An assessment performed in the previous sections indicates that the designers of advanced SMRs target to implement safety design options with the maximum use of the inherent and passive safety features (also referred to as “by design” safety features) possible for a given technology line and for a given size of the plant.

As noted in the recent IAEA publication [8.5],

An enveloping design strategy for the SMR designs… is to eliminate or de-rate as many accident initiators and/or to prevent or de-rate as many accident consequences as possible, by design, and then to deal with the remaining accidents/consequences using plausible combinations of the active and passive safety systems and consequence prevention measures. This strategy is also targeted for Generation IV energy systems and, to a certain extent it is implemented in some near-term light water reactor designs of larger capacity, such as the VVER-1000, the AP1000, and the ESBWR.

On their own, the “by design” safety features used in SMRs are in most cases not size dependent and could be applied in the reactors of larger capacity. However, SMRs offer broader possibilities to incorporate such features with a higher efficacy. As noted in [8.5], smaller reactor size contributes to a more effective implementation of the inherent and passive safety design features because of:

• “Larger surface-to-volume ratio, which facilitates easier decay heat removal, especially with a single-phase coolant.

• Reduced core power density, facilitating easy use of many passive safety features and systems.

• Lower potential hazard that generically results from lower source term owing to a lower fuel inventory, a lower non-nuclear energy stored in the reactor, and lower integral decay heat rate.”

In some cases the incorporation of passive safety features limits the reactor output, as in the HTGR case.

Otherwise, all of the presented SMR designs aim to meet the current national regulations and generally meet the international safety norms, such as formulated in the IAEA Safety Standard NS-R-1 [8.7], regarding implementation of the defence-in-depth strategy and provision of the redundant and diverse active and passive safety systems. Specifically, the IAEA report [8.5] makes a note of the approach “. applied in several water cooled, gas cooled and liquid metal cooled SMRs.” that is “.to have all safety systems passive and safety grade. In this, it is assumed that certain non safety grade active systems/components of normal reactor operation are capable of making a (auxiliary) contribution to the execution of safety functions in accidents.”

The core damage frequencies (CDFs) indicated by the designers of advanced SMRs are within the range from 10-5 to 10-8 per annum, i. e., are comparable to, or lower than the ones indicated for the state-of-the-art large capacity water cooled reactors [8.3, 8.10]. The upper boundary (10-5) mainly results from the risks associated with a non-conventional deployment (e. g., floating power plants). The indicated large early release frequencies (LERFs) are typically one order of magnitude less than the CDFs.

The available information on the safety design features of SMRs for plant protection against the impacts of natural and human induced external events is generally sparser compared to that on the internal events [8.2, 8.3, 8.4 and 8.5]. One of the reasons may be the early design stages of many of the advanced SMRs.

Where indicated, seismic design of the considered SMRs meets the recommendations of the IAEA Safety Guide [8.8]. The indicated magnitudes of safe shutdown earthquake vary significantly even among the designs belonging to the same technology lines. The values are between 0.2 g and 0.7 g PGA (3.5-4.4 on the Japanese JMA scale). These values generally match or surpass the values incorporated in the designs of currently deployed large water cooled reactors [8.3]. However, one should keep in mind that the seismic design of SMRs might be re-analysed following the Fukushima Dai-ichi accident.

All of the analysed SMRs incorporate containments and in many cases these are double containments. Some of the designs in the PWR, HTGR, sodium cooled and lead-bismuth cooled technology lines assume underground or half-embedded underground location of the reactor buildings, which are all measures that would protect the plants against an aircraft crash. However, the design basis aircraft crash is quantified for only a few designs, including the Russian marine derivative reactors. On a number of occasions aircraft crash is said to be excluded from the design consideration to be dealt with by purely administrative measures.

Few details are available on external events other than the earthquake and aircraft crash. For the plants embedded underground no explanation is provided on how such embedment would affect plant vulnerability to natural floods.

Russian floating NPPs take into account a number of the external events peculiar to their on — water location. None of the land-based designs indicate an allowance for the effects of climate change, despite the IAEA guidance on this [8.9].

The IAEA publication [8.3] suggests that “…external events should be considered at the early stages of the reactor design. If external event considerations are added at later stages, they may lead to major modifications or even unacceptable safety levels.” For the considered designs only in a few cases the designers clearly indicate that both, internal and external events have been considered when determining the CDFs and the LERFs (Russian marine derivative reactors, CAREM, IRIS, VK-300 and AHWR).

Regarding the combinations of internal and external events, the data provided for a limited number of SMRs in reference [8.3] indicates such combinations are included in the design basis of the CAREM, the VBER-300 and the IRIS.

According to reference [8.3], “.the contribution of external events to plant risk estimates is seen to be higher (in percentage) for evolutionary and innovative reactors since the internal event risks have been substantially reduced through better system design, avoidance of identified accident sequences, etc.”. The presented data for the Russian KLT-40S, where the CDF for internal events at the beginning of operation is 10-7, while the overall CDF is 10-5, may serve as an illustration of this statement, see Table A2.1(a) in Appendix 2.

A certain synergy in coping with the internal and the external events is provided by broad incorporation of the inherent and passive safety features in the advanced SMR designs. According to reference [8.3], the NPP features contributing to protection against both, internal and external events, could be:

• “Capability to limit reactor power through inherent neutronic characteristics in the event of any failure of normal shutdown systems, and/or provision of a passive shutdown system not requiring any trip signal, power source, or operator action to effect a shutdown of the reactor if the safety critical plant parameters tend to exceed the design limits.

• Availability of a sufficiently large heat sink within the containment to indefinitely (or for a long grace period) remove core heat corresponding to the above-mentioned event.

• Availability of very reliable passive heat transfer mechanisms for the transfer of core heat to this heat sink…”

Many of the advanced SMR designs presented in this report incorporate the safety design features matching the provisions of the previous paragraphs.