Text

LLC Submittal of Mitigation Strategies for Extended Loss of AC Power Event, TR-0816-50797, Revision 2
	ML19212A084
Person / Time
Site:	NuScale
Issue date:	07/30/2019
From:	Rad Z; NuScale
To:	; Document Control Desk, Office of New Reactors
References
	LO-0719-66485
	Download: ML19212A084 (64)
	v • d • e

LO-0719-66485 July 30, 2019 Docket No.52-048 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738

SUBJECT:

NuScale Power, LLC Submittal of Mitigation Strategies for Extended Loss of AC Power Event, TR-0816-50797, Revision 2

REFERENCES:

1. Letter from NuScale Power, LLC to U.S. Nuclear Regulatory Commission, Submittal of NuScale Technical Reports Supporting the NuScale Design Certification Application (NRC Project No. 0769), dated December 30, 2016 (ML17005A112)

2. NuScale Technical Report, Mitigation Strategies for Extended Loss of AC Power Event, TR-0116-51962, Revision 0, dated December 2016 (ML17005A120)

3. Letter from NuScale Power, LLC to U.S. Nuclear Regulatory Commission, Submittal of Mitigation Strategies for Extended Loss of AC Power Event, TR-0816-50797, Revision 1, dated May 2019 (ML19151A853)

NuScale Power, LLC (NuScale) hereby submits Revision 2 of the Mitigation Strategies for Extended Loss of AC Power Event, (TR-0816-51127) technical report. The purpose of this submittal is to provide a full revision of this technical report to support the NuScale submittal of DCA Revision 3.

This letter makes no regulatory commitments and no revisions to any existing regulatory commitments.

If you have any questions, please contact Nadja Joergensen at 541-452-7338 or at njoergensen@nuscalepower.com.

Sincerely, Zackary W. Rad Director, Regulatory Affairs NuScale Power, LLC Distribution: Samuel Lee, NRC, OWFN-8H12 Gregory Cranston, NRC, OWFN-8H12 Omid Tabatabai, NRC, OWFN-8H12

Enclosure:

Mitigation Strategies for Extended Loss of AC Power Event, TR-0816-50797, Revision 2 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com

LO-0719-66485

Enclosure:

Mitigation Stategies for Extended Loss of AC Power Event, TR-0816-50797, Revision 2 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360-0500 Fax 541.207.3928 www.nuscalepower.com

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report Mitigation Strategies for Extended Loss of AC Power Event July 2019 Revision 2 Docket: 52-048 NuScale Nonproprietary NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 www.nuscalepower.com

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report COPYRIGHT NOTICE This report has been prepared by NuScale Power, LLC and bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this report, other than by the U.S.

Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.

The NRC is permitted to make the number of copies of the information contained in this report that is necessary for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding. Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of copies necessary for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice and contain the proprietary marking if the original was identified as proprietary.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report Department of Energy Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008820.

This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report CONTENTS Abstract ....................................................................................................................................... 1 Executive Summary .................................................................................................................... 2 1.0 Introduction ..................................................................................................................... 3 1.1 Purpose ................................................................................................................. 3 1.2 Scope .................................................................................................................... 3 1.3 Definitions, Acronyms and Abbreviations .............................................................. 3 2.0 Background ..................................................................................................................... 9 2.1 Regulatory Requirements ...................................................................................... 9 3.0 NuScale Power Plant Baseline Coping Criteria .......................................................... 10 3.1 Coping Strategies ................................................................................................ 10 3.1.1 Objective ............................................................................................................. 10 3.1.2 Baseline Coping Capability Criteria, Conditions, and Assumptions..................... 10 3.1.3 Boundary Conditions ........................................................................................... 10 3.1.4 Initial Plant Conditions ......................................................................................... 11 3.1.5 Initial Event Conditions and Assumptions ........................................................... 11 3.1.6 Reactor Transient Assumptions ........................................................................... 11 3.1.7 Spent Fuel Pool Conditions ................................................................................. 12 3.2 NuScale Power Plant Design Capabilities ........................................................... 12 3.2.1 Core Cooling ....................................................................................................... 12 3.2.2 Containment ........................................................................................................ 12 3.2.3 Spent Fuel Pool Cooling ...................................................................................... 13 3.2.4 Monitoring ............................................................................................................ 13 4.0 NuScale Power Plant Systems and Responses to an Extended Loss of Alternating Current Power ........................................................................................... 14 4.1 Reactor Building .................................................................................................. 14 4.2 Control Building ................................................................................................... 14 4.3 Alternating Current Distribution Systems............................................................. 15 4.3.1 System Design .................................................................................................... 15 4.3.2 System Response to an Extended Loss of Alternating Current Power ............... 15 4.4 Backup Power Supply System ............................................................................ 15 4.4.1 System Design .................................................................................................... 15 4.4.2 Equipment Qualification ...................................................................................... 16 NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report 4.4.3 System Response to an Extended Loss of Alternating Current Power ............... 16 4.5 Normal Direct Current Power System ................................................................. 16 4.5.1 System Design .................................................................................................... 16 4.5.2 Equipment Qualification ...................................................................................... 17 4.5.3 System Response to an Extended Loss of Alternating Current Power ............... 17 4.6 Highly Reliable Direct Current Power System ..................................................... 17 4.6.1 System Design .................................................................................................... 17 4.6.2 Equipment Qualification ...................................................................................... 19 4.6.3 System Response to an Extended Loss of Alternating Current Power ............... 19 4.7 Module Protection System .................................................................................. 19 4.7.1 System Design .................................................................................................... 19 4.7.2 Equipment Qualification ...................................................................................... 21 4.7.3 System Response to an Extended Loss of Alternating Current Power ............... 22 4.8 Plant Protection System ...................................................................................... 22 4.8.1 System Design .................................................................................................... 22 4.8.2 Equipment Qualification ...................................................................................... 23 4.8.3 System Response to an Extended Loss of Alternating Current Power ............... 23 4.9 Safety Display and Indication System ................................................................. 23 4.9.1 System Design .................................................................................................... 23 4.9.2 Equipment Qualification ...................................................................................... 24 4.9.3 System Response to an Extended Loss of Alternating Current Power ............... 24 4.10 Containment System ........................................................................................... 25 4.10.1 System Design .................................................................................................... 25 4.10.2 Equipment Qualification ...................................................................................... 26 4.10.3 System Response to an Extended Loss of Alternating Current Power ............... 26 4.11 Ultimate Heat Sink System .................................................................................. 26 4.11.1 System Design .................................................................................................... 26 4.11.2 Equipment Qualification ...................................................................................... 27 4.11.3 System Response to an Extended Loss of AC Power......................................... 28 4.12 Decay Heat Removal System.............................................................................. 29 4.12.1 System Design .................................................................................................... 29 4.12.2 Equipment Qualification ...................................................................................... 30 NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report 4.12.3 System Response to an Extended Loss of AC Power......................................... 30 4.13 Emergency Core Cooling System ....................................................................... 30 4.13.1 System Design .................................................................................................... 30 4.13.2 Equipment Qualification ...................................................................................... 32 4.13.3 System Response to an Extended Loss of Alternating Current Power ............... 32 4.14 Reactor Building Heating, Ventilation, and Air Conditioning System ................... 32 4.14.1 System Design .................................................................................................... 33 4.14.2 Equipment Qualification ...................................................................................... 33 4.14.3 System Response to an Extended Loss of Alternating Current Power ............... 33 4.15 Control Room Heating, Ventilation, and Air Conditioning System ....................... 33 4.15.1 System Design .................................................................................................... 34 4.15.2 Equipment Qualification ...................................................................................... 34 4.15.3 System Response to an Extended Loss of Alternating Current Power ............... 34 4.16 Control Room Habitability System ....................................................................... 35 4.16.1 System Design .................................................................................................... 35 4.16.2 Equipment Qualification ...................................................................................... 35 4.16.3 System Response to an Extended Loss of Alternating Current Power ............... 36 4.17 Reactor Building Crane System .......................................................................... 36 4.17.1 System Design .................................................................................................... 36 4.17.2 Equipment Qualification ...................................................................................... 37 4.17.3 System Response to an Extended Loss of AC Power......................................... 38 4.18 Communications System ..................................................................................... 38 5.0 Safety Functions during an Extended Loss of Alternating Current Power ............. 39 5.1 Integrated Plant Response .................................................................................. 39 5.2 Core Cooling ....................................................................................................... 40 5.2.1 Reactor Coolant System Inventory ...................................................................... 40 5.2.2 Reactivity Control ................................................................................................ 42 5.2.3 Decay Heat Removal .......................................................................................... 43 5.2.4 Core Cooling Parameters .................................................................................... 44 5.3 Containment ........................................................................................................ 45 5.3.1 Containment Temperature and Pressure............................................................. 46 5.3.2 Containment Parameters .................................................................................... 46 NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report 5.4 Spent Fuel Cooling .............................................................................................. 47 5.4.1 Spent Fuel Pool Level ......................................................................................... 47 5.4.2 Spent Fuel Pool Cooling Parameters .................................................................. 47 5.5 Transition Mode (MODE 4) .................................................................................. 48 5.5.1 Core Cooling ....................................................................................................... 48 5.5.2 Reactor Building Crane Capacity ........................................................................ 48 5.6 Refueling Mode (MODE 5) .................................................................................. 49 5.7 Baseline Coping Capability ................................................................................. 50 6.0 Coping Strategies Equipment ...................................................................................... 52 7.0 Conclusion ..................................................................................................................... 53 8.0 References ..................................................................................................................... 54 NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Licensing Technical Report TABLES Table 1-1 Abbreviations ......................................................................................................... 3 Table 1-2 Definitions .............................................................................................................. 6 Table 4-1 Ultimate heat sink heat up and boil off - 12 NuScale Power Modules initially operating ............................................................................................................. 28 Table 4-2 Approximate ultimate heat sink boil off rate during an extended loss of alternating current power ..................................................................................... 29 Table 5-1 Core cooling key parameters .............................................................................. 45 Table 5-2 Containment key parameters .............................................................................. 47 Table 5-3 Ultimate heat sink heat up and boil off - 11 NuScale Power Modules initially operating, 1 NuScale Power Module refueling .................................................... 50 Table 5-4 Baseline coping capability summary ................................................................... 51 FIGURES Figure 5-1 Ultimate heat sink level during an extended loss of alternating current power - 12 NuScale Power Modules initially operating....................................... 44 Figure 5-2 NuScale Power Module submergence and buoyancy effect ............................... 49 NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Abstract This report describes the NuScale Power Plant baseline coping capability to address an extended loss of alternating current power (ELAP) event concurrent with loss of normal access to the normal heat sink (LUHS).

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Executive Summary In response to requirements of the Mitigation of Beyond-Design-Basis Events rule, 10 CFR 50.155(b)(1) (rule affirmed by the Nuclear Regulatory Commission on January 24, 2019), this report assesses the NuScale Power Plant response to an extended loss of alternating current (AC) power (ELAP) event concurrent with a loss of normal access to the normal heat sink (LUHS).

In an ELAP event, the NuScale Power Plant does not require operator action, operator monitoring, AC or direct current (DC) electrical power, or offsite resources to establish and maintain the key safety functions of core cooling, containment, and spent fuel pool cooling indefinitely, or until sufficient site functional capabilities can be maintained without the need for mitigation strategies. However, instrumentation and DC electrical power are provided to allow the operators to observe the response of installed plant equipment and verify the conditions necessary for indefinite coping. Regarding coping capability, NuScale considers any period greater than 14 days to be adequate coping time for sufficient site functional capabilities to be maintained without the need for mitigation strategies. In the Fukushima Daiichi accident, personnel began adding water to the spent fuel pool of Unit 4 via fire and concrete pump trucks 9 days after the tsunami, and began injecting water via the fuel pool cooling system 14 days after the tsunami (International Atomic Energy Agency, The Fukushima Daiichi Accident, Technical Volume 1). These actions occurred with no pre-planning or pre-staging of resources, without the benefit of a hardened pool makeup connection, and despite widespread destruction limiting access to offsite resources.

The NuScale Power Plant design capabilities provide passive heat removal that maintains core cooling for more than 50 days without pool inventory makeup or operator action. Containment is ensured via passive cooling that controls temperature and pressure, maintaining containment cooling for more than 50 days without inventory makeup or operator action. Spent fuel pool cooling is passively achieved for more than 150 days without pool inventory makeup or operator action. Regarding coping capability of the NuScale Power Plant design, NuScale considers any period greater than 14 days to be an adequate time period to establish an alternate means of removing heat and thus determines that 14 days provides adequate coping for an ELAP event at a NuScale Power Plant. Core cooling, containment, and spent fuel pool cooling capability of 50, 50, and 150 days, respectively, provides substantial margin to the 14-day coping criteria.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 1.0 Introduction 1.1 Purpose This report addresses mitigation strategies and equipment requirements of the Mitigation of Beyond Design Basis Events rule, 10 CFR 50.155(b)(1) and (c), for the NuScale Power Plant1.

1.2 Scope Section 2 provides a brief background of the regulatory requirements addressed in the report. To address requirements in 10 CFR 50.155(b)(1), Section 3 of the report summarizes the NuScale Power Plant baseline coping criteria. A discussion of NuScale Power Plant systems and responses to an ELAP is included in Section 4 of the report.

Section 5 of the report describes the integrated response of the NuScale Power Module (NPM) to an ELAP, including analysis results. Section 6 addresses the equipment requirement of 10 CFR 50.155(c), and Section 7 concludes the report.

1.3 Definitions, Acronyms and Abbreviations Table 1-1 Abbreviations Term Definition AAPS auxiliary AC power source AC alternating current AHU air handling unit BDBEE beyond-design-basis external event BDG backup diesel generator BPSS backup power supply system BWR boiling water reactor CFR Code of Federal Regulations CIV containment isolation valve CNTS containment system CNV containment vessel COL combined license CRB Control Building CRDM control rod drive mechanism CRE control room envelope 1 NuScale Technical Report TR-0816-50796, Loss of Large Areas due to Explosions and Fire Assessment, addresses requirements in 10 CFR 50.155(b)(2), extensive damage mitigation guidelines.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Term Definition CRHS control room habitability system CRVS control room HVAC system CVCS chemical and volume control system DC direct current DHRS decay heat removal system ECCS emergency core cooling system EDNS normal DC power system EDSS highly reliable DC power system EDSS-C EDSS - common EDSS-MS EDSS - module specific EHVS 13.8 kV and switchyard system ELAP extended loss of alternating current power ELVS low voltage AC electrical distribution system EMVS medium voltage AC electrical distribution system ESF engineered safety feature ESFAS engineered safety features actuation system FWIV feedwater isolation valve HPAC high pressure air compressor HVAC heating, ventilation, and air conditioning IAB inadvertent actuation block I/O input/output LUHS loss of normal access to the normal heat sink2 MCR main control room MLA module lifting adapter MPS module protection system MSIV main steam isolation valve NEI Nuclear Energy Institute NPM NuScale Power Module NRC Nuclear Regulatory Commission PAM post-accident monitoring PCS plant control system PPS plant protection system PSCIV primary system containment isolation valve PWR pressurized water reactor RBC Reactor Building crane RBVS Reactor Building HVAC system RCCWS reactor component cooling water system 2 The MBDBE rule defines a LUHS for a passive design, such as the NuScale design, as loss of normal access to the normal heat sink.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Term Definition RCS reactor coolant system RFP refueling pool RP reactor pool RPCS reactor pool cooling system RPV reactor pressure vessel RTB reactor trip breaker RTS reactor trip system RVV reactor vent valve RXB Reactor Building SBO station blackout SDIS safety display and indication system SFP spent fuel pool SFPCS spent fuel pool cooling system SG steam generator SRV safety relief valve SSCIV secondary system containment isolation valve SSC structures, systems, and components SSE safe shutdown earthquake UHS ultimate heat sink NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Table 1-2 Definitions Term Definition An AC power source that is available to and located at or nearby a nuclear power plant and meets the following requirements:

1. Is connectable to, but not normally connected to, the offsite or onsite emergency AC power systems;

2. Has minimum potential for common mode failure with offsite power or the onsite emergency AC power Alternate AC source sources;

3. Is available in a timely manner after the onset of station blackout (SBO); and

4. Has sufficient capacity and reliability for operation of all systems required for coping with SBO and for the time required to bring and maintain the plant in safe shutdown (non-design basis accident).

The safety classification of the electrical equipment and systems essential to emergency reactor shutdown, containment isolation, reactor core cooling, and containment and reactor heat removal or otherwise essential in preventing significant release of radioactive material to the environment.

Class 1E Class 1E is a functional term. Equipment and systems are to be classified Class 1E if they fulfill the functions listed in the definition. Identification of systems or equipment as Class 1E based on anything other than their function is an improper use of the term and should be avoided.

The operating mode of EDSS - module specific (EDSS-MS) for a period of up to 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after commencing loss of AC Emergency core cooling power operation. Power is supplied to the ECCS valves, system (ECCS) hold mode allowing them to remain closed until a valid initiation signal is received or 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months elapses.

The loss of offsite power, backup diesel generators (BDGs),

Extended loss of alternating and any alternate AC source as defined in 10 CFR 50.2, but current power (ELAP) not the loss of AC power from buses fed by station batteries through inverters.

An environment resulting from a design basis event, i.e.,

Harsh environment loss-of-coolant accident, high-energy line break, or main steam line break.

The operation of highly reliable DC power system (EDSS) following a complete loss of AC electric power to the Loss of AC power (EDSS) essential and nonessential switchgear buses for a specified period of time.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Term Definition Loss of ability to provide a forced flow of water to key plant systems (i.e., the pumps are unavailable and not restorable as part of the coping strategy). Normal access to the normal heat sink (described in FSAR Section 9.2.5) is lost, but the Loss of normal access to the water inventory in a second heat sink, the UHS, remains normal heat sink (LUHS) available and robust piping connecting the UHS to plant systems remains intact. The motive force for UHS flow, i.e.,

service water or circulating water pumps, is assumed to be lost with no prospect for recovery.

The NPM is a self-contained nuclear steam supply system composed of a reactor core, a pressurizer, and two steam NuScale Power Module generators (SGs) integrated within the reactor pressure (NPM) vessel (RPV) and housed in a compact steel containment vessel (CNV).

The operating mode of the EDSS-MS during loss-of-AC-power operation upon completion of ECCS hold-mode operation. The EDSS - common (EDSS-C) operates in this PAM-only mode mode for the entire 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . During this mode, power is supplied only to equipment required for display of post-accident monitoring (PAM) variables.

A system that does not require AC power to operate, but relies instead upon natural forces, such as gravity and Passive safety system natural circulation, or on sources of stored energy, such as pressurized tanks or batteries.

The design of structures, systems, and components (SSC) either meets the current plant design basis for the applicable external hazards, or the current NRC design guidance for the Robust (designs) applicable hazard (e.g., Regulatory Guide 1.76, Revision 1),

or has been shown by analysis or test to meet or exceed the current design basis.

Safe shutdown occurs when the following conditions are met:

a. Reactivity is controlled such that the core is Safe shutdown maintained subcritical.

b. Core cooling is sufficient to maintain the reactor coolant system (RCS) less than or equal to 420 degrees F.

The design basis earthquake for commercial nuclear power Safe shutdown earthquake plants. It is that earthquake which produces the maximum (SSE) vibratory ground motion for which certain SSC, including safety-related SSC, are designed to remain functional.

SSC that are designed and built to withstand the effects of Seismic Category I SSC the SSE and remain functional.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Term Definition SSC that perform no nuclear safety function and whose continued function is not required, but whose structural failure or interaction could degrade the functioning of a Seismic Category I SSC to an unacceptable safety level or Seismic Category II SSC could result in incapacitating injury to occupants of the control room. Seismic Category II SSC are designed so that the SSE would not cause loss of function of Seismic Category I items.

All SSC that are not included in Seismic Category I or Seismic Category II. Members and structural subsystems Seismic Category III SSC whose failure would not impair the capability for safe shutdown or continued operation.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 2.0 Background Following the Fukushima Dai-ichi accident in March 2011, the U.S. Nuclear Regulatory Commission established requirements for nuclear power reactor applicants and licensees to mitigate beyond-design-basis events. The NRC issued the regulatory requirements under several Orders that were based on task force recommendations.

The MBDBE rule codified at 10 CFR 50.155 (Reference 8.1.1) makes those orders generically applicable to meet the following objectives:

1. Align the regulatory framework with ongoing industry implementation efforts to produce a more coherent and understandable regulatory framework.

2. Reduce the potential for inconsistencies and complexities between the related rulemaking actions that could occur if the rulemaking actions were kept separate.

3. Facilitate better understanding of the requirements for internal and external stakeholders, reducing the impact on stakeholders who would otherwise need to review and comment on multiple rulemakings.

2.1 Regulatory Requirements Although the regulations are not yet effective, this Technical Report documents the review of the final regulations and their effect on COL applicants that reference the NuScale Power Plant design certification application.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 3.0 NuScale Power Plant Baseline Coping Criteria This section describes coping strategies and design capabilities of the NuScale Power Plant in an ELAP event concurrent with a LUHS. NuScale assesses the coping capabilities of its design against the industry standard scenario (Reference 8.1.2).

3.1 Coping Strategies 3.1.1 Objective The objective of the ELAP mitigating strategies required by the MBDBE rule is to establish a coping capability to prevent damage to the fuel in any NPM and the SFP and to maintain the containment function by using plant equipment and mitigating equipment during an ELAP concurrent with a LUHS. The mitigating strategies must enable key safety functions to be maintained or restored indefinitely, or until sufficient site functional capabilities can be maintained without the need for the mitigation strategies.

Assumptions for the conditions and the coping capabilities of the NuScale Power Plant are described below, and are consistent with the industry standard scenario (Reference 8.1.2).

3.1.2 Baseline Coping Capability Criteria, Conditions, and Assumptions

1. Plant equipment that is designed to be robust with respect to design basis external events is assumed to be fully available.

2. Plant equipment that is not robust is assumed to be unavailable.

3. Procedures and equipment relied upon should ensure that satisfactory performance of necessary fuel cooling3 and containment functions are maintained.

4. The fuel in the reactor is required to remain covered at all times.

5. The fuel in the SFP is required to remain covered at all times.

3.1.3 Boundary Conditions

1. Beyond-design-basis external event occurs impacting all modules at site.

2. All modules on-site initially operating at power, unless site has procedural direction to shut down due to the impending event.

3. Each module is successfully shut down when required (i.e., all rods inserted, no anticipated transient without scram).

4. On-site staff is at site administrative minimum shift staffing levels.

5. No independent, concurrent events, e.g., no active security threat.

6. All personnel on-site are available to support site response.

7. Spent fuel in dry storage is outside the scope of the event.

3 Fuel cooling refers to both the fuel in the reactor core and the fuel in the SFP NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 3.1.4 Initial Plant Conditions The initial plant conditions are assumed to be:

1. Prior to the event, each NPM has been operating at 100 percent rated thermal power for at least 100 days.

2. At the time of the postulated event, the reactor and supporting systems are within normal operating ranges for pressure, temperature, and water level for the appropriate plant condition.

3. All plant equipment is either normally operating or available from the standby state as described in the plant design and licensing basis.

4. The minimum conditions for plant equipment operability or functionality do not need to be assumed in establishing the capability of that equipment to support mitigation strategies, provided there is an adequate basis for the assumed value.

3.1.5 Initial Event Conditions and Assumptions The following conditions and assumptions apply when determining the baseline coping capability of the NuScale Power Plant (Reference 8.1.2):

1. No specific initiating event is used. The initial condition is assumed to be a loss of offsite power at all units at a plant site resulting from an external event that affects the offsite power system either throughout the grid or at the plant with no prospect for recovery of offsite power for an extended period.

2. Station batteries and associated DC buses along with AC power from buses fed by station batteries through inverters remain available.

3. Cooling and makeup water inventories contained in systems or structures with designs that are robust for the applicable hazards are available.

4. Normal access to the normal heat sink is lost, but the water inventory in the UHS remains available.

5. Plant equipment that is contained in structures with designs that are robust for the applicable hazard is available.

6. Installed electrical distribution system, including inverters and battery chargers, remain available provided they are protected consistent with current station design.

7. No additional events or failures are assumed to occur immediately prior to or during the event, including security events.

3.1.6 Reactor Transient Assumptions

1. Following the loss of all AC power, all reactors automatically trip and all rods are inserted.

2. All safety-related systems operate as designed.

3. No independent failures other than those causing the simultaneous ELAP and LUHS are assumed to occur in the course of the transient.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 3.1.7 Spent Fuel Pool Conditions

1. All boundaries of the SFP are intact, including the liner, gates, and transfer canals.

2. Although sloshing may occur during a seismic event, the initial loss of SFP inventory does not preclude access to the refueling deck around the pool.

3. SFP cooling system is intact, including attached piping.

4. SFP heat load assumes the maximum design basis heat load for the site.

3.2 NuScale Power Plant Design Capabilities The first 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of an ELAP for a NuScale Power Plant is identical to an SBO. The SBO does not pose a significant challenge to the advanced passive design of the NuScale Power Plant, which does not rely on AC power for performing safety functions.

A safe and stable shutdown is automatically achieved and maintained for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months without operator actions.

Following an ELAP concurrent with a LUHS, automatic responses of safety-related equipment establish and maintain the key safety functions of core cooling, containment, and SFP cooling by placing the reactor modules into a safe, stable, shutdown state with passive core and containment cooling. Following the initial, automatic response of safety-related equipmentwhich requires no operator action and no electrical power (AC or DC)the reactor modules and the spent fuel pool rely only on the large inventory of the reactor, refueling, and spent fuel pools, which comprise the ultimate heat sink (UHS), to maintain uninterrupted and long-term heat removal.

3.2.1 Core Cooling

During an ELAP, reactor coolant system inventory is preserved by containment isolation that occurs within the first minute of the event.

The decay heat removal system (DHRS) passively removes decay heat for the first 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months following an ELAP. After 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , the emergency core cooling system (ECCS) valves automatically open to remove decay heat.

The ECCS cools the core for the remainder of an ELAP. Reactor coolant water accumulates in the containment vessel (CNV) and returns to the reactor vessel by natural circulation after ECCS valves open. The ECCS valves cannot change from their safe open position under the ELAP assumed damage state.

Modules are partially immersed in the reactor pool, which is part of the UHS. Passive heat removal to the UHS using DHRS and ECCS maintains core cooling for more than 50 days without pool inventory makeup or operator action.

3.2.2 Containment

Containment isolation valves (CIVs) and the CNV provide passive containment function. Without operator action or electrical power, the safetyrelated CIVs close to isolate the CNV.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2

Heat removal to the UHS passively controls temperature and pressure to ensure containment integrity. Peak pressure and temperature conditions for the CNV occur early in the event when the ECCS valves open and do not challenge containment integrity.

Containment cooling is maintained for more than 50 days without pool inventory makeup or operator action.

3.2.3 Spent Fuel Pool Cooling

The SFP, as part of the UHS, communicates with the refueling pool and reactor pool above the SFP weir wall. As such, the pools respond as a single volume during an ELAP until UHS level lowers below the weir wall.

The UHS inventory maintains passive cooling of the spent fuel in the SFP for more than 150 days following initiation of an ELAP without pool inventory makeup or operator action.

3.2.4 Monitoring

No operator action is required to establish or maintain the required safety functions for at least 50 days following the onset of an ELAP. Therefore, no instrumentation is necessary to support operator actions.

Although not necessary because of the failsafe and passive design, monitoring instrumentation (safety display and indication system, SDIS) is maintained in the main control room for at least 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to provide additional assurance that systems have responded as designed.

Although sufficient UHS level exists for at least 50 days, UHS level monitoring, which includes SFP level, is assured for at least 14 days using installed equipment and dedicated backup battery power supply.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.0 NuScale Power Plant Systems and Responses to an Extended Loss of Alternating Current Power To develop a mitigation strategy, determination of the baseline coping capability of the NuScale Power Plant is made by evaluating the status of the three key safety functions during the integrated plant response to an ELAP. To understand the integrated plant response, the systems that either contribute to the ELAP conditions for which coping is necessary or function to cope with those conditions are evaluated to determine their responses and availability during an ELAP. This section describes functionality of those systems and evaluates their qualifications to determine availability.

NuScale has unprecedented coping capability compared to designs considered in development of the MBDBE rule. Using only safety-related design features, the stored inventory in the Reactor Building pools, and the automatic plant response, the coping duration exceeds 50 days for core cooling and containment, and 150 days for spent fuel cooling. Beyond these durations, which NuScale believes exceed those necessary to satisfy the new rule, only a small amount of water (approximately 28 gpm) added through a gravity-fed piping system would maintain the remaining pool inventory. The MBDBE rule requires indefinite coping capability, or sufficient site functional capabilities to be maintained without the need for the mitigation strategies. In the Fukushima Daiichi accident, personnel began adding water to the spent fuel pool of Unit 4 via fire and concrete pump trucks 9 days after the tsunami, and began injecting water via the fuel pool cooling system 14 days after the tsunami (International Atomic Energy Agency, The Fukushima Daiichi Accident, Technical Volume 1). These actions occurred with no pre-planning or pre-staging of resources, without the benefit of a hardened pool makeup connection, and despite widespread destruction limiting access to offsite resources. At 15.5 days following an ELAP event, boiloff from the NuScale ultimate heat sink is about 46 gallons per minute, a quantity that can easily be replaced with a gravity-fed water line.

4.1 Reactor Building The Reactor Building (RXB) is a safety-related Seismic Category I building that houses, supports, and protects the NuScale Power Modules (NPMs) and the UHS, in addition to other safety-related components and systems. The RXB is designed to withstand design basis natural phenomena including earthquakes, floods, high winds (including associated missiles), and extreme temperatures. Section 3.8 of the FSAR describes the RXB.

4.2 Control Building The Control Building (CRB) contains safety-related, Seismic Category I areas up to and below elevation 120.0 ft. The portions of the CRB above elevation 120.0 ft are nonsafety-related and Seismic Category II. The safety-related portions include the main control room (MCR) located on elevation 76-6 of the CRB. All elevations of the CRB are designed for design basis natural phenomena loads based on the designation of the NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 building area (i.e., Seismic Category I or Seismic Category II). Section 3.8 of the FSAR describes the CRB.

4.3 Alternating Current Distribution Systems Chapter 8.3 of the FSAR describes the NuScale Power Plant onsite electric power systems, which are summarized below.

4.3.1 System Design During normal operation, onsite AC electrical power distribution is provided by three systems; the 13.8 kV and switchyard system (EHVS), the medium voltage AC electrical distribution system (EMVS), and the low voltage AC electrical distribution system (ELVS). The EHVS buses normally receive electric power from the steam turbine generators and can be powered by the auxiliary AC power source (AAPS) or the offsite power network during abnormal conditions. Power is then distributed to the EMVS buses for 4160 VAC loads and to supply the 480 VAC buses in the ELVS.

4.3.2 System Response to an Extended Loss of Alternating Current Power The EHVS, EMVS, and ELVS systems are assumed to be unavailable without the prospect for recovery per initial event assumption number 1 of Section 3.1.5.

4.4 Backup Power Supply System 4.4.1 System Design The backup power supply system (BPSS), described in FSAR Chapter 8.3, consists of two backup diesel generators (BDGs), a site-specific AAPS, and the support equipment required to operate and distribute the power from these components.

The primary function of the BDGs is to provide 480 VAC power to certain loads, including the highly reliable DC power system (EDSS) battery chargers, in the post-72 hour period following an SBO. However, the BDGs are designed to automatically start approximately 30 seconds after sensing a loss of power to all EHVS buses, and to be available for loading approximately two minutes later. The output breakers for the BDGs do not automatically close, but can be closed remotely by the control room operators or locally by field operators.

The AAPS type is site-specific, but regardless of type it is used to supply 13.8 kV power to the site when no other sources of AC power are available. Like the BDGs, the AAPS receives an automatic start signal approximately 30 seconds after sensing a loss of power to all EHVS buses, but does not automatically restore power. The AAPS and its output breaker can be controlled locally or remotely to energize the EHVS buses.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.4.2 Equipment Qualification Although the functions performed by the BDGs are nonsafety-related and not risk significant, the BDGs are designed to meet Seismic Category II requirements. The AAPS is not safety-related or risk significant, and therefore, Seismic Category III.

4.4.3 System Response to an Extended Loss of Alternating Current Power Because they are not seismically robust, the BDGs and the AAPS are considered unavailable during the ELAP per baseline coping capability assumption number 2 of Section 3.1.2.

4.5 Normal Direct Current Power System 4.5.1 System Design The normal DC power system (EDNS), described in FSAR Chapter 8.3, uses batteries, battery chargers, and inverters to supply power to nonsafety-related plant DC and AC loads. These loads include4:

the module control system

the plant control system (PCS)

electrical distribution control power

control rod latching power The EDNS consists of 14 subsystems with the configuration and equipment requirements for each determined by the loads that it supplies. Although multiple subsystems only provide power for DC loads, the RXB and CRB subsystems supply both DC and AC loads. As a result, they include inverters in addition to batteries and battery chargers.

Normally, EDNS battery chargers receive power from the ELVS to meet the load demands and maintain the systems batteries charged. If ELVS power is interrupted or lost, the EDNS battery chargers cease to provide power and the batteries automatically provide the required power to the system loads without interruption. The EDNS batteries are sized to supply the continuous full load for a runtime period of no less than 40 minutes.

4 This list does not represent a complete list of EDNS loads.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.5.2 Equipment Qualification The EDNS equipment is designed such that its failure due to seismic events does not degrade the operation of any safety-related system, but is not designed for continued operation following an SSE.

4.5.3 System Response to an Extended Loss of Alternating Current Power Because the EDNS equipment is not seismically robust, the system is assumed to be unavailable for the implementation of the mitigation strategy. However, if the EDNS batteries in the RXB and CRB subsystems were to continue to provide power, they would contribute to conditions required to be addressed by the plant design. Specifically, continued operation of the RXB EDNS subsystem allows the control rods to remain withdrawn until a valid reactor trip signal is generated as described in Section 4.7.1, and operation of both subsystems results in heat addition to their surroundings. Therefore, for analysis purposes it is conservative to assume EDNS remains functional for the duration of the EDNS batteries capacities during an ELAP, while not crediting any of the systems functionality for coping.

4.6 Highly Reliable Direct Current Power System Chapter 8.3 of the FSAR describes the highly reliable direct current power system, which is summarized below.

4.6.1 System Design The EDSS is the source of 125 volts of DC power to plant loads such as5:

the module protection system (MPS)

the plant protection system (PPS)

the neutron monitoring system

the safety display and indication system (SDIS)

MCR emergency lighting The EDSS design consists of two separate and independent portions. One portion, referred to as the EDSS-C, serves plant common loads (i.e., loads with functions not specific to any single NPM). This includes loads such as the PPS and control room heating, ventilation, and air conditioning (HVAC) air duct radiation monitors The other portion, referred to as the EDSS-MS, consists of 12 separate and independent DC electrical power supply systems, one for each of the 12 NPMs. For a given NPM, an 5 This list does not represent a complete list of EDSS loads.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 EDSS-MS provides electrical power for the MPS and other safety-related loads associated with that NPM, including the neutron monitoring system and post-accident monitoring (PAM) equipment for display and indication of NPM-specific safety parameters.

The EDSS-C portion of the system contains two separate divisions. Both divisions of EDSS-C contain two batteries, each designed to supply the required loads for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . Thus, if one battery is not functional or is taken out of service for maintenance, the other redundant battery is capable of supplying the required power for at least 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

Each of the 12 EDSS-MS portions of the system also contains two separate divisions.

Each of these divisions are further divided into two channels per division, with Division I composed of Channels A and C and Division II composed of Channels B and D.

Channels A and D, one channel from each division, both contain two batteries, each designed to supply required loads for a minimum of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . Channels B and C, again one channel from each division, both contain two batteries, each designed to supply required loads for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This results in redundancy similar to that found in the EDSS-C portion of the system, except that the EDSS-MS possesses this redundancy at the channel level rather than the division level. The EDSS-MS for each NPM contains four 24-hour minimum capacity batteries and four 72-hour minimum capacity batteries.

The EDSS design provides the same redundancy in battery chargers as that for the EDSS batteries. Specifically, each EDSS-C division and all four of the EDSS-MS channels have redundant battery chargers. Each battery charger is capable of supplying electrical power to its associated loads while simultaneously recharging its associated batteries from their design minimum charge state to 95 percent of full charge within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

During normal operation, the EDSS battery chargers, which are powered from the ELVS, supply all EDSS system loads and maintain the batteries charged. Upon a loss of AC power, the EDSS batteries supply power to the system loads automatically and without interruption. The availability of AC power to the EDSS-MS and EDSS-C battery chargers is monitored by the MPS and the PPS, respectively. When a loss of AC power to the battery chargers is sensed, the EDSS batteries are placed into loss of AC power operation, which consists of two operating modes: emergency core cooling system (ECCS) hold mode or PAM-only mode.

The ECCS hold mode is an EDSS-MS mode of operation in which power continues to be supplied to hold the ECCS valves in the closed position until a valid ECCS actuation signal is received or for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from the initiation of ECCS hold mode operation. The MPS contains 24-hour timers used to terminate ECCS hold mode if an actuation has not occurred. This mode of operation includes providing power to the instrumentation and control equipment required to maintain the ECCS valves closed and is exclusive to the four EDSS-MS channels.

The PAM-only mode is an EDSS mode of operation in which power is supplied only to instrumentation and controls equipment used to track PAM variables. This mode of NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 operation is exclusive to both divisions of EDSS-C and one channel from each division of EDSS-MS, Channels B and C. The batteries that support PAM-only mode operation are sized to ensure PAM is available for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , but continue to provide power beyond 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months if their capacity is not exhausted.

4.6.2 Equipment Qualification The EDSS-MS and EDSS-C structures, systems, and components are qualified to Seismic Category I standards and are located within Seismic Category I areas of the RXB and CRB.

With the exception of cabling exiting the rooms, all major EDSS-MS components are housed in battery rooms and switchgear rooms located on the 75-ft elevation and 86-ft elevation of the RXB, respectively. Similarly, all major EDSS-C components are housed in battery rooms and switchgear rooms located on the 50-ft elevation of the CRB.

Conditions within these rooms are limited to mild environments.

4.6.3 System Response to an Extended Loss of Alternating Current Power Per initial event assumptions number 2, number 5, and number 6 of Section 3.1.5, the EDSS batteries and the associated distribution system are assumed to survive the beyond-design-basis external event (BDBEE) and remain fully available during the ELAP.

The loss of the ELVS at the initiation of the event results in the transfer of the EDSS loads to the batteries. The MPS detects the loss of AC power to the EDSS battery chargers and places all four channels of EDSS-MS into ECCS hold mode operation. At the same time, the PPS places EDSS-C in the PAM-only mode of operation. After 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , ECCS hold mode operation is terminated and EDSS-MS Channels B and C join EDSS-C in PAM-only mode operation.

While PAM-only mode operation is ensured for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , the presence of 100 percent redundant batteries in all channels of EDSS-MS and both divisions of EDSS-C means that actual availability of power for PAM likely extends beyond 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months without operator action.

4.7 Module Protection System Chapter 7.0 of the FSAR describes the module protection system, which is summarized below.

4.7.1 System Design The MPS is the safety-related monitoring and logic protection system responsible for evaluating parameters associated with the NPMs and commanding execution of safety-NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 related functions when required. Each NPM has its own dedicated (i.e., not shared with other NPMs) MPS. The variables monitored for each module by MPS include6:

pressurizer level

reactor pressure vessel (RPV) water level

RCS pressure

containment water level

containment pressure

containment isolation valve (CIV) position

ECCS valve position

core inlet and exit temperature

neutron flux

reactor trip breaker (RTB) position The MPS provides information regarding these parameters to the control room operators through the SDIS and PCS.

As previously discussed, each NPM has four separate and independent EDSS-MS channels. Each of these channels provides electrical power to a corresponding separation group within MPS (e.g., EDSS-MS Channel A supplies power to MPS Separation Group A). The EDSS-MS also supplies power for the two divisions of the reactor trip system (RTS) and the two divisions of the engineered safety features actuation system (ESFAS).

The RTS and ESFAS are subsystems of each NPMs MPS, and command execution of safety-related functions such as:

reactor trip

containment isolation

decay heat removal system (DHRS) actuation

ECCS actuation Each NPMs safety-related reactor trip circuitry is part of its Class 1E MPS, which is powered from EDSS-MS. Included in each MPS are the safety-related circuit breakers through which electrical power is provided to the control rod drive mechanism (CRDM) coils. These circuit breakers are referred to as the RTBs.

During normal power operations, the RTS provides power to the RTBs to maintain the breakers closed. This allows the EDNS to supply power to the CRDM coils which, in turn, allows the control rods to remain partially or fully withdrawn from the reactor core.

When a reactor trip is generated, the RTS removes power from the RTBs causing the breakers to open and interrupt EDNS power to the CRDM coils. With power removed from the CRDM coils, the control rods unlatch and fully insert into the core by gravity.

6 This list does not represent a complete list of variables monitored by MPS.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 In addition to the requirements for a reactor trip for anticipated abnormal transients, the MPS provides instrumentation and controls to sense accident situations and initiate operation of necessary engineered safety features (ESFs). The ESFs include the ECCS, DHRS, and containment isolation7. Initiation of these ESFs is the function of the MPS subsystem referred to as the ESFAS.

During normal power operation, the safety-related CIV required to be open for plant operation are maintained in this position by energizing their valve actuator solenoids.

The power used to energize these solenoids is provided by EDSS-MS and is routed through the MPS. When a containment isolation signal is generated, the ESFAS de-energizes the valve actuator solenoids and allows the CIVs to close.

The DHRS is normally maintained in a standby configuration with operation prevented by closed DHRS actuation valves. These valves are maintained closed by energizing their valve actuator solenoids. Just as with the CIVs, the power used to energize these solenoids is provided by EDSS-MS and is routed through the MPS. When a DHRS actuation signal is generated, the ESFAS de-energizes the valve actuator solenoids and allows the DHRS actuation valves to open. The DHRS actuation signal also de-energizes the valve actuator solenoids for CIVs in the feedwater and main steam systems. The resultant valve positions, all occurring due to the removal of power from solenoids by the ESFAS, place the DHRS in operation.

Similar to the DHRS, the ECCS is normally maintained in standby with operation prevented by maintaining solenoids energized. This solenoid power is provided by EDSS-MS through the MPS and removal of this power from the solenoids upon an ECCS actuation signal allows the ECCS valves to open.

Execution of these safety-related functions through the removal of electric power by the MPS subsystems makes the MPS a fail-safe system. If the power needed for MPS to function is unavailable, the safety-related functions automatically occur. Because of this fail-safe manner of operation, the MPS does not require safety-related power and is powered by the nonsafety-related EDSS.

4.7.2 Equipment Qualification The MPS is a Seismic Category I system. The safety-related MPS equipment and cabling are housed in the RXB and CRB. The RXB and CRB arrangement and design enable systems and components required for safe plant operation and shutdown to withstand or to be protected from the effects of sabotage, environmental conditions, natural phenomena, postulated design basis accidents, and design basis threats. The RXB and the CRB (below the 120-ft elevation) are Seismic Category I, reinforced concrete structures.

7 This list does not represent a complete list of ESFs initiated by the ESFAS.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.7.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the MPS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

For this event, the EDSS and the MPS remain energized. Per initial event assumption number 1 of Section 3.1.5, the ELVS de-energizes at event initiation and remains de-energized for the duration. The MPS monitors the voltage of the ELVS buses that provide power to the Channel B and Channel C EDSS battery chargers as a method of detecting a loss of all AC power. With the loss of voltage on the ELVS buses and following a short time delay (i.e., less than one minute), the MPS initiates a reactor trip, DHRS actuation, and containment isolation; and starts 24-hour timers for the ECCS hold mode of operation for EDSS-MS8. The effects of the 24-hour timers are discussed in Sections 4.6.1 and 4.13.3.

4.8 Plant Protection System Chapter 7.0 of the FSAR describes the plant protection system, which is summarized below.

4.8.1 System Design The PPS monitors and controls systems that are common to all reactor modules and are not specific to an individual NPM. The variables monitored and equipment actuated by the PPS have an augmented level of quality. The variables monitored by the PPS include9:

the ELVS voltages for buses that supply EDSS-C battery chargers

reactor pool (RP) and refueling pool (RFP) level

SFP level The PPS provides information regarding these parameters to the control room operators through the SDIS, the PCS, or both.

The PPS consists of two divisions of equipment, each powered by the corresponding division of EDSS-C. During normal operation, the PPS provides loop power to various instruments and actuation solenoids in the control room HVAC system (CRVS) and control room habitability system (CRHS). The power provided to the CRVS actuation 8 Because the loss of AC power at event initiation results in a loss of feedwater to the steam generators, the MPS may generate a reactor trip and DHRS actuation prior to the loss of AC power signal time delay expires.

9 This list does not represent a complete list of variables monitored by PPS.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 solenoids allows the associated dampers to remain open for normal HVAC operation, while the power provided to the CRHS actuation solenoids maintains the associated isolation valves closed to maintain the CRHS in a standby lineup.

Plant parameters that would require isolation of the CRVS and actuation of the CRHS are monitored by the PPS, including the loss of ELVS power to the EDSS-C battery chargers. When conditions requiring actuation occur, the PPS removes power from the actuation solenoids to close the CRVS dampers and initiate the CRHS. This de-energize-to-actuate design makes the PPS and the equipment it controls fail safe.

4.8.2 Equipment Qualification The PPS is classified as Seismic Category I and is housed in the Seismic Category I portion of the CRB.

4.8.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the PPS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

For this event, EDSS-C and the PPS remain energized. Per initial event assumption number 1 of Section 3.1.5, the ELVS de-energizes at event initiation and remains de-energized for the duration. As described above, the PPS monitors the voltage of the ELVS buses that provide power to the EDSS-C battery chargers as a method of detecting a loss of all AC power. With the loss of voltage on the ELVS buses, the PPS isolates the control room envelope (CRE) and initiates the CRHS.

4.9 Safety Display and Indication System Chapter 7.0 of the FSAR describes the safety display and indication system, which is summarized below.

4.9.1 System Design The SDIS is a nonsafety-related system that provides the design function of accident monitoring. The primary purpose of the SDIS is to display accurate, complete, and timely information provided by the MPS and the PPS regarding:

parameter values

logic status

equipment status

actuation device status NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 The information displayed is provided to the SDIS from communications containing information from each separation group and each division of the ESFAS, RTS, and PPS.

This information contains the data necessary for the operators to ensure the NPMs are in a safe condition following an event.

Electrical power to the SDIS is provided from two separate and independent divisions of EDSS-C, the same electrical power source as for the PPS. In the MCR, the SDIS provides two divisions of monitors for each NPM and the PPS, with both divisions of MPS and PPS data displayed on each division of the monitors. The variables include10:

neutron flux

core inlet and exit temperature

wide range RCS pressure

RPV water level

containment water level

wide-range containment pressure

CIV positions

ECCS valve positions

DHRS valve positions

RTB status

SFP water level 4.9.2 Equipment Qualification The SDIS is qualified to Seismic Category I requirements and is housed in the concrete, Seismic Category I portions of the CRB.

4.9.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the SDIS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

For this event, EDSS-C and the SDIS remain energized for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The SDIS continues to display the data necessary for the control room operators to ensure the actuation of the systems required to maintain core cooling and containment. Also displayed are the parameters necessary for the control room operators to verify the success of the strategy for maintaining core cooling, containment, and spent fuel cooling.

10 This list does not represent a complete list of PAM variables displayed by the SDIS.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.10 Containment System Chapter 6.2 of the FSAR describes the containment system, which is summarized below.

4.10.1 System Design The containment system (CNTS) is part of the NPM and is the containment for the RCS.

The CNTS components include multiple support structures, the CNV, the CIVs, and CNTS instruments.

The CNV is a ASME Class I pressure vessel forming a barrier to prevent release of radioactivity and radiological contaminants. The RCS, the control rod drive system, select primary system piping and valves, and the ECCS main valves are contained in the CNV. During normal operation, the CNV is partially immersed in the RP portion of the UHS, which allows the CNTS design to provide the function of containment heat removal. The CNV is safety-related.

The CIVs can be subdivided into two categories: the primary system containment isolation valves (PSCIVs) and secondary system containment isolation valves (SSCIVs).

For lines that penetrate a CNV boundary and are either part of the reactor coolant pressure boundary or are connected directly to the containment atmosphere, two in-series safety-related PSCIVs are provided. The two PSCIVs for a given line are located in the same valve body, which is welded directly to the CNV penetration to minimize the distance the valves are from the CNV.

One SSCIV is provided per line11 for the main steam lines, main steam bypass lines, and feedwater lines that penetrate a CNV boundary but are neither part of the reactor coolant pressure boundary, nor connected directly to the containment atmosphere. The SSCIV and PSCIV actuators are similar in design and their manner of operation is covered by the description of the CIV operation.

Each CIV has a nitrogen-filled accumulator that applies a constant force to close the valve. For a CIV to be opened and remain open, its actuator solenoids must remain energized. With the solenoids energized, high-pressure hydraulic fluid overcomes the nitrogen gas pressure to open the valve. The power for these solenoids is provided by EDSS through the MPS.

When the ESFAS generates a containment isolation signal, power is removed from the CIV actuator solenoids. This aligns the high-pressure hydraulic fluid holding the CIVs open to a vent path and the stored energy in the compressed nitrogen gas forces the CIVs closed.

11 The feedwater lines also include a safety-related check valve that is provided for DHRS inventory preservation rather than containment isolation.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 During normal operations, the CIVs associated with the containment evacuation system, reactor component cooling water system (RCCWS), main steam system, feedwater system, and chemical and volume control system (CVCS) are maintained open. The containment evacuation system maintains the CNV environment at a partial vacuum of less than one psia.

After an NPM has been shut down for refueling, preparations are made for transferring the CNV from its operating bay in the RP to the RFP using the Reactor Building crane (RBC). When the RCS has been sufficiently cooled, the CNV is partially filled with borated water. This provides further cooling of the RCS by conductive heat transfer through the RPV to the water in the CNV and through the CNV to the UHS.

With the RCS cooled and partially depressurized, the ECCS valves are opened. This allows passive communication between containment and the RPV, both of which are filled with borated water to a level near the pressurizer baffle plate. When the RCS has been sufficiently cooled, all CIVs are closed. This establishes a passively safe condition and eliminates the need for any control connections to the CNV.

4.10.2 Equipment Qualification The CNTS, including the CIVs, is designed and constructed to Seismic Category I requirements and is located in the Seismic Category I RXB, which provides protection from non-seismic natural phenomena, such as tornados, storms, and floods.

4.10.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the CNTS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

As discussed in Section 4.7.1, the MPS detects the loss of AC power and generates a containment isolation signal. The ESFAS then removes power from all CIV actuator solenoids causing all open CIVs to close.

4.11 Ultimate Heat Sink System Chapter 9.2.5 of the FSAR describes the ultimate heat sink system, which is summarized below.

4.11.1 System Design The NuScale Power Plant safety-related UHS is composed of a large pool complex where the NPMs and spent fuel are housed. Specifically, the UHS comprises the combined volume of water in and the associated water-retaining structures and components of the RP, RFP, and SFP. Together, these pools contain more than 6 million NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 gallons12 of water for use as the UHS. The UHS system also includes the assured makeup line and the level instrumentation associated with the pools.

The NPMs are located in the RP during power operations and are moved to the RFP for refueling and maintenance operations. The operating NPMs are partially immersed in the RP, and the DHRS passive condensers are submerged in the RP.

The water volume in the RP and RFP portions of the UHS is connected with the water volume in the SFP by the space above the top of the SFP weir wall. Water level in the UHS is maintained at 94 ft during normal operations through an interface with the spent fuel pool cooling system (SFPCS) and temperature is maintained at an average of 100 degrees F by the combined operation of the reactor pool cooling system (RPCS) and the SFPCS.

The UHS system includes four level detectors, one each for the RP and RFP, and two for the SFP. The SFP level indicators are located at opposite ends of the SFP to ensure a single event does not cause damage to both instruments. Additionally, because all pool areas communicate while UHS water level is above the weir, each of the four instruments normally provides indication of all three pool levels. Power is provided to the detectors from EDSS-C through the PPS and pool level is displayed in the MCR on the SDIS displays. Each level instrument includes a dedicated backup battery power supply with a 14 day minimum capacity independent of the site distribution network and local readout capability located in an operator-accessible area away from the pool area.

The UHS system design includes an assured makeup line to the SFP. The line is furnished with standard fire protection connectors external to the RXB that facilitate hookup of emergency water sources. The assured makeup line is designed to allow water to be gravity fed to the SFP at a minimum rate of 100 gpm. Adding the water directly to the SFP ensures that the stored fuel remains covered, and when level is above the weir, serves to add inventory to the other pools of the UHS.

4.11.2 Equipment Qualification The UHS pool walls and pool liner are designed to Seismic Category I requirements and are completely contained within the Seismic Category I RXB.

The four pool level instruments are seismically mounted, environmentally qualified, and designed to meet the guidance of NEI 12-02, Industry Guidance for Compliance with NRC Order EA-12-051, To Modify Licenses with Regard to Reliable Spent Fuel Pool Instrumentation (Reference 8.1.3).

12 This volume represents total of the pool volumes minus the volume displaced by the 12 NPMs in the RP.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 The assured makeup line is designed to Seismic Category I requirements and is protected from external natural phenomena (e.g., external flooding, storms such as hurricanes, high winds, and tornadoes; extreme snow, ice, and cold; and extreme heat).

4.11.3 System Response to an Extended Loss of AC Power Initial event assumption number 4 in Section 3.1.5 states:

Normal access to the normal (for passive designs) heat sink is lost, but the water inventory in the UHS remains available and robust piping connecting the UHS to plant systems remains intact. The motive force for UHS flow, i.e.,

service water or circulating water pumps, is assumed to be lost with no prospect for recovery.

The industry ELAP scenario (Reference 8.1.2) considers that the LUHS condition is assumed to occur due to the BDBEE and ELAP. Because the NuScale Power Plant design does not require electrical power or pumps for the UHS to perform the functions required for decay heat removal from NPMs and spent fuel in the SFP, and the water inventory in the UHS remains available per the boundary conditions, a LUHS event is not plausible for the NuScale plant design.

The UHS is the only plant system heat sink credited for coping with an ELAP, and is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

The ELAP results in the transfer of heat from the DHRS and ECCS to the UHS as described in Sections 4.12 and 4.13, respectively. This effect, combined with the loss of normal heat removal from the UHS, results in heating the pool water. For this event, the UHS reaches boiling after 5.6 days, at which point UHS level begins to lower due to evaporation and boil off. The UHS level decreases as shown in Table 4-1.

Table 4-1 Ultimate heat sink heat up and boil off - 12 NuScale Power Modules initially operating Location Pool Level Cumulative Time Pool heat up to boiling 69.0 ft. 5.6 days Pool boil off to top of DHRS passive condenser 45.8 ft. 50 days Pool boil off to top of weir in SFP weir wall 20.0 ft. 135 days Pool boil off to top of spent fuel in SFP 10.0 ft. 154 days The analysis that determined the levels and cumulative time in Table 4-1 assumed that all of the water vapor from evaporation and boiloff exits the Reactor Building and does not re-condense into the UHS. Given the change in UHS volume during the ELAP, the average boil off rate can be approximated at various times throughout the event. As the decay heat rate of the previously operating NPMs lowers, so too does the UHS boil off NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 rate, which, as seen in Table 4-2, is less than the minimum gravity feed capacity (100 gpm) of the UHS assured makeup line.

Table 4-2 Approximate ultimate heat sink boil off rate during an extended loss of alternating current power UHS Change in Average Boil Time After Event Change in Time Volume UHS Volume Off Rate During Initiation (days) (minutes)

Remaining (ft3) (gallons) Period (gpm) 5.6 856,200 - - -

15.5 769,200 650,800 14,256 46 29 682,300 650,100 19,440 33 39 624,300 433,900 14,400 30 50 566,400 433,100 15,840 27 4.12 Decay Heat Removal System Chapter 5.4 of the FSAR describes the decay heat removal system, which is summarized below.

4.12.1 System Design Each NPM has a safety-related DHRS designed to passively remove decay heat in order to establish safe shutdown conditions within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months of a reactor trip without onsite or offsite power available. The DHRS consists of two independent and redundant trains, and each train has the capability to provide sufficient heat removal to satisfy the safety function.

Each train consists of one passive condenser submerged in the RP, two redundant actuation valves configured in parallel above the passive condenser, and piping that connects the condenser to one of the SGs. The actuation valves are located on top of the NPM between the steam line connection and the upper header of the passive condenser. The connection to the steam line is between the CNV and the MSIV to allow DHRS operation following containment isolation. Piping from the lower header of the passive condenser penetrates the CNV and interfaces with the feedwater line for the associated SG.

As discussed in Section 4.7.1, the DHRS is normally maintained in standby with all four DHRS actuation valves held closed by maintaining their associated actuation solenoids energized. This maintains the appropriate liquid water inventory in the DHRS condensers and steam piping while allowing the MSIVs and feedwater isolation valves (FWIVs) to remain open for power production.

When the DHRS is actuated, the ESFAS removes power from the solenoids for the DHRS actuation valves, the MSIVs, and the FWIVs. This causes the DHRS actuation valves to open, the MSIVs and FWIVs to close, and establishes two separate, two-phase NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 natural circulation loops. The RCS heat is transferred through the SG tubes causing the water to boil and the steam to rise up the steam piping. With the MSIVs closed and the DHRS actuation valves open, the steam then flows into the DHRS passive condenser tubes where it is condensed by the transfer of heat to the RP through the tubes. The resultant liquid gravity drains to the feedwater lines and returns to the SG. Thus, the natural circulation loops transfer heat from the RCS to the DHRS fluid and then from the DHRS fluid to the RP water.

4.12.2 Equipment Qualification All components of the safety-related DHRS are located within the Seismic Category I RXB, which provides protection from external events. The DHRS condensers, actuation valves, and piping are Seismic Category I components.

The DHRS design internal pressure and temperature are equal to the design pressure of the RPV. Externally, the DHRS piping and condenser are designed to withstand the temperature of saturated RP water and the actuation valves are designed to open under accident conditions.

4.12.3 System Response to an Extended Loss of AC Power Per baseline coping capability assumption number 1 of Section 3.1.2, the DHRS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

Depending on the operating condition of a given NPM when the loss of all AC power occurs, the DHRS actuates as a result of the conditions in the NPM reaching an initiation setpoint or as a result of the MPS detecting the loss of AC power as described in Section 4.7.3.

In all cases, the DHRS actuation valves de-energize and open, and the MSIVs and FWIVs de-energize and close to place the DHRS in service.

4.13 Emergency Core Cooling System Chapter 6.3 of the FSAR describes the emergency core cooling system, which is summarized below.

4.13.1 System Design Each NPM has a safety-related ECCS designed to provide adequate core cooling by maintaining the core covered with water during all design basis events in which the system is actuated. The NuScale Power Plant ECCS is unique in that it does not include or require a source of water for injection. The system functions by releasing coolant to the CNV to be cooled by the UHS and returning the coolant to the RPV to remove heat NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 from the core. This function is performed without the use of any electric power. Instead, ECCS relies on stored energy for changing valve positions and passive motive force (hydrostatic head) for returning coolant to the RPV.

The system includes five main valves and their associated hydraulic lines and actuator assemblies. The main valves directly interface with the RPV and are located inside the CNV. There are three upper valves and two lower valves, the reactor vent valves (RVVs) and the reactor recirculation valves, respectively. The actuator assemblies are welded directly to CNV nozzles in the vicinity of their associated main valve and are submerged in the RP.

Each main valve actuator assembly includes two pilot valves: the trip valve and the reset valve13. Actuator solenoids are used to reposition the pilot valves and subsequently reposition their associated main valves. The electric power used to energize these solenoids is provided by EDSS through the MPS.

Each ECCS main valve includes an inadvertent actuation block (IAB) feature designed to reduce the frequency of inadvertent operation (opening) of the main valve during power operations. The IAB is located in the path from the main valve control chamber to the trip and reset pilot valves. The IAB consists of a block valve with a spring-loaded disc that functions to block venting of the main valve control chamber when RPV pressure is above a predetermined pressure threshold. When differential pressure across the block valve lowers to below the pressure threshold, the spring retracts the block valve to open the control chamber vent path.

During normal power module operation, all five main valves are closed with their trip valve actuator solenoids energized and closed. When the ECCS is actuated, the ESFAS removes ECCS actuator solenoid power and the trip valves are opened by spring force.

With the RCS at normal operating pressure, the IAB prevents the ECCS main valves from opening. After RCS to CNV differential pressure has lowered due to other factors (e.g., DHRS operation or a loss-of-coolant accident), the IAB is released and all five ECCS main valves open.

With all five valves open, a two-phase circulation loop is established. Saturated steam leaves the RPV through the RVV flow paths in the pressurizer space and enters the CNV where it is condensed. Saturated and sub-cooled liquid enters the RPV through the reactor recirculation valve flow paths above the core. In addition to mass transfer, heat is removed by conduction through the RPV wall. This heat transfer is negligible during normal operation when containment is evacuated, but during ECCS operation, the lower portions of the RPV wall are submerged and wetted by coolant on both sides, enabling heat transfer. At the same time, heat is transferred from the coolant in the CNV to the UHS.

13 One of the three RVVs has an additional trip valve and actuator solenoid to allow either MPS division to trip and open the valve.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 During steady-state ECCS operation14, the water levels in the two vessels stabilize above the core. The RVVs have a net steam flow from the RPV to the CNV. The reactor recirculation valves have a net liquid flow from the CNV to the RPV. Thus, coolant is passively transferred between the CNV and the RPV, and heat is passively transferred from the reactor core to the UHS.

4.13.2 Equipment Qualification The ECCS valves, hydraulic lines, and actuators are part of the reactor coolant pressure boundary and all components are Seismic Category I. All components of the ECCS are located within the Seismic Category I RXB. The ECCS components, including instrumentation, are environmentally qualified for the moisture, chemistry, and radioactivity of expected environments, including those resulting from loss-of-coolant accidents.

4.13.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the ECCS is assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

As described in Section 4.7.3, the MPS detects the loss of AC power that occurs at event initiation, and, after a short time delay, starts the 24-hour ECCS timers. If plant conditions were to require an ECCS actuation within this 24-hour period, the ECCS valves would open as designed, but because this event does not include a loss-of-coolant accident, the ECCS valves remain closed during this period.

After 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , the 24-hour timers expire and de-energize the ESFAS, which de-energizes the ECCS trip valve solenoids. Because the DHRS has been in operation for the previous 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , RCS pressure is below the IAB pressure and the ECCS main valves open to establish system operation.

4.14 Reactor Building Heating, Ventilation, and Air Conditioning System Chapter 9.4 of the FSAR describes the Reactor Building heating, ventilation, and air conditioning system, which is summarized below.

14 While ECCS never achieves true steady-state operation, coolant levels in the CNV and RPV do achieve relative stability.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.14.1 System Design The Reactor Building HVAC system (RBVS) consists of the air handling units (AHUs),

filter units, flow dampers, cooling coils, heaters, ductwork, and fans necessary to maintain a suitable environment in the RXB spaces for equipment operation and worker habitability. These spaces include the following15:

RP area

SFP and RFP area

battery, battery charger, and input/output (I/O) rooms During normal operation, power for operation is supplied by the ELVS. If the ELVS is unavailable, backup power from the BDGs can be used to power the AHUs associated with the EDSS and MPS equipment rooms (battery, battery charger, and I/O rooms), with cooling provided by air-cooled direct expansion cooling coils.

In the event of an SBO, (i.e., no power is available for the exhaust systems) the isolation dampers located in the normal flow path of the SFP exhaust ductwork fail to their open (i.e., safe) position. The isolation dampers located in the ductwork of the secondary flow path containing the charcoal filters fail to their closed (i.e., safe) position. This allows a passive HEPA-filtered vent path for the atmosphere within the RXB, providing a monitored release path to the environment for the potentially contaminated air. The stack exhaust discharge is monitored for radiation.

4.14.2 Equipment Qualification The majority of the Reactor Building HVAC system components, including the AHUs, are designed to Seismic Category III. The SSC of the RBVS whose structural failure could affect the operability of safety-related SSC are designed as Seismic Category II.

4.14.3 System Response to an Extended Loss of Alternating Current Power The loss of the ELVS at initiation of the ELAP combined with the assumption that the BPSS is unavailable makes the RBVS unavailable for cooling, heating, and humidity control for the duration of the event.

4.15 Control Room Heating, Ventilation, and Air Conditioning System Chapter 9.4 of the FSAR describes the control room heating, ventilation, and air conditioning system, which is summarized below.

15 This list does not represent a complete list of spaces serviced by the RBVS.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 4.15.1 System Design The CRVS consists of the AHUs, filter units, flow dampers, cooling coils, heaters, duct work, and fans necessary to maintain a suitable environment in the entire CRB for equipment operation and worker habitability.

The CRVS is designed to maintain the areas served by the system at a positive pressure with respect to adjacent areas during normal plant conditions and during postulated accidents when power is available from offsite or the BPSS. The system is designed with the capability to remove radioactive contamination from the incoming outside air by charcoal filtration during a postulated accident. If radiation levels are above the design limit of the charcoal filters, or if power is not available, the CRVS provides isolation of the CRE from the surrounding areas and outside environment by isolation dampers. The dampers have spring return actuators that act to close the dampers and isolate the CRE when power is removed. The CRVS components used to isolate the CRE receive power from and are controlled by the PPS.

The CRVS components used to provide environment controls such as cooling and heating are powered by the ELVS. The CRVS components that are relied on during a postulated radiological event to filter outside air and pressurize the control room and technical support center areas are provided with backup power from the backup power supply system BDGs. These components include the outside air charcoal filtration unit, the outside air bubble tight isolation dampers, the main supply AHUs, and associated components.

4.15.2 Equipment Qualification CRVS SSC whose structural failure could affect the operability of safety-related SSC are designed as Seismic Category II. All other CRVS equipment, except the CRE isolation dampers, is classified as Seismic Category III.

The CRE isolation dampers are designed as Seismic Category I since they support establishing and maintaining the CRE. The fire and smoke dampers serving the control room are also designed as Seismic Category I since they provide protection of SSC necessary to attain or maintain safe shutdown from the adverse effects of fires.

4.15.3 System Response to an Extended Loss of Alternating Current Power The loss of the ELVS at initiation of the ELAP combined with the assumption that the BPSS is unavailable makes the CRVS unavailable for cooling, heating, and humidity control for the duration of the event.

Per baseline coping capability assumption number 1 of Section 3.1.2, the CRE isolation dampers in the CRVS are assumed to survive the BDBEE and remain fully available for isolation of the CRE.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 As described in Section 4.8.3, the PPS monitors for and detects the loss of AC power at event initiation. As a result, the PPS removes power from the CRE isolation dampers causing them to close and isolate the CRE.

4.16 Control Room Habitability System Chapter 6.4 of the FSAR describes the control room habitability system, which is summarized below.

4.16.1 System Design The CRHS provides breathing air to the MCR and maintains control room pressure during high radiation, release of toxic chemical, or loss of offsite power conditions. The major components used in the CRHS to perform these functions include a high pressure air compressor (HPAC), high pressure air storage bottles, solenoid-operated CRE supply line isolation valves, and solenoid-operated CRE pressure relief valves.

The CRHS air bottles and air bottle racks are non-safety related and not risk-significant, but are designed to Seismic Category I criteria in order to provide reliable, clean breathing air for control room personnel under design basis seismic events and accidents. The specified capacity of the CRHS air bottles is sized such that 25 percent of the bottles may be out of service and still provide a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of breathing air.

The CRHS air bottles and air bottle racks are located in three separate rooms on the 50 ft - 0 in. elevation of the CRB.

The CRHS piping is provided with a main CRE supply line that has two solenoid-operated valves in parallel. The two parallel valves provide a redundant air-supply path from the air bottles to the CRE. During normal operation, the solenoids are energized from EDSS-C through the PPS. With the solenoids energized, the CRE supply valves are held closed and the air bottles are maintained in a standby condition.

The CRE pressure relief valves are provided by the CRHS to allow appropriate air flow out of the CRE during CRHS operation. These valves are solenoid operated and are normally maintained closed by maintaining the solenoids energized. The power for the solenoids is provided by EDSS-C through the PPS. When the CRHS is actuated, the PPS removes power from both CRE supply line isolation valve solenoids and both CRE pressure relief valve solenoids. This places the CRHS in service and allows air to flow from the air bottles into the CRE.

4.16.2 Equipment Qualification The CRHS components are located below grade on the Seismic Category I portions of the 50 ft - 0 in. elevation and 63 ft - 3 in. elevation of the CRB.

The control room HVAC system SSC required to provide breathing air inventory to the CRE for at least 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are specified to be designed to Seismic Category I criteria.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 These SSC are the air storage bottles and the supply piping and components (including the regulating valves and actuation valves) to the CRE. The CRE pressure relief piping and components are also specified to be designed to Seismic Category I criteria.

The HPAC is not required to supply the stored air inventory to the CRE; therefore, the HPAC and piping from the HPAC to the isolation valve that separates it from the charging header is Seismic Category III.

4.16.3 System Response to an Extended Loss of Alternating Current Power Per baseline coping capability assumption number 1 of Section 3.1.2, the CRHS air storage bottles, supply piping, regulating valves, and actuation valves are assumed to survive the BDBEE and remain fully available during the period when the system functions necessary for mitigation strategy implementation are required.

As described in Section 4.8.3, the PPS monitors for and detects the loss of AC power at event initiation. As a result, the PPS removes power from both CRE supply line isolation valve solenoids and both CRE pressure relief valve solenoids. This places the CRHS in service and allows air to flow from the air bottles into the CRE. The CRHS continues to supply air to the CRE for a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

4.17 Reactor Building Crane System Chapter 9.1 of the FSAR describes the Reactor Building crane system, which is summarized below.

4.17.1 System Design The RBC system provides the structural support and mobility needed to lift and move loads in the RXB, including the NPMs, to support normal operations, maintenance, receipt of new equipment, and refueling activities. The RBC system includes the following:

RBC

auxiliary hoists

module lifting adapter (MLA)

wet hoist

below-the-hook lifting devices necessary to support and move loads

instrumentation and controls necessary to support and move loads NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 The RBC includes a bridge, trolley, and hoist. The RBC rails allow the bridge to travel over the RP, RFP, and SFP16 areas of the UHS, as well as the drydock area. The RBC is an 850 ton-capacity crane designed to remain in place, but not operate, during an SSE.

If seismic activity occurs, an electrical earthquake seismic switch shuts off all power to the RBC, the auxiliary hoists, the MLA, and the wet hoist. As a result, the trolley, bridge, and hoist stop and their associated brakes set to stop motion in all axes. The RBC is designed with redundant holding brakes. If one set of brakes fails to engage during an event in which the holding brakes are intended to be engaged, the other holding brake automatically holds the load. Both holding brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load.

The trolley includes seismic restraints to ensure it remains on the bridge and the bridge includes seismic restraints to ensure it remains on the runway. This combination of design features ensures an NPM in transition continues to be suspended by the RBC during and after a seismic event.

The RBC system is normally powered by the ELVS. A loss of power to the RBC has the same effect as a seismic event: all RBC motion is stopped and brakes are set on the trolley, bridge, and hoist. Dual brakes are set to ensure the load stays at its current position.

If power cannot be restored, manual RBC operations may be used to position the crane and place a suspended load in a safe location after a seismic event or loss of power. All manual operations of the RBC are accessible from the platforms or decks of the RBC.

Manual operations include:

hoist load may be manually lowered from the trolley machinery deck

bridge and trolley manual operation by a secondary emergency drive system located in line with the normal drive machinery 4.17.2 Equipment Qualification The RBC, including the auxiliary hoists, MLA, and wet hoist, is designed as a single-failure-proof crane in accordance with the requirements of NUREG-0554 (Reference 8.1.4) and ASME NOG-1 (Reference 8.1.5) for Type I cranes. The MLA is designed as a single-failure-proof lifting device in accordance with the requirements of ANSI N14.6 (Reference 8.1.6).

The RBC and MLA are Seismic Category I equipment. The RBC system is located within the Seismic Category I RXB.

16 The RBC system includes limit switches to restrict operations over certain portions of the RFP and SFP.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 The brakes used to maintain the RBC load suspended are designed to withstand the environmental conditions that exist in the RXB during an ELAP.

4.17.3 System Response to an Extended Loss of AC Power Per baseline coping capability assumption number 1 of Section 3.1.2, the RBC system is assumed to survive the BDBEE and remain capable of maintaining a design capacity load suspended for the duration of the ELAP.

When the loss of ELVS power occurs at event initiation, the RBC is de-energized. As a result, RBC motion is stopped and brakes are set on the trolley, bridge, and hoist.

4.18 Communications System Chapter 9.5 of the FSAR describes the communications system, which is summarized below.

The communications system will include at least one on-site and one off-site communications system capable of remaining functional during an ELAP to include the loss of local area communications infrastructure due to a BDBEE. Fixed and portable satellite communications will be provided to meet this requirement. Portable satellite communications devices, batteries, and battery chargers will be designated for this specific purpose by the COL applicant.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 5.0 Safety Functions during an Extended Loss of Alternating Current Power While the operating cycle for an NPM is comparable with existing designs, a NuScale Power Plant, because it includes 12 NPMs, spends a greater percentage of time with an NPM undergoing refueling. As such, in addition to analyzing the integrated plant response and key safety functions for an ELAP with all NPMs initially operating, NuScale also analyzed the effects of an ELAP on the key safety functions for an NPM transitioning to refueling and for an NPM being refueled.

5.1 Integrated Plant Response The following description of the overall plant response is based on the descriptions of the individual system responses provided in Section 4.0 and is intended to facilitate the discussions regarding the key safety functions in this section. The response for a single NPM is provided, but represents the response of all NPMs operating at 100 percent power when the BDBEE and ELAP occur.

Per the Section 3.1.5 initial event conditions and assumptions, the initiating event is an unspecified external event that results in the loss of offsite power and the loss of all site AC power not provided from station batteries by the inverters. For the NuScale Power Plant design, the initiating event results in the loss of all power, except for that power provided by the EDSS and the EDNS.

At event initiation, the MPS and the PPS detect the loss of AC power. The MPS starts the time delay timer for the loss of AC power actuations. The PPS isolates the CRE and actuates the CRHS to pressurize the CRE from the breathing air bottles. The loss of feedwater caused by the loss of power combined with the steam turbine generator trip causes a significant reduction in heat removal by the secondary system, and RCS temperature and pressure rise.

Approximately one minute into the ELAP, the reactor is tripped, all control rods fully insert, the DHRS is actuated, all CIVs are closed, and the ECCS hold mode 24-hour timers have started.

At this point in the event, the reactor is subcritical and remains subcritical during cooldown, the CNV is isolated, and the DHRS is passively providing decay heat removal. With these conditions established, the NPM passively establishes safe shutdown.

During the next 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , RCS pressure and temperature decrease as decay heat continues to be transferred to the UHS by DHRS operation. During this cooldown and depressurization of the RCS, the differential pressure between the RPV and the CNV decreases below the ECCS inadvertent actuation block setpoint. At T=24 hours, the ECCS hold mode timers expire and the ESFAS de-energizes. This results in all five ECCS main valves opening and establishes passive decay heat removal via the ECCS.

The opening of the ECCS valves causes a rise in CNV pressure and temperature, as designed. The condensing of the reactor coolant steam on the inner surface of the CNV NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 and the subsequent heat transfer to the UHS through the CNV limits the pressure transient and subsequently reduces CNV pressure.

At this point in the event, all functions required for coping with the ELAP have been completed or are passively occurring. These conditions are established without operator action and their maintenance requires neither AC power, nor DC power, nor operator action.

The UHS temperature rises at event initiation because of the loss of power to the pool cooling systems followed by the initiation of the DHRS for all NPMs. Without operator action, pool temperature continues to rise and after more than five days, the pool begins to boil. While boiling, the UHS continues to provide adequate cooling to the spent fuel in the SFP and removes sufficient heat from the NPMs to maintain containment and core cooling.

5.2 Core Cooling Adequate core cooling is provided by plant safety-related systems for more than 50 days following initiation of an ELAP. The systems begin to operate passively without operator action and require no electrical power for initial or continued operation.

Specifically, the DHRS provides passive decay heat removal for the first 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months and the ECCS provides cooling for the remainder of the ELAP. Both the DHRS and the ECCS are supported by the passive functionality of the UHS to perform their safety-related functions. Because sufficient UHS inventory is present, adequate core cooling is ensured for more than 50 days.

5.2.1 Reactor Coolant System Inventory The design of the NPM and its safety-related core cooling systems relies on coolant inventory control rather than coolant inventory makeup to ensure the core remains covered and adequate core cooling is provided in an ELAP. During normal operation, RCS inventory is sufficient for ECCS operation and plant cooldown. During an ELAP, this inventory is preserved by containment isolation that occurs within the first minute of the event.

Because the NuScale Power Plant design has unique aspects that differ from traditional pressurized water reactor (PWR) and boiling water reactor (BWR) designs, each of the five listed sources below was evaluated for applicability. The following list includes the expected leakage source followed by an explanation of why the listed source does not require an inventory addition strategy for the NuScale Power Plant design.

1. Normal system leakage During normal operation, the CVCS is the only system in direct communication with the RCS that includes a pathway for coolant outside of the CNV. As described in Sections 3.2.1 and 5.1, the CVCS is automatically isolated by the closure of NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 safety-related CIVs and eliminates this potential leakage pathway outside of containment within the first minute of the event.

Per technical specifications, an NPM may operate at full power with a certain allowable amount of primary-to-secondary leakage in each SG. As described in Sections 4.10 and 4.12 of this report, the MSIVs and FWIVs close within the first minute of the event to isolate this potential leakage path.

All other potential leakage paths that could be considered normal system leakage would result in leakage into the CNV. This is important because, as described in Section 4.13 of this report, the CNV is part of the normal ECCS flow path and function. Thus, any leakage from these sources would be preserved, as designed, for ECCS operation and would not result in any need for inventory addition.

2. Losses from letdown unless automatically isolated or until isolation is procedurally directed As described in Sections 3.2.1 and 5.1, the CVCS is automatically isolated by the closure of safety-related CIVs and eliminates this potential leakage pathway outside of containment within the first minute of the event.

3. Losses due to reactor coolant pump seal leakage (rate is dependent on the reactor coolant pump seal design)

The NuScale Power Plant design does not include RCPs or any similar component for which seal leakage would reduce inventory.

4. Losses due to BWR recirculation pump seal leakage The NuScale Power Plant design does not include recirculation pumps or any similar component for which seal leakage would reduce inventory.

5. BWR inventory loss due to operation of steam-driven systems, safety-relief valve (SRV) cycling, and RPV depressurization.

The NuScale Power Plant design does not include steam-driven systems that use RCS inventory.

The SRV cycling in a BWR is similar to reactor safety valve cycling for an NPM.

However, when a reactor safety valve cycles, the RCS inventory exiting through the valve is condensed and collected in the CNV. This design preserves the RCS inventory for ECCS operation and does not result in the need for inventory addition.

The NuScale Power Plant does not depressurize by reducing RCS inventory.

Actuation of ECCS valves reduces RCS pressure, but is not a reduction in RCS inventory.

In addition to the five potential sources of leakage described above, containment leakage was evaluated as a possible path for the loss of RCS inventory in an ELAP NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 scenario, because the RCS partially transfers to the CNV following ECCS actuation.

Using extremely conservative assumptions (e.g., worst case CNTS design leakage, the CNV remains pressurized to 1000 psia, and all lost inventory is deducted from lower riser level), the average change in liquid level is 0.41 inches per day. After the ECCS valves are opened and RPV level stabilizes, there is more than 9 ft of liquid water above the top of the core. With a leakage rate of 0.41 inches per day and 9 ft of inventory above the core, core coverage is ensured for more than 260 days without RCS inventory addition.

The above discussion demonstrates that the NuScale Power Plant design is capable of extended coping without RCS inventory addition. The functions necessary to ensure adequate RCS inventory occur without operator action and the conditions are passively maintained by safety-related systems. The NuScale design eliminates the need for an inventory addition mitigation strategy to extend coping capabilities.

5.2.2 Reactivity Control To establish and maintain safe shutdown conditions during an ELAP, the NPM is made subcritical and then maintained subcritical during the cooldown that follows.

Per boundary condition number 3 in Section 3.1.3, when the reactor trip occurs in the ELAP event, all control rods fully insert. This action achieves initial subcriticality; however, depending on the time in core life, for some currently licensed designs the control rods alone may not provide sufficient negative reactivity to compensate for the positive reactivity added as the RCS cools.

To account for the cooldown reactivity addition, the NuScale Power Plant design includes a unique core design limit: the hot full power critical boron concentration is such that at cold zero power with all rods inserted, keff is less than 1.0. This design feature allows the NPM to transition from operating conditions to shutdown and cooled down without the need for boron addition for an indefinite period.

To ensure the required boron concentration is maintained, the safety-related isolation of the demineralized water supply to the CVCS makeup pumps function is provided by the MPS. Although the demineralized water system pumps and the CVCS makeup pumps stop operating at the initiation of the ELAP due to the loss of ELVS, the MPS continues to monitor for plant conditions that would require actuation of this function. Additionally, all CVCS paths to and from the CNV are isolated within the first minute of the event when the containment isolation occurs.

During the ELAP event, all NPMs are made subcritical and remain subcritical without boron addition. This occurs without operator action and is maintained passively by the presence of the control rods and the boron in the RCS. This eliminates the need for a boron addition mitigation strategy to extend coping capabilities.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 5.2.3 Decay Heat Removal As detailed in Section 4.12, the safety-related DHRS actuates without operator action within the first minute of the ELAP and, although one train has the capacity to remove enough decay heat to establish safe shutdown conditions, both fully independent trains of the DHRS are placed into operation on each NPM. Safe shutdown conditions are established with both trains of the DHRS in service and passively transferring RCS heat to the UHS. The DHRS continues to passively reduce RCS temperature and perform the core cooling function until ECCS actuates at the 24-hour mark.

As described in Section 4.13, the ECCS valves have an inadvertent actuation block (IAB) feature that prevents the valves from opening when the differential pressure between the RPV and CNV is greater than 1100 +/- 100 psid. With the DHRS in operation, RPV pressure is reduced and approaches 200 psia approximately three hours into the ELAP. As a result, when the MPS timers expire after 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , the IAB is defeated and the ECCS actuates. The natural circulation flow path established by the actuation of the ECCS causes a majority of the reactor coolant to bypass the SGs. As a result, the decay heat removal provided by the DHRS is reduced and the ECCS assumes the core cooling function.

Both the DHRS and the ECCS require adequate UHS inventory to perform their core cooling safety function. As described in Section 4.11, the NPMs are partially immersed and the DHRS passive condensers are submerged in the UHS. With both systems transferring RCS heat from all 12 NPMs to the UHS and the addition of decay heat from the spent fuel in the SFP, the UHS temperature rises and begins to boil, but not before more than five days after the ELAP. It is at this point that UHS level begins to lower. No sooner than 49 days into the ELAP, the UHS level lowers to the top of the DHRS passive condensers. This period of submergence ensures the DHRS can provide adequate core cooling far beyond the first 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of the ELAP event.

Analysis of the pool boiloff demonstrates that safe shutdown conditions are maintained by ECCS operation with a UHS level of 45 feet17. Per Figure 5-1, this UHS level is reached after more than 50 days into the ELAP. Without any operator actions to add inventory to the UHS, adequate core cooling is provided for no less than 50 days following the initiation of an ELAP.

17 The lowest UHS level analyzed is 45 feet, which does not mean that the ECCS cannot provide adequate core cooling at lower levels, but instead that the analysis only demonstrates success to this UHS level.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Figure 5-1 Ultimate heat sink level during an extended loss of alternating current power - 12 NuScale Power Modules initially operating During the ELAP event, all NPMs are provided adequate core cooling to establish and maintain safe shutdown conditions for more than 50 days. Decay heat removal occurs without operator action and is maintained by the passive operation of the DHRS and the ECCS. The redundancy and diversity provided within the DHRS and the independent operation of the two systems eliminates the need for additional equipment to extend coping capabilities.

5.2.4 Core Cooling Parameters The key safety function of core cooling is established and maintained for greater than 50 days without operator action. However, the parameters listed in Table 5-1 are available to assure control room operators that the safety-related systems have performed as designed.

Per baseline coping capability assumption number 1 of Section 3.1.2, the instrumentation associated with each parameter is assumed to survive the BDBEE and remain fully available for a duration beyond the time necessary for the associated function to be established and monitored.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Table 5-1 Core cooling key parameters Function Parameters for Assuring the Function is Established RCS inventory control RPV water level Containment isolation valve positions Reactivity control Neutron flux Core inlet temperature Core exit temperature RTB status CVCS containment isolation valve positions DHRS decay heat removal Core exit temperature DHRS valve positions MSIV positions MSIV bypass isolation valve positions FWIV positions SFP level(1)

ECCS decay heat removal ECCS valve positions Containment water level RPV water level Core exit temperature SFP level(1)

(1) Spent fuel pool level provides indication of UHS level when UHS level is above the SFP weir.

5.3 Containment The containment function is provided and maintained by plant safety-related systems for more than 50 days following initiation of an ELAP. The systems begin to operate passively without operator action and require no electrical power for initial or continued operation.

As previously discussed, the CNV, in addition to providing the containment function typical of existing designs, also functions to support core decay heat removal. As part of this heat removal function, containment temperature and pressure are maintained within their design limits. During an ELAP, the large UHS volume passively ensures adequate containment cooling is provided for more than 50 days.

The CNV is isolated by closing the safety-related CIVs that occurs without operator action and requires no electrical power.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 5.3.1 Containment Temperature and Pressure Rather than relying on an active containment heat removal system (e.g., fan cooler system, spray system), containment heat removal is ensured passively as an inherent consequence of the physical configuration wherein each CNV is partially immersed in the reactor pool portion of the UHS.

During the ELAP, mass and energy are released into the CNV when the ECCS valves open. This release represents the highest pressure and temperature conditions for the CNV during the event. After the ECCS valves open, the reactor coolant water is accumulated in the CNV and is passively returned to the reactor vessel by natural circulation. Under these conditions, the CNV provides an interfacing medium for core decay and containment heat removal. Specifically, the steel walls of the CNV, together with the heat transfer medium surrounding the CNV (i.e., the UHS), serve as a passive means to remove heat from the high-energy fluid released into the CNV. This passive heat transfer ensures that CNV temperature and pressure do not approach values that could adversely affect the integrity of the CNV.

As described in Section 5.2.3, analysis of the long-term cooling capability of the ECCS demonstrates that safe shutdown conditions are maintained by ECCS operation with a UHS level of 45 feet. When realistic initial operating levels, temperatures, and decay heat are considered, the scope of the long-term cooling analyses bound the expected level decrease in the reactor pool UHS over 30 days, for up to 12 modules transferring decay and residual heat to the reactor pool. Because of the CNV role in the operation of ECCS, this same analysis demonstrates that containment integrity with respect to temperature and pressure is maintained for no less than 50 days without operator action.

Because the containment function is provided passively by the CIVs and the CNV, and temperature and pressure are passively controlled by heat removal through the UHS in a manner that ensures containment integrity, no additional equipment is required to extend coping capabilities for this function for more than 50 days.

5.3.2 Containment Parameters The key safety function of containment is established and maintained for greater than 50 days without operator action. However, the parameters listed in Table 5-2 are available to assure the control room operators that the safety-related systems have performed as designed.

Per baseline coping capability assumption number 1 of Section 3.1.2, the instrumentation associated with each parameter is assumed to survive the BDBEE and remain fully available for a duration beyond the time necessary for the associated mitigation function to be established and monitored.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Table 5-2 Containment key parameters Function Parameters for Assuring the Function is Established Containment isolation CIV positions Containment heat removal Wide range containment pressure SFP level(1)

(1) Spent fuel pool level provides indication of UHS level when UHS level is above the SFP weir.

5.4 Spent Fuel Cooling Spent fuel in the SFP is passively cooled by the UHS for more than 150 days following initiation of an ELAP. At no time are operator actions or electrical power required for passive cooling to occur.

5.4.1 Spent Fuel Pool Level As described in Section 4.11, the SFP is part of the UHS and normally communicates with the RFP and RP through the space above the SFP weir wall. As such, the pools respond as a single volume during an ELAP unless UHS level lowers below the weir wall.

With the loss of pool cooling systems at the initiation of the event, the transfer of heat from the NPMs due to the ELAP and the decay heat addition from spent fuel in the SFP, UHS temperature rises and the pool begins to boil after more than five days. At this point, UHS level begins to decrease, and without inventory addition, reaches the top of the SFP weir wall no sooner than 134 days into the event (see Table 4-1 and Figure 5-1).

With the SFP now divorced from the other pools in the UHS, level reduction continues based on spent fuel decay heat. Assuming no inventory is added to the SFP, level reaches the top of the spent fuel in the SFP after more than 150 days after the initiation of the ELAP. During this entire period, adequate cooling of the spent fuel in the SFP is ensured through submergence.

5.4.2 Spent Fuel Pool Cooling Parameters The key safety function of SFP cooling is established and maintained for greater than 150 days without operator action.

Per baseline coping capability assumption number 1 of Section 3.1.2, the SFP level instruments are assumed to survive the BDBEE and remain fully available for a duration beyond the time necessary for the associated strategy to be established and monitored.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 5.5 Transition Mode (MODE 4)

As described in Section 4.10.1, an NPM is transferred from its operating bay in the RP to the RFP to perform refueling activities. In preparation for the transfer, the CNV is flooded with borated water to the pressurizer baffle plate level, the NPM is cooled down below 200 degrees F, the ECCS valves are opened, and the CIVs are closed. In this condition, decay heat is passively transferred from the RCS to the UHS through the CNV, and safe shutdown conditions are maintained.

The NPM is then lifted above the RP floor using the RBC, and transported to the CNV flange tool in the RFP. At the CNV flange tool, the NPM is lifted above the RP floor to clear the top of the tool and allow the NPM to be positioned for placement in the tool.

5.5.1 Core Cooling Although the NPM conditions established in preparation for refueling, including placement in the CNV flange tool, ensure adequate core cooling is maintained, the most restrictive core cooling conditions for an NPM in transition occur when the NPM is lifted to the maximum lift height. This is because the maximum lift height represents the minimum CNV immersion in the UHS.

If an ELAP occurs during the brief period of time when an NPM in transition is lifted to the maximum height required for placement in the CNV flange tool, the UHS provides sufficient decay heat removal to maintain safe shutdown conditions during the approximately 50 days needed for pool heat up and boil off to reduce UHS level to 45 feet the lifted NPM is cooled through the CNV walls, and keeping the DHRS heat exchangers covered is not necessary. There is sufficient heat removal capacity through the portion of the containment that remains immersed to maintain core cooling for at least 50 days.

5.5.2 Reactor Building Crane Capacity During lifts of an NPM by the RBC, the pool water in the UHS provides buoyancy that reduces the weight required to be lifted. For an NPM lift to the maximum height required for placement in the CNV flange tool, the RBC does not exceed the rated lift capacity with UHS level at or above 66 ft - 0 in. However, a crane of the RBC design is permitted to conduct lifts that are up to 125 percent of the rated capacity for a planned engineering lift, which equates to 1062.5 tons for the RBC.

As seen on Figure 5-2, an NPM submergence of 100 inches corresponds to just below 1000 tons. With an NPM lifted to the maximum lift height, 100 inches of submergence occurs at a UHS pool level of 36.5 feet.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Figure 5-2 NuScale Power Module submergence and buoyancy effect During an ELAP, if inventory is not added to the UHS, pool level would not lower to 36.5 feet before 70 days. Therefore, during an ELAP event with an NPM lifted to the maximum height for placement in the CNV flange tool, the reduction in buoyancy that occurs due to lowering UHS level does not result in the load on the RBC exceeding 125 percent of the rated capacity within 70 days. Additionally, the cumulative time any of the NPMs spend lifted to the maximum lift height represents a small fraction (less than 5 hours5.787037e-5 days 0.00139 hours 8.267196e-6 weeks 1.9025e-6 months ) of the operating cycle.

5.6 Refueling Mode (MODE 5)

During refueling operations, the NPM is disassembled, and the bottom head of the RPV, that includes the reactor core, is located in the RPV flange tool. Refueling is then conducted by transferring fuel between the reactor core and the SFP fuel storage racks through the weir in the SFP weir wall. Because the top of the RPV flange tool and the top of the spent fuel storage racks are below the height of the SFP weir wall, the highest lift point during fuel movement occurs as the fuel passes through the weir.

During an ELAP with one NPM refueling, less heat is added to the UHS than if all 12 NPMs were initially operating. Therefore, a comparatively longer period of time is required for the UHS to begin to boil and pool level is reduced at a lower rate. With the fuel submerged, adequate cooling is ensured. Per Table 5-3, UHS pool level would not lower to the top of fuel traveling through the weir in the SFP weir wall before 107 days and level would not reach the fuel in the refueling NPMs reactor core before 171 days.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Table 5-3 Ultimate heat sink heat up and boil off - 11 NuScale Power Modules initially operating, 1 NuScale Power Module refueling Location Pool Level Cumulative Time Pool heat up to boiling 69.00 ft. 6.13 days Pool boil off to 10 ft. above spent fuel traveling above weir in SFP weir wall 39.00 ft. 73.70 days Pool boil off to top of spent fuel traveling above weir in SFP weir wall 29.00 ft. 107.97 days Pool boil off to top of weir in SFP weir wall 20.00 ft. 144.34 days Pool boil off to top of spent fuel in RFP 14.60 ft. 171.50 days 5.7 Baseline Coping Capability Based on the analysis of the key safety functions coping capability provided by installed plant equipment, a baseline coping capability has been established. The baseline capability is summarized in Table 5-4.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 Table 5-4 Baseline coping capability summary Safety Function Method Baseline Capability Decay heat removal

DHRS with UHS Use of safety-related (installed NPMs) plant equipment for initial

ECCS with UHS coping (beyond 50 days)

Decay heat removal

Conduction to the UHS Use of safety-related (transition NPM) plant equipment for initial coping (beyond 50 days)

Core cooling Decay heat removal

Direct cooling by UHS Use of safety-related (refueling NPM) submergence plant equipment for initial coping (beyond 50 days)

RCS inventory

Containment isolation Use of safety-related plant equipment for initial coping (beyond 50 days)

Reactivity control

Containment isolation Use of safety-related plant equipment for initial coping (beyond 50 days)

Containment heat Conduction to the UHS Use of safety-related removal plant equipment for initial Containment coping (beyond 50 days)

Containment

Containment isolation Use of safety-related plant equipment for initial coping (beyond 50 days)

Spent fuel cooling

Direct cooling by SFP Use of safety-related plant equipment for initial SFP cooling submergence coping (beyond 150 days)

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 6.0 Coping Strategies Equipment The rulemaking for 10 CFR 50.155 (Reference 8.1.1) includes requirements for maintenance of equipment that supports mitigation strategies. Installed equipment is safety-related, and maintenance, testing, and out-of-service times are conducted in accordance with plant processes and programs. No onsite mitigation equipment is required for the NuScale Power Plant.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 7.0 Conclusion The coping duration in an ELAP with concurrent LUHS ensured by installed SSC with no operator actions exceeds 14 days.

The installed equipment relied on to ensure core cooling, containment, and SFP cooling has sufficient capacity and capability to perform those functions for at least 50 days, exceeding the 14 days that NuScale believes is adequate time to establish an alternative means of heat removal. Monitoring is not relied on for the mitigation strategies and guidelines, but installed instrumentation provides at least 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of module and at least 14 days of UHS monitoring as a supplementary capability. No offsite resources are required for a NuScale Power Plant to respond to an ELAP.

A COL applicant that references the NuScale Power Plant design certification and that, after consideration of sitespecific external hazards, continues to demonstrate that it maintains coping capability of greater than 14 days, requires no offsite resources to respond to an ELAP.

NuScale Nonproprietary

Mitigation Strategies for Extended Loss of AC Power Event NuScale Nonproprietary TR-0816-50797 Rev. 2 8.0 References 8.1.1 U.S. Nuclear Regulatory Commission, "Mitigation of Beyond-Design-Basis Events; Final Rule," RIN 3150-AJ49, Agencywide Document Access and Management System (ADAMS) Accession No. ML19023A040.

8.1.2 U.S. Nuclear Regulatory Commission, Single-Failure-Proof Cranes for Nuclear Power Plants, NUREG-0554, May 1979.

8.1.3 Nuclear Energy Institute, Industry Guidance for Compliance with NRC Order EA-12-051, To Modify Licenses with Regard to Reliable Spent Fuel Pool Instrumentation, NEI 12-02, Revision 1, August 2012, Agencywide Document Access and Management System (ADAMS) Accession No. ML1224A307.

8.1.4 Nuclear Energy Institute, Diverse and Flexible Coping Strategies (FLEX)

Implementation Guide, NEI 12-06, Revision 2, December 2015.

8.1.5 American Society of Mechanical Engineers, Rules for Construction of Overhead and Gantry Cranes (Top Running Bridge, Multiple Girder), ASME NOG-1-2010, New York, NY.

8.1.6 American National Standards Institute, American National Standards (for Radioactive Materials), Special Lifting Devices for Shipping Containers Weighing 10,000 Pounds (4500kg) or More, ANSI N14.6-1993, New York, NY.

NuScale Nonproprietary

ML19212A084

Contents

Text

SUBJECT:

REFERENCES:

Enclosure:

Enclosure:

Navigation menu

ML19212A084

Text

SUBJECT:

REFERENCES:

Enclosure:

Enclosure:

Navigation menu

Search