Background and experience

As already mentioned, broad incorporation of inherent and passive safety design features has become a ‘trademark’ of many advanced reactor designs, including several evolutionary designs and the majority of innovative SMR designs [1, 2, 3, 4, 5]. In addition to various possible combinations of inherent and passive safety features (sometimes referred to as by design safety approaches [2]), all SMRs addressed in this report incorporate passive safety systems. Passive safety systems may include moving liquids or expanding solid structures, direct action devices, or stored energy sources. As suggested in IAEA-TECDOC-626 [6], those may be classified as passive systems of categories B, C, and D, accordingly, see Appendix 1. Passive safety systems require validation and testing to demonstrate and prove their reliable operation and quantify their reliability and, if necessary, adjust their design accordingly.

While individual processes may be well understood, combinations of these processes, which determine the actual performance of passive safety systems, may vary depending on changes in conditions of state, boundary conditions, and failure or malfunctioning of other components within the system, the circuit or the plant. Passive safety systems of category A, or inherent safety features, incorporate no moving liquids or moving solid structures, direct action devices, or stored energy sources. There is a consensus that such systems have a strong advantage [2, 3, 6]. Therefore, the issue of process performance reliability is most important for passive safety systems of categories B, C, and D [6].

There are certain accomplishments regarding the testing, construction, licensing or validation of passive systems of categories B, C, or D [6], such as the more recent WWER-1000 reactors and the KLT-40S of the Russian Federation, or the AP600, the AP1000, and the ESBWR of the USA [4, 7]. Experiment based deterministic approaches to the validation of passive systems including separate-effect tests and integral tests of reactor models with subsequent qualification of analysis models and computer codes have been established and accepted by regulators in some countries, in line with the conventional safety requirements also applied to active safety systems. The indicated deterministic approaches are generally successful with regulators when the basic technology involved is evolutionary, e. g., that of water cooled reactors, and backed by years of validation and testing, as well as reactor operation experience, and when passive systems are reasonably conventional in their design. When the technology is innovative or a passive safety system has a distinctly non-conventional set of features, the application of established deterministic approaches may require a multi-year resource consuming effort to accomplish validation, testing and demonstration of the reliable operation of such a system, prior to licensing approval of the corresponding advanced NPP.

The regulations in Argentina, China, Japan, Germany, India, France, the Russian Federation, and the USA already incorporate provisions for accepting the results of probabilistic safety assessments (PSA) on a complementary basis. In order to ensure that the PSA used in the risk informed decision making (RIDM) process is of acceptable technical quality, efforts are being made in different countries to provide PSA standards that define inherent technical features of a PSA acceptable for a regulatory body. An example is the ASME probabilistic risk assessment (PRA) standard [8], recently endorsed by the United States Nuclear Regulatory Commission (US NRC). In line with worldwide trends, the IAEA is developing a series of publications for the safety standards series on PSA and RIDM. One of the latter, named the Safety Guide on Development and Application of Level-1 PSA for NPPs [9], planned to be published in 2008, would provide recommendations on the technical content of PSA studies to reliably support various PSA applications.

The general trend towards a more risk informed approach (e. g., see Refs [10, 11]) is pursued with a focus on what is really important from the safety perspective, in order to achieve a design that is more favourable from the cost-benefit perspective. A methodology for reliability assessment of passive safety systems would enable quantification of the reliability to treat both active and passive safety systems within a common PSA approach. Several such methodologies are under development in Europe, India, and the USA [12-14]. What is important from the perspective of overall risk assessment is that these methodologies take into account uncertainties associated with unforeseen physical phenomena that may affect the operation of passive safety systems, worsening their reliability. All of the methodologies are at a preliminary stage of development and no consensus on a common approach had been established among their proponents at the time this report was being prepared. Two of these methodologies are described in brief below.