Text

Working Draft Secy Paper on Informing Content of Non-LWR Applications
	ML18270A334
Person / Time
Issue date:	09/28/2018
From:	William Reckley; NRC/NRO/DSRA/ARPB
To:	;
	Reckley W, NRO/DSRA/ARPB, 415-7490
Shared Package
ML18270A167	List: ML18270A334; ML18271A164; ML18271A172;
References
	Download: ML18270A334 (28)
	v • d • e

DRAFT DRAFT Contributing activities within the NRCs implementation action plan for improving its regulatory readiness for non-light water reactor (non-LWR) designs includes developing guidance for a flexible non-LWR regulatory review process (Strategy 3).

The staff is preparing a draft Commission paper and regulatory guide related to the content of non-LWR applications for licenses, certifications, and approvals. This working draft white paper has been prepared and is being released to support ongoing public discussions on the draft papers. This working draft paper has not been subject to NRC management and legal reviews and approvals, and its contents should not be interpreted as official agency positions. Following the public discussions, the staff plans to continue working on this paper as well as other activities defined in the agencys vision and strategies document. This white paper and related interactions with stakeholders will be considered in the preparation of the draft regulatory guide and future interactions with the Advisory Committee on Reactor Safeguards (tentatively scheduled for October 30, 2018).

SUBJECT:

TECHNOLOGY-INCLUSIVE, RISK-INFORMED, AND PERFORMANCE-BASED APPROACH TO INFORM THE CONTENT OF APPLICATIONS FOR LICENSES, CERTIFICATIONS, AND APPROVALS FOR NON-LIGHT-WATER REACTORS PURPOSE:

The purpose of this paper is to seek Commission approval of the U.S. Nuclear Regulatory Commission (NRC) staffs recommendation to adopt a technology-inclusive, risk-informed, and performance-based methodology for informing the licensing basis and content of applications for licenses, certifications, and approvals for non-light-water-reactors (non-LWRs). This paper does not address any new commitments or resource implications.

BACKGROUND:

The NRC staff has developed proposed guidance on using key aspects of the reactor design process to inform the content of applications for licenses, certifications, and approvals for non-LWRs. The staffs guidance proposes to endorse industry guidance submitted by the Nuclear Energy Institure (NEI) in NEI 18-04, Risk-Informed Performance-Based Guidance for Non-Light Water Reactor Licensing Basis Development (Agencywide Documents Access and Management System (ADAMS) Accession No. ML18xxxAxxx). The guidance was developed as part of the Licensing Modernization Project (LMP), which was led by nuclear utilities and cost-shared by the Department of Energy (DOE). The guidance focuses on the selection of licensing basis events; classification of structures, systems, and components (SSCs); and assessment of defense in depthwhich are important activities when designing a nuclear power plant. These same activities support identifying the appropriate scope and depth of information provided in applications for licenses, certifications, and approvals required by U.S.

Code of Federal Regulations, Title 10, Energy, Part 50, Domestic Licensing of Production and Utilization Facilities, (10 CFR 50) and Part 52, Licenses, certifications, and approvals for nuclear power plants.

DRAFT DRAFT

DRAFT DRAFT On October 14, 2008, the Commission issued its most recent policy statement on advanced nuclear power reactors, Policy Statement on the Regulation of Advanced Reactors, which included items to be considered in advanced reactor designs. The Commissions 2008 policy statement reinforced and updated the policy statements on advanced reactors previously published in 1986 and 1994. The policy statement identifies attributes that could assist in establishing the acceptability or licensability of a proposed advanced reactor design, including:

reliable and less complex shutdown heat removal systems; longer time constants before reaching safety system challenges; simplified safety systems that, where possible, reduce required operator actions; reduced potential for severe accidents; and considerations for safety and security requirements together in the design process. The policy statement goes on to state:

If specific advanced reactor designs with some or all of the previously mentioned attributes are brought to the NRC for comment and/or evaluation, the Commission can develop preliminary design safety evaluation and licensing criteria for their safety-related and security-related aspects. Incorporating the above attributes may promote more efficient and effective design reviews.

However, the listing of a particular attribute does not necessarily mean that specific licensing criteria will attach to that attribute. Designs with some or all of these attributes are also likely to be more readily understood by the general public. Indeed, the number and nature of the regulatory requirements may depend on the extent to which an individual advanced reactor design incorporates general attributes such as those listed previously.

As described in Enclosure 1, the NRC interacted with DOE and reactor developers in the late 1980s and early 1990s on the potential licensing of non-LWR designs. These activities resulted in the publication of assessments for several non-LWR designs. During the preliminary review of these designs, the staff identified issues that required policy direction from the Commission.

These were presented in SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, and PIUS) and CANDU 3 Designs and their Relationship to Current Regulatory Requirements (ADAMS Accession No. ML040210725). In the 2000s, the staff continued interactions with stakeholders on policy issues related to advanced reactors. The staff provided the Commission with recommendations in SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, dated March 28, 2003 (ADAMS Accession No. ML030160002) that are important to the methodology described in NEI 18-04 and draft regulatory guide (DG)-1353, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Approach to Inform the Content of Applications for Licenses, Certifications, and Approvals for Non-Light Water Reactors (ADAMS Accession No. MLxxxAxxx). These key licensing issues include the selection of licensing basis events (LBEs), classification of SSCs, use of probabilistic risk assessments (PRAs), and providing appropriate defense in depth in non-LWR design and programmatic controls. The Commissions SRM dated June 26, 2003 (ADAMS Accession No. ML031770124 ) for SECY-03-0047 approved the staffs recommendation to allow the use of risk-insights to identify events; classify SSCs; and replace the single-failure criterion.

The staff updated the Commission in subsequent papers on the development of a technology neutral framework. The NRC addressed advanced reactor issues, such as event categories and ensuring sufficient defense in depth, in an advanced notice of proposed rulemaking (ANPR) published on May 4, 2006 (71 FR 26267). In December 2007, the NRC staff published NUREG-1860, Feasibility Study for a Risk-Informed and Performance-Based Regulatory Structure for Future Plant Licensing (ADAMS Accession No. ML073400763), which explored DRAFT DRAFT

DRAFT DRAFT the feasibility of developing a risk-informed and performance-based regulatory structure for the licensing of future nuclear power plants. In August 2008, the NRC and DOE jointly issued to Congress the Next Generation Nuclear Plant (NGNP) Licensing Strategy Report (ADAMS Accession No. ML082290017). Although the NRC did not pursue a rulemaking as envisioned in the ANPR, the staff continued interactions with stakeholders on policy issues related to advanced reactors. These interactions centered on the NGNP project and a series of white papers intended to further define approaches for key licensing topics, including those specifically addressed in NEI 18-04 and DG-1353.

As part of the implementation action plan strategies for the NRCs ongoing non-LWR activities (ADAMS Accession Nos. ML17165A069 and ML17164A173), the staff interacted with the Licensing Modernization Project (LMP) being led by Southern Company, coordinated by NEI, and cost shared by DOE. The proposals from the LMP build from the accepted higher-level approaches described in SECY-03-0047 and the more detailed processes described in NGNP white papers. A series of interactions, including draft white papers and public meetings, led to the development of the guidance being proposed in NEI 18-04 and DG-1353. Enclosure 2 further describes the proposed approaches in NEI 18-04 and DG-1353, which consolidate several previous Commission decisions resolving policy issues for non-LWRs in a methodology for use by non-LWR developers in the design process and in preparing applications for NRC licenses, certifications, and approvals.

DISCUSSION:

The overall objective of the guidance in NEI 18-04 and DG-1353 is to describe a systematic and reproducible process for selection of licensing basis events, classification of SSCs, and assessing the adequacy of defense in depth for a non-LWR design. These three topics and the related topic of improving how risk-informed and performance-based approaches are used within the agency (e.g., the Commissions Policy Statement Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities published on August 16, 1995 (60 FR 42622)) were addressed in the Commissions SRM for SECY-03-0047, in which the Commission approved the following recommendations:

1) greater emphasis can be placed on the use of risk information by allowing the use of a probabilistic approach in the identification of events to be considered in the design, provided there is sufficient understanding of plant and fuel performance and deterministic engineering judgement is used to bound uncertainties;

2) a probabilistic approach for the safety classification of structures, systems, and components is allowed; and

3) the single-failure criterion can be replaced with a probabilistic (reliability) criterion.

Identification and Analyses of Licensing Basis Events (LBEs)

NEI 18-04 describes a systematic process for identifying and categorizing event sequences as anticipated operational occurrences (AOOs), design basis events (DBEs), or beyond-design-basis events (BDBEs). The primary determinate for categorizing events is the estimated frequency of the event sequence as shown in Figure 1, Frequency-Consequence [F-C] Target.

NEI 18-04 acknowledges that the F-C target does not correspond to actual regulatory acceptance criteria but is instead a vehicle to assess a range of events within a risk-informed structure to determine risk significance, support SSC classification, determine special treatment DRAFT DRAFT

DRAFT DRAFT requirements, identify appropriate programmatic controls, and confirm the adequacy of defense in depth (DID). Design basis accidents (DBAs) are derived from DBEs by assuming that only safety-related SSCs are available to mitigate the events. DG-1353 proposes to accept the definitions of the event categories in NEI 18-04 as well as the demarcations shown in Figure 1.

Figure 1: Frequency-Consequence Target (from NEI 18-04)

The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify events provided there is sufficient understanding of plant and fuel performance and engineering judgment is used to address uncertainties. The F-C target in Figure 1 includes a frequency of 5x10-7 per plant-year to define the lower range of beyond design basis events. This demarcation of lowest event frequencies on the F-C target and category definitions is not a hard and fast cutoff but instead is to be considered in the context of other parts of the methodology, which include appropriate consideration of uncertainties. The inclusion of a lower frequency range for licensing basis events, when combined with other considerations and engineering judgement, is an inherent part of a risk-informed approach and is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify events.

The assessments described in NEI 18-04 focus on safety functions and the identification of SSCs needed to fulfill those functions. The F-C targets support defining needed SSC capabilities and reliabilities to support the design process and to inform the content of applications. A key consideration is the uncertainties related to event sequences, plant DRAFT DRAFT

DRAFT DRAFT behavior, assumed reliability of SSCs, and other aspects of the estimation of event frequencies and consequences. The analyses of event sequences are an input into the subsequent processes described in NEI 18-04 for the safety classification of SSCs and assessment of DID.

DG-1353 documents the staffs proposed finding that assessing event sequences (including reliability and availability of SSCs and combinations of SSCs) over a wide range of frequencies, including BDBEs, and establishing risk and safety function reliability measures for both safety-related and selected non-safety-related SSCs, obviates the need to use the single failure criterion applied to the deterministic evaluations for LWRs. The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to replace the single-failure criterion with a probabilistic (reliability) criterion.

Safety Classification and Performance Criteria for SSCs The second major component of the methodology described in NEI 18-04 involves assessing the risk significance of SSCs, and determining special treatments if needed to ensure SSC performance of safety functions in the prevention and mitigation of LBEs. The safety classification of SSCs and determination of performance criteria are directly related to and performed in an iterative process along with the identification and assessment of LBEs and the assessment of DID. Consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow a probabilistic approach for the safety classification of SSCs, NEI 18-04 describes the evaluations of LBEs, DID, and classification of safety functions to be used in designing and categorizing specific SSCs for non-LWRs.

A major objective of the process described in NEI 18-04 is to establish a systematic approach to assessing and determining appropriate relationships between the needed capabilities and reliabilities for SSCs and the role of those SSCs in mitigating and preventing LBEs. The safety classification of SSCs is made in the context of how the SSCs perform specific safety functions for each LBE in which they play a role to prevent or mitigate the event. The reliability of the SSC serves to prevent the occurrence of the LBE by lowering its frequency of occurrence. The safety classification process and the corresponding special treatments serve to control the frequencies and consequences of the LBEs in relation to the F-C Target and ensure that the cumulative risk metrics are not exceeded.

Evaluation of Defense-in-Depth Adequacy NEI 18-04 describes a framework that includes probabilistic and deterministic assessment techniques to confirm adequate DID using a combination of plant capabilities and programmatic controls. Evaluations are performed based on several established approaches to DID to assess a reactor design and determine if additional measures are appropriate to address an over-reliance on specific SSCs or to address uncertainties.

The process in NEI 18-04 calls for the reactor designer to form an Integrated Decision Panel, which supports the overall design effort (including development of plant capability and programmatic DID features), conducts the DID adequacy evaluation for the design, and documents the DID baseline. The process and outcome in terms of assessments and demonstration that a reasonable level of DID has been incorporated into the design will be described in an application for a license, certification, or approval. Figure 2, Framework for Establishing DID Adequacy, is a representation of the relationships between the various parts of the methodology described in NEI 18-04 (licensing basis events, SSC safety classification, DRAFT DRAFT

DRAFT DRAFT and DID) as well as how the plant capabilities and programmatic controls are assessed using both deterministic and risk-informed techniques to ensure DID adequacy for a specific design.

Figure 2: Framework for Establishing DID Adequacy (from NEI 18-04)

The NRC has long recognized the importance of DID and considers its implementation in guidance such as RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis. However, the Commission stated in its SRM dated March 9, 2016 (ADAMS Accession No. ML16069A370) for SECY-15-0168, Recommendations on Issues Related to Implementation of a Risk Management Regulatory Framework, that a formal agencywide definition and criteria for determining the adequacy of DID should not be developed. The staff is not proposing to define DID or impose the approach described in NEI 18-04 onto any applicant not choosing to use the methodology as part the design and licensing for a non-LWR. This approach is consistent with the Commissions SRM for SECY-15-0168 while also improving the consideration of DID within the design and licensing of future non-LWR technologies.

Informing the Content of Applications The design-related activities described above can also be used by applicants to identify and provide the appropriate level of information needed to satisfy those parts of the regulatory requirements related to the content of applications for licenses, certifications, and approvals.

The analysis of AOOs, DBEs, BDBEs, and DBAs plays an important role in defining safety functions, classifying SSCs, and assessing DID. The integrated process described in NEI 18-04 and its consideration of plant capabilities and programmatic controls is well suited to inform the content of applications, including discussions of appropriate performance-based controls for some SSCs. The resources needed for NRC staff review of applications can be reduced along with the level of detail in applications describing physical systems and programs.

DRAFT DRAFT

DRAFT DRAFT RECOMMENDATION:

The staff recommends that the Commission approve the use of the technology-inclusive, risk-informed, and performance-based approach described in NEI 18-04 and DG-1353 for identifying LBEs, classifying SSCs, and assessing the adequacy of defense in depth. These key aspects of the proposed approach will also be used to inform the appropriate scope and level of detail for information to be included in applications to the NRC for licenses, certifications, and approvals for non-LWRs.

Enclosures:

1. Background

2. Technology-Inclusive, Risk-Informed, Performance-Based Approach DRAFT DRAFT

DRAFT DRAFT Enclosure 1: Background The current efforts to develop a technology-inclusive, risk-informed, performance-based (TIRIPB) approach as part of defining the licensing basis for non-light-water reactors (non-LWRs) are a continuation of activities that have been carried out over many years.

The process being proposed for non-LWRs is described in NEI 18-04, Revision 0, Risk-Informed Performance-Based Guidance for Non-Light-Water Reactor Licensing Basis Development, 1 and Draft Regulatory Guide (DG) 1353, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Approach to Inform the Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors. 2 The evolution of licensing approaches for non-LWRs leading up to NEI 18-04 and DG-1353 are summarized below.

Evolution of Approach to Licensing Non-LWRs The Nuclear Regulatory Commission (NRC) has engaged in several pre-licensing interactions and developed policies and guidance to support the potential licensing of advanced reactor facilities. The NRCs Policy Statement on the Regulation of Advanced Reactors was first issued on July 8, 1986 (51 FR 24643) with an objective to provide all interested parties, including the public, with the Commissions views concerning the desired characteristics of advanced reactor designs. The policy statement identifies attributes that should be considered in advanced designs, including highly reliable and less complex heat removal systems, longer time constants before reaching safety system challenges, reduced potential for severe accidents and their consequences, and use of the defense-in-depth philosophy of maintaining multiple barriers against radiation release. On October 14, 2008, the Commission issued its most recent revision to policy statement on advanced nuclear power reactors (73 FR 60612), which stated:

If specific advanced reactor designs with some or all of the previously mentioned attributes are brought to the NRC for comment and/or evaluation, the Commission can develop preliminary design safety evaluation and licensing criteria for their safety-related and security-related aspects. Incorporating the above attributes may promote more efficient and effective design reviews.

However, the listing of a particular attribute does not necessarily mean that specific licensing criteria will attach to that attribute. Designs with some or all of these attributes are also likely to be more readily understood by the general public. Indeed, the number and nature of the regulatory requirements may depend on the extent to which an individual advanced reactor design incorporates general attributes such as those listed previously.

Following the issuance of the advanced reactor policy statement in 1986, the NRC interacted with the Department of Energy (DOE) and reactor developers regarding the potential licensing of non-light-water reactor (non-LWR) designs. These activities resulted in the publication of assessments such as NUREG-1368, Preapplication Safety Evaluation Report for the Power Reactor Innovative Small Module (PRISM) Liquid-Metal Reactor, 3 and NUREG-1338, Draft Preapplication Safety Evaluation Report for the Modular High-Temperature Gas-Cooled Reactor. 4 The NRC staff identified a number of 1 Agencywide Documents Access and Management System (ADAMS) ML18xxxAxxx 2 ADAMS Accession No. ML18cccYddd 3 ADAMS Accession No. ML063410561 4 ADAMS Accession No. ML052780497 Enclosure 1

DRAFT DRAFT potential policy issues during the assessments of advanced reactor designs. The staff proposed approaches to resolve some of the policy issues in SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, and PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements. 5 The Commission approved the staffs proposed approaches in the Staff Requirements Memorandum (SRM) dated July 30, 1993. 6 The issues discussed in SECY-93-092 and the related SRM, as well as subsequent staff proposals and Commission decisions, are related to those being addressed in NEI 18-04 and DG 1353. In particular, the Commission approved approaches for identifying event categories based on a combination of deterministic and probabilistic insights and using mechanistic source terms based on best-estimate phenomenological models of the transport of fission products from the fuel through all holdup volumes and barriers into the environs.

The development of licensing approaches for non-LWRs continued during the 1990s. The activities supporting non-LWRs were done in parallel with and were sometimes interwoven with the NRCs efforts to improve how risk-informed and performance-based approaches are used within the agency (e.g., the Commissions Policy Statement Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities published on August 16, 1995 (60 FR 42622)). The Commission provided further clarification in the white paper Risk-Informed and Performance-Based Regulation dated March 1, 1999. 7 In SECY-02-0139, Plan for Resolving Policy Issues Related to Licensing Non-Light-Water Reactor Designs, dated July 22, 2002, 8 the staff identified seven technical issues with policy implications resulting from the preapplication activities on non-LWR designs, including the Modular High-Temperature Gas Reactor (MHGTR) and Pebble Bed Modular Reactor (PBMR).

The staff provided the Commission with recommendations to resolve the issues in SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, dated March 28, 2003. 9 The seven policy issues addressed in SECY-03-0047 were:

1) How should the Commissions expectations for enhanced safety be implemented for future non-LWRs?

2) Should specific defense-in-depth attributes be defined for non-LWRs?

3) How should NRC requirements for future non-LWR plants relate to international codes and standards?

4) To what extent should a probabilistic approach be used to establish the plant licensing basis?

5) Under what conditions, if any, should scenario-specific accident source terms be used for licensing decisions regarding containment and site suitability?

6) Under what conditions, if any, can a plant be licensed without a pressure-retaining containment building? 10

7) Under what conditions, if any, can emergency planning zones be reduced, including a reduction to the site exclusion area boundary? 11 5 ADAMS Accession No. ML040210725 6 ADAMS Accession No. ML003760774 7 ADAMS Accession No. ML003753601 8 ADAMS Accession No. ML021790610 9 ADAMS Accession No. ML030160002 10 The issue of functional containment performance criteria is described in SECY-18-0xyz, Functional Containment Performance Criteria for Non-Light-Water Reactors,dated [ ] (ADAMS Accession No. ML18xxxAyyy) and the related SRM dated [ ] (ADAMS Accession No. MLAAxxxAyyy).

11 The issue of emergency planning zones is described in SECY-18-0xyz, Proposed Rule:

Emergency Preparedness for Small Modular Reactors (SMRs) and Other New Technologies 2

DRAFT DRAFT

DRAFT DRAFT Issue 4 on establishing the plant licensing basis for non-LWRs is directly related to the topics addressed in NEI 18-04 and DG-1353. The staff made the following recommendation in SECY-03-0047 and the Commission approved it in its SRM dated June 26, 2003. 12 Issue 4: To what extent can a probabilistic approach be used to establish the licensing basis?

The staff recommends the Commission take the following actions:

Modify the Commissions guidance, as described in the SRM of July 30, 1993, to put greater emphasis on the use of risk information by allowing the use of a probabilistic approach in the identification of events to be considered in the design, provided there is sufficient understanding of plant and fuel performance and deterministic engineering judgement is used to bound uncertainties.3 4

Allow a probabilistic approach for the safety classification of structures, systems, and components.

Replace the single-failure criterion with a probabilistic (reliability) criterion.

This recommendation is consistent with a risk-informed approach. It should be noted that this recommendation expands the use of probabilistic risk assessment (PRA) into forming part of the basis for licensing and thus puts greater emphasis on PRA quality, completeness, and documentation 3 Note: The actual design basis events for any particular design would be determined at the time of the staff review of that design. The criteria that would be used to guide this determination would be technology neutral, would include guidance on how to treat uncertainties and would be determined as part of the development of a framework for future plant licensing consistent with the Commissions decisions on the issues discussed in this paper.

4 Note: The staff believes that this recommendation is consistent with the Commissions 1995 PRA policy statement and the 1999 Risk-Informed Performance-Based Regulation White Paper The staff updated the Commission in SECY-05-0006, Second Status Paper on the Staffs Proposed Regulatory Structure for New Plant Licensing and Update on Policy Issues Related to New Plant Licensing, 13 on the development of a technology neutral framework, which could be (ONTs),dated [ ] (ADAMS Accession No. ML18xxxAyyy) and the related SRM dated [ ]

(ADAMS Accession No. MLAAxxxAyyy).

12 ADAMS Accession No. ML031770124 13 ADAMS Accession No. ML043560093 3

DRAFT DRAFT

DRAFT DRAFT applied to both LWRs and non-LWRs. As a follow-up to SECY-05-006, the NRC addressed advanced reactor issues, such as event categories and ensuring sufficient defense in depth, in an advanced notice of proposed rulemaking (ANPR) published on May 4, 2006 (71 FR 26267).

In December 2007, the NRC staff published NUREG-1860, Feasibility Study for a Risk-Informed and Performance-Based Regulatory Structure for Future Plant Licensing, 14 which explored the feasibility of developing a risk-informed and performance-based regulatory structure for the licensing of future nuclear power plants. In August 2008, the NRC and DOE jointly issued to Congress the Next Generation Nuclear Plant (NGNP) Licensing Strategy Report. 15 Although the NRC did not pursue a rulemaking as envisioned in SECY-05-0006 and subsequent ANPR, the staff continued interactions with stakeholders on policy issues related to advanced reactors. These interactions centered on the NGNP project and a series of white papers intended to help resolve key licensing issues, including those specifically addressed in NEI 18-04 and DG-1353. Following interactions with DOE, Idaho National Laboratory (INL), and the Advisory Committee on Reactor Safeguards (ACRS), the NRC staff provided feedback on the white papers to DOEs Office of Nuclear Energy in a letter dated July 17, 2014. 16 The staff continued activities related to non-LWRs following the specific work related to the NGNP white papers. As part of the implementation action plan strategies 17 developed for the NRC Vision and Strategy: Safely Achieving Effective and Efficient Non-Light-Water Mission Readiness, 18 the staff interacted with the Licensing Modernization Project (LMP) being led by Southern Company, coordinated by NEI, and cost shared by DOE. The proposals from the LMP build from the accepted higher-level approaches described in SECY-03-0047 and the more detailed processes described in the NGNP white papers. A series of interactions, including draft white papers and public meetings, led to the development of the guidance being proposed in NEI 18-04 and DG-1353. Enclosure 2 further describes the proposed approaches in NEI 18-04 and DG-1353, which consolidate several previous Commission decisions resolving policy issues for non-LWRs in a methodology for use by non-LWR developers in the design process and in preparing applications for NRC licenses, certifications, and approvals.

Relationship to Approach for LWR Licensing Basis Many of the existing NRC requirements have been developed specifically for LWR technologies and related operational histories. Although NRCs efforts related to non-LWRs have been necessitated by the fact that the LWR-centric requirements do not easily transfer to other reactor technologies, comparisons and questions about differences in proposed approaches for non-LWRs are inevitable. Comparisons are further complicated because (1) key aspects of the licensing basis for LWRs remain rooted in the requirements and related analyses dating from the early development and deployment of commercial nuclear power; and (2) the licensing basis for LWRs has evolved over decades based on decisions made by the Atomic Energy Commission (AEC) and subsequently by the NRC in the context of addressing safety issues, administrative procedures, and the need to consider the costs and benefits of any proposed changes to established requirements and guidance. The NRC and many of its stakeholders have recognized from the drafting of the advanced reactor policy statement to the current day 14 ADAMS Accession No. ML073400763 15 ADAMS Accession No. ML082290017 16 ADAMS Accession No. ML14174A734. The staff provided feedback on proposals specifically developed for the NGNP project, which helped inform, but may be different than the technology-inclusive approach in NEI 18-04. The feedback to DOE in July 2014 cautioned that the views expressed on the NGNP white papers were from the staff and subject to change and to future consideration by the Commission.

17 ADAMS Accession Nos. ML17165A069 and ML17164A173 18 ADAMS Accession No. ML16356A670 4

DRAFT DRAFT

DRAFT DRAFT that developing the licensing basis for non-LWRs presents an opportunity to better integrate risk-informed and performance-based approaches for future plants.

Although presenting some technical differences and opportunities to refine licensing approaches, non-LWRs share with LWRs the same basic hazardthe generation of radioactive materialand related fundamental safety functions of retaining radionuclides, controlling heat generation, and controlling heat removal. An important part of preparing the safety case for a design and the related NRC staff review is the identification and analysis of events associated with the fundamental safety functions. For example, the safety analyses for LWRs have considered both the failure and malfunction of plant equipment (e.g., pumps, piping, and control rods) and external hazards (e.g., earthquakes and floods) that might initiate transients and compromise the traditional barriers of the zirconium-based fuel cladding, reactor coolant system, and containment structure. The failures and malfunctions of plant equipment have traditionally been described in Chapter 15 of each plants final safety analysis report (FSAR).

The larger-scale events that might affect multiple plant areas or structures are usually discussed in Chapters 2 and 3 of the FSAR, as well as in specific sections on systems, structures, and components (SSCs) and related operating programs.

In analyzing the failure or malfunction of specific plant SSCs, many operating LWRs refer to American National Standard Nuclear Safety Criteria for the Design of Stationary Pressurized Water Reactor Plants, N18.2- 1973/ANS-51.1, American National Standard Nuclear Safety Criteria for the Design of Stationary Boiling Water Reactor Plants, N212-1974 Draft/ANS-52.1, Nuclear Safety Criteria for the Design of Stationary Boiling Water Reactor Plants or a similar guidance document. These standards generally divide plant conditions into four categories, in accordance with anticipated frequency of occurrence and potential radiological consequences to the public. i The four categories in N18.2- 1973/ANS-51.1 for pressurized water reactors are as follows:

Condition I - Normal operation and operational transients Condition II - Faults of moderate frequency Condition III - Infrequent faults Condition IV - Limiting faults The basic principle applied in relating design requirements to each of the conditions is that the most probable occurrences should yield the least potential radiological consequences, and those extreme situations having the potential for greater radiological consequences shall be those least likely to occur.

Routine plant operations are generally controlled by established radiation protection practices and requirements. For power reactors, radiation controls for the protection of the public are provided in Title 10 of the Code of Federal Regulations (10 CFR) Part 20, Standards for Protection Against Radiation; 10 CFR Part 50, Domestic Licenses of Production and Utilization Facilities, Appendix I, Numerical Guides for Design Objectives and Limiting Conditions for Operation to Meet the Criterion As Low is As Reasonably Achievable for Radioactive Material in Light-Water-Cooled Nuclear Power Reactor Effluents; and effluent controls in the plant license and procedures (e.g., 10 CFR 50.36a and offsite dose calculation manual).

5 DRAFT DRAFT

DRAFT DRAFT Condition II events are also referred to as anticipated operational occurrences (AOOs) and are evaluated to ensure limited fuel failures and, thereby, minimal releases of radioactive material.

The protection against AOOs for LWRs is provided primarily by the reactor protection system, and analyses are performed to confirm that safety limits are not exceeded. Safety limits are defined for adequate heat removal from the reactors fuel rods (e.g., specified acceptable fuel design limits (SAFDLs)) and pressure relief to protect the reactor coolant pressure boundary (for transients resulting in increased reactor coolant system (RCS) pressure). Condition II events are selected through evaluation of various events, such as changes (increases or decreases) in heat removal by secondary systems, decreases in reactor coolant system flow, reactivity and power distribution anomalies, and changes (increases or decreases) in reactor coolant inventory. SAFDLs are generally used as performance measures for reactor protection systems in LWRs and address specific physical phenomena such as departure from nucleate boiling or peak fuel temperatures that could damage fuel pellets or cladding very shortly after the initial plant upset. This compares to some non-LWR designs that may not include a fuel cladding or have a distinct transition from effective to ineffective heat transfer such as departure from nucleate boiling. Reactor designs with attributes defined in the NRCs advanced reactor policy statement may also have much slower and less severe responses to the loss of forced coolant flow or reactivity transients than is predicted for most LWRs.

Infrequent and limiting faults for LWRs are also referred to as design-basis accidents (DBAs).

These events are evaluated for LWRs using acceptance criteria that may include limited fuel failures but maintain barriers such that core cooling functions are maintained. This, in turn, would demonstrate that the calculated offsite dose would not exceed established criteria related to short-term health effects. The acceptance criteria and related analyses for LWRs (e.g., peak clad temperature and evaluations models from 10 CFR 50.46) are not applicable to non-LWR designs.

The licensing basis for many operating LWRs did not include consideration of events considered less likely than the infrequent or limiting faults. As explained in A Short History of Nuclear Regulation, 1946-2009,19 some have characterized the initial design and licensing of nuclear power plants as follows:

Regulators using a deterministic approach simply tried to imagine credible mishaps and their consequences at a nuclear facility and then required the defense-in-depth approachlayers of redundant safety featuresto guard against them.

These assumed credible mishaps were, in turn, used to define design-basis events, which were, then, used to determine the safety classification of SSCs, the contents of licensing-basis documents, such as FSARs and technical specifications, and supporting documents, such as plant procedures. The licensing efforts for early plants focused therefore on design-basis events. 20 Regulator and licensee attention were centered on the mitigation of AOOs and DBAs and on ensuring that plant structures and layouts addressed design-basis external hazards such 19 ADAMS Accession No. ML102980443 20 In the context of LWRs and existing NRC regulations, design basis events are defined as conditions of normal operation, including anticipated operational occurrences, design-basis accidents, external events, and natural phenomena for which the plant must be designed to ensure the functions of safety-related SSCs (i.e., ensure (1) the integrity of the reactor coolant pressure boundary, (2) the capability to shut down the reactor and maintain it in a safe shutdown condition; or (3) the capability to prevent or mitigate the consequences of accidents that could result in potential offsite exposures comparable to the applicable guideline exposures set forth in 10 CFR 50.34).

6 DRAFT DRAFT

DRAFT DRAFT that safety-related equipment was protected and plants could proceed from operations to a safe shutdown condition following a design-basis event. In 1962, the AEC published TID-14844, "Calculation of Distance Factors for Power and Test Reactors" which specified a release of fission products from the core to the reactor containment in the event of a postulated accident involving a "substantial meltdown of the core." 21 The source term in TID-14844 supported the licensing of most LWRs and the related regulatory decisions on containment performance and siting. Analysis techniques such as probabilistic risk assessments (PRAs) and mechanistic source terms were introduced after the regulations and guidance for developing the licensing basis for LWRs was already defined using engineering judgement and deterministic methodologies.

The 1999 Commission white paper on risk-informed performance-based regulation describes deterministic analyses as follows:

The current body of regulations, guidance and license conditions is based largely on deterministic analyses and is implemented by prescriptive requirements. As described in the PRA Policy Statement, the deterministic approach to regulation establishes requirements for engineering margin and for quality assurance in design, manufacture, and construction. In addition, it assumes that adverse conditions can exist and establishes a specific set of design basis events (i.e., what can go wrong?). The deterministic approach involves implied, but unquantified, elements of probability in the selection of the specific accidents to be analyzed as design basis events. It then requires that the design include safety systems capable of preventing and/or mitigating the consequences (i.e., what are the consequences?) of those design basis events in order to protect public health and safety. Thus, a deterministic analysis explicitly addresses only two questions of the risk triplet. In addition, traditional regulatory analyses do not integrate results in a comprehensive manner to assess the overall safety impact of postulated initiating events.

The traditional or deterministic approach addressed uncertainties and provided conservatisms through the establishment of design limits, acceptance criteria, and safety margins. The practice of addressing safety functions through the analysis of a limited set of design basis events involves the use of upper bound assumptions, stylized and conservative models, consideration of potential malfunctions using the single failure criterion, and other analytical conservatisms. The approach is well suited to the design of individual SSCs but its limitations in terms of overall plant design and analysis of risks explains the NRCs initiatives to improve the consideration of risk-informed and performance-based insights in the licensing and regulation of nuclear power plants.

The Commission has encouraged risk-informed, performance-based approaches for LWRs as well as in developing licensing strategies for non-LWR technologies. The increasing use of risk assessment methodologies resulted in additional events being considered during LWR licensing (e.g., station blackout, anticipated transient without scram (ATWS)). In addition, guidance such as Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to Licensing Basis, 22 was developed to support 21 The NRC issued NUREG-1465, Accident Source Terms for Light-Water Nuclear Power Plants, in February 1995 (ADAMS Accession No. ML041040063) and revised regulations in 10 CFR 50.67, Accident Source Term, to define an acceptable alternative to the source term defined in TID-14844 22 ADAMS Accession No. ML17317A256 7

DRAFT DRAFT

DRAFT DRAFT licensee-initiated changes to plant designs or operations. The staff discusses ongoing activities for incorporating risk-insights into the licensing and regulation of LWRs in SECY-17-0112, Plans for Increasing Staff Capabilities to Use Risk Information in Decision-Making Activities. 23 i An early example of efforts to better incorporate risk-insights into the licensing of LWRs is the proposed updating of N18.2. The 1983 revision to the standard included the following figure with an additional plant condition category and Table 3-1 with associated offsite radiological consequence criteria.

These categories reflect the use of frequency-consequence (F-C) curves and concepts being proposed for LWRs and non-LWRs in that time frame. While the use of F-C targets were maintained for gas-cooled reactors and were reflected in preapplication documents for MHTGR, PBMR, and NGNP, the concept was not widely adopted for LWRs, and the 1983 version of N18.2 was eventually withdrawn. The staff notes that Revision 19 of the design certification document for the AP-1000 design (ADAMS Accession No. ML11171A367) refers to the 1973 revision of N18.2.

23 ADAMS Accession No. ML17270A197 8

DRAFT DRAFT

DRAFT DRAFT Enclosure 2:

Technology-Inclusive, Risk-Informed, Performance-Based Approach The design process and related development of licensing basis information for nuclear power reactors are iterative processes involving assessments and decisions on key SSCs, operating parameters, and programmatic controls to ensure a reactor can be deployed with no undue risk to public health and safety. The risk to public health and safety from a nuclear reactor arises from the potential release of radioactive materials during normal operation and plant upsets.

Radiological effluents from normal operation are governed by various NRC regulations and license conditions and, while important to plant design and licensing decisions, are outside the scope of this paper. Instead, this paper focuses on the design features, programmatic controls, and licensing decisions related to limiting the unplanned release of radioactive material resulting from plant transients and postulated accidents.

The potential radiological risk to public health and safety can be represented in terms of the inventory of radioactive materials and the fraction of that inventory that might be released as a result of an event. As described in Enclosure 1, the approach for light water reactors has traditionally been to select several stylized events to define requirements for structures, systems, and components (SSCs) serving as barriers to the release of radioactive materials and protecting such barriers by controlling reactor heat generation and providing cooling. Additional requirements for LWRs have been identified as a result of operating experience and insights from probabilistic risk assessments (PRAs). Most of the NRCs requirements, studies, and other activities have focused on LWR technologies and specific design attributes and behaviors related to water coolant, zirconium alloy fuel cladding, and other characteristics of LWRs. The LWR-centric requirements and approaches do not easily translate to a licensing framework for non-LWR technologies, which use different coolants, fuel forms, and safety system designs.

Processes related to the design and licensing of a different reactor technology begins with a conceptual design of a reactor, a primary coolant, and a preliminary assessment of how fundamental safety functions of retaining radioactive materials, controlling heat generation, and controlling heat removal would be accomplished. Key to the design and licensing of a nuclear power reactor is the identification of potential ways radioactive materials could be released from a facility as a result of unplanned events. A simplified representation of the barriers to the release of radionuclides and the supporting safety functions of controlling heat generation and controlling heat removal is provided below 1:

1 The relationship between the retention of radionuclides within the fuel/fuel matrix and the related supporting safety functions of controlling heat generation and heat removal is expected to remain a major factor in managing the risks of non-LWR designs. This will, in turn, make the relationship between the fundamental safety functions key to the design and licensing on non-LWRs. Although this paper provides simplified representations of the movement of radionuclides and heat across the various barriers, the phenomena and models for these behaviors can be complex. Figure 1 reflects a general model for barriers and passive heat removal systems expected to be used for most advanced reactor designs. Radiological source terms associated with spent fuel storage and other plant systems will also need to be evaluated. In addition, other potential mechanisms for degrading barriers (e.g., irradiation, chemical interactions) will need to be addressed for normal operation as well as potential plant transients and postulated accidents.

Enclosure 2

DRAFT DRAFT Figure 1: Fundamental Safety Functions and Mechanistic Source Term The design process for a nuclear power reactor includes developing approaches to fulfill the fundamental safety functions within an overall design that can also meet objectives for power production and costs. Reactor designs are developed and refined from the conceptual design phase to actual construction and operation. Increasing detail is developed through the phases of the design to address the appropriate safety functions, system- and sub-system requirements, and ultimately component-level specifications. The iterative nature of the design processand related assessments to identify and address potential events and ensure reasonable defense in depth (DID) within a design to provide confidence in the retention of radionuclidesare described in NEI 18-04, Revision 0, Risk-Informed Performance-Based Guidance for Non-Light Water Reactor Licensing Basis Development. 2 The NRC staff has proposed to endorse NEI 18-04 through the issuance of Draft Regulatory Guide (DG) 1353, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Approach to Inform the Content of Applications for Licenses, Certifications, and Approvals for Non-Light Water Reactors. 3 While the processes described in NEI 18-04 and DG-1353 have some elements in common with the traditional construct of licensing basis information for LWRs, there are key differences. The primary policy issues supporting the processes described in NEI 18-04 and DG-1353 were resolved in previous Commission papers and related staff requirements memoranda (SRMs) in the 1990s and 2000s. Given the long evolution of preparing and issuing guidance for the licensing of non-LWR designs, the proposed approach is being provided for Commission review and approval of the consolidated methodology.

2 Agencywide Documents Access and Management System (ADAMS) Accession No.ML18aaaXbbb 3 ADAMS Accession No. ML18cccYddd 2

DRAFT DRAFT

DRAFT DRAFT , Background, to this paper provides a summary of the licensing approaches traditionally taken for LWRs and provides some comparisons to the approaches being proposed in NEI 18-04 and DG-1353. The biggest differences arise from the fact that the approaches for LWRs reflect their development in a different era of design and analysis capabilities, their evolution over decades to address lessons learned from operating experience, and their having been LWR-centric in addressing technical concerns. The challenge in preparing guidance for non-LWRs is that the technologies differ not only from LWRs but amongst themselves in terms of fuel forms, coolants, and other key features. However, this challenge also presents an opportunity to revisit the approach to developers preparing applications and NRC staff performing reviews with an increased focus on the fundamental safety functions and the management of risks posed by potential releases of radioactive materials from future nuclear power plants. A desired outcome from developing the guidance for non-LWRs is to better define the appropriate content of applications, in terms of scope and depth of information, and to better focus NRC review efforts through consideration of safety functions, risk insights, and programmatic controls.

The NRC has engaged in several pre-licensing interactions and developed policies and guidance to support the potential licensing of advanced reactor facilities. The most relevant activity related to adopting the methodology described in NEI 18-04 and DG 1383 is SECY-03-0047, Policy Issues Related to Licensing Non-Light Water Reactor Designs, 4 and the related staff SRM dated June 26, 2003. 5 The staff recommended in SECY-03-0047 and the Commission approved in its SRM that:

1) greater emphasis can be placed on the use of risk information by allowing the use of a probabilistic approach in the identification of events to be considered in the design, provided there is sufficient understanding of plant and fuel performance and deterministic engineering judgement is used to bound uncertainties;

2) a probabilistic approach for the safety classification of structures, systems, and components is allowed; and

3) the single-failure criterion can be replaced with a probabilistic (reliability) criterion.

The above three elements of an acceptable approach to establish the licensing basis for non-LWRs are important to the methodology described in NEI 18-04 and DG-1353. Another element of the proposed methodology is the estimation of possible radiological consequences using a mechanistic source term as described in SECY-03-0047 and approved in the related SRM.

The representation in Figure 1 shows safety functions for which plant features and related programmatic controls would be established to ensure that future non-LWRs are able to address potential events and retain radioactive materials within the facility. The variety of non-LWR technologies and designs and the limited applicability of technical requirements developed for LWRs support a return to first principles to identify approaches to fulfill important safety functions and to describe those approaches in applications for NRC licenses, certifications, or approvals. As described in the Commissions Policy Statement on the Regulation of Advanced Reactors (73 FR 60612; October 14, 2008), non-LWRs are expected to provide enhanced margins of safety, use simplified safety systems, provide increased thermal 4 ADAMS Accession No. ML030160002 5 ADAMS Accession No. ML031770124 3

DRAFT DRAFT

DRAFT DRAFT margins, and have other attributes associated with advanced reactor technologies. The level of information necessary to describe simplified designs in licensing applications is expected to be reduced, and in turn, the level of effort needed for NRC staff review is also expected to be reduced. Applications and staff reviews will continue to address those features and programmatic controls needed to retain radionuclides and to protect barriers from events and related plant conditions (e.g., events that might increase temperatures by causing an imbalance between heat generation and heat removal as shown in Figure 1). Applications and NRC staff reviews will continue to need information describing the fuel or fuel system boundary, primary system, and other barriers in terms of the limits on operation (e.g., values or ranges of values for key parameters) to prevent failures, degradation, or to remain within the bounds of testing or qualification of related SSCs. These limits on operation will in turn establish the needed safety functions to prevent damage to barriers to the release of radionuclides (e.g., functions to maintain integrity of fuel cladding, coatings, or other fuel system boundary). This information is required for the methodologies outlined in NEI 18-04 and for the development of a mechanistic source term for the specific non-LWR design. 6 Identification and Analyses of Licensing Basis Events 7 An important part of the design process and formulation of a safety case for reactor designs is the identification of events that could challenge key safety functions and layers of defense against the release of radioactive materials. NEI 18-04 describes a systematic process for identifying and categorizing event sequences as anticipated operational occurrences (AOOs),

design basis events (DBEs), or beyond-design-basis events (BDBEs). An initial list of LBEs to be used in the design process are likely to be based on engineering judgment and techniques such as failure modes and effects analyses, and will be revised as probabilistic risk assessment (PRA) models are developed and refined as the design process progresses and the licensing basis documents are developed. The primary determinate for categorizing events is the estimated frequency of the event sequence. Design basis accidents (DBAs) are derived from DBEs by assuming that only safety-related SSCs are available to mitigate the events. DG-1353 proposes to accept the definitions of the event categories in NEI 18-04 as well as the demarcations shown in Figure 2, Frequency-Consequence [F-C] Target. The methodology includes plotting event sequence families on the F-C target and assessing margins based on event frequency and estimated 30-day dose at the exclusion area boundary. The event sequences and related estimations of frequencies and consequences include equipment malfunctions caused by internal and external hazards. NEI 18-04 acknowledges that the 6 DG-1353 includes the following observation: In terms of translating design information into a licensing application, a developer needs at least a conceptual design that includes a reactor, a primary coolant, and a preliminary assessment of how fundamental safety functions of reactivity control, heat removal, and retention of radioactive materials would be accomplished. In terms of licensing documentation, this information is typically found in safety analysis report Chapter 4, Reactor, Chapter 5, Reactor Coolant and Connecting Systems, and Chapter 6, Engineered Safety Features. Information within these chapters includes the parameters and values to define when important layers of defense (including physical barriers) to the release of radioactive material would degrade or fail. This type of information is important because it often serves as acceptance criteria for the analyses of licensing basis events and as an input into the analysis of releases via a mechanistic source term approach to estimating radiological consequences from potential transients and postulated accidents.

7 The definitions of some phrases used in NEI 18-04 are different from the same phrases as used in NRC regulations and guidance developed for LWRs. The terms AOO and DBE are examples of similar terms having different definitions. The methodology in NEI 18-04 also includes a different definition and means to identify safety-related SSCs from that used in the deterministic approaches used for LWRs. A glossary is included in NEI 18-04 to help alleviate some of the issues that will arise because of differences in terminology.

4 DRAFT DRAFT

DRAFT DRAFT F-C target does not correspond to actual regulatory acceptance criteria but is instead a vehicle to assess a range of events to determine risk significance, support SSC classification, determine special treatment requirements, identify appropriate programmatic controls, and confirm the adequacy of DID.

Figure 2: Frequency-Consequence Target (from NEI 18-04)

The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify events provided there is sufficient understanding of plant and fuel performance and engineering judgment is used to address uncertainties. The F-C target in Figure 2 includes a frequency of 5x10-7 per plant-year to define the lower range of beyond design basis events. This demarcation of lowest event frequencies on the F-C target and category definitions is not a hard and fast cutoff but instead is to be considered in the context of other parts of the methodology. These other considerations include the role of the integrated decision-making panel, aggregate risk measures, DID assessments, accounting for uncertainties, and assessing for potential for cliff-edge effects. The staff considers including a lower frequency range for licensing basis events, when combined with other considerations and engineering judgement, to be an inherent part of a risk-informed approach and is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify events.

The assessments described in NEI 18-04 focus on safety functions and the identification of SSCs needed to fulfill those functions. The F-C targets support defining needed SSC capabilities and reliabilities to support the design process and to inform the content of applications. A key consideration is the uncertainties related to event sequences, plant 5

DRAFT DRAFT

DRAFT DRAFT behavior, assumed reliability of SSCs, and other aspects of the estimation of event frequencies and consequences. The analyses of event sequences are an input into the subsequent processes described in NEI 18-04 for the safety classification of SSCs and assessment of DID.

NEI 18-04 addresses multi-module issues by including guidance that there should be no risk significant DBEs involving a release from two or more modules, and any BDBEs that involve releases from multiple reactor modules or sources would not be high consequence BDBEs.

When this objective is achieved, there should be no DBAs with significant releases from two or more modules or radionuclide sources. The guidance also includes assessing several aggregate risk measures, including the NRCs safety goals related to preventing early fatalities and latent cancer fatalities, to ensure the overall risk of plant operation is below established thresholds.

NEI 18-04 describes assessments of event sequences in addition to the consideration of AOOs, DBEs, and BDBEs. A deterministic DBA is associated with each DBE that includes the required safety function challenges but assumes that the required safety functions are performed by safety-related SSCs. These DBAs are described in the portion of the license application typically provided by Chapter 15 of safety analysis reports to support the deterministic safety analysis and show that the offsite consequences are below the reference values included in NRC regulations (e.g., 10 CFR 50.34). NRC Regulatory Guide 1.203, Transient and Accident Analysis Methods, provides additional guidance for analyzing DBAs. DG-1353 documents the staffs proposed finding that assessing event sequences (including unavailability or failure of SSCs and combinations of SSCs) over a wide range of frequencies, including BDBEs, and establishing risk and safety function reliability measures for both safety-related and selected non-safety-related SSCs, obviates the need to use the single failure criterion applied to the deterministic evaluations for LWRs. The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to replace the single-failure criterion with a probabilistic (reliability) criterion.

Safety Classification and Performance Criteria for SSCs The second major component of the methodology described in NEI 18-04 involves assessing the risk significance of SSCs, and determining special treatments if needed to ensure SSC performance of safety functions in the prevention and mitigation of LBEs. Such requirements include those needed to provide the necessary capabilities to perform their mitigation functions and those needed to meet reliability requirements to prevent LBEs with more severe consequences. The safety classification of SSCs and determination of performance criteria are directly related to and performed in an iterative process along with the identification and assessment of LBEs and the assessment of DID.

Consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow a probabilistic approach for the safety classification of SSCs, NEI 18-04 describes the evaluations of LBEs, DID, and classification of safety functions to be used in designing and categorizing specific SSCs for non-LWRs. The safety classification categories used in NEI 18-04 and proposed to be accepted in DG-1353 are defined as follows:

6 DRAFT DRAFT

DRAFT DRAFT

Safety-Related (SR):

o SSCs selected by the designer from the SSCs that are available to perform the required safety functions to mitigate the consequences of DBEs to within the LBE F-C Target, and to mitigate DBAs that only rely on the SR SSCs to meet the dose limits of 10 CFR 50.34 using conservative assumptions o SSCs selected by the designer and relied on to perform required safety functions to prevent the frequency of BDBE with consequences greater than the 10 CFR 50.34 dose limits from increasing into the DBE region and beyond the F-C Target

Non-Safety-Related with Special Treatment (NSRST):

o Non-safety-related SSCs relied on to perform risk significant functions. Risk significant SSCs are those that perform functions that prevent or mitigate any LBE from exceeding the F-C Target, or make significant contributions to the cumulative risk metrics selected for evaluating the total risk from all analyzed LBEs.

o Non-safety-related SSCs relied on to perform functions requiring special treatment for DID adequacy

Non-Safety-Related with No Special Treatment (NST):

o All other SSCs (with no special treatment required)

A major objective of the process described in NEI 18-04 is to establish a systematic approach to assessing and determining appropriate relationships between the needed capabilities and reliabilities for SSCs and the role of those SSCs in mitigating and preventing LBEs. The safety classification of SSCs is made in the context of how the SSCs perform specific safety functions for each LBE in which they play a role in preventing or mitigating the event. The reliability of the SSC serves to prevent the occurrence of the LBE by lowering its frequency of occurrence. The safety classification process and the corresponding special treatments serve to control the frequencies and consequences of the LBEs in relation to the F-C Target and ensure that the cumulative risk metrics are not exceeded. The SSC classifications and logic outlined in NEI 18-04 are part of an integrated methodology, which includes a defined relationship between licensing basis events, equipment classification, and assessments of DID. The classifications and related outcomes may not be applicable for alternative approaches that do not follow the other parts of the methodology described in NEI 18-04.

Evaluation of Defense-in-Depth Adequacy NEI 18-04 describes a framework that includes probabilistic and deterministic assessment techniques to establish DID using a combination of plant capabilities and programmatic controls.

Evaluations are performed based on several established approaches to DID to assess a reactor design and determine if additional measures are appropriate to address an over-reliance on specific SSCs or to address uncertainties. One element of NEI 18-04 related to assessing DID is adapted from a process defined in IAEA standards and guidance such as IAEA Specific Safety Requirements No. SSR-2/1, Safety of Nuclear Power Plants: Design. This approach includes evaluating each LBE to identify the DID attributes that have been incorporated into the design to prevent and mitigate accident sequences and to ensure that they reflect adequate SSC reliability and capability.

The process in NEI 18-04 calls for the reactor designer to form an Integrated Decision Panel which supports the overall design effort (including development of plant capability and programmatic DID features), conducts the DID adequacy evaluation for the design, and documents the DID baseline. The process and outcome in terms of assessments and 7

DRAFT DRAFT

DRAFT DRAFT demonstration that a reasonable level of DID has been incorporated into the design will be described in an application for a license, certification, or approval. A structure for the operation of an Integrated Decision Panel is provided in RG 1.201, Guidelines for Categorizing Structures, Systems, and Components in Nuclear Power Plants According to Their Safety Significance, 8 and the related industry guidance in NEI 00-04, 10 CFR 50.69 Categorization Guide. 9 As part of the DID adequacy evaluation, each LBE is evaluated to confirm that risk targets are met without exclusive reliance on a single element of design, single program, or single DID attribute.

Figure 3 is a representation of the relationships between the various parts of the methodology described in NEI 18-04 (licensing basis events, SSC safety classification, and DID) as well as how the plant capabilities and programmatic controls are assessed using both deterministic and risk-informed techniques to ensure DID adequacy for a specific design.

Figure 3: Framework for Establishing DID Adequacy (from NEI 18-04)

NEI 18-04 explains that one of the primary motivations of employing DID attributes is to address uncertainties, including those that are reflected in the PRA estimates of frequency and consequence as well as other uncertainties which are not sufficiently characterized for uncertainty quantification nor amenable to sensitivity analyses. The plant capability DID include design margins that protect against certain uncertainties, and measures are also incorporated into both plant capability and programmatic elements of DID to compensate for residual unknowns. The plant capability DID adequacy assessment examines whether any single 8 ADAMS Accession No. ML061090627 9 ADAMS Accession No. ML052910035 8

DRAFT DRAFT

DRAFT DRAFT feature is excessively relied on to achieve public safety objectives, and if so identifies options to reduce or eliminate such dependency. A key element of the evaluation of DID described in NEI 18-04 is a systematic review of the LBEs against the layers of defense. This review by the Integrated Decision Panel is necessary to evaluate the plant capabilities for DID and to identify any programmatic DID measures that may be necessary for ensuring DID adequacy. This review is performed to assess important DID properties such as an appropriate balance between prevention and mitigation of LBEs, identified reliability/availability missions for SSCs serving to prevent or mitigate LBEs, and effective physical and functional barriers to retain radionuclides. This review is also performed to ensure measures exist to address risk significant sources of uncertainty. In addition to examining the specific design features and SSCs used in a design, NEI 18-04 provides examples of programmatic controls associated with licensing basis documents such technical specifications, quality assurance programs, plant procedures and guidelines, training, maintenance programs, and testing and surveillance programs.

As described above, the approaches to assessing DID outlined in NEI 18-04 and proposed to be accepted in DG-1353 are part of an integrated methodology used to identify and analyze licensing basis events, classify and establish performance criteria for SSCs, and identify appropriate programmatic controls. The methodology considers various layers of defense, seeks to avoid excessive reliance on single defenses, and includes measures to address uncertainties. The Integrated Decision Panel is instrumental to considering DID during the design process and during the development of the related licensing application. The NRC has long recognized the importance of DID and considers its implementation in guidance such as RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis. However, the Commission stated in its SRM dated March 9, 201610 for SECY-15-0168, Recommendations on Issues Related to Implementation of a Risk Management Regulatory Framework, that a formal agencywide definition and criteria for determining the adequacy of DID should not be developed. The staff is not proposing to define DID or impose the approach described in NEI 18-04 onto any applicant not choosing to use the methodology as part the design and licensing for a non-LWR.

This approach is consistent with the Commissions SRM for SECY-15-0168 while also improving the consideration of DID within the design and licensing of future non-LWR technologies.

Informing the Content of Applications NEI 18-04 provides useful guidance for reactor designers and the NRC staff in the key areas of selecting and evaluating licensing basis events, identifying safety functions and classifying SSCs, selecting special treatment requirements, identifying appropriate programmatic controls, and assessing DID. Taken together, these activities provide essential insights for the reactor design process, define needed SSC capabilities and programmatic controls, and support documenting the safety case supporting applications for licenses, certifications, or approvals.

NEI 18-04 thereby defines a methodology for applicants to identify and provide the appropriate level of information needed to satisfy parts of the regulatory requirements in 10 CFR 50.34, 10 CFR 52.47, 10 CFR 52.79, 10 CFR 52.137, and 10 CFR 52.157. The staff finds it appropriate to define a technology inclusive, risk-informed, performance-based methodology to help non-LWRs applicants prepare applications rather than to develop prescriptive, technology-specific application content guidance as was developed for LWRs and documented in RG 1.70, Revision 3, Standard Format and Content of Safety Analysis Reports for Nuclear 10 ADAMS Accession No. ML16069A370 9

DRAFT DRAFT

DRAFT DRAFT Power Plants (LWR Edition), 11 and RG 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition). 12 NEI 18-04 and DG-1353 describe how deterministic evaluations and probabilistic risk assessments inform design decisions and ultimately support the safety case presented in applications for licenses, certifications, and approvals. The interrelationship between the licensing basis events and the derivation of both plant capabilities and programmatic controls are defined in NEI 18-04 and need to be reflected in a safety analysis report supporting an application. The approach described in NEI 18-04 and DG-1353 involves the assessment of event categories that extend from benign to severe. The analysis of AOOs, DBEs, and BDBEs plays an important role in defining safety functions, classifying SSCs, and assessing DID. The analysis results for event sequences and related organization into event sequence families will be described in the safety analysis report. In addition to plant response information on SSC capabilities typically provided in deterministic evaluations, the description of AOOs, DBEs, and BDBEs will need to include or point to key information such as uncertainties and measures to ensure assumed SSC availabilities. Current guidance for safety analysis report format and content for LWRs (e.g., RG 1.206) does not include a specific section for DID assessments.

The importance of the DID assessments in the NEI 18-04 methodology and the more systematic approach to performing the assessments lends itself to specific discussions in safety analysis reports. The format and content of the chapter can follow the assessment methodology and be used to document decisions by the Integrated Decision Panel.

Safety analysis reports for operating LWRs contain detailed descriptions of SSCs supporting safety functions. Examples include chapters on instrumentation and control systems, electrical power systems, and cooling water systems. Additional chapters in LWR safety analysis reports are dedicated to power conversion systems and systems needed to handle various forms of radioactive wastes. The various system descriptions for LWRs are appropriate given the importance of support systems for active safety systems and the potential for support or secondary plant systems to cause a plant transient challenging the fuel cladding or other barrier to the release of radionuclides. NEI 18-04 describes a process to evaluate the risk significance of SSCs in terms of contributing to initiating events or in the mitigation of event sequences. The analyses and assessments in NEI 18-04 can provide insights into the appropriate level of detail needed to describe parts of plant outside the primary systems. In many instances, the level of detail for the information about ancillary plant systems in advanced reactor designs can be significantly less than that provided for LWRs because of the expected use of passive safety systems and increased thermal capacities of reactor systems which reduce sensitivities to plant upsets. A description of ancillary plant systems or the interface between the ancillary and primary plant systems should focus on any safety functions being supported and possible contributions to initiating events. Other appropriate information includes the safety classification of SSCs and any special treatments identified to address the safety or risk significance of the ancillary SSCs identified via insights from the PRA or assessments of DID.

The level of detail for some SSCs can also reflect potential performance-based approaches within applications for licenses, certifications, or approvals. Consideration of performance-based approaches is encouraged in the guidance for NRC staff reviews of advanced reactors and can likewise be used to inform the appropriate level of detail in applications. The Introduction, Part 2 to NUREG 0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: Light-Water Small Modular Reactor Edition, includes the 11 ADAMS Accession No. ML011340072 12 ADAMS Accession No. ML070630003 10 DRAFT DRAFT

DRAFT DRAFT following guidance on the use of performance-based approaches as part of an integrated review for small modular reactors:

Second, the framework incorporates an integrated review approach by using the satisfaction of selected requirements to provide reasonable assurance of some aspects of SSC performance (for example, performance-based acceptance criteria related to SSC capability, reliability, and availability). Examples of requirements that could be applied for this purpose include 10 CFR Part 50, Appendix A (general design criteria, overall requirements, criteria 1 through 5),

10 CFR Part 50, Appendix B (quality assurance program), 10 CFR 50.49 (electric equipment environmental qualification program), 10 CFR 50.55a (code design, inservice testing and inservice inspection programs), 10 CFR 50.65 (maintenance rule), Technical Specifications (TSs), Availability Controls for SSCs subject to Regulatory Treatment of Non-Safety Systems (RTNSS), the Initial Test Program (ITP), and ITAAC [Inspections, Tests, Analyses and Acceptance Criteria]. In preparing the safety evaluation for the application, the staff may use the satisfaction of these selected requirements to augment or replace, as appropriate, technical analysis and other evaluation techniques to obtain reasonable assurance that the performance-based acceptance criteria are satisfied. Under the framework, the staff also has the flexibility to use these selected requirements to demonstrate satisfaction of design-based acceptance criteria for the SSCs with low risk significance. The staff will verify the demonstration of the design-basis capabilities of SSCs that are important to safety as part of the ITAAC completion review prior to plant operation.

The integrated process described in NEI 18-04 and its consideration of plant capabilities and programmatic controls is well suited to inform the content of applications and including discussions of appropriate performance-based controls of ancillary SSCs and thereby reducing the level of detail that would be necessary in the descriptions of the physical systems.

Specific Items for Commission Consideration NEI 18-04 and DG-1353 incorporate the solutions to several past policy issues into a consolidated methodology to support the design and licensing of non-LWRs. The methodology is sufficiently developed to provide additional clarity on how past Commission decisions will be reflected in the design and licensing processes. The staff is requesting Commission consideration and approval in order to finalize the regulatory guidance for non-LWR developers.

The following items have been approved by the Commission in previous SRMs:

The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify events provided there is sufficient understanding of plant and fuel performance and engineering judgment is used to address uncertainties. NEI 18-04 and DG-1353 emphasize that the F-C targets do not depict acceptance criteria or actual regulatory limits. However, the inclusion of the F-C targets within the methodology does highlight the consideration of risk insights more clearly than most of NRCs existing requirements and guidance, and clarifies the implementation of actions described in previous Commission papers.

11 DRAFT DRAFT

DRAFT DRAFT

The F-C targets in NEI 18-04 and proposed to be endorsed in DG-1353 include a frequency of 5x10-7 per plant-year to define the lower range of beyond design basis events. This demarcation of lowest event frequencies on the F-C targets and category definitions is not a hard and fast cutoff but instead should be considered in the context of other parts of the methodology, which include appropriate consideration of uncertainties. These other considerations include the role of the Integrated Decision Panel, aggregate risk measures, DID assessments, accounting for uncertainties, and assessing for potential for cliff-edge effects. Including a lower frequency range for licensing basis events is an inherent part of a risk-informed approach and consistent with the proposals under consideration when the Commission approved the recommendation in SECY-03-0047 to allow the use of a probabilistic approach to identify and categorize events. The methodology described in NEI 18-04 and DG-1353 provides insights into the implementation of actions included in previous Commission papers and related SRMs.

NEI 18-04 states: In view of the fact that advanced non-LWRs will employ a diverse combination of inherent, passive, and active design features to perform the RSFs [required safety functions] across layers of defense and taking into account the fact that the reactor safety design approach will be subjected to an evaluation of DID adequacy, the application of a single failure criterion is not deemed to be necessary. The process described in NEI 18-04 includes assessing event sequences (including reliability and availability of SSCs and combinations of SSCs) over a wide range of frequencies and establishing risk and safety function reliability measures. The staff finds that methodology in NEI 18-04, including assessments of event sequences and DID, obviates the need to use the single failure criterion applied to the deterministic evaluations for LWRs. The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the recommendation in SECY-03-0047 to replace the single-failure criterion with a probabilistic (reliability) criterion. The staff notes that the NEI 18-04 methodology is similar to Alternative 3 in SECY-05-0138, Risk-Informed and Performance-Based Alternatives to the Single-Failure Criterion, dated August 2, 2005, which noted that this approach was arguably a good way to go about licensing advanced plants, some aspects of which were not anticipated by current Part 50 requirements. The methodology described in NEI 18-04 provides insights into the implementation of probabilistic or reliability criteria included in previous Commission papers and related SRMs.

The SSC classifications and logic outlined in NEI 18-04 and proposed to be accepted in DG-1353 are part of an integrated methodology, which includes a defined relationship between licensing basis events, equipment classification, and assessments of DID. The classification scheme in NEI 18-04 has some similarity to that used for other new reactors, which maintain the role of safety-related SSCs in mitigating LWR design basis events 13 and provides for the regulatory treatment of non-safety systems determined to be safety- or risk-significant. The methodology described in NEI 18-04 and DG-1353 introduce different event categories and SSC classifications derived from insights from the F-C target, including BDBEs, and DID assessments. The approach described in NEI 18-04 and proposed to be endorsed in DG-1353 is consistent with the Commissions SRM approving the 13 In the context of LWRs and existing NRC regulations, design basis events are defined as conditions of normal operation, including anticipated operational occurrences, design-basis accidents, external events, and natural phenomena for which the plant must be designed to ensure the functions of safety-related SSCs (i.e., ensure (1) the integrity of the reactor coolant pressure boundary, (2) the capability to shut down the reactor and maintain it in a safe shutdown condition; or (3) the capability to prevent or mitigate the consequences of accidents that could result in potential offsite exposures comparable to the applicable guideline exposures set forth in 10 CFR 50.34).

12 DRAFT DRAFT

DRAFT DRAFT recommendation in SECY-03-0047 to allow a probabilistic approach for the safety classification of SSCs. Additionally, the methodology described in NEI 18-04 clarifies the implementation of the actions included in previous Commission papers and SRMs including adopting terminology that differs from some of the definitions in NRC regulations and LWR guidance documents.

The following items have not been specifically approved by the Commission in previous SRMs but are an integral part of the methodology described in NEI 18-04 and proposed to be endorsed in DG-1353.

The approaches to assessing DID outlined in NEI 18-04 and proposed to be accepted in DG-1353 are part of an integrated methodology used to identify and analyze licensing basis events, classify and establish performance criteria for SSCs, and identify appropriate programmatic controls. The methodology includes measures to avoid excessive reliance on single defenses and to address uncertainties. An Integrated Decision Panel is used to ensure deterministic factors and engineering judgement remain key part of the process.

Although proposing to accept the DID assessments incorporated into the methodology described in NEI 18-04, the staff is not proposing to more universally define DID criteria or impose the approach described in NEI 18-04 onto any applicant not choosing to use the methodology as part the design and licensing for a non-LWR. The staff is proposing in DG-1353 to find acceptable the approach for assessing DID described in NEI 18-04 and seeks Commission acceptance of this finding for this specific case.

NEI 18-04 provides guidance for reactor designers and the NRC staff in the key areas of selecting and evaluating licensing basis events, identifying safety functions and classifying SSCs, selecting special treatment requirements, identifying appropriate programmatic controls, and assessing DID. Taken together, these activities provide essential insights for the reactor design process, define needed SSC capabilities and programmatic controls, and support documenting the safety case supporting applications for licenses, certifications, or approvals. In addition to information about primary barriers to the release of radionuclides and SSCs performing safety- and risk-significant functions, the analyses and assessments in NEI 18-04 can provide insights into the appropriate level of detail needed to describe parts of a plant outside the primary systems. The level of detail for ancillary SSCs can also reflect potential performance-based approaches within applications for licenses, certifications, or approvals. DG-1353 discusses the expanded use of the risk-informed, performance-based approaches described in Part 2 to the Introduction to NUREG-0800 for light-water small modular reactors to inform the content of applications. The Commission approved the approach for light-water small modular reactors in its SRM dated May 11, 2011 14 for SECY-11-0024, Use of Risk Insights to Enhance the Safety Focus of Small Modular Reactor Reviews. The use of the guidance in NEI 18-04 and DG-1353 provide insights into the appropriate scope and level of detail to be provided in safety analysis reports for non-LWR designs and the associated NRC staff reviews such that the information provided and levels of NRC review are commensurate with the risks posed by the non-LWR designs. The staff seeks confirmation from the Commission that the risk-informed, performance-based approaches should be used not only to guide staff reviews but that they may also be used to inform the appropriate scope and level of detail to be provided in non-LWR applications for licenses, certifications, and approvals.

14 ADAMS Accession No. ML111320551 13 DRAFT DRAFT

ML18270A334

Contents

Text

SUBJECT:

Enclosures:

1. Background

Navigation menu

ML18270A334

Text

SUBJECT:

Enclosures:

1. Background

Navigation menu

Search