The information provided in Tables A.2.1-A2.6 of Appendix 2 indicates that passive safety systems are the preferred choice of the designers of many advanced SMRs. In a number of designs belonging to the technology lines of PWRs, advanced heavy water reactors, HTGRs, and sodium cooled and lead-bismuth cooled fast reactors the preferred strategy is to have all of the redundant and diverse safety systems passive and safety grade, while keeping the necessary normal operation active systems non-safety grade. In this, it is assumed that normal operation systems would on many occasions retain their performance in accidents and could, therefore, be used as a backup for dedicated safety systems. However, there is no unique strategy even within each selected technology line, and many designers still prefer to use plausible combinations of redundant and diverse active and passive systems. The latter choice might be facilitated by the considerations of plant economy as many active systems are well developed and require less materials and reactor building space to be implemented. The rule of thumb here is to have each of the independent safety systems, no matter whether active or passive, capable of a 100% performance of the required system function.

On their own, the passive safety systems implemented in advanced SMRs are not size specific and can be realised in the designs of large capacity as well.

It should be mentioned that since mid-1990s there are growing concerns about the reliability of passive safety systems implemented in advanced reactor designs. Appendix 1 of reference [8.5] lists the following reasons for these concerns:

• “Reliability of passive safety systems may not be understood so well as that of active safety systems.

• There may be a potential for undesired interaction of active and passive safety systems.

• It may be more difficult to “turn off’ an activated passive safety system, if so desired, after it has been passively actuated.”

Several methodologies targeted at quantification of the reliability of a passive safety system performance are being developed worldwide, with the two distinct approaches represented by the European Union’s RMPS [8.12] and the Indian APSRA [8.13]. A brief summary of these approaches is provided in the appendix I of reference [8.5]. In addition to this, since 2009 the IAEA has been conducting a coordinated research project to develop a common analysis-and-test based method for the assessment of passive safety system performance in advanced reactors [8.14].

Currently, all of the above mentioned methodologies are at a preliminary development stage and in none of the cases has a nuclear regulatory assessment being made. However, all of the methodologies are being effectively used for the optimisation of passive safety system design and the preliminary results show that passive safety systems could be made equally reliable or even more reliable compared to the active ones.

Notwithstanding what was said above, there are examples of successful licensing of NPP projects with the reactors incorporating passive safety systems (the AP1000 in the United States and China; the KLT-40S in the Russian Federation, the VVER-1000 in the Russian Federation, China, India, and Iran). The validation of passive systems for all of these designs followed a well established approach including performance of the separate effect tests, development and validation of the codes, and performance of the integral tests [8.15].