In addition to the inherent (self-protection) features of the reactor, the GT-MHR plant incorporates safety systems based on the following principles:

(1) Simplicity of both system operation algorithm and design;

(2) Usage of natural processes for safety system operation under accident conditions;

(3) Redundancy, physical separation and independence of system channels;

(4) Stability in the case of internal and external impacts and malfunctions caused by accident conditions;

(5) Continuous or periodical diagnosis of system conditions;

(6) Conservative approach used in design, applied to the list of initiating events, to accident scenarios, and for the selection of definitive parameters and design margins.

All safety systems are designed with two channels. Regulatory safety requirements are met through compliance with both deterministic and probabilistic criteria, and are secured by exclusion of active elements in a channel or by applying the required redundancy of such active elements inside a channel, as well as via the use of the normal operation systems to prevent design basis accidents.

Passive safety systems

A summary of passive systems in the GT-MHR is given below, in line with the classification suggested by IAEA-TECDOC-626 [VII-2].

Category A systems

Category A passive systems [VII-2], which are certain static structures with no moveable mechanical parts, liquids or energy sources are as follows:

— Fuel particles with multilayer coatings;

— Annular graphite reactor core and reflector;

— Reactor vessel system and power conversion unit (PCU) vessel;

— Leaktight primary circuit;

— The containment.

Certain attributes of the Category A passive systems could also be classified as inherent or ‘by-design’ safety features. Their role in the overall safety design of the GT-MHR is highlighted at the beginning of this section.

Category B systems

Category B passive systems [VII-2], which incorporate natural convection driven liquids but no actuation devices and no moving mechanical parts or energy sources, are represented by the reactor cavity cooling system (RCCS), see Fig. VII-1.

If it is impossible to use systems that remove heat through the PCU and the shutdown cooling system (SCS), emergency heat removal is carried out by the RCCS. The RCCS includes two independent passive cooling channels of similar efficiency. Each RCCS channel consists of a water circuit with a surface cooler and a water tank, a heat tube circuit with evaporating sections arranged in the tank, an air circuit formed by special air ducts with condensation sections in heat tubes, and exhaust tubes. Heat from the reactor core is removed from the reactor vessel to the RCCS surface cooler, the heat tubes and then to atmospheric air due to natural processes of heat conduction, radiation and convection. Circulation of water and air in RCCS channels is driven by natural convection.

The RCCS functions continuously during normal operation and in accidents, i. e., it is continuously available, ruling out the need for operator or control system actions when switching over from normal operation mode to emergency heat removal. Passive RCCS removes residual heat released during a LOCA. In such a case, reactor core cooling does not require compensation of coolant loss.

The RCCS is a normal operation system, which also shoulders the functions of a safety system. It is a safety grade system.