRs considered in this report are presented in more detail in Refs [2, 3, 4].

One of the reactors, the KLT-40S, to be used for a floating NPP, is under construction with deployment of the plant scheduled for 2010. The IRIS, the CAREM-25, and the AHWR are likely to be commercialized by 2012-2015. The SCOR, the MARS, and the 4S-LMR have the potential to be deployed as first of a kind or prototype plants by 2015. The GT-MHR, the SSTAR, the STAR-LM, and the CHTR are targeted for deployment by 2020—2025; they are still at pre-conceptual design stages.

An enveloping design approach for the SMR designs considered in this report is to eliminate as many accident initiators and/or to prevent as many accident consequences as possible through design, and to deal with the remaining accidents/consequences using plausible combinations of active and passive safety systems and consequence prevention measures. This approach is also targeted for Generation IV energy systems and, to a certain extent it is implemented in some near term light water reactor designs of larger capacity, such as the VVER-1000, the AP1000, and the ESBWR [4].

General features of SMRs that, in view of their designers, contribute to a particular effectiveness of the implementation of inherent and passive safety design features in smaller reactors are:

• Larger surface to volume ratio, which facilitates easier decay heat removal, especially with a single phase coolant;

• An option to achieve compact primary coolant system design, e. g. integral pool type primary coolant system, which could contribute to the effective suppression of certain initiating events;

• Reduced core power density, facilitating easy use of many passive features and systems;

• Lower potential hazard that generically results from lower source term owing to lower fuel inventory, lower non-nuclear energy stored in the reactor, and lower integral decay heat rate.

For pressurized water reactors, there are three distinct design approaches, including: designs with integral primary circuit, with the reactor vessel accommodating steam generators and internal control rod drives, as well as elimination of large diameter piping, and minimizing of reactor vessel penetrations; compact modular loop — type designs with reduced piping length, an integral reactor cooling system accommodating all main and auxiliary systems within a leaktight pressure boundary, and leak restriction devices; and a design which has the primary pressure boundary enclosed in an enveloping shell with low enthalpy slowly moving water.

All pressurized water small and medium sized reactors incorporate design features to prevent loss of coolant (LOCA) accidents or reduce their scope. In addition to this, the pressurized water SMRs also incorporate features for the prevention of certain reactivity initiated accidents (integral designs of the primary circuit with in-vessel location of the control rod drives), for the smooth and slow character of transients owing to internal or ‘soft’[21] pressurization and a relatively large water inventory, and for the de-rating of events with steam generator tube rupture. Whether or not these features are unique to SMRs is an open question. For example, conceptual design studies performed for PWRs with the integral design of the primary circuit accommodating both steam generators and control rod drives, point to an option to realize such features in reactors of up to 1000 MW(e) capacity. However, such proposals are still at an early conceptual design stage [16]. Regarding compact modular loop-type designs, based on the experience of marine propulsion reactors, their maximum possible unit size (known from completed design studies) is around 400 MW(e) [2]. There are no known large capacity reactor proposals for a design which has the primary pressure boundary enclosed in an enveloping shell with slowly moving water of low enthalpy.

Advanced pressurized boiling light water cooled heavy water moderated reactors are represented by one design (the AHWR), with its principal feature being heat removal by natural circulation in all modes. Main circulation pumps are excluded, thus loss of flow accidents are prevented by design. Maximum unit size within which such a technical solution can be maintained has not been examined.

For high temperature gas cooled reactors (HTGRs), the concept considered (GT-MHR) corresponds to one of two known fuel design options — that with pin-in-block TRISO based fuel. HTGR concepts incorporating an alternative fuel design — pebble bed TRISO fuel — were not considered in the present report. Independent of fuel design, all HTGRs incorporate design provisions to reduce hazards in accident scenarios that are potentially severe in reactors of other types, including loss of coolant (LOCA), loss of flow (LOFA), and reactivity initiated accidents. These provisions are based on the proven fission product confinement capability of TRISO fuel at high temperatures and high fuel burnups, which also enables long term passive decay heat removal, even from a voided reactor core, via natural processes of conduction, radiation, and convection. For the known materials of reactor vessels and known HTGR core designs, passive decay heat removal is possible only when reactor unit power is below ~600 MW(th). Direct gas turbine cycle HTGRs also do not have steam generators and steam turbine power circuits, which could otherwise lead to initiating events.

For fast reactor lines, the sodium cooled 4S-LMR and the lead cooled SSTAR and STAR-LM concepts have been considered. Both designs incorporate optimum sets of reactivity feedbacks and other inherent safety features, provided by design, to effectively reduce the scope and hazard of certain accidents and combinations of accidents that are potentially severe in reactors of other types. This is specifically the case for transient overpower events.

In the 4S-LMR, corresponding features include a negative whole-core void reactivity effect, contributing to defence in depth Level 3, and the absence of control rods in the core, with power being controlled via a feedwater flow rate in the power circuit. Burnup reactivity compensation is then performed with an active system based on a very slow upward movement of pre-programmed radial reflectors, with no feedback control. Should a reflector get stuck, the reactor would operate safely for a certain time and then get ‘passively shut down’[22] by the increasing negative reactivity. At the same time, the drop of axial reflectors is a standard reactor shutdown feature. Altogether, the features mentioned above are unique to small size reactors.

For the lead cooled SSTAR and STAR-LM, the inherent safety features contributing to the prevention of possible accidents or to a reduction of their scope are generally typical of the lead cooled reactor line. They include the very high boiling point of lead; a pool type design with a free surface of lead to allow removal of gas bubbles from primary coolant before they enter the core; location of the guard vessel and reactor in the concrete shaft; optimum sets of reactivity effects, and; high heat capacity and small overall reactivity margin in the reactor core. Although some designers see it as capacity independent, the ‘passive shutdown’ option for larger sized lead cooled reactors needs to be further examined and proven. It should be noted that some designers mention the unit size of the lead and lead-bismuth cooled reactors is limited because of seismic considerations. According to studies performed in Japan, size cannot exceed ~750 MW(e), which is slightly above the SMR range boundary of 700 MW(e); see Annex XV in reference [2].

Finally, the CHTR, a non-conventional design lead-bismuth cooled very high temperature reactor, designed to operate with 233U-Th based TRISO fuel, merges the technologies and inherent safety features of the lead cooled and HTGR type reactors, and also incorporates other features intended to prevent failures through increased temperature margins, to eliminate loss of flow accidents via natural circulation, to incorporate reliable heat pipe based systems for heat removal, and to reduce the scope and hazard of transient overpower accidents by limiting the reactivity margin in the core. The application of all these features is supported by the relatively small core power density typical of a TRISO type fuel. Although the CHTR is a very small reactor with 100 kW(e), similar technologies are planned for use in future reactors of larger capacity (up to 600 MW(th)).

The information on passive and active safety systems incorporated in the designs of the SMRs considered in this report indicates there is no single strategy; a variety of approaches are being applied in different SMRs even when they belong to the same reactor line. It is important to note that broad incorporation of inherent and passive safety features pursued by SMR designers to prevent certain accidents and accident consequences or reduce their scope and hazard is in several cases conditioned or facilitated by smaller reactor capacity and size. However, the design solutions used for active and passive safety systems are, in general, not capacity dependent. With smaller reactor capacity, it is possible to facilitate the application of passive safety features and systems, specifically, those based on the natural convection of a single phase coolant, or those incorporating mechanisms of heat transfer by conduction and radiation.

Selection of reasonable combinations of active and passive safety systems is based on specific design considerations, validation and testing experience, regulatory practice, plant economy and plant lifetime considerations, provisions for in-service inspection and other aspects, and may vary from case to case.

It should be noted that all SMRs addressed in the present report incorporate redundant passive systems or passive mechanisms of decay heat removal. Regarding reactor shutdown systems, a variety of approaches is proposed ranging from standard active mechanical control rods to gravity or spring force driven absorber insertion actuated upon de-energization or coolant flow disruption, to passively operated safety injections, to a ‘passive shutdown’ mechanism based on the inherent safety features of a reactor design, and to a mechanism of fuel carry over from the core in the case of a cladding failure (intended to prevent recriticality in fast sodium cooled reactors). Depressurization and isolation systems, where applicable, often use direct action devices, e. g., check valves, to become actuated. An approach that needs to be mentioned, as it is applied in several water cooled, gas cooled and liquid metal cooled SMRs, is to have all safety systems passive and safety grade. In this, it is assumed that certain non-safety-grade active systems/components of normal reactor operation are capable of making an (auxiliary) contribution to the execution of safety functions in accidents.

All SMRs considered in the present report incorporate a containment — in many cases a double containment — or a containment and a protective shell or enclosure. Compact containment design and plant embedment below ground level are commonly mentioned as factors contributing to enhanced protection against an aircraft crash.

The designers of SMRs mention that features of their reactors such as the capability to survive design basis accidents and combinations thereof relying only on inherent and passive safety features, with no operator or emergency team interventions, and without external supplies of energy and working media, could also contribute to plant protection against a variety of natural and human induced external events.

Altogether, passive safety systems are broadly applied in the SMR designs considered. At the same time, there are potential concerns related to passive safety systems, derived from a small amount of experience with reactor design using such systems. In particular, these concerns are the following:

• Reliability of passive safety systems may not be understood as well as that of active safety systems;

• There may be a potential for undesired interaction between active and passive safety systems;

• It may be more difficult to ‘turn off’ an activated passive safety system, if so desired, after it has been passively actuated;

• Implications of the incorporation of passive safety features and systems into advanced reactor designs to achieve targeted safety goals needs to be proven, and the supporting regulatory requirements need to be worked out and put in place.

To address these and other issues related to the performance assessment of passive safety systems, the IAEA recommended coordinating a research project called “Development of Methodologies for the Assessment of Passive Safety System Performance in Advanced Reactors” in 2008-2011. The objective is to determine a common analysis and test method for reliability assessment of passive safety system performance.

For all SMRs considered in this report, designers expect that prototype or first of a kind plants with their respective SMRs would be licensed according to currently emplaced regulatory norms and practices in Member States. Further advancement of regulatory norms could facilitate design improvements in the next generation of plants.

Further revisions of the IAEA safety standards toward a technology neutral approach[23] could be of value to facilitate design development and safety qualification of non-water-cooled SMRs, such as the GT-MHR, the 4S — LMR, the SSTAR and STAR-LM, and the CHTR.

The designers of most of the SMRs considered in the present report foresee that safety design features contributing to defence in depth Levels 1-4 [7] could be sufficient to meet the objective of the defence in depth Level 5 “Mitigation of radiological consequences of significant release of radioactive materials”, i. e., that emergency planning measures outside the plant boundary might be reduced or even not needed at all. The design features of the SMRs indicated to make a contribution directly to Level 5 of defence in depth are lower fuel inventory, lower non-nuclear energy stored in the reactor, and lower integral decay heat rate of a smaller reactor as compared to a large capacity one.

As a desired or possible feature, reduced off-site emergency planning is mentioned in the Technology Goals of the Generation IV International Forum [15], in the user requirements of the IAEA’s International Project on Innovative Reactors and Nuclear Fuel Cycles (INPRO) [14], and in the recommendations of the International Nuclear Safety Advisory Group (INSAG-12) [11], with the caution that full elimination of off-site emergency planning may be difficult to achieve or with the recommendation that Level 5 of defence in depth still needs to be kept, notwithstanding its possibly decreased role. Achieving the goal of reduced off-site emergency planning would require both development of a methodology to prove that such reduction is possible in the specific case of a plant design, and adjustment of existing regulations. A risk informed approach to reactor qualification and licensing could facilitate licensing with reduced off-site emergency planning for smaller reactors, once it gets established.[24] Within the deterministic safety approach it might be very difficult to justify reduced emergency planning in view of a prescribed consideration of a postulated severe accident with radioactivity release to the environment owing to a common cause failure. Probabilistic safety assessment (PSA), as a supplement to the deterministic approach, might help justify very low core damage frequency (CDF) or large early release frequency (LERF), but it does not address the consequences and, therefore, does not provide for assessment of the source terms. A risk-informed approach that introduces quantitative safety goals, based on the probability-consequences curve could help solve the dilemma by providing a quantitative measure for the consequences of severe accidents and by applying a rational technical and non-prescriptive basis to define a severe accident. An example of such an approach is in the recently published IAEA-TECDOC-1570 Proposal of a Technology-Neutral Safety Approach for New Reactor Designs [13]. When this report was prepared, such an approach had yet not been established as an IAEA safety standard.

The report provides a review of the positive and negative effects of the incorporation of inherent and passive safety design features of the addressed SMRs in areas other than safety, based on inputs provided by SMR designers in Annexes I-X. Positive developments include:

• Simplicity of plant design, resulting from a reduction of the number of systems and components, and simplicity of plant operation and maintenance, resulting from a reduced number of systems and components requiring maintenance — both factors contribute to a reduction in plant costs;

• For many designs reduced plant costs, resulting from a compact primary circuit design and a compact containment design;

• Simplicity of plant operation and maintenance,[25] resulting from increased reactor self-control in accidents and a higher margin to fuel failure, has the potential to result in reduced requirements to operating personnel and reduced necessary plant staffing. Should this be accepted by regulators, it might contribute to reduced operating costs and facilitate deployments in countries with limited infrastructure;

• For nearly all designs, the potential to benefit from cost reduction resulting from reduced or eliminated off­site emergency planning; this still needs to be proven and accepted by regulators;

• Owing to increased reactor self-control in accidents and higher margin to fuel failure, less concern regarding human actions of a malevolent character and, potentially, a cost reduction owing to ‘inherent security’ of the plant.

On the other side, for all designs considered, the implementation of inherent and passive safety design features results in an increase in specific plant capital costs due to lower core power density or a larger required size of the reactor vessel to accommodate certain components of the primary circuit, etc. Elimination or reduction of liquid boron system (in PWR type reactors) or operation without on-site refuelling provided for in the sodium cooled and lead cooled SMRs results in certain deterioration of burnup cycle characteristics. Taller and broader reactor vessels or piping, necessary to enhance natural convection based heat removal, are also factors contributing to plant cost increase.

Designers expect that the above mentioned negative implications of passive safety design options could be counteracted by an enhanced option to build twin or multi unit plants at the same site (see Fig. 1 in Section 1.1.1), by enhanced pre-fabrication and, in some cases, by higher energy conversion efficiency, as well as by the positive implications highlighted earlier.

REFERENCES

[1] INTERNATIONAL ATOMIC ENERGY AGENCY, Innovative Small and Medium Sized Reactors: Design Features, Safety Approaches and R&D Trends, IAEA-TECDOC-1451, IAEA, Vienna (2005).

[2] INTERNATIONAL ATOMIC ENERGY AGENCY, Status of Innovative Small and Medium Sized Reactor Designs 2005: Reactors with Conventional Refuelling Schemes, IAEA-TECDOC-1485, IAEA, Vienna (2006).

[3] INTERNATIONAL ATOMIC ENERGY AGENCY, Status of Small Reactor Designs Without On-site Refuelling, IAEA-TECDOC-1536, IAEA, Vienna (2007).

[4] INTERNATIONAL ATOMIC ENERGY AGENCY, Status of Advanced Light Water Reactor Designs 2004, IAEA-TECDOC-1391, IAEA, Vienna (2004).

[5] INTERNATIONAL ATOMIC ENERGY AGENCY, Terms for Describing New, Advanced Nuclear Power Plants, IAEA-TECDOC-936, IAEA, Vienna (1997).

[6] INTERNATIONAL ATOMIC ENERGY AGENCY, Advanced Nuclear Power Plant Design Options to Cope with External Events, IAEA-TECDOC-1487, IAEA, Vienna (2006).

[7] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of the Nuclear Power Plants: Design IAEA Safety Standards Series No. NS-R-1, IAEA, Vienna (2000).

[8] INTERNATIONAL ATOMIC ENERGY AGENCY, Evaluation of Seismic Hazard for Nuclear Power Plants, IAEA Safety Standards Series No. NS-G-3.3, IAEA, Vienna (2002).

[9] INTERNATIONAL ATOMIC ENERGY AGENCY, External Events Excluding Earthquakes in the Design of Nuclear Power Plants, IAEA Safety Standards Series No. NS-G-1.5, IAEA, Vienna (2004).

[10] INTERNATIONAL NUCLEAR SAFETY ADVISORY GROUP, Defence in Depth in Nuclear Safety, INSAG-10, IAEA, Vienna (1996).

[11] INTERNATIONAL NUCLEAR SAFETY ADVISORY GROUP, Basic Safety Principles for Nuclear Power Plants: 75-INSAG-3 Rev. 1, INSAG-12, IAEA, Vienna (1999).

[12] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Related Terms for Advanced Nuclear Plants, IAEA-TECDOC-626, IAEA, Vienna (1991).

[13] INTERNATIONAL ATOMIC ENERGY AGENCY, Proposal for a Technology-Neutral Safety Approach for New Reactor Designs, IAEA-TECDOC-1570, IAEA, Vienna (2007).

[14] INTERNATIONAL ATOMIC ENERGY AGENCY, Methodology for the Assessment of Innovative Nuclear Reactors and Fuel Cycles — Report of Phase 1B (First Part) of the International Project on Innovative Reactors and Fuel Cycles (INPRO), IAEA-TECDOC-1434, IAEA, Vienna (2004).

[15] UNITED STATES DEPARTMENT OF ENERGY, A technology roadmap for Generation IV Nuclear Energy Systems, Nuclear Energy Research Advisory Committee, Washington, DC (2002).

[16] GAUTIER, G. M., CHENAUD, M. S., TOURNIAIRE, B. “SCOR 1000: An economic and innovative conceptual design PWR”, paper 7417, Proc. ICAPP’07, Nice, France, 13-8 May 2007.

[17] SHOUYIN HU, RUIPIAN WANG, ZUYING GAO, “Safety demonstration tests on HTR-10”, paper H06, Proc. 2nd Int. Topical Mtg. on High Temperature Reactor Technology, Beijing, China, 22-24 September 2004.

[18] INTERNATIONAL ATOMIC ENERGY AGENCY, Fast Reactor Database: 2006 Update, IAEA-TECDOC-1531, IAEA, Vienna (2006).

[19] INTERNATIONAL ATOMIC ENERGY AGENCY, Natural Circulation in Water Cooled Nuclear Power Plants. Phenomena, Models and Methodology for System Reliability Assessments, IAEA-TECDOC-1474, IAEA, Vienna (2005).

[20] AMERICAN SOCIETY OF MECHANICAL ENGINEERS, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, ASME, New York (2002).

[21] INTERNATIONAL ATOMIC ENERGY AGENCY, Development and Application of Level-1 PSA for Nuclear Power Plants, (2007).

[22] MARQUES, M., et al., Methodology for the reliability evaluation of a passive system and its integration into a Probabilistic Safety Assessment, Nucl. Eng. Des. 235 (2005) 2612-2631.

[23] NAYAK, A. K., et al., “Reliability analysis of a boiling two-phase natural circulation system using the APSRA methodology”, paper 7074, Proc. of ICAPP’07, Nice, France, 13-18 May 2007.

[24] DELANEY, M. J., APOSTOLAKIS, G. E., DRISCOLL, M. J., Risk-informed design guidance for future reactor systems, Nucl. Eng. Des. 235 (2005) 1537-1556.

[25] BURGAZZI, L., State of the Art in Reliability of Thermal-Hydraulic Passive Systems, Reliab. Eng. Sys. Saf. 92 (2007) 671-675.

[26] CAHALAN J., et al., "Performance of metal and oxide fuels during accidents in a large liquid metal cooled reactor”, Fast Reactor Safety (Proc. Top. Mtg. Snowbird, UT, 1990), American Nuclear Society (1990).

[27] ROYL P., et al., "Influence of metal and oxide fuel behavior on the ULOF accident in 3500 MWth heterogeneous LMR cores and comparison with other large cores", ibid.

[28] ROYL P. et al., "Performance of metal and oxide fuel cores during accidents in large liquid metal cooled reactor", Nucl. Technol. 97 (1992) 198-211.

Appendix I