At the moment, there is no consensus definition of a passive safety system.

In IAEA-TECDOC-626 [3], four different categories of passive safety features have been proposed, as described below.

Category A passive safety features are those which do not require external signal inputs of ‘intelligence’, or external power sources or forces, and have neither any moving mechanical parts nor any moving working fluid. Examples of safety features included in this category are:

• Physical barriers against the release of fission products, such as nuclear fuel cladding and pressure boundary components and systems;

• Hardened building structures for the protection of a plant against external event impacts;

• Core cooling systems relying only on heat radiation and/or convection and conduction from nuclear fuel to outer structural parts with the reactor in hot shutdown;

• Static components of safety related passive systems (e. g., tubes, pressurizers, accumulators, surge tanks), as well as structural parts (e. g., supports, restraints, anchors, shields).

Category B passive safety features are those which do not require external signal inputs of ‘intelligence’, or external power sources or forces, and have no moving mechanical parts. They do, however, have moving working fluid. Examples of safety features included in this category are:

• Reactor shutdown/emergency cooling systems based on injection of borated water produced by the disturbance of a hydrostatic equilibrium between the pressure boundary and an external water reservoir;

• Reactor emergency cooling systems based on air or water natural circulation in heat exchangers immersed in water reservoirs (inside containment) to which the decay heat is directly transferred;

• Containment cooling systems based on natural circulation of air flowing around the containment walls, with intake and exhaust through a stack or through tubes covering the inner walls of silos of underground reactors;

• Fluidic gates between process systems, such as ‘surge lines’ of PWRs.

Category C passive safety features are those which do not require external signal inputs of ‘intelligence’, or external power sources or forces. They do, however, have moving mechanical parts whether or not moving working fluids are present. Examples of safety features included in this category are:

• Emergency injection systems consisting of accumulators or storage tanks and discharge lines equipped with check valves;

• Overpressure protection and/or emergency cooling devices of pressure boundary systems based on fluid release through relief valves;

• Filtered venting systems of containments activated by rupture disks;

• Mechanical actuators, such as check valves and spring loaded relief valves, as well as some trip mechanisms (e. g., temperature, pressure and level actuators).

Category D passive safety features, referred to as ‘passive execution /active initiation’ type features, are those passive features where the execution of the safety function is made through passive methods as described in the previous categories except that internal intelligence is not available to initiate the process. In these cases an external signal is required to trigger the passive process. Since some desirable characteristics usually associated with passive systems (such as freedom from external sources of power, instrumentation and control and from required human actuation) are still to be ensured, additional criteria such as the following are generally imposed on the initiation process:

• Energy must only be obtained from stored sources such as batteries or compressed or elevated fluids, excluding continuously generated power such as normal AC power from continuously rotating or reciprocating machinery;

• Active components in passive systems are limited to controls, instrumentation and valves, but valves used to initiate safety system operation must be single action, relying on stored energy, and manual initiation is excluded.