At the moment, the IAEA safety standards do not provide a complete set of definitions necessary for the description of safety features of NPPs with innovative reactors. In view of this, some missing definitions related to passive safety features could be taken from IAEA-TECDOC-626 [3]:

Inherent safety characteristic: Safety achieved by elimination of a specified hazard by means of the choice of material and design concept.

Passive component: A component which does not need any external input to operate.

Passive system: Either a system which is composed entirely of passive components and structures or a system which uses active components in a very limited way to initiate subsequent passive operation.

Grace period: The grace period is the period of time during which a safety function is ensured without the necessity of personnel action in the event of an incident/accident.

Recommendations from the International Nuclear Safety Advisory Group (INSAG)

Although IAEA safety standard NS-R-1 [2] provides a consensus definition of defence in depth levels, the definitions suggested in INSAG-10 [4] may better suit for NPPs with innovative reactors. For future reactors, Ref. [3] envisages the following trends for different levels of defence in depth:

Level 1, for the prevention of abnormal operation and failures is to be extended by considering in the basic design a larger set of operating conditions based on general operating experience and the results of safety studies. The aims would be to reduce the expected frequencies of initiating failures and to deal with all operating conditions, including full power, low power and all relevant shutdown conditions.

— Level 2, for the control of abnormal operation and the detection of failures, is to be reinforced (for example by more systematic use of limitation systems, independent from control systems), with feedback of operating experience, an improved human-machine interface and extended diagnostic systems. This covers instrumentation and control capabilities over the necessary ranges and the use of digital technology of proven reliability.

— Level 3, for the control of accidents within the design basis, is to consider a larger set of incident and accident conditions including, as appropriate, some conditions initiated by multiple failures, for which best estimate assumptions and data are used. Probabilistic studies and other analytical means will contribute to the definition of the incidents and accidents to be dealt with; special care needs to be given to reducing the likelihood of containment bypass sequences.

— Level 4, for the prevention of accident progression, is to consider systematically the wide range of preventive strategies for accident management and to include means to control accidents resulting in severe core damage. This will include suitable devices to protect the containment function such as the capability of the containment building to withstand hydrogen deflagration, or improved protection of the basemat for the prevention of meltthrough.

— Level 5, for the mitigation of the radiological consequences of significant releases, could be reduced, owing to improvements at previous levels, and especially owing to reductions in source terms. Although less called upon, Level 5 is nonetheless to be maintained.”