zeng - addressing challenges in application of the design ... documents/tm 4 - 8 september... ·...

Canadian Nuclear

Safety Commission

Commission canadienne

de sûreté nucléaire

Addressing Challenges in the Application of the Design Safety

Requirements for Nuclear Power Plants to Small and Medium Sized

Reactors in Pre-Licensing Vendor Design Reviews in Canada

IAEA Technical Meeting on Challenges in the Application of the Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors

Vienna, Austria

September 4–8, 2017

Yi Zeng, PhD, P.Eng.

Canadian Nuclear Safety Commission

e-Doc 5282935

nuclearsafety.gc.ca

Outline

• Introduction

‒ Canadian Nuclear Safety Commission (CNSC) and CNSC licensing framework

‒ vendor design review (VDR)

• Examples of challenges in VDR of small modular reactors (SMRs)

• Canadian regulatory approach to addressing the challenges

‒ overall Canadian approach

‒ defence in depth (DiD)

‒ graded approach

• Conclusions

e-Doc 5282935 2IAEA Technical Meeting on Challenges in the Application of the

Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors

Introduction – Canadian Nuclear Safety Commission

• Established May 2000, under the Nuclear Safety and Control Act

• Replaced the Atomic Energy Control Board, which was established in 1946 under the Atomic Energy Control Act

• Regulates all civilian nuclear-related facilities and activities in Canada



Introduction – Regulatory Framework



Introduction – Licensing Steps

Canadian licensing steps

1. Site preparation under licence to prepare site

2. Construction under licence to construct

3. Operation under licence to operate

4. Decommissioning under licence to decommission

5. Release from licensing under licence to abandon

The licensing process is independent of reactor technology or size, and applies to SMRs (CNSC REGDOC-3.5.1 gives an overview of the licensing process for Class I nuclear facilities)



Introduction – Vendor Design Review (1)

• No design certification in Canada

• Pre-licensing VDR is a high-level review of design to evaluate if there are fundamental barriers to licensing in Canada

• Outcomes help the vendor to have discussions with potential customers and the regulator on the path forward

• VDR is optional and not part of licensing



Introduction – Vendor Design Review (2)

• 3 phases of VDR

Objective: To identify potential barriers to licensing in Canada

– Phase 1: assess if the vendor understands CNSC regulatory requirements and intends to comply with them

– Phase 2: assess the design in some details with a focus on identifying potential fundamental barriers to the licensing of the design in Canada

– Phase 3: assess any follow-up issues raised in Phase 2

• VDR is divided into 19 topics

• Review criteria are based on existing regulatory requirements



Current SMR Vendor Design Reviews by CNSC

e-Doc 5282935

VDR

No.

Country of

originCompany Reactor type / output per unit Status

1Canada /

U.S.

Terrestrial Energy

Incorporation (TEI)Molten salt integral / 200 MWe

Phase 1 in progress – pending

completion September 2017

2U.S. / Korea /

China

UltraSafe Nuclear/Global

First Power (USNC)

High-temperature gas prismatic

block / 5 MWePhase 1 in progress

3 Canada LeadCold NuclearMolten lead pool fast spectrum /

3–10 MWePhase 1 in progress

4 U.S. Advanced reactor conceptsLiquid sodium pool fast spectrum

/100 MWe

Phase 1 pending start fall

2017

5 U.K. U-BatteryHigh-temperature gas prismatic

block / 4 MWe

Phase 1 pending start fall

2017

6 U.K. Moltex Energy Molten salt / ~1000 MWe Phase 1 pending start fall

2017

7Canada /

U.S.StarCore Nuclear

High-temperature gas prismatic

block / 10 MWe

Service agreement under

development

8IAEA Technical Meeting on Challenges in the Application of the


Existing Canadian Safety Design Requirements

• CNSC regulatory document REGDOC-2.5.2, Design of Reactor Facilities: Nuclear Power Plants

• CNSC regulatory document RD-367, Design of Small Reactor Facilities

• The existing safety design requirements in REGDOC-2.5.2 and RD-367 originate from CANDU power reactors, as well as IAEA-NS-R-1

• All the SMR reactor designs being reviewed by the CNSC are quite different from traditional CANDU or PWR reactor designs, with new and novel safety features



Example 1: Shutdown Requirements

Selected existing shutdown requirements in REGDOC-2.5.2• Shutdown system is a safety system

• Two shutdown means: SDS1 and SDS2 for CANDU

• Reliability: failure on demand from all causes < 1.0E-3 for each system

• Diversity: rod system (SDS1) and poison injection (SDS2) for CANDU

• Independence: two shutdown systems fully independent from each other and from process systems for CANDU

• Separation: physical separation between two shutdown systems

• Single failure criterion

• Fail-safe design

• These requirements originated from CANDU design



Example 1: Shutdown Requirements for SMRs

• For many new SMR designs, the vendor claims that an automatic shutdown system is not required to prevent fuel failure because of inherent and new safety features

• As a result, no safety-grade shutdown system is provided (but considered as a process system)

• Given that the vendor claims an automatic shutdown system not required to prevent fuel failure, it may not be reasonable to impose the existing shutdown design requirements



Example 2: Emergency Core Cooling Requirements

Selected existing emergency core cooling (ECC) requirements in REGDOC-2.5.2:

• ECC system is a safety system

• Reliability: failure on demand from all causes < 1.0E-3

• Independence: ECC system independent from other safety systems and process systems

• Separation: sufficient physical separation between ECC redundant divisions, and other safety systems or support systems redundant divisions

• Single-failure criterion

• Fail-safe design

• These requirements originated from CANDU design



• For some SMR designs, the vendor claims that nuclear residual heat from the reactor unit can be removed passively (by thermal conduction, thermal radiation and natural convection) during normal operation, anticipated operational occurrences, design-basis accidents and beyond-design-basis accidents

• As a result, the vendor claims that no emergency core cooling system (ECCS) in the traditional water-cooled reactor sense is required to ensure nuclear safety of the plant

• Given that the vendor claims an ECCS is not required to prevent fuel failure, it may not be reasonable to impose the existing ECC design requirements

e-Doc 5282935

Example 2: Emergency Core Cooling Requirements for SMRs



Canadian Regulatory Approach to Address the Challenges

The overall Canadian regulatory approach is safety objective-based and allows enough flexibility to address new types of reactors

• Maintain high-level safety objectives

‒ radiation protection objective

‒ technical safety objectives

‒ environmental protection objective

• Maintain fundamental safety principles

‒ DiD and ALARA in particular

• Allow flexibility at lower-level safety design requirements for new types of reactors



Technological Evolution vs. Regulatory Approach

e-Doc 5282935

Safety objective-basedwith few prescriptive

requirements. Limited operating experience

(OPEX), generous safetymargins

Adapted as OPEX grew –more regulatory

certainty, but more prescriptive

Limited OPEX to support safety claims or operating models

Return to safetyobjective-based?



REGDOC-2.5.2 Statement

Since REGDOC-2.5.2 is primarily for water-cooled reactors, it contains the following statement:

It is recognized that specific technologies may use alternative approaches. If a design other than a water-cooled reactor is to be considered for licensing in Canada, the design is subject to the safety objectives, high-level safety concepts and safety management requirements associated with this regulatory document. However, the CNSC’s review of such a design will be undertaken on a case-by-case basis.

–REGDOC-2.5.2, section 2



CNSC Advanced Modular Reactor Steering Committee

• The CNSC has established an Advanced Modular Reactor Steering Committee

(AMRSC) recently to provide leadership to set the foundation for the regulation of

advanced modular reactors

• The mandate of the AMRSC is to:

– make high-level decisions on the regulatory position for AMRs

– provide guidance and support to senior management with respect to resource requirements

– identify issues that require Executive Committee or Commission approval or attention

– monitor progress against planned activities and track other performance measures

– refer issues to the New Build Technical Sub-Committee

– become aware of and remove obstacles to progress



CNSC New Build Technical Sub-Committee

• The focus of the New Build Technical Sub-Committee (NBTSC) has been on the interpretation of clauses from REGDOC-2.5.2, Design of Reactor

Facilities: Nuclear Power Plants

- to ensure that objectives behind requirements continue to be articulated

- to enhance clarity and provide processes on how to assess alternatives proposed by applicants

• NBTSC process is based on recognition of the need for flexibility in developing robust technical interpretations

• Working groups are formed under NBTSC as needed to work on specific issues



Demonstration of New Safety Features (1)

• A prerequisite to allow flexibility is to have sufficient technical evidence to support new safety features (“proven-ness”)

• All SMR designs claim to be a step-change improvement in safety performance

‒ either evolutionary changes based on proven technologies already in use or

‒ concepts based on past development activities

• Some new safety features may still require proof of concept

• Uncertainties presented by passive and inherent safety features must be understood and taken into consideration



Demonstration of New Safety Features (2)

• CNSC staff expect claims to be well supported

‒ in some areas, R&D or other confirmatory work has not yet been started by vendors

‒ past experience related to unproven safety features

‒ need to decide what is sufficient technical evidence to support safety claims (e.g., computer simulations may not be enough)



Defence in Depth (1)

Level Objective Essential means

Level 1 Prevention of abnormal operation and failures Conservative design and high quality in

construction and operation

Level 2 Control of abnormal operation and detection of

failures

Control, limiting, and protection systems and other

surveillance features

Level 3 Control of accidents within the design basis Engineered safety features and accident procedures

Level 4 Control of severe plant conditions, including

prevention of accident progression and mitigation of

the consequences of severe accidents

Complementary measures and accident

management

Level 5 Mitigation of radiological consequences of

significant releases of radioactive materials

Offsite emergency response



Defence in Depth (2)

• DiD principle shall be maintained regardless of the design

• For existing power reactors, a lot of emphasis is on accident mitigation (Level 3 DiD, as well as Level 4 and Level 5 DiD, particularly after Fukushima accident)

• For new SMR designs, a lot of emphasis is on accident prevention (Level 1 DiD), and less on accident mitigation (Level 3 and Level 4 DiD)

• A question is whether we should accept that provisions for Level 3 and Level 4 DiD can be reduced in the presence of “inherently safe” design features as well as new safety features normally associated with Level 1 DiD

• For new SMR designs, there is an increased use of single feature to address multiple DiD objectives

• If we believe that Level 3 and 4 DiD can be reduced, but still should be provided for SMRs, what the requirements should be? We need to decide case by case



Graded Approach (1)

e-Doc 5282935

§3. The purpose of the Nuclear Safety and Control Act (NSCA) is to provide for(a) the limitation, to a reasonable level and in a manner that is consistent with Canada’s international obligations, of the risks to national security, the health and safety of persons and the environment that are associated with the development, production and use of nuclear energy and the production, possession and use of nuclear substances, prescribed equipment and prescribed information…

Legal basis for use of a graded

approach in regulation



Graded Approach (2)

• The purpose of the graded approach is to enhance regulatory efficiency without compromising overall safety; i.e., graded approach does not represent a reduction in overall safety

• When a graded approach is applied, factors to be considered include

‒ reactor power, reactor safety characteristics, fuel design, source term

‒ amount and enrichment of fissile and fissionable material

‒ presence of high-energy sources, and other radioactive and hazardous sources

‒ uncertainties associated with current level of knowledge

‒ site characteristics (e.g., external hazards)



Graded Approach (3)

• The regulator‒ applies technical requirements in a risk-informed manner to ensure that

fundamental safety objectives are met

‒ carries out technical assessment and compliance activities for a project, based on the project’s risk, complexity and novelty

• An applicant or licensee may‒ demonstrate that specific design measures, analyses or other measures

applied to its safety case are commensurate with the level of risks posed

‒ propose that since an overarching fundamental safety requirement is met, a detailed requirement may not have to be met

‒ propose alternative methods to meeting requirements



Examples of Graded Approach – Reactor Facilities

ZED-2 (200 Wt)

SLOWPOKEs(20 kWt)

McMaster (5 MWt) NRU (~135 MWt)

SMRs/Advanced Reactors

(~1 MWt – ~1000 MWt)

Nuclear powerplants

(1500+ MWt)

Control (shutdown means)

shutoff rods moderator dump (single-trip system actuating both rods and dump)

one control rodno automatic shutdown system, (manual Cd capsule inject.)

reactor shutdown system (five control rods, single trip system)

reactor shutdown system (18 control rods)(two trip systems, actuating magnetically coupled control rods)

different solutions being proposed for each type of design

inherent and passive characteristics being introduced

program to establish proven-ness reviewed during prelicensing and licensing and safety margins expected to address uncertainties

shutdown system 1 (rods), shutdown system 2(poison injection)

Cool(decay heat removal)

no heat exchanger (no significant decay heat as reactor maximum power is 200 W)

heat exchanger heat exchanger

eight heat exchangersemergency core cooling system

steam generators and feedwatersystem moderatoremergency core cooling

Containreactor tank/sump reactor vessel

in-poolcontainment system

confinement system with active emergency filtration

containment systemvacuum building



Fundamental Principles for Assessment of Applications That Use

a Graded Approach

Any assessment of a safety case for a proposed activity is carried out in view of the following

• DiD is demonstrated

• Fundamental safety functions of control, cool, contain have been met

• Appropriate safety margins have been established in view of the specific hazards over the lifecycle of the facility

• Regulatory requirements have been met



Conclusions

• The overall Canadian regulatory approach to address the challenges is safety objective-based and allows enough flexibility to address new types of reactors

• maintain high-level safety objectives

• maintain fundamental safety principles

• allow flexibility at lower level safety design requirements for new types of reactors

• Demonstration of new safety credits claimed by vendors is a prerequisite to allow flexibility

• Need to develop criteria for assessment of passive systems and their reliability

• Defence in depth shall be maintained regardless of designs, and more guidance is needed for its implementation for small modular reactors

• Graded approach is an effective method, and more detailed guidance would be helpful for applying graded approach to small modular reactors

• Some new design requirements and guidance are needed to supplement what currently exists



Like us on Facebook Subscribe to updates

Visit us online View us on YouTube

Contact usFollow us on Twitter

Thank You !

zeng - addressing challenges in application of the design ... documents/tm 4 - 8 september... ·...

Documents