zeng - addressing challenges in application of the design ... documents/tm 4 - 8 september... ·...
TRANSCRIPT
Canadian Nuclear
Safety Commission
Commission canadienne
de sûreté nucléaire
Addressing Challenges in the Application of the Design Safety
Requirements for Nuclear Power Plants to Small and Medium Sized
Reactors in Pre-Licensing Vendor Design Reviews in Canada
IAEA Technical Meeting on Challenges in the Application of the Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Vienna, Austria
September 4–8, 2017
Yi Zeng, PhD, P.Eng.
Canadian Nuclear Safety Commission
e-Doc 5282935
nuclearsafety.gc.ca
Outline
• Introduction
‒ Canadian Nuclear Safety Commission (CNSC) and CNSC licensing framework
‒ vendor design review (VDR)
• Examples of challenges in VDR of small modular reactors (SMRs)
• Canadian regulatory approach to addressing the challenges
‒ overall Canadian approach
‒ defence in depth (DiD)
‒ graded approach
• Conclusions
e-Doc 5282935 2IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Introduction – Canadian Nuclear Safety Commission
• Established May 2000, under the Nuclear Safety and Control Act
• Replaced the Atomic Energy Control Board, which was established in 1946 under the Atomic Energy Control Act
• Regulates all civilian nuclear-related facilities and activities in Canada
e-Doc 5282935 3IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Introduction – Regulatory Framework
e-Doc 5282935 4IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Introduction – Licensing Steps
Canadian licensing steps
1. Site preparation under licence to prepare site
2. Construction under licence to construct
3. Operation under licence to operate
4. Decommissioning under licence to decommission
5. Release from licensing under licence to abandon
The licensing process is independent of reactor technology or size, and applies to SMRs (CNSC REGDOC-3.5.1 gives an overview of the licensing process for Class I nuclear facilities)
e-Doc 5282935 5IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Introduction – Vendor Design Review (1)
• No design certification in Canada
• Pre-licensing VDR is a high-level review of design to evaluate if there are fundamental barriers to licensing in Canada
• Outcomes help the vendor to have discussions with potential customers and the regulator on the path forward
• VDR is optional and not part of licensing
e-Doc 5282935 6IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Introduction – Vendor Design Review (2)
• 3 phases of VDR
Objective: To identify potential barriers to licensing in Canada
– Phase 1: assess if the vendor understands CNSC regulatory requirements and intends to comply with them
– Phase 2: assess the design in some details with a focus on identifying potential fundamental barriers to the licensing of the design in Canada
– Phase 3: assess any follow-up issues raised in Phase 2
• VDR is divided into 19 topics
• Review criteria are based on existing regulatory requirements
e-Doc 5282935 7IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Current SMR Vendor Design Reviews by CNSC
e-Doc 5282935
VDR
No.
Country of
originCompany Reactor type / output per unit Status
1Canada /
U.S.
Terrestrial Energy
Incorporation (TEI)Molten salt integral / 200 MWe
Phase 1 in progress – pending
completion September 2017
2U.S. / Korea /
China
UltraSafe Nuclear/Global
First Power (USNC)
High-temperature gas prismatic
block / 5 MWePhase 1 in progress
3 Canada LeadCold NuclearMolten lead pool fast spectrum /
3–10 MWePhase 1 in progress
4 U.S. Advanced reactor conceptsLiquid sodium pool fast spectrum
/100 MWe
Phase 1 pending start fall
2017
5 U.K. U-BatteryHigh-temperature gas prismatic
block / 4 MWe
Phase 1 pending start fall
2017
6 U.K. Moltex Energy Molten salt / ~1000 MWe Phase 1 pending start fall
2017
7Canada /
U.S.StarCore Nuclear
High-temperature gas prismatic
block / 10 MWe
Service agreement under
development
8IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Existing Canadian Safety Design Requirements
• CNSC regulatory document REGDOC-2.5.2, Design of Reactor Facilities: Nuclear Power Plants
• CNSC regulatory document RD-367, Design of Small Reactor Facilities
• The existing safety design requirements in REGDOC-2.5.2 and RD-367 originate from CANDU power reactors, as well as IAEA-NS-R-1
• All the SMR reactor designs being reviewed by the CNSC are quite different from traditional CANDU or PWR reactor designs, with new and novel safety features
e-Doc 5282935 9IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Example 1: Shutdown Requirements
Selected existing shutdown requirements in REGDOC-2.5.2• Shutdown system is a safety system
• Two shutdown means: SDS1 and SDS2 for CANDU
• Reliability: failure on demand from all causes < 1.0E-3 for each system
• Diversity: rod system (SDS1) and poison injection (SDS2) for CANDU
• Independence: two shutdown systems fully independent from each other and from process systems for CANDU
• Separation: physical separation between two shutdown systems
• Single failure criterion
• Fail-safe design
• These requirements originated from CANDU design
e-Doc 5282935 10IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Example 1: Shutdown Requirements for SMRs
• For many new SMR designs, the vendor claims that an automatic shutdown system is not required to prevent fuel failure because of inherent and new safety features
• As a result, no safety-grade shutdown system is provided (but considered as a process system)
• Given that the vendor claims an automatic shutdown system not required to prevent fuel failure, it may not be reasonable to impose the existing shutdown design requirements
e-Doc 5282935 11IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Example 2: Emergency Core Cooling Requirements
Selected existing emergency core cooling (ECC) requirements in REGDOC-2.5.2:
• ECC system is a safety system
• Reliability: failure on demand from all causes < 1.0E-3
• Independence: ECC system independent from other safety systems and process systems
• Separation: sufficient physical separation between ECC redundant divisions, and other safety systems or support systems redundant divisions
• Single-failure criterion
• Fail-safe design
• These requirements originated from CANDU design
e-Doc 5282935 12IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
• For some SMR designs, the vendor claims that nuclear residual heat from the reactor unit can be removed passively (by thermal conduction, thermal radiation and natural convection) during normal operation, anticipated operational occurrences, design-basis accidents and beyond-design-basis accidents
• As a result, the vendor claims that no emergency core cooling system (ECCS) in the traditional water-cooled reactor sense is required to ensure nuclear safety of the plant
• Given that the vendor claims an ECCS is not required to prevent fuel failure, it may not be reasonable to impose the existing ECC design requirements
e-Doc 5282935
Example 2: Emergency Core Cooling Requirements for SMRs
13IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Canadian Regulatory Approach to Address the Challenges
The overall Canadian regulatory approach is safety objective-based and allows enough flexibility to address new types of reactors
• Maintain high-level safety objectives
‒ radiation protection objective
‒ technical safety objectives
‒ environmental protection objective
• Maintain fundamental safety principles
‒ DiD and ALARA in particular
• Allow flexibility at lower-level safety design requirements for new types of reactors
e-Doc 5282935 14IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Technological Evolution vs. Regulatory Approach
e-Doc 5282935
Safety objective-basedwith few prescriptive
requirements. Limited operating experience
(OPEX), generous safetymargins
Adapted as OPEX grew –more regulatory
certainty, but more prescriptive
Limited OPEX to support safety claims or operating models
Return to safetyobjective-based?
15IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
REGDOC-2.5.2 Statement
Since REGDOC-2.5.2 is primarily for water-cooled reactors, it contains the following statement:
It is recognized that specific technologies may use alternative approaches. If a design other than a water-cooled reactor is to be considered for licensing in Canada, the design is subject to the safety objectives, high-level safety concepts and safety management requirements associated with this regulatory document. However, the CNSC’s review of such a design will be undertaken on a case-by-case basis.
–REGDOC-2.5.2, section 2
e-Doc 5282935 16IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
CNSC Advanced Modular Reactor Steering Committee
• The CNSC has established an Advanced Modular Reactor Steering Committee
(AMRSC) recently to provide leadership to set the foundation for the regulation of
advanced modular reactors
• The mandate of the AMRSC is to:
– make high-level decisions on the regulatory position for AMRs
– provide guidance and support to senior management with respect to resource requirements
– identify issues that require Executive Committee or Commission approval or attention
– monitor progress against planned activities and track other performance measures
– refer issues to the New Build Technical Sub-Committee
– become aware of and remove obstacles to progress
e-Doc 5282935 17IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
CNSC New Build Technical Sub-Committee
• The focus of the New Build Technical Sub-Committee (NBTSC) has been on the interpretation of clauses from REGDOC-2.5.2, Design of Reactor
Facilities: Nuclear Power Plants
- to ensure that objectives behind requirements continue to be articulated
- to enhance clarity and provide processes on how to assess alternatives proposed by applicants
• NBTSC process is based on recognition of the need for flexibility in developing robust technical interpretations
• Working groups are formed under NBTSC as needed to work on specific issues
e-Doc 5282935 18IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Demonstration of New Safety Features (1)
• A prerequisite to allow flexibility is to have sufficient technical evidence to support new safety features (“proven-ness”)
• All SMR designs claim to be a step-change improvement in safety performance
‒ either evolutionary changes based on proven technologies already in use or
‒ concepts based on past development activities
• Some new safety features may still require proof of concept
• Uncertainties presented by passive and inherent safety features must be understood and taken into consideration
e-Doc 5282935 19IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Demonstration of New Safety Features (2)
• CNSC staff expect claims to be well supported
‒ in some areas, R&D or other confirmatory work has not yet been started by vendors
‒ past experience related to unproven safety features
‒ need to decide what is sufficient technical evidence to support safety claims (e.g., computer simulations may not be enough)
e-Doc 5282935 20IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Defence in Depth (1)
Level Objective Essential means
Level 1 Prevention of abnormal operation and failures Conservative design and high quality in
construction and operation
Level 2 Control of abnormal operation and detection of
failures
Control, limiting, and protection systems and other
surveillance features
Level 3 Control of accidents within the design basis Engineered safety features and accident procedures
Level 4 Control of severe plant conditions, including
prevention of accident progression and mitigation of
the consequences of severe accidents
Complementary measures and accident
management
Level 5 Mitigation of radiological consequences of
significant releases of radioactive materials
Offsite emergency response
e-Doc 5282935 21IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Defence in Depth (2)
• DiD principle shall be maintained regardless of the design
• For existing power reactors, a lot of emphasis is on accident mitigation (Level 3 DiD, as well as Level 4 and Level 5 DiD, particularly after Fukushima accident)
• For new SMR designs, a lot of emphasis is on accident prevention (Level 1 DiD), and less on accident mitigation (Level 3 and Level 4 DiD)
• A question is whether we should accept that provisions for Level 3 and Level 4 DiD can be reduced in the presence of “inherently safe” design features as well as new safety features normally associated with Level 1 DiD
• For new SMR designs, there is an increased use of single feature to address multiple DiD objectives
• If we believe that Level 3 and 4 DiD can be reduced, but still should be provided for SMRs, what the requirements should be? We need to decide case by case
e-Doc 5282935 22IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Graded Approach (1)
e-Doc 5282935
§3. The purpose of the Nuclear Safety and Control Act (NSCA) is to provide for(a) the limitation, to a reasonable level and in a manner that is consistent with Canada’s international obligations, of the risks to national security, the health and safety of persons and the environment that are associated with the development, production and use of nuclear energy and the production, possession and use of nuclear substances, prescribed equipment and prescribed information…
Legal basis for use of a graded
approach in regulation
23IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Graded Approach (2)
• The purpose of the graded approach is to enhance regulatory efficiency without compromising overall safety; i.e., graded approach does not represent a reduction in overall safety
• When a graded approach is applied, factors to be considered include
‒ reactor power, reactor safety characteristics, fuel design, source term
‒ amount and enrichment of fissile and fissionable material
‒ presence of high-energy sources, and other radioactive and hazardous sources
‒ uncertainties associated with current level of knowledge
‒ site characteristics (e.g., external hazards)
e-Doc 5282935 24IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Graded Approach (3)
• The regulator‒ applies technical requirements in a risk-informed manner to ensure that
fundamental safety objectives are met
‒ carries out technical assessment and compliance activities for a project, based on the project’s risk, complexity and novelty
• An applicant or licensee may‒ demonstrate that specific design measures, analyses or other measures
applied to its safety case are commensurate with the level of risks posed
‒ propose that since an overarching fundamental safety requirement is met, a detailed requirement may not have to be met
‒ propose alternative methods to meeting requirements
e-Doc 5282935 25IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Examples of Graded Approach – Reactor Facilities
ZED-2 (200 Wt)
SLOWPOKEs(20 kWt)
McMaster (5 MWt) NRU (~135 MWt)
SMRs/Advanced Reactors
(~1 MWt – ~1000 MWt)
Nuclear powerplants
(1500+ MWt)
Control (shutdown means)
shutoff rods moderator dump (single-trip system actuating both rods and dump)
one control rodno automatic shutdown system, (manual Cd capsule inject.)
reactor shutdown system (five control rods, single trip system)
reactor shutdown system (18 control rods)(two trip systems, actuating magnetically coupled control rods)
different solutions being proposed for each type of design
inherent and passive characteristics being introduced
program to establish proven-ness reviewed during prelicensing and licensing and safety margins expected to address uncertainties
shutdown system 1 (rods), shutdown system 2(poison injection)
Cool(decay heat removal)
no heat exchanger (no significant decay heat as reactor maximum power is 200 W)
heat exchanger heat exchanger
eight heat exchangersemergency core cooling system
steam generators and feedwatersystem moderatoremergency core cooling
Containreactor tank/sump reactor vessel
in-poolcontainment system
confinement system with active emergency filtration
containment systemvacuum building
e-Doc 5282935 26IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Fundamental Principles for Assessment of Applications That Use
a Graded Approach
Any assessment of a safety case for a proposed activity is carried out in view of the following
• DiD is demonstrated
• Fundamental safety functions of control, cool, contain have been met
• Appropriate safety margins have been established in view of the specific hazards over the lifecycle of the facility
• Regulatory requirements have been met
e-Doc 5282935 27IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Conclusions
• The overall Canadian regulatory approach to address the challenges is safety objective-based and allows enough flexibility to address new types of reactors
• maintain high-level safety objectives
• maintain fundamental safety principles
• allow flexibility at lower level safety design requirements for new types of reactors
• Demonstration of new safety credits claimed by vendors is a prerequisite to allow flexibility
• Need to develop criteria for assessment of passive systems and their reliability
• Defence in depth shall be maintained regardless of designs, and more guidance is needed for its implementation for small modular reactors
• Graded approach is an effective method, and more detailed guidance would be helpful for applying graded approach to small modular reactors
• Some new design requirements and guidance are needed to supplement what currently exists
e-Doc 5282935 28IAEA Technical Meeting on Challenges in the Application of the
Design Safety Requirements for Nuclear Power Plants to Small and Medium Sized Reactors
Like us on Facebook Subscribe to updates
Visit us online View us on YouTube
Contact usFollow us on Twitter
Thank You !