ML20247F558
| ML20247F558 | |
| Person / Time | |
|---|---|
| Issue date: | 07/30/1985 |
| From: | Chilk S NRC OFFICE OF THE SECRETARY (SECY) |
| To: | |
| References | |
| FRN-50FR32138, FRN-53FR32060, RULE-PR-52 NUDOCS 8907270181 | |
| Download: ML20247F558 (59) | |
Text
j
$ 7590-01 -
DOCKET NUMBER g 39 l PROPOSED RULE
' "' l (G2 fR 3ON0)ai-FEDERAL. REGISTER NOTICE FOR COMMISSION P M C N T hEk b ISSU NEW STANDARD REACTOR DESIGNS AND S.EVERE ACCIDENTS Op c -. t. .
- r. e -
NUCLEAR REGULATORY CD4ff6pq{j "#
Policy Statement on Severe Reactor Accidents Regarding Future Designs and Existing Plants {
AGENCY: Nuclear Regulatory C'ommission.
ACTION: Policy Statement.
SUNiARY: This statement describes the policy the Commission intends to u:;e to resolve safety issues related to reactor accidents more severe than design ,.
basis accidents. Its main focus is on tl5e criteria and procedures the Commis-sion intends to use to certify new standard designs for nuclear power plants.
This policy statement is a revision of the " Proposed Cosmission Policy Statement on Severe Accidents and Related Views on Nuclear Reactor Regulation" that was published for comment on April 13, 1933 (48 FR 16014). It also serves as notice of withdrawal of the advanced notice of proposed rulemaking, " Severe Accident Design Criteria," published on October 2, 1980 (45 FR 65474).
i FOR FURTHER INFORMATION CONTACT:
1 Miller B. Spangler, Special Assistant for Policy Development, Division of Systems Integration, Office of Nuclear Reactor Regulation, U.S. Nuclear Regelstery Commission, Washington D.C. 20555, Telephone: (301) 492-7305.
gf2g;OJ 050730 S2 53FR32060 pyg DJ}l) 1
_ _ _ _ _ - _ _ . _ _ _ . . i
( ,
}
SUPPLEMENTARY INFORMATION:
This policy statement sets forth the Commission's intentions for rulemakings and other regulatory actions for resolving safety issues related to reactor accidents more severe than design basis accidents. The main focus of this statement is on l decision procedures involving staff approval or, optionally, Commission certifi-cation of new standard designs for nuclear power plants. It also provides guid- l ance on decision and analytical procedures for the resolution of severe accident
, issues for other classes of future plants and for existing plants (operating reactors and plants under construction for which an operating license has been applied). Severe nuclear accidents are those in which substantial damage is ,.
done to the reactor core whether or not there are serious offsite consequences.
On October 2, 1980, the Commission issued an advance notice of proposed rule-making, " Severe Accident Design Criteria," that invited public comment on long-term proposals for treating severe accident issues (45 FR 65474). By this action the Commission hereby serves notice of the withdrawal of that advance notice of proposed rulemaking.
This policy statement is a revision of the " Proposed Commission Policy Statement on Severe Accidents and Related V'2ws on Nuclear Reactor Regulation" published )
for public comment on April 13, 1983 (48 FR 16014). Twenty-six letters of comment on the proposed policy statement were received. The nuclear industry generally supported the proposed policy statement and suggested'several modifi-cations. Much of the criticism of the proposed policy statement by environmental groups and other interested persons focused on a perception of over-reliance on probabilistic risk assessment, especially when coupled with the Commission's
" Safety Goal Development Program" (48 FR 10772, March 14, 1983). The Policy 2
3: L )
. .. i , , 4 -
Statement.was revised as a result of these suggestions and criticisms as'well as comments by the Advisory Committee on Reactor Safeguards.
l Many changes have already been implemented.in existing plants as a result of-the TMI Action Plan (NUREG-0660 and NUREG-0737),1 information resulting from NRC- and industry-sponsored research, and data arising from construction and operating experience. On the basis of currently available information, the Commission concludes that existing plants pose no undue risk to public health and safety and sees no present basis for immediate action on generic rule-making or other regulatory changes for these plants because of severe accident risk. The Commission has ongoing nuclear safety programs that include:
the .
resolution of new and several other Unresolved Safety Issues and Generic Safety Issues; the Severe Accident Source Term Program; the Severe Accident Research Program; operating experience and data evaluation regarding failure of certain Engineered Safety Features and safety-related equipment, human errors, and other sources of abnormal events; and scrutiny by the Office of Inspection and Enforcement to monitor the quality of plant construction, operation, and main-tenance. Should significant new safety information become available, from whatever source, to question the conclusion of "no undue risk," then the tech-nical issues thus identified would be resolved by the NRC under its backfit policy and other existing procedures, including the possibility of generic rulemaking where this is justifiable.
One important source of new information is the experience of NRC and the nuclear industry with plant-specific probabilistic risk assessments. Each of these 1 Documents referenced in this Policy Statement are available for inspection at the NRC's Public Document Room, 1717 H Street, NW, Washington, D.C.
3
^
N ____ ___ - _- -
, ,- . (l
)
analyses, which provide a detailed assessment of possible accident scenarios,
-- has exposed relatively unique vulnerabilities to severe accidents. Generally, the undesirable risk from these unique features has been reduced to an accept-able level by low-cost changes in procedures or minor design modifications.
Accordingly, when NRC and industry interactions on severe accident issues have progressed sufficiently to define the methods of analysis, the Commission plans to formulate an integrated systematic approach to an. examination of each nuclear power _ planc now operating or tender construction for possibly significant risk contributors that might be plant specific and might be missed absent a systematic search. Following the development of such an approach, an analysis will be made of any pla.it that has not yet undertone in appropriate examination and .-
cost-effective changes will be made, if needed, to ensure that there is no undue risk to public health and safety. In implementing such a systematic approach, plants under construction that have not yet received an Operating License will be treated essentially the same as the manner by which op0 rating reactors are dealt with. That is to say, a plant-specific review of severe accident vulnerabilities using this approach is not considered to be necessary to determine adequate safety or compliance with NRC safety regulations under the Atomic Energy Act, or to be a necessary or routine part of an Operating License review for this class of plants.
-Regarding the decision process for certifying a new standard plant design -- an approach the Commission strongly tocourages for future plants -- the Policy Statement affirms the Commission's belief that a new design for a nuclear power plant can be shown to be acceptable for severe accident concerns if it meets the following criteria and procedural requirements: ,
4
, s.
() )
o Demonstration of compliance with the procedural requirements and criteria of the current Commission regulations, including the Three Mile Island requirements for new plants as reflected in the CP Rule
[10 CFR 50.34(f); 47 FR 2286];
e Demonstration of technical resolution of all applicable Unresolved Safety Issues and the medium- and high priority Generic Safety Issues, including a special focus on assuring the reliability of decay heat removal systems and the reliability of both'AC and DC electrical supply systems; i
e Completion of a Probabilistic Risk Assessment (PRA) and consideration of the severe accident vulnerabilities the PRA exposes along with the insights that it may add to the assurance of no undue risk to public health and safety; and i
i e Completion of a staff review of the design with a conclusion of safety acceptability using an approach that stresses deterministic engineering analysis and judgment complemented by PRA.
Custom designs that are variations of the present 1,eneration of LWRs will be reviewed in future construction permit applications under the guidelines j identified for approval or certification of standard plant designs. -
Because this policy statement is just one part of a larger program, including the Severe A:cident Research Program, for resolving severe accident issues, the NRC staff is publishing concurrer.tly with this Policy Statement a report on )
5 l
.o ,
"NRC Policy on Future Reactor Desigr,s: Decisions on Severe Accident Issues in Nuclear Power Plant Regulation" (NUREG-2070). In this report the Policy State-ment is reprinted along with other information and appendices that provide per-spective on the development and implementation of this policy and how it relates to other features of the Severe Accident Program. A copy of NUREG-1070 will be avcilable for inspection at the Commission's Public Document Room,1717 H Street NW., Washington, D.C. Copies of NUREG-1070 may be purchased by calling (202)
~
275-2060 or (202) 275-2171 or by writing to the Superintendent of Documents, U.S. Government Printing Office, P.O. Box 37082, Washington., D.C. 20013-7082 or the National Technical Information Service, Department of Commerce, 5285 Port Royal Road, Springfield, VA 22161. '
POLICY STATEMENT:
A. Introduction The focus on severe accident issues in this Policy Statement is prompted by the staff's judgment that accidents of this class, which are beyond the substantial coverege of design basis events, constitute the major risk to tne public asso-ciated with radioactive releases from nuclear power plant accidents. A funda-mental objective of the Commission's severe accident policy is that the Commis-sion intends to take all reasonable steps to reduce the ci.ances of occurrence of a severe ace.ident involving substantial damage to the reactor core and to 3 l
mitigate the consequences of such an accident should one occur. j On April 13, 1983, the U.S. Nuclear Regulatory Commission issued for puolic comment a " Proposed Commission Policy Statement on Severe Accidents and Rclated Views on Nuclear Reactor Regulation" (48 FR 16014). The public comments have !
6 l
_ _ _ _ _ _ _ -___ - J
( ; )
- ' 3 been reviewed, and, on the basis of further study and consultation, the Commis-sion is issuing the present Policy Statement as a guide to regulatory decision making on the treatment of severe accident issues for existing and future nuclear reactors 2 with special focus on procedures for staff approval or, optionally, Commission certification of new standard plant designs.8 In line with its legislative mandate to ensure that nuclear power plants should l
I pose no undue risk to public health and safety, the ' Commission has examined an extensive range of technical issues relating to severe accident risk that have
,i been identified since the accident at Three Mile Island. Following impicmenta-tion of numerous modifications of plant design'and regulatory procedures as -
developed through the THI Action Plan (NUREG-0660 and NUREG-0737) and other 2The term " nuclear reactor" is commonly used as a synonym for a nuclear power plant which, in addition to the Nuclear Steam Suoply System, includes facilities and equipment denoted as Balance-of-Plant.
8For forward referenceability of a new standard design, the applicant is being afforded in this Policy Statement the flexibility of choosing between c Preliminary Design Approval (PDA), a Final Design Approval (FDA), or a Cesign Certification (DC). The design approvals (i.e., a PDA or FDA) would be issued following the completion of the staff's review and would be subject to challenge in individual licensing hearings. The Design Certification would be issued by the Commi.ssion following a rulemaking proceeding and could not be challenged in individual heari.ngs.
7 i
y
.ti .
()
['- .
1 V j* . ,
Commission deliberations, the Comission concludes (based on current informa-
]
tion and analyses) that existing plants do not pose an undue level of risk to the public. On this basis, the Commission feels there is no need for immediate 1
action'on generic rulemaking or other regulatory changes for these plants be-cause of severe accident risk. However, the occurrence of a severe accident is more likely at some p1&nts than at others. At each plant there will be systems, components or procedures that are the most significant contributors to severe accident risk. The intent of this policy statement is to provide utilities with basi.s for development of Commission guidance that will allow identifica-tion of these contributors and development of the appropriate course of action, as needed to assure acceptable margins of safety. In all cases, the commitment _
of utility management to the pursuit of excellence in risk management is of.
critical importance. The term " risk management" includes accident prevention, accident management to curtail or retard its progression, and consequence miti-gation to further limit its effects on public health and safety. The Commission plans to formulate an approach for a systematic safety examination of existing plants to determine whether particular accident vulnerabilities are present and what cost-effective ::hanges are desirable to ensure that there is no undue risk to public health and safety. In implementing such a systematic approach, plants under construction that have not yet received an Operating License will be treated essentially the same as the manner by which opers',ing reactors are dealt with. That is to say, a plant-specific review of severe accident vulnerabili-ties using this approach is not considered to be necessary to determine adequate safety or compliance with NRC safety regulations under the Atomic Energy Act, or to be a necessary or routine part of an Operating License review for this class of plants.
The main purposes of this Policy Statement follow:
8 a
i
- t. ,' *
,. ()
~
)
I e To clarify the procedures and requirements for licensing a new nuclear plant; l e To re-examine the need for the generic rulemaking proceeding contem- l plated in the TMI Action Plan commitment'(NUREG-0660, Task II.B.8) on degraded core accidents, currently referred to as severe nuclear r eactor accidents; e To avoid unnecessary delays of plants now under constructica; e To close out for now severe accidentiissues for existing plants (those in operation and under construction) without imposing further backfits unless this can be justified by new safety information; and, e To achieve improved stability and predictability of reactor regula-tion in a manner that would merit improved public confidence in our regulatory decision making.
The policies presented in this statemerci, will lead to amendment of NRC regula-tions, standard review plans for licensing actions, or other decision procedures and criteria as part of NRC's ongoing Severe Accident Program. This Policy Statement makes allowance for such changes as the result of the development of l
new safety information of significan e for design and operating procedures.
l In accordance with the activities, views, and policy developments discussed in this Policy Statement, the Commission believes that it is possible to complete l
its ongoing reviews of new plant designs with an expectation of fully resolving l
9 E _ __ _ _ _ . _ _ _ - .
i
()
.', ')
the severe accident questions in the course of the review. This belief is
]
_ predicated on the availability of results from the ongoing NRC, Industry Degraded Core Rulemaking Program (IDCOR), and vendor research and insights from the Zion, Indian Point, Limerick, and other risk analyses. The review of )
standard designs for future cps provides incentive to industry to address l severe accident phenomena. Indeed, since July 1983, the staff has completed the reviews and has issued Final Design Approvals (FDAs) for two standard '
designs (General Electric Company's BWR/6 Nuclear Is' land Design, GESSAR II; and Combustion Engineering Incorporated's System 80 Design, CESSAR). A severe accident review by the NRC staff of the GESSAR II design for forward reference-ability is nearly complete. The review included assessment of alternative _
design changes for severe accident risk reduction. In addition, the staff has been involved with pretendering review of an application for Westinghouse Electric Corporation's advanced pressurized water reactor design RESAR-SP/90.
In January 1984, the NRC found the RESAR-So/90 application for a Preliminary Design Approval acceptable for docketing at:d in May 1984 the application was docketed. Also, work has been continuing Jetwen NRC and the Electric Power Research Institute (EPRI) on their " LWR Standardized Futura Plant Design Evaluation Program."
It is assumed in this Policy Statement that, over the next 10 to 15 years, utility and commercial interest in the United States will focus on advanced light water reactors that involve improvements but are essentially based on the technology that was demonstrated in the design, construction, and operation of more than 100 of these plants in the United States. This policy should not be viewed as prejudicia; to more extensive changes in reactor designs that might be demonstrated during or beyond that time period. Indeed, the Commission 10
b l
, (1
)
)
encourages the development and commercials?ation of any standard designs that
)
, might realize safety benefits, such as those achieved through greater simplicity; slower dynamic ' response to upset conditions involving accident precursor events; passive heat removal for loss-of-coolant accidents; and other characteristics that promote more efficient construction, operation, and maintenance procedures i to enhance safety, reliability, and economy.
B. Policy for New Plant Applications !
i 1
- 1. Introduction No new commercial nuclear reactors have been ordered in the United States since December 1978. However, the Commission has received several applications for reference design approvals that are currently under review. A reference design is one of the options in the Commission's standardization policy. When approved by the NRC staff, a reference design could be incorporated by reference in a new CP application and, ultimately, in an operating License (OL) application.
During the corresponding CP and OL reviews, the NRC staff would not duplicate that portion of its review encompassed by its reference design approval.
Therefore, even in the absence of new CP applications, in order to provide guidelines for the current reference design reviews, the Commission has rect,g- l t
nized the need to promptly establish the criteria by which new desigu can be shown to be acceptable in meeting severe accident concerns. The Comission now believes that there exists an adequate basis from which to establish an appro- ,
l priate set of criteria. This belief is supported by current operating reactor experience, ongoing severe accident research, and insights from a variety of 11
e- '
.. )
. s.
risk analyses. The resultant criteria and procedural requirements are listed below.
- 2. Criteria and Procedural Requirements The Commission believes that a new design for a nuclear power plant (as well as a proposed custom plant) can be shown to be acceptable for severe accident concerns if it meets the following crit.eria and procedurel requirements:
- a. Demonstration of compliance with the procedural requirements and criteria of the current Commission regulations, including the Three, Mile Island requirements for new plants as eeflected in the CP Rule
[10 CFR 50.34(f)];
i
- b. Demonstration of technical resolution of all applicable Unresolved Safety issues and the medium- and high priority Generic Safety Issues, including a special focus on assuring the reliability of decay heat j removal systems and the reliability of both AC and DC electrical sup-ply systems; 1
'i
- c. Completion of a Probabilistic Risk Assessment (PRA) and consideration of the severe accident vulnerabilities the FRA exposes along with the insights that it may add to the assurance of no undue risk to public )
hplth and rafety; and l
12 !
i
l
, . ( ! )
4
- d. Completion of a staff review of the design with a conclusion of safety 4
)
acceptability using an approach that stresses deterministic engineer- l l
ing analysis and judgment complemented by PRA.
The fundamental criteria listed above apply to the staff's review of any new design. In addressing criteria (b) and (c), the applicant for approval or f i
certification of a reference design shall consider a range of alternatives and combination of alternatives to address the unresolved and generic safety issues and to search for cost-effective reductions in the risk from severe accidents, j l
No cost-benefit standard has currently been certified by the Commission, j i'
although one has been proposed for trial use (NUREG-0880, Rev. 1). Such a _
standard, if certified, could serve as a surrogate, not only for dolle costs and benefits of a decision option, but also for other adverse and bene' . sal effects (soft attributes) of social significance that cannot readily be quanti-fied in commensurate units.
The following sections explain in more detail how these criteria are to be applied to the various types of reviews that the strff may encounter. It is intended that a new design would satisfy each of tha fundamental criteria listed above before final approval or certification. It is recognized, however, that a new design can go through different stages or levels of approval before receiving this final approval or certification. For example, a reference design can obtain a Preliminary Design Approval (PDA) and then a Final Design Approval (FDA). The unique circumstances of each design review will, therefore, require flexibility in the application of the criteria listed above. In par-ticular, the timing of the PRA requirement may differ considerably from one review to another. In addition, the licensee is required to ensure that the 13 t
(; >
')
1 intent of the safety requirements is accomplished dt. ring procurement, construc-l
-tion and operation. j l
It is recognized that there are a diversity of PRA methods. These will continue l
to undergo evolutionary development as the results of research programs and l
)
reliability data from operating reactors become available and as innovative 1 l
uses of PRA in safety decision contexts suggest better ways to achieve the i benefits of these methods while guarding against their limitations or improper I
uses. While learning curves of these kinds will likely continue for a decade l or more, it would nevertheless be constructive to consolidate this experience at various stages of PRA development and utilization. At the present stage of,-
development, a number of positive uses of PRAs have been demonstrated, espe-cially in identifying: (1) those contributors to severe accident risk that are clearly dominant and hence need to be examined for cost-effective risk reduction measures and (2) those accident sequences that are clearly insignificant r'.sk contributors and can therefore be prudently dismissed. In-between cares are more problem & tic.
Accordingly, within 18 months of the publication of this severe accident state-ment, the staff will issue guidance on the form, purpose and role that PRAs are to play in severe accident analysis and decision making for both existing and future plant designs and what minimum criteria of adequacy PRAs should meet.
From experience to date, it is evident that PRAs could serve as a highly useful tool in assessing the risk-reduction potential and cost-effectiveness of a number of imaginative design options for new plants in comparison with design features of existing plants. The PRA guidance will descrlbe the appropriate 14 i
r.
( )
combination of deterministic and probabilistic considerations as a basis for severe accid 6nt decisions.
The proposed Commission Policy Statement on Severe Accideni.s issued on April 13, 1983 recognizes the need for striking a balance between accident prevention and consequence mitigation. In exploring the need for additional design or operational features in the next generation of plants to mitigate the conse-quences of core-melt accidents, the Commission will strike a balance between '
accidenc prev 3ntion and consequence mitigation enco,. assing actions that ,
l improve understanding of containment building failure characteristics and J I
design features or emergency actions that decre'ase the likelihood of contain- _ l ment building failur,s. Although not specifically designed to accommodate all of the hostile environments resulting from the complete spectrum of severe ac-cidents, they can contain a large fraction of the radiological inventory from a portion of the spectrum of such severe accidents. l For example, large, dry con- i tainments may be sufficiently capable of mitigating the consequences of a wide spectrum of core-melt accidents; hence, further requirements may be unnecessary j or, at most, upgrading current requirements to gain limited improvements of i their existing capability may be necessary. The Commission expects that these matters will continue to be subjects for study (e.g., in the NRC research program and in further plant-specific studies such as the Zion and Indian ?oint probabilistic risk assessments).
I Integrated systems analysis will be used to explore whether other containment !
types exhibit a functional containment capability equivalent to that of large, dry containments. Although containment strength is an important feature to be considered in such an analysis, credits should also be given to the inherent i
15 l
_j
, c .
y
)
energy and-radionuclides absorption capabilities of the various designs as well 3 as.other design features that limit or control combustible gases.
It is clear that core-melt accident evaluations and containment failure evalu-ations should continue to be performed for a representative sample of operating plants and plants under construction and for all future plant designs. These studies should improve our understanding of the containment loading and failure characteristics for the various classes of facilities. The analyses should be as realistic as possible and should include, where appropriate, dynamic and static loadings from combustion of hydrogen and other combustibles, static pres-sure and temperature loadings from steam and non-condensibles, basemat penetra ,
tion by core-melt materials, and effects of aerosols on' engineered safety fea-tures. A clarification of containment performance expectations will be made including a' decision on whether to establish naw performance criteria for con-tainment systems and, if so, what these should be.
The Commission also recognizes the importance of such potential contributors to severe accident risk as human performance and sabotage. The issues of both insider and outsider sabotage threats will be carefully analyzed and, to the extent practicable, will be emphasized as special considerations in the design and in the operating procedures developed for new plants. Likewise, the effec-
-tiveness of human performance will be emphasized in design and operating proce-dure development. A balanced focus will be paid to the negative impact of human performance on severe accident risk as well as its potentially positive !
I contribution to halting or limiting the consequences of severe accident progres-sion. Design features should be emphasized that reduce the risk of early con-tainment failure, thus providing more time for the positive contributions of 16 l
i u'
a , .
kl ,)
operator performance in curtailing severe' accident consequences. Also. design features:should be given special ' attention that serve to decrease the role'of human error in the sequence of events leading to the initiation or aggravation of core degradation.' In particular, methods of analysis and associated data bases.are under development by the Commission's ongoing severe accident programs that.will aid the analyses.and corrective actions of both negative and positive human performance contributions to severe accident risk or its alleviation.
It is noted that some of the severe accident scenarios result in insignificant probability of offsite consequences, because of containment effectiveness. In _
this situation, there.may be no clear basis fbr regulatory action because there is no substantial effect on public health or safety. However, the implementa-tion of-requirements to control occupational exposure should be considered along with the relatively small ef facts on public health and safety for these types
-of severe accidents. The resolution of cost-benefit issues in severe accident decision making is part of the NRC's Safety Goal Evaluation Program.
Although in the licensing of existing plants the Commission has determined that these plants' pose no undue risk to public health and safety, this should not be viewed as implying a Commission policy that safety improvements in new plant designs should not be actively sought. The Commission fully expects that vendors engaged in designing new standard (or custcm) plants will achieve a higher standard of severe accident safety performance than their prior designs.
This expectation is based on:
e The growing volume of information from industry and government-sponsored research and operating reactor experience has improved our 17
- 7 , .
' ):
L knowledge of specific- severe accident vulnerabilities and of low-cost methods for their mitigation. Further learning on safety vulnerabili-l ties and innovative methods is to be expected.
e The inherent flexibility of this Policy Statement (that permits risk-i risk tratieoffs in systems and sub systems design) encourages thereby innovative' ways of achieving an improved overall systems reliability at a reasonable cost. ,
o Public acceptance, and hence investor acceptance, of nuclear tech-nology is dependent on demonstrabig progress in safety performance, ,
including the reduction in frequency of accident precursor events as l
well es a diminished controversy among experts as to the adequacy of nu: lear safety technology, e
Further progress in severe accident risk reduction is a hedge against the possibility that current risk estimaces with their broad ranges .
of uncertainty might unwittingly have been optimistically biased. l e
Although the severe accident risk of an individual plant may be accept-able in terms of its direct offsite regional consequences for public health and safety, the aggregate probability (say, over a 30 year
\
period) that one severe accident will occur in a large population of reactors holds a separate and additive significance. Such an event would yield adverse spillover consequences for innocent parties in other regions (i.e., nuclear-oriented utilities and their customers),
18
o--
U )
not to mention a changed political environment for nuclear regulation itself affecting resource costs and programmatic activities.
- a. Approval'or Certification of Reference Designs with No Previous FDA In accordance with the Commission's standardization ~ regulations and policy, a new reference design can be submitted for approval, first as a preliminary design and then as a final design. Correspondingly, the staff will issue a i Preliminary Design Approval and a Final Design' Approval. A PDA is not, how- , _
ever, a prerequisite for an FDA. An applicant has the option to submit FDA-level information initially and proceed directly with an FDA review. These options remain unchanged by this Policy Statement.
I I
After a PDA application is docketed, the preliminary design can be referenced in a new CP application. The corresponding OL application would then reference j the approved final design (FDA). Of course, an approved final design could also be referenced in a new CP application.
ine use of an approved standard design in new CP/0L applications has received considerable attention under the Commission's legislative initiatives on single-step licensing. It should be noted that a two-step review process for a standard design approval is not, in itself, inconsistent with single-ste- licensing. To be most effective, single-step licensing presumes the existence of a previously ;
approved design --essentially an FDA. This design could still be approved in 19
. , - 1
[ # . &
l' .)
a two-step process as long as both steps were completed in advance of the single-
- step licensing application.
The use of FRA in a two-step review process also raises a number of questions.
Of particular concern is the timing of the PRA requirement because the comple-tion of a comprehensive and detailed PRA may not be achievable in the absence of essentially complete and final detailed design information. Therefore, to i require a complete PRA at the PDA stage would not be realistic. The Commis-sion's recent experience, however, indicates that a substantial amount of design detail that would permit meaningful, limited, quantitative risk i
analysis does exist at the PDA stage. Because the Commission believes that .-
risk analysis of this type would be a useful design tool, the Commission expects that it would be completed as part of the PDA application process. A complete risk analysis would not be a prerequisite for issuance of a PDA. However, if this risk analysis is not performed in the PDA process, it will have to be provided as part of any CP application referencing the design.
If the scope of the FDA reference design application is limited to an extent that would preclude the completion of a meaningful, comprehensive PRA, the requirement for a complete PRA may be waived. However, the applicant should still perform and suumit supplementary risk analysis, to the extent practical, to demonstrate the adequacy of the proposed design. If a comprehensive PRA is not submitted for an FDA, a CP/DL applicant referencing the approved design would be required to submit a plant-specific PRA. For standard design approvals of restricted scope, additional limitations beyond the PRA aspects may exist.
Use of such a standard design by the license appilcant may be limited by its very nature to a two-step licensing process, namely, a Construction Permit and 20
( )
an Operating License issued separately. This would negate some of the benefits envisioned for an approved or certified design wherein a previously approved site could be matched with it in a one-step, combined CP/0L process.
The reference design must satisfy each of the criteria stated in Section B.2 before an FDA can be issued. For forward referenceability of a new standard !
design, the applicant is being afforded in this Policy Statement the flexibility of choosing between a Preliminary Design Approval (PDA), a Final Design Approval (FDA), or a Design Certif t::ation (DC). The design approvals (i.e., a PDA or FDA) would be issued following the completion of the staff's review and would t
be subject to challenge in individual licensing hearings. The Design Certifi ,-
cation would be issued by the Commission following a rulemaking proceeding and could not be challenged in individual hearings. cps or OLs, based on a refer-ence design that has not been approved through rulemaking, shall be subject to any design changes arising from the rulemaking proceeding in accordance with the Commission's backfit policy and regulations. The design certification would be issued for a longer duration than a design approval. The specific require-ments and procedures for obtaining design certifications or approvals will be established in a forthcoming revision to the Commission's Standardization i
Policy Statement.
- b. Approval or Certification of Reference Designs Previously Granted an FDA
)
In 1983, the NRC staff issued two Final Design Approvals for reference designs.
These designs were permitted to be incorporated by reference in OL applications where the corresponding CP application had referenced the PDA. However, the 21 1
y ..
L
,, , ; (,; i )
designs were not approved for incorporation in new CP applications. The Com-mission now believes that these designs are suitable for use in new CP and OL applications under the conditions specified below. Any significant changes to these designs, other than those resulting from the severe accident review, will require the designs to be considered under the provisions of Section B.3.a, i.e., as new designs.
(1) Each of the two reference design applicants with existing FDAs must request that their FDAs be amended to permit their designs to be refer-enced in new CP and OL applications. The request must either (1) include the information needed to satisfy each of the cr'iteria stated in Section B.2, or-(ii) provide suitable interface requirements to ensure that CP and OL applica-tions referencing the design will satisfy each of the criteria in Section B.2.
Requests in either case need not include an evaluation of how the design con-forms to the Standard Review Plan (10 CFR 50.34(g)).
In the first case, the staff will amend'the existing FDA upon receipt of the request to permit the design to be referenced in new CP and OL applications until the severe accident review is completed. The severe accident review must be successfully completed prior to the issuance of any new CP or OL whose appli-cations reference the design. Upon the successful completion of the severe accident review, the staff will further amend the FDA to permit the design to be referenced in new CP and OL applications for a fixed period of time, such as five years.
In the second case, the staff will amend the existing FDA upon receipt of the request to permit the design to be referenced in new CP and OL applications for 22 ,
$$pe;,: ,
7&..
v., .
(; ,'. .)
Ny, G Y 1 d :a fixed period of time,.such'as five~ years. The amended FDA will be conditioned Las: appropriate to ensure that new CP.and OL applications referencing the design
[\ wb1satisfyeachofthecriteriainSectionB.2. The severe accident review M' . must'be completed prior to the issuance of the new CP or OL.
'(2) Criterion 8.2.c requires the completicn of a comprehensive PRA.
, If a comprehensive PRA cannot be, completed owing to.the limited scope of.the E -design, the applicant shall perfore supplementary ~ risk analyses to the extent practical in support of the approval or rulemaking process. 'As noted above,
'the limited scope nf plant design and PRA analysis would lead to a partial loss ,
of benefits'in that a two-step CP/0L licensing process would be required in lieu of a one-step processe (3) With regard to completion of a comprehensive PRA for a reference design, the Commission recognizes that a PRA would be more meaningful if it n were based on a' substantial portion of the complete facility design. Therefore, if justified to the NRC staff, completion of the PRA by the FDA applicant may i be waived. If a comprehensive PRA is not submitted by the FDA applicant for the FDA, a CP/0L applicant referencing the design would be required to submit a plant-specific PRA.
A reference design applicant previously granted an FDA can purse the same options of design approval or design certification as described in the preced- 1 ing section for reference designs with nn previous FDA. The FDA would be issued L following the completion of the staff's review and would be subject to challenge in individual licensing hearings. The Design Certification would be issued by 23
. J. (g D l
l .the Commission following e rulemaking proceeding and could not be challenged i- J in individual hearings. cps or OLs, based on a reference design that has not been approved through r.ulemaking, shall be subject to any design changes arising from the rulemaking pror.eeding in accordance with the Commission's backfit policy and regulations. The design certification would be issued for a longer duration than a design approval. The specific requirements and procedures for obtaining design certifications or approvals will be established in a forthcoia-ing revision to the Commission's Standardization Policy Statement.
- c. A Reactivated Construction Permit Application Because of the many complex factors involved, the criteria and procedures for regulatory treatment of reactivated Construction Permits will be a matter of separate consideration apart from this Severe Accident Policy Statement.
- d. A New Custom Plant Construction Permit Application It is the Commission's policy to encourage the use of reference designs in future CP applications. This does not, however, preclude the use of a custom design. Custom designs shall also be reviewed against the criteria identified j in Section B.2. As a result of the circumstances and timing involved i.7 the ongoing standard design review processes, the Commission expects that most, If not all, new CP applications incorporating a reference design would be based on essentially final design information. This will result in improved safety and regulatory practices, as well as reduced time to license and construct a nuclear power plant. To obtain as much of this benefit as practicable for a '
4 custom design application, the Commission w ~ill require a CP application for a 24
('
)
custom design to include design information that is sufficiently final and
. complete to permit completion of an adequate plant-specific PRA.
It is pos-sible, however, that an applicant referencing an approved or certified design in lieu of a custom plant would have in prospect a significantly reduced licensing fee since staff effort would r.ot be required -- or much less would l be requ' red -- for a rereview of the approved or certified design at the CP/0L l stage save for those detailed changes to accommodate unique site features or other special circumstances (e.g., innovative equipment designs to meet new ASME or IEEE codes, etc.).
C. Policy for Existing Plants ,
- 1. Some General Principles of Policy Development The Commission has licensed about 90 nuclear plants and expects to process applications to license approximately 30 additional plants. The Commission has considered at length the question of whether generic rulemaking should be under-taken or additional regulations should be issued at this time to require more capability in cperating plants or plants under construction to improve severe accident orevention, consequence mitigation, or accident management that would halt or delay further core degradation.
The TMI accident led to a number of investigations of the adequacy of design features, operating procedures, and personnel of nuclear power plants to provide assurance of no undue risk regarding severe reactor accidents. The report "NRC Action Plan Developed as a Result of the TMI-2 Accident" (NUREG-0660, May 1980) )
l describes a comprehensive and integrated plan involving many actions that serve ]
25
(
to increase safety when implemented by operating plants 'and plants under con-
, .'struction. The Commission approved items for implementation and these are iden-tified in a' report, " Clarification of TMI Action Plan Requirements" (NUREG-0737, November 1980). The staff issued further criteria on emergency operational facilities (NUREG-0737, Rev.1), auxiliary feedwater system improvements (de-rived from NUREG-0667), and instrumentation (Regulatory Guide 1.97, Revision 2).
The TMI Action Plan led to the requirements of over 6,400 separate action items -i for operating reacters and five Near-Term Operating Licenses. About 90 percent of the action ~ items approved for operating reactors are now complete and the remainder are expected to be finished by the end of fiscal year 1985. There ,
were 132 different types of action items-approved in the Action Plan (an average of 90 actions per plant).- Of this total, 39 involved equipment backfit items,.
31' involved procedural changes, and 62 required analyses and reports. It is impractical to quantify all of the safety improvements obtained by these many changes. Nevertheless, the cumulative effect is undoubtedly a significant improvement in safety.
Other information from NRC- and industry-sponsored research along with failure data from construction and operating experience have led to changes in existing plants. Also, the NRC/AEC has sponsored 11 plant-specific PRAs and the industry has sponsored as many more. The evaluation of severe accident risk by the interrelated deterministic and probabilistic methods has identified many refine-ments of current design and operating practice that are worthwhile, but has identified no need for fundamental (or major) changes in design.
26
)
On the basis of currently available information, the Commission concludes that existing plants pose no undue risk to public health and safety and sees no present basis for immediate action on generic rulemaking or other regulatory changes for these plants because of severe accident risk. Moreover, the Com-mission has ongoing programs (described in NUREG-1070 and issued concurrently with this Policy Statement) that include: the resolution of Unresolved Safety Issues and other Generic Safety Issues, including a special focus on assuring the reliability of decay heat removal systems and the reliability of both AC and DC electrical supply systems; the Severe Accident Source Term Program; the Severe Accident Research Program; operating experience and data evaluation regarding equipment failure, human errors, and'other sources of abnormal events;.
and scrutiny by the Office of Inspection and Enforcement to monitor the quality of plant construction, operation, and maintenance. The Commission will main-tain its vigilance in these programs to offset the uncertainty of whether sig-nificant safety issues remain to be disclosed. Industry research and foreign reactor experience are also meaningful sources of information.
One important source of new information is the experience of NRC and the nuclear industry with plant-specific probabilistic risk assessments is that each of these analyses, which provide a more detailed assessment of possible accident scenarios, has exposed relatively unique vulnerabilities to severe accidents.
Generally, the undesirable risk from these unique features has been reduced to i
an acceptable level by low-cost changes in procedures or minor design modifica-tions. Accordingly, when NRC and industry interactions on severe accident j issues have progressed sufficiently to define the methods of analysis, the Commission plans to formulate an integrated systematic approach to an examina-tion of each nuclear power plant now operating or under construction for possi-1 27
()
)
ble significant risk contributors (sometimes called " outliers") that might be plant specific and might be missed absent a systematic search. Following the development of such an approach, an analysis will be made of any plant that has not yet undergone an appropriate examination. The examination will include specific attention to containment performance in striking a balance between >
accident prevention and consequence mitigation. In implementing such a system-stic approach, plants under construction that have not yet received an Operating License will be treated essentially the same as the' manner by which operating reactors are dealt with. That is to say, a plant-specific review of severe accident vulnerabilities using this approach is not considered to be necessary to determine adequate safety or compliance with NRC safety regulations under .
the Atomic Energy Act, or to be a necessary or routine part of an Operating License review for this class of plants.
Should significant new safety information develop, from whatever source, which brings into question the Commission's conclusiun that existing plants pose no undue risk, then at that time the specific technical issues suggesting undue vulnerability will undergo close examination and be handled by the NRC under existing procedures for issue resolution including the possibility of generic '
rulemaking where this is justifiable. However, NRC's experience suggests that safety issues discovered through cperating experience programs, quality assur-ance programs or safety analyses often pertain to unique characteristics of a specific plant design and, therefore, are dealt with through plant-specific mod-ifications of relatively modest cost rather than major generic design changes.
The Severe Accident Research Program as well as NRC's extensive severe accident studies of certain individual plants will aid in determining the extent to which 28
(s .)
carefully analyzed reference plants can appropriately serve as surrogates for a
. class of similar plants as the basis for any generic conclusions. These studies will ~also aid in identifying the desirable scope and approach for follow-up safety studies of individual plants. Any generic design changes that are identified as necessary for public health and safety will be required through rulemaking and will be consistent with the Commission's backfit policy.
- 2. Policy for Operating Reactors In ligh,t of the above principles and conclusions, the Commission's policy for operating reactors includes the following guidance: ,
e Operating nuclear power plants require no further regulatory action to deal with severe accident issues unless significant new safety information arises to question whether there is adequate assurance of no undue risk to public health and safety.
e In the latter event, a careful assessment shall be made of the severe accident vulnerability posed by the issue and whether this vulner-ability is plant or site specific or of generic importance.
e The most cost-effective options for reducing this vulnerability shall be identified and a decision shall be reached consistent with the cost-effectiveness criteria of the Commission's backfit policy as to which option or set of options (if any) are justifiable and required to be implemented.
29
g, 4
e In those instances where the technical issue goes beyond current regulatory requirements, generic rulemaking will be the preferred solution. In other cases, the issue should be disposed of through the conventional practice of issuing Bulletins and Orders or Generic Letters where modifications are justified through backfit policy, or through plant-specific decision making along the lines of the Inte-grated Safety Assessment Program (ISAP) conception.4 e Recognizing that plant-specific PRAs have yielded valuable insights to w.ique plant vulnerabilities to sev,ere accidents leading to low-cost modifications, licensees of each operating reactor will be expected-to perform a limited-scope, accident safety analysis designed to discover instances (i.e., outliers) of particular vulnerability to core melt or to unusually poor containment performance, given core-melt accidents.
These plant-specific studies will serve to verify that conclusions developed from intensive severe accident safety analyses of reference or surrogate plants can be applied to each of the individual operating plants. During the next two years, the Commission will formulate a systematic approach, including the development of guidelines and pro-cedural criteria, with an expectation that such an approach will be implemented by licensees of the remaining operating reactors not yet systematically analyzed in an equivalent or superior manner.
- 3. Policy for Operating License Applications for Plants Currently Under Construction The same severe accident policy guidance applies to applications for operating licenses (OLs) as stated above for operating nuclear power plants along with "See " Integrated Safety Assessment Program (ISAP)," SECY 84-133, March 23, 1984.
30
( :1 I the follown.g additional item. (This item also applies to any hearing proceed-
. ings that might arise for an operating reactor.)
e Individual licensing proceedings are not appropriate forums for a broad examination of the Commisdon's regulatory policies relating to evaluation, control and mitigation of accidents more severe than the design basis (Class 9). The Commission has announced a policy regard-ing Class 9 environmental reviews and hearings in its Statement of Interim Policy on " Nuclear Power Plant Accident Considerations Under the National Environmental Policy Act of 1969" (45 FR 40101, June 13, 1980), and expects to continue this policy. The environmental issues deal essentially with the estimation and description of the risk of severe accidents. The Commission believes that considerations which go beyond that to the possible need for safety measures to control or mitigate severe accidents in addition to those required for con-formance with the Commission's safety regulations or conformance with the Clarification of TMI Action Plan Requirements,5 should not be addressed in case-related safety hearings.
The Seprate Rtrnarks of Chairman Palladir.o and the Dissenting Views of Ccmnissioner Asselstine are attachedq p Dated at Washington, D.C. this 30 da of Vwkw 1985.
Fo,r t ie Nucle Rhlatory Commission.
O Samuel J.'thilk,
~%
Secretary of thg Commission.
5See 10 CFR 2.764(f) and " Statement of Policy: Further Commission Guidance for Power Reactor Operating Licenses," 45 FR 85236, December 24, 1980.
1 31
r . ._-
{ )
SEPARATE REMARKS BY CHAIRMAN PALLADINO
.I believe the Commission is on the right course with this decision. The severe accident policy statement presented here is based on the' arguments contained within it, the additional support.of more detailed analysis in its companion document NUREG-1070, the massive support of the many other related works
~
of this agency and others in this field, and a logical consistency with other actions of the Commission.
In simple terms, this policy statement says that existing .
plants pose no undue risk to_public health and safety, and that there is no present basis for regulatory changes for these ants due to severe accident risk. This conclusion on reactor safety does not' lead us'to dismantle our regulatory program; rather we are maintaining a vigorous program of surveillance, analysis, and evaluation to foresee possible causes of accidents and prevent them. In this perspective, the Commission has ongoing nuclear safety programs that include:
unresolved safety issues; severe accident, source term and research programs; operating experience and data evaluation, and the scrutiny of plant construction, operation and maintenance. Should significant new safety information become available, from whatever source, to question the conclusion of no undue risk, then the technical issues thus identified would
(, -2 )
be' resolved by the NRC under its backfit policy or othr.r I existing procedures.
i The level of risk found to be acceptable is well documented in I the basic works of the agency on these related subjects. The calculated frequency of severe core damage, whether mean cr median value, is on the order of I chance in 10,000 per reactor year. For most plants, only a fraction of the calculated severe core damage sequences are likely to progress to large scale core melt. Until now, few analysts have even tried to take that fraction into separate consideration, preferring even -
to refer to the previously calculateo value as the core melt frequency. Of the core melt sequences, typically only 1 in 10, or less, are expected to yield largo releases of radioactive i
material. On virtually every reactor site in the United States conditions are such that, even with a large release, there is only 1 chance in 10 of any early f atality - Snd so on. Thus, the wealth of risk estimates before us indicate that the risk is quite low.
It is often said that one should baware of too much trust in the point estimates of probabilistic risk assessments, that one should consider the uncertainties. This we do. But some then j go on to demand exact quantitative definitions of the uncertainty. This demand is a form of bottom line fallacy.
.l*
() ~ ~
)
l Precise statements of uncertainty come only.with large amounts of data. At the very low levels of risk with which we are dealing, the occurrence of actual events is, thankfully, very rare indeed. Thus, we cannot have exact quantitative estimates of uncertainty. But we can and must, continually, explore the sensitivity of our estimates and our decisions to the gaps in our knowledge. We have been doing that and we will keep at it.
In summary, present reactors pose no undue risk to public health and safety. This policy statem,ent acknowledges that and indicates a willingness to permit continued operation of -
existing reactors as well as to license new reactors. This policy statement has be2n studied intensively for over three years. It has been reviewed carefully and endorsed by the Advisory Committee on Reactor Safeguards. It has not been lightly considered nor lightly decided. I am confident that the Commission has enunciated a sound regulatory policy.
1 I
4
~
i ... '(w 1' ;
DISSENTING VIEWS OF COMMISSIONER ASSELSTINE
SUMMARY
1 The foremost risk to the public from the operation of nuclear reactors derives from core meltdown accidents which can, through the release of substantial qbantities of radioactive materials, result in the injury and death of a catastrophic number of people. This policy statement, which establishes Comission policies on these severe accident risks, represents one of the most fundamental regulatory decislons ever trade by this agency.
This stetement, together with three other related regulatory decisions, .-
. uill chart the future course' of this agency and the nuclear industry on nuclear safety issues for many years to come. The three other decisions are the Commission's decision on the acceptability of the severe accident risk at the two operating Indian Point plants, the development of a
. bcckfitting rule incorporating a substantial safety threshhold for the impnsition of new requirements together with heavy reliance on. quantitative cost / benefit tnalyses, and the development of a provisional, and ultimately l a f1nal, safety goal with numerical' standards for evaluating the acceptability of riuclear accident risk. Taken together, these four Commission actions will set the framework for deciding whether the NpC and the industry will pursue existing and future significant safety issues, whether further improvements in safety will be pursued .fer both existing and future pl. ants, and how such decisions will be made.
Unfcrturately, the first two of these decisions by the Comission lead me to conclude that we are on the wrong course. My views opposirg the
[ ( - -
)
Ccmission's Indian Point decision were set forth in considerable deteil in the Comission's written decision (see CLI-85-06), and I will not reheerse those views here. Suffice it to say that the Comission's unsubstantiated ,
and overly optimistic assumptions on the long-term acceptability o# the severe accident risk posed to the public by those plants have now been extended by this policy statement to cover all existing and future nuclear powerplants in this country. In my judgment, the.Comissior's action today fails to provide even the most rudimentary explanation of, or justification for, these sweeping conclusions, As a basis for rational decisionmakingt i the Comission's severe accident policy stetement is a complete failure.
g Existing plants I see at least four fundamental flhws in the Commission's policy statement as it applies to existing plants. First, while the policy statement reaches a positive conclusion on the acceptability of the severe accident risk posed by existing plants, it fails to articulete vihat that risk is; it feils to identify the relevant technical issues evaluated in assessing the acceptability of that risk; it fails to explain Few those technicel issues were considered and resolved by the Comission in reaching its positive conclusion; and it fails to demonstrate the trichnical support for that conclusion based on scientifically accepted principles and methodology.
Absent a detailed discussion of the severe accident risk posed by existing I
s
,'. ( --3. )
plants and of the reascring and scientific basis supporting the Comission's conclusion on' the acceptability of that risk, that conclusion must be viewed as nothirt ricre than an unsubstantiated asserticn deserving of little weight.
Second, the Comission's policy statement fails to provide any explanation of the Comission's treatrrent of uncertainties in evaluating the risk of severe accidents. The absence of virtually any explanation of how uncertainties have been treated in this policy statement further undermines the validity of the Comission's hroad conclusions on the acceptability of the risk posed by severe accidents.
Third, the Comission fails to address in a cleFr and consistent manner the need to prevent further severe reactor accidents. Although the Comission's policy statement pays lip service te this goal, it fails to i l
include the means to fulfill that objective.
Fourth, the Comission's policy statement places undue reliance on probabilistic risk assessments (PRA's) as a means for resolving severe wtect questions for existing plants. This reliance fails to recogni c present weaknesses in %ese assessments due to the lioited number of PRA's available thus far, the variatiens among the existing IRA's, the abscree of l accepted guidelir,es on how to conduct PRA's and to eva',uate them in making l severe accident risk judgments, and the uncertainties inherent in 1
attestptir.g to extrapolate plant-specific PRA resultr, to other plants. I
\
k l !
i I
{
1
- _________-_.--__---_____. _ I
- (v
, ;O- .4- J' Future plants The Commission's policy statenent is eoually flawed in its treatment of severe accident risk for future plants. first,'the policy statement. ,
promises that the Conmission Nill nake final de:isions in the near term or, the: acceptability of new plant designc for severe accident purposes. At the same time, the policy statenent acknowledges that key elements in evaluating the acceptability of severe accident risk - criteria for the preparation and evaluation of PRA's, containment performance criteriat and criteria for evaluating the risk contributions due to sabotage.and human performance -- will not be available for some time. Thus, the Commission's e approach is to agree to make final dec'isions on severe accident risk for future plants before the technical basis-for evaluating the nature and acceptability of that risk is available.
Second, the policy statement does not-go far ennuah in insisting upon reductions in the severe accident risk of future plant designs. Such reductions are much more readily achievable in new designs for as-yet unbuilt plants then .for existing plants. While the Commission's policy statement urges reactor designers to make safety improvements in the designs of future plants, it does nothing to require that improvements be made.
Third, the Commission's policy statement retains the option of authorizing the start of construction of future plants based upon only limited plant design information, including the limited design information
I' 5
[ . : ;f , . () )
.which would be needed to support issuence of a preliminary design approval (FDA), Past experience with nuclear pnwerplant design, construction and
, regulation has taught us.the r:ary ritfalls of _ the old design-as-you-build approach. By continuing to allow the start of plant construction with only limited design work complete, the Comission seems 'comitted to repeating the mistakes of the pcst -- mistakes which have led to the deferral of significant design issues urtil the construction and pre-operation stages anc the tieed to modify work already in progress or completed..
Taken together, these flaws in the Comission's severe accident policy statement cast doubt upon the adequacy of the Commission's overall approach e to dealing with severe accident risk and undennine the validity of the Comission's sweeping judgments of the acceptebflity of that risk for existing and future plants.
DISCUSSION I
Before elaborating ce the major infinnities of this policy statement, it is useful r.o explain what we know about the severe eccident risks to the public.
l
7 l
4 -
(- e ~)
Risks j i
i
' Risks are commonly defined as the product of the probability that an event will occur and the conseopences of the event happening. .In regulating the nuclear industry, the Conrission makes extensive use of a i
methodology called probabilistic risk assessment (PRA). In conducting a !
s PRA the analyst calculates the ccre meltdown probability and, given a particular core meitdown sceneric, the analyst then estimates the -
consequences to the public. The Comission uses the bottom line of these-PRA's in deciding whether to improve reactor, safety or to relax the safety standards even though such PRA's do not consider all contributors to core ~
meltdown risks or cyentify all of the uncertainties.
A typical result of a PRA which is used by NRC in reachirp safety decisions is the estimated core meltdown probability of about one in ten thousand (or 10~4) per reactor year. However this probability estimate is often bered on what is called the " median" value. It is important to understand just what the meaning of this bottom line number really is.
Because of major inadequacies in the data base, because of the vast complexity of nuclear plants, because a tremendous number of assumptions must be made in calculating core meltdown probabilities, and because large scale core meltdown phenomena are poorly understuod, no cre calculation will yield a remotely meanirgful probability of catastrophic consequences.
Therefore, the PRA analyst must perfom theurands of individual estinates of the core meltdown probability while randomly varying within chosen distribution patterns which themselves are not precisely known individual
[
E-_ _ _ -- - --- -- -
()
! 4 . .)
l .
l l
component failure probabilities. human error rates, and theoretical models that are thought to describe most of the important physical processes or engineering behavior. Any one of these individual estimates is as likely 1
to be valid as the estimate resulting from any one of the other thousands of calculaticr;s. There is a crucial, but untenable, underlying assumption that all core meltdown sequences have been accounted for in the estimates.
The analyst then scans all of the estimates and picks the probability value at which half the estimates are above and half are below. This rumber is called the median. It is, according to the Comission, the "best estimate". When calculated in this way, hx ever, one cannot say with any cor.fiderte thet this median value is the true core meitdown probability.
~
Nonetheless, the Commission arbitrarily chooses this mediar rumber to use
,1 in making its regulatory decisiers.
The spread in the estimated core meltdown probabilities for a typical plant range from approximately cre chance in one thousand (10-3) per year
-1/ The practice of using median estimates was strongly criticized by our Advisory Committee on Reactor Safeguards during its July 11, 1985 meeting with the Conmission. The ACRS recommended that mean rather than median estimates be used, and noted that use of median rather than mean estimates can result in a substantial underestimate of the effects of uncertainties in making reactor accident risk estimates.
As indicated above, the median is that point on a spectrum at which half of the values fell above and half fall below. The mean is the average value of the spectrum of risks and is alto celled the j
" expected value." <
Some FRA analysts base their estimates en the mean. However, the Commission has twice endorsed use of the median value. The first time was when the Commission endorsed WASH-1400 (Pcactor Safety Study) in 1975 and the second time was when the Commission approved the provisional Safety Gcal Policy Statement (NUREG-0830, Revisier 1) in 1983.
1 R'
[
(L a-.81- ).
Et o one chance in one hundred thousand (10-5) per year, with a median value
.of one. chance in ten thousand (10-4) per year, give or take a few, However, there_is no proof that the median of the calculated values reflects the octual risk any more than do the estimates 'of 10~3 per year or 10-5 per year. ,
Another. typical result of PRA's is the prediction thet 6 bout.1 oot of 10 core meltdowns likely will. result in lethal radiation doses to about 1,000 people. Such consequences of core meltdown accidents are attributable to degraded performance of the , containment, which can come about in a variety of ways that are not precisely quantifieble. Because of ~
these uncertainties in quantification, a' fraction of core meltdown accidents which would lead to catastrophe consequences is actually a range of values. The rarge could be two or three times greater than the above estimate; or it could be two or three times less. Picking the minimum-factor of 2 and assumir.g there are 100 operating ' reactors, the approximate raiige of chances of a catastrophic accident between row and the year 2000 would be anywhere between 0.2 (2 chances in ten) and 0.001.(one chance in a thousand).
Therefore, the information before the Conission indicates that there could be anywhere between a 20 percent chance and a 0.1 percent chance of an accident at a nuclear reactor in the rext 15 years that would result in lethal doses to about 1,000 people. The range of chances could be larger than this if one considers all contributors to the core meltdown probability and all uncertainties. Likewise, the number of deaths could be e
f.
] 3- -9. <
}
-larger or smaller. Admittedly, there 'are many ways of. going about -
- estimating.the range of risks. ' However, if there is validated quantitative-information on core meltdown ritks that is better, it has not yet been demonstrated..'Thus, because of the r"any uncertainties involved in calculating both the probabilities and the consequences of core meltdowns,
- one number does not give a true picture of the actual risk. A range of possibilities is a more accurate representation of our understanding of the
. issue.
A ' serious consideration of the core meltdown risks would consider this full range of calculated risks and would address forthrightly the questien e of whether this risk is acceptable or unacceptable, both for the immediate future and over the long term. The Comission's consideration of severe accident risks instead focuses on a median number, ignoring the actual range of values and the uncertainties inherent in using a median number for decisionnaking.
Since the foremost risk to the public from the commercial nuclear industry derives from severe accidents, adopting a policy that seeks te
. . u: tevere accident issues in a definitive manner is the most basic duty which can be undertaken by the Commission in meeting its responsibility to decide what constitutes acceptable risk to the public.
The Commission claims in this policy statement to have exaMiried an extensive rarce of technical issues relating to severe accichnt risks in reaching its judgment "that existing plants do not pose er urc've level of risk to the rublic." The Commission's policy statement does not, however, I
e
__ _ _ - _ _ - _ _ l
- 3 ;
~.
.. ,x Iv. - 10.- )
a incorporate an explanation, or for that matter even a description, ~of the nost significant issues that'have been resolved and the manner in which they were resolved. Nor does it include a description of the methods of analyses used in resolv'ing the issues or decision criteria that were used a'
for reaching the ultimate' judgment. It is, therefore, impossible to discern the bases for the Commission's decision.
Uncertainties A paramount concern regarding the acceptability of the risks to the public that must be resolved is how to reach a judgment on this issue in -
the face of enormous uncertainties which are up to 100 times the median value used by the Commission. Depending en how such uncertainties are factored into the decision, judgments could range from requiring substantial efforts to reduce core meltdown risks to doing nothing ebout thm. Scientifically accepted data and methodology are not availabic at this time to reduce substantially those uncertainties so that, as the technical staff of the NRC has repeatedly told the Commission, it S
" mandatory" to consider them in any application of risk assessments.
After being informed of the uncertainties'in the risk estimates, the Comission simply ignores thern. The Comission fails to provide any basis for its decision to ignore these uncertainties. Absent some rational treatment of these uncertainties or a convincing justification for why they can be ignored, the public can have little confidence in the Commission's conclusion that the risks to the public from a severe accident at a nuclear
[^ d'
, ([ --11'. )
O powerplent are acceptable. The only available explanation of the NRC's approach to making decisions in the face of these signi'irt.rt uncertainties i is given'en pages 133 through.140 of NUREG-1070, "NRC Policy on Future Reactor Designs: Decisions on Severe Accident Issues ir Nuclear Power Plant' Regulation", October 1984. About half of the pages are blank and the remainder are not much better. This discussion of uncertainties is inadequate and fails to provide a sufficient basis.to justify the Commission's sweeping conclusions on the acceptability of the severe accident risk.
f 4
Another fundamental issue requiring resciutien is the level of risk to ~
the public that reaserebly should be found acceptable. Beyond making a sweeping conclusicn that the severe accident risk at the existing plants does not pose an undue risk to the public, the Commission fails to address this fundamental question. In fact, the Cenmission's technical staff is just now embarking on a progran of analysis that "will form part of the basis for a Commission judgnent on the icyc1 of safety presently achieved by existing plants for severe eccidents". 2/ -
Since the Commission is just beginning this program, it cannot serve to justify the Commission's judgnent on the acceptability of the severe accident risk.
In its Indian Point decision, the Commission adopted specific point estimates of core neltdown risks for the Indian Point reactors and found
-2/ See, NUREG-1070, "NRC Policy on Future Peactor Designs: Decisions on ;
Severe Accident Issues in Nuclear Power Plant Regulation, October 1984, p. 27. <
(';
te
'/ 12 - -)
them to represent an acceptable level of risk. In the course of developing this policy statement the Commission expressed.much interest in the bottom line results of all completed PRA's, whether the repnrted point estimates were the mean or median. The technical staff has repeatedly cautioned the Comission that such bottom line numbers are not credible. VFe.t then is the basis for the Comission's position that the level of severe accident risk posed by the existing. plants is acceptable?
The Commission's decision-making process in developing this policy I
statement is simply to rely upon " point estinctes" of the core meltdown risks without any consideration of the effects of the uncertainties. This -
approach can lead to a decision to doing nothing to reduce core meltdown risks. Factoring into the decision the uncertainties in estimating the level of core meltdown risks would lead to e decision to search for ways'to reduce the risks. However, given the current political climate, there is little sympathy for beckfitting existing plants. Thus, the Comission chooses to rely on a faulty number which supports the outcome they prefer and to ignore the uncertainties, those that are knowc and quantified and those that are not quertifiable.
1 What level of confidence does the Comission have in its judgment that ]
core meltdown accidents present no undue risks to the public? The Commission nowhere expresses the degree of confidence it socks to ersure that cetestrophic accidents do not happen. Yet, the Comission's chief ,
safety officer recently wrote: "In view of the large un:ertainties surrounding methods of assessing severe accident risk, the l
1
i f .[.; () [)
level of assurance (or confidence) of no undue risk to the public is regarded as no less important than the estimated level of risk, s itself (emphasisintheoriginal)." Letter from H.R. Denton, NRR, to A.E.
Scherer, Combustion Engineering, Inc., dated December 28, 1984, subject "SECY-84-370, Severe Accident Policy".
[
Another problem with the Comission's policy statement is that it cicarly contradicts what the Comission is doing in other areas. For exemple, in this policy statement the Comission states: "A fundamental objective of the Comission's severe accident policy is that the Commission intends to take all reasonable steps to reduce the chances of occurrence of '
. a severe eccident involving substantial damage to the reactor core and to mitigate' the consequences of such an accident should one occur." However, compare this statement with the Comission's proposed backfitting standard:
"The Comission'shall require the backfitting of a facility only when it determines, based on a systernatic and dccumented analysis...that there is a substantial increase in the overall protection of the public health and safety...to be derived from the backfit er.d that the direct and indirect cost of iluplementation for that facility are justified in view of this increasedprotection."(emphasisadded) The Comission has already defined a substantial increase ir protection as meaning a backfit.that would at least reduce the " point estimate" of the calculeted core neltdown risks by half. Unless such a reduction can be " demonstrated", the Comission will not consider requiring the change. This is a much higher barrier to {
{
requiring improvements in reector safety than the policy statement would 1 i
have us believe is the Comission's policy. !
.i ,
(. ; 14 )
Further, the Commission's provisional safety goal is not interded to regulate on the brsis of preventing core damage accidents, as implied in the above purporced fundamental objective. Rather, the safety goal assures thet the containment is an independent bulwark capable of limiting tre external release of radioactivity to modest amounts for most core meltdewr accidents. Thus, according to the Commission, there is no need to regulate on the basis of preventing core meltdowns. I am n.ct as sanguine as the Commission on the acceptability of core meltdown accidents. Even if the containment happens to retain most of the radioactive fission products in the next severe accident, another accident e, qual to or more severe than
~
that which cccurred at Three Mile Island would be unacceptable to the public and the Congress and would be disastrous for the nuclear irtustry and the NRC.
But more importantly, the Commission's belief that the containment will retain all but modest arrerts of radioactivity during most core meltdowns is not yet supportable based on scientifically eccepted principles and methodology. There simply is no actuarial experience or direct experimental data on large scale core meltdcun pheremena or containment performance characteristics given a core meltdown. In the past, estimates of the quantities of radioactive releases to the environment have been based on not much more than interpolations of extrapolations of approximations. It is for this reason the Ccenissinn bas an ongoing program wHch has cost a quarter of a billion dollars in the last few i years, in an attenpt to bring some science to estimating the core meltdown l
l j
4
' '} 7
_ lg _ y risks. However, even in this program the data being generated are from limited sna11 scale tests.
Thus, a reading of this policy statement indicates that the Commission's claim that in developing this policy statement it has examined an extensive j range of issues is incorrect. It shows rather that the Commission either examined the wrong issues or gave short shrift to the fundamental issues.
In failing to define accurately the level of severe accident risk at the existing plants and to address the need for additirnal changes to the !
~
plants to make this risk acceptable for the long term, the Commission is repeating past failures to deal effectively with the severe accident question. The cencept of the reactor containment originally evolved as a vessel to contain a full core meltdown. But in the mid-1960's, the reactor designers beger placing high powered cores into roughly the same kind of containment. The decay heat of those hiaher pcwered cores was so high that the conteirment vessel could no longer be considered as an .
effective independent barrier to the release of the fission products 1 evolved during a core meltdown. At that time, the Atomic Energy scnniassiers Advisory Comittee on Reacter Sefeguards (ACRS) began urging the development and implementation, in about two years, of safety features 8
to protect against a loss of coolant accident in which the emergency core cooling system did not work. The AEC and the industry believed that sufficient cate were available to justify with e high degree of confidence the adequacy of the ther-existing safety standards. Therefore, the AEC .
1 ignored the advice of the ACRS. I
q ,
y a:: g * :[ <
(- )
Over. the years, the AEC and the 'NRC after it;have reiterated these j sweeping and optimistic statements on severe accident ritk. At.the same time, the numerous technical flaws in the Commission's judgments have become readily apparent as more information and data regarding the level of-i safety of.the reactors'has oecome available. 3_/
i llher. all cf the available data are considered I believe it fair to say )
that the estimated uncertainties in the risk calculations tedey are as l_arge' as they were at least ten years ago. Yet, the Commission is once again sweeping aside'these uncertainties in prder to make the same unsubstantiated and everly optimistic generalizations about the -
acceptability of'the current level of severe accident risk which have been proven wrong.in the past.
Needed improvements i
A disciplined approach to deciding whether to require core meltdown risk reduction measures should not only specify the Commission's expectations on addressin0 uncertainties but it should also describe the Comission's policy on acceptable ways to perfonn cost-benefit analyses.
3/
~
Dr. David Okrent (who has been a member of the ACRS since 1963) has compiled a detailed account of the judgments made by the AEC ard the NRC on severe accident risk and the technical flaws in those judgments. See David Okrent, Nuclear Reactor Safety-On The History of the Regulatory Process , University of Wisconsin Press,1981. pp.
163-178.
l
~
^
(1 )
. 1 1 ..
Further, guidance from the Comission is needed on whether to empbasize -l
-l
_ . core neltdown prevention measures or core' meltdown mitigation measures. Of. J course, in order to develop a policy.on the latter (whether for existing plents or future plants), one must first identify the root causes of. core-neltdcwn risks. One must also develop a policy on containment performance expectations.
Unfortunately, the Comission refuses forthrightly to address these issues.
An effective guide to regulatory decision-making on the treatment of severe accident issues requires an understanding of what is expected by way of containment performance, of the root causes of core meltdown risks, and of the methods for perfonning sound cest-benefit analyses. Yet all of these elements are missing from the Cormission's policy statement. The Commission's actual decision-m king guidance in this policy statement is limited to the statement that a new requirement might be imposed if it involves " low-cost changes in precedures or minor design modifications."
The Comission claims that PF. 's identify the plant specific vulnerabilities that dominate the core rreltdown risks. It is true that PRA's can identify some of the vulrerebilities to catastrophic accidents.
But the Comraission's rationale for relying upon PRA's in assessing core meltdown risks begs the questinns: what of the uncertainties in PRA's?
What of oversights in the analyres? What of the multitude of assumptions and approxis tions in the PRA's? What o' the residual risks once the specific vulnerability has terr fixed? These questions are germane to
(~> - )
resolving severe accident issues. Yet they are not addressed in the j
^
Commission's policy statement.
1 Operational experience givcs additional insight into the level of 1 safety. Actuarial experience with reactor accidents indicates that the .
average core meltdown frequency is not above the upper limit of the PRA results. Core meltdown accidents involve multiple failures and a progression of events that make close calls somewhat identifiable. If the industry average of the core meltdown frequency were as high as 10-3 per reactor year, one would expect nore close ca,11s on core meltdowns than
~
appear to have occurred within the rore than 800 reactor years of U.S.
nuclear power experience. But such actuarial inferences must be made cautiously in part because the crerating reactors continue to surprise us.
What actuarial experience we have is severely limited by our lack of detailed understanding of the performance of the plants, their designs, their weak spots,.and because of the wide variations in the designs and in utility capabilities. Further, the usefulness of actuarial experience in drawing broad conclusions about comercial nuclear reactors is highly controversies 1 and fraught with uncertainties.
The Commission argues that credit can be taken for the improvements implemented to address specific close calls such as the Ti1I accident, the Browns Ferry fire and the Rancho Seco transient. Each cf these were previously unrecognized (or at best inadequately appreciated) accident sequences. This is also true of, for example, the Susqueterna station
! '}
blackout event from a single failure, the Indian Poirt vulnerability to a single failure of a battery, and the so-called interfacing system LOCA's for boiling water reactors. None of these latter events were identified or highlighted through ?RA's nor were they expected to be, given the level of detail that typically goes into a PRA and given the subjective nature of PRA's. Whether these latter events should b called close calls is arguable but their occurrences certainly sugcest a need to consider the root causes of significant operating events and the collective meaning of those events before passing judgment on the acceptability of the level of i safety achieved at existing power reactors. Common sense also suggests
~
completing such an analysis before developing guidelines for the design of future reactors. Yet all of these concerns are swept aside in the Ccmmission's policy statement.
The Ttil Action Plan called for a large number of modifications to the operating plants. In addition to those modifications, the Action Plan connitted to e rulemaking to consider to what extent, if at all, existing j nuclear power plants should be required to deal effectively with damaged core and core meltdown accidents. There was to be a demarcation between those plants already operating or under construction and the next generatien cf future plants. Because the Commission perceived in 1980 that there would be a long hiatus in new plant orders, ample time existed to reconsider the General Design Criteria, the design bases, and the other regulations in light of all that had been learned through the years of experier.ce with large power reactors, including the TMI accident. From 1
this in-depth assessment of the strengths and weaknesses of the large power l
l
' ji ( .g. -)
., . ~. .
+
reecter designs and the approach taken by utilities toward constructing the plants, NRC would then be in a position to articulate safety prir:ciples that it expected to be incorporated into designs for future applications.
'Thus, the Commission in 1980 signaled there would be a significant step forward in advancing the protection of the public. The Comission in this policy statement takes several steps backwards.
One backward step discussed above is the Comission's decision to accept the core meltdown risks as they exist in the current generation of plants without even addressing some of the inpst fundamental issues.
Another backward step is abandonment of the expressed desire for a fresh look at light water reactor safety for future designs and the insistence on improv merts in the level of severe accident risks for any future plants.
A third backward step in this policy statement is the return to the philosophy c' the 1960's and 1970's that construction permits can be issued-based on only partial design information.
For any future reactor orders, nucleer utilities themselves have expressed a desire for plett designs that are simpler, safer, and more forgiving. Both the Electric Power Research Institue (EPRI) and Edison Electric Institute (EEll heve impressed on the Comission the need for a fresh look at light water reactor tech:cinoy. These utility sponsored organizations have also indireted that plant construction for new plants should not begin until there exists en errentially complete design for the plant. Yei none of these forward thirkirs requirements are to be found in j the Comission's policy statenert, Instead, the Comission states that it
. , y . . f, .
a . 't._' }
will be satisfied with rrere refinements in the old designs end that it is
~
willing to continue to approve partial designs for issuance of Construction Permits.
I cannot iceve this latter point without a sad comentary on the Comission's priorities. One issue in this policy that cerr.anded great interest within the Commission was how to circumvent its regulation that requires a comparison of a design to the staff's Standard P.eview Plan.
This effort was metivated by the objections of one reactor vendor. Indeed, the Comission's efforts to use this policy statement as a vehicle to permit the reactor vendor to circumvent the Comission's regulations took precedence over any Comission consideration of such fundamental issues as the ectual level of severe accident risk to the public, the acceptability of that risk and potential measures to reduce that risk.
A rational approach to severe accident decisionmaking vma: the Comission should heve done in its policy statement is to set forth precisely and in understandable terms what our present estimation of the risk of severe accidents is, whether the Comission believes that risk to be acceptable or not, what specific technical support can be offered in l support of that judgment, and how the relevant uncertainties have been treated. The Comission shculd elso have come to. grips with a central question in our regulatory program: thet is, given our present state of
n *L k ,
! J knowledge concerning severe accident risks, should we continue to pursue possible improvements in severe accident prevention and mitigation? If the Commission does not believe that the present level of severe accident risk is acceptabic fer the remaining 40-year life of some existing plants, then the Commission should outline its program for bringing this long-tern risk within ecceptable bounds. Only through such a process can the technical community, other public policy makers and the public understand arc' eccept the Commission's judgment on the severe accident risk question. i
' Unfortunately, such an analysis is nowhere to be found in the Commission's policy statement. 4 Based upon the_ preceding discussion, I would have reached the following conclusion. First, the risk to the public posed by severe accidents at the existing plants is not acceptable for the full remainino operatirg liver of those plants. Therefore, the Comission should continue to pursue cost-effective risk reduction measures for these plants. I would apply the as-low-es-reasonably-achievable (ALARA) principle to reducing severe accident risk, subject only to the qualification that changes which would only result in trivial safety improvements need not be pursued. I i
would have simply acknowledged the obvious: that the public and the Congress will not tolerate, and the industry and the NRC cannot allow, another severe accident as serious as the Three. Mile Island accident or worse. My views in this regard are identical to those expressed by the Kemeny Commission nearly six years ago:
l l
i
o.
- J- ( )
Whether in this particular case we came close to a catastrophic accident or not, this accident was too serious. Accidents as serious as TMI should not be allowed to occur in the future.
The. accident get sufficiently out of hand so that those attempting to control it were operating.somewhat in the c'erk.
While today the causes are well understood, 6 months after the accident it is still difficult te know the precise state of the core and what the conditions are inside the reecter building.
Once an accident reaches this stage, one that goes beyond well-uneerstood principles, and puts those controlling the accident into an experimental mode (this hcppered during the first c'ay), the uncertainty of whether an accident could result in major releases of radioactivity is too high. Adding to this the enormous damage to the plant, the expensive and potentially dangerces cleanup process that remains, and the great cost of the accident, we must conclude that -- whatever worse could have happened -- the accident had already gone too far to make it tolerable. 4
~
While throughout this entire document we emphasize that fundamental changes are necessary to prevent accidents as serious as Till, we must not assume that an accident of this or greater seriousness cannot happen again, even if the changes we recommend are made. Therefore, in addition to doing everything to prevert such accidents, we must be fully prepared to minimize the potential impact of such an accident on public health and safety, should one occur in the future.
Report of the President's Commission on The Accident at Three Mile Island,
- p. 15.
In order to reduce the severe accident risk over time to acceptable levels, I would have undertaken four specific initiatives. First, I would have required a detailed search for plant-specific eouipment and design vulnerabilities at each cxisting plant to identify and correct those weaknesses which constitute significant contributes to the risk of a severe accident.
I i
l l
_ _ _ _ _ _ _ _ _ . . _ _ _ _ _ _ . _ _ _ _ _ . _ __ _ _ _ _ _ _ _ _ _ _ ___ _ _ ___ -_a
(o**[
.(~ L ].-
.c. .
Seccnd, I would have initiated a crecerted effort to improve operational performance at the existing plants, with special emphasis on areas.of weakness throughout the industry (maintenance and ' surveillance testing stand out as goed examples) and on' specific uti'ities with a.
history of. marginal perfonnance. Tt'e June 9, 1985 operating event at the Davis Besse nuclear powerplant cree again demonstrated the dangers inherent in; the continuation of a marginal plant design end .a utility with marginal operating performance.
Third, I would have initiated a comprehensive assessment of the level cf safety the existing plants have achieved. The object of this effort -
wculd be to identify the root causes of severe accident risks. This effort would also identify possible neasures wHch offer the promise of significant1y' reducing severe accident risk by overcoming the adverse effects of equipment breakdowns, hu: nan error, design deficiencies and arees of present uncertainty which are likely to persist despite our best efforts to address ry first two initiatives.. Indeed, as the Connission's chief-safety officer noted in a June 27, 1985 memorandum to the Executive Director for Operations:
I believe that the recent Davis-Besse event illustrates that, in the real world, system and compcren reliabilities can degrade below those we and the industry routinely assume in estimating core melt frequencies. Our regulatory process should require mergins against such degradation and also to reflect the uncertainties in our PP.A estimates.
Finally, for future plants, I would have explicit 1/ reauired measures to improve the margin of :.afety against severe accidents in future plants
- _ _ _ _ _ _ _ _ . _ - _ _ _ _ _ _ ]
r" ~ ~ ~
ll. '
- g . *e s =f
(
1 and to address the misteFes o' the past, Such measures could include
. requirements for greater simplicity in plert design, improved maintainability, and e requirement for essentially complete plant designs prior to the issuance of NRC approval for the start of plant construction.
I believe that these measures would be sufficient to bring the risk of severe accidents within acceptable bounds fee the remaining operating lives of the existing plants and for the operating lives of any future plants.
Moreover, such an approach would do much to ref, tore public confidence in nuclear power and in the effectiveness of the NRC's regulatory process. It
~
is unfortunate that the Conmission bes chosen another path. However, key decisions remain to be made by the Comission in adopting a final backfitting rule and a final safety goel. Those decisions represent a final opportunity to come to prips with many of the pivotal issues avoided in this policy statement. In that regard, it is encouraging that there
- appears to be an emerging consences within the NRC senior technical staff ano within the ACRS in favor of safety improvements to reduce severe accident risk toth for existing and for future plants. I l
)
a I
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ___ .J