Text

THIS PRELIMINARY PROPOSED RULE LANGUAGE AND ACCOMPANYING DISCUSSION IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS NOT BEEN SUBJECT TO COMPLETE NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS. THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS DOCUMENT AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE RULEMAKING ACTIVITIES.

THE STAFF IS PRIMARILY SEEKING INSIGHTS REGARDING THE CONCEPTS IN THIS PRELIMINARY LANGUAGE AND SECONDARILY SEEKING INSIGHTS RELATED TO DETAILS SUCH AS NUMERICAL VALUES FOR VARIOUS CRITERIA.

STAFF DISCUSSION OF SUBPART C (DESIGN & ANALYSIS) - PRELIMINARY RULE LANGUAGE, DECEMBER 2020 Preliminary Language Discussion Subpart C - Design and Analysis Requirements This subpart addresses requirements for designing advanced nuclear plants and performing the supporting analyses, including the analyses of licensing basis events (§ 53.240).

§ 53.400 Design Objectives and Design Features This section establishes the overall design objectives by referring to the underlying safety criteria in § 53.220 (first tier) and § 53.230 Design features must be provided for each advanced (second tier) and the related identification of safety functions nuclear plant such that, when combined with associated provided in § 53.210. Design features are provided to meet the programmatic controls and human actions, the plant will design objectives in this section. Subsequent sections in this satisfy the first and second tier safety criteria defined in Subpart address the need to define functional design criteria for

§§ 53.220 and 53.230. Design features must ensure that the design features used to meet the design objectives.

the safety functions identified in § 53.210, of limiting the release of radioactive materials from the facility, is Note that per the discussions at the November 18, 2020, Part 53 maintained during routine operations and licensing basis public meeting, safety functions and safety criteria may be events by controlling the release of radioactive materials reordered in Subpart B. This version of Subpart C refers to and by supporting other safety functions.

Subpart B as it was released to support the November 2020 public meeting (ADAMS Accession No. ML20289A591).

1

§ 53.410 Functional Design Criteria for First Tier (a) Design features and associated functional design criteria are Safety Criteria provided to ensure that effluents during normal operation

(§ 53.220(a)) do not result in a dose to an individual member of (a) Functional design criteria must be defined for each the public exceeding 100 millirem. This requirement relates to an design feature required by § 53.400 to demonstrate ongoing effort under the Advanced Reactor Content of Application compliance with the first tier safety criteria defined in Project (ARCAP), which is defining a performance-based

§ 53.220(a). Corresponding programmatic controls, approach to achieve an appropriate level of detail in applications including monitoring programs, must be established to by referring to programmatic controls such as monitoring confirm the established functional design criteria and the programs for routine effluents.

first tier safety criteria required in § 53.220(a) are not exceeded during normal operations.

(b) Design features and functional design criteria for unplanned (b) Functional design criteria must be defined for each events are determined through analyses e.g., PRA and design design feature required by § 53.400 relied upon to basis accidents). This section addresses the first tier safety demonstrate compliance with the first tier safety criteria criteria from Subpart B and the analyses are defined in a defined in § 53.220(b). Corresponding programmatic subsequent section for a design basis accident (i.e., a controls and interfaces must be established in accordance deterministic analysis relying on safety related structures, with this and [other subparts to achieve and maintain the systems, and components (SSCs)). Other sections within this reliability and capability of SSCs relied upon to meet the and other Subparts will likely establish the highest level of established functional design criteria and the first tier controls on these design features (e.g., safety classification, safety criteria required in § 53.220(b), and to maintain protection from external hazards, quality assurance, and technical consistency with analyses required by § 53.450. specifications).

§ 53.420 Functional Design Criteria for Second Tier (a) Design features and functional design criteria are provided to Safety Criteria. ensure that effluents during normal operation are able to be as low as reasonably achievable. This requirement relates to an (a) Design features must be provided for each advanced ongoing effort under ARCAP, which is defining a nuclear plant such that, when combined with associated performance-based approach to achieve an appropriate level of programmatic controls and human actions, the total detail in applications by referring to programmatic controls such effective dose equivalent to individual members of the as monitoring programs for routine effluents.

public from effluents resulting from normal plant operation (b) Design features and functional design criteria for unplanned are as low as is reasonably achievable taking into account events are determined through analyses. This section addresses the state of technology, the economics of improvements in the second tier safety criteria from Subpart B. The analyses are relation to the state of technology, operating experience, defined in § 53.450 as being from a probabilistic risk assessment and benefits to the public health and safety, and other methodology. These analyses are expected to use best-estimate factors included in the assessments performed under the approaches and address uncertainties with our state of facility safety program required by § 53.80, and the safety 2

criteria and performance objectives in § 53.230(a). knowledge, modeling, and availability of SSCs. SSCs determined Functional design criteria must be defined for each design to be safety significant would have associated special treatment feature relied upon to demonstrate compliance with the requirements as specified in § 53.460.

second tier safety criteria in § 53.230(a). Corresponding programmatic controls, including monitoring programs, A topic to discuss is whether this subpart and/or § 53.240 must be established to confirm that the established (Licensing Basis Events) should define specific event categories functional design criteria and the safety criteria and such as anticipated operational occurrences, design basis events, performance objectives in § 53.230(a) are not exceeded and beyond design basis events.

during normal operations.

(b) Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the analyses required by § 53.450 provide reasonable assurance that the estimated risks from unplanned events will be below the second tier safety criteria in § 53.230(b). Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with the second tier safety criteria in § 53.230(b). Corresponding programmatic controls and interfaces must be established in accordance with this and other subparts to achieve and maintain the reliability and capability of SSCs relied upon to meet the second tier safety criteria in § 53.230(b) and to maintain consistency with analyses required by § 53.450.

§ 53.430 Functional Design Criteria for Protection of This section addresses design features and functional design Plant Workers. criteria related to protection of plant workers.

Design features must be provided for each advanced The broader question of whether to address occupational dose nuclear plant such that, when combined with associated within Part 53 by referring to Part 20 or to avoid duplication and programmatic controls and human actions, there is have occupational dose addressed only within Part 20 is a topic reasonable assurance the requirements for the protection of ongoing discussions.

of plant workers in § 53.260 will be met. Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with § 53.260.

Corresponding programmatic controls, including 3

monitoring programs, must be established to confirm that the worker protection criteria in § 53.260(a) are not exceeded. In addition, functional design criteria must be defined for each design feature to ensure that plant SSCs and associated programmatic controls, including monitoring programs, achieve occupational doses as low as is reasonably achievable as required by § 53.260(b).

§ 53.440 Design Requirements This section addresses design requirements by defining the means by which functional design criteria are met through (a) The design features required to meet the first and practices such as the use of generally accepted consensus codes second tier safety criteria defined in §§ 53.220 and and standards and qualification of equipment/materials -

53.230shall be designed using generally accepted including provisions similar to those in 10 CFR 50.43(e).

consensus codes and standards wherever applicable.

Paragraph (c) addresses security by design from the Advanced (b) The materials used for safety related and non-safety Reactor Policy Statement.

related but safety significant SSCs (as defined in § 53.460) must be qualified for their service conditions over the plant A topic for discussion is the use of generally accepted or similar lifetime. wording, which is used to encourage use of consensus codes and (c) Safety and security must be considered together in the standards while not being prescriptive. A possible solution is to design process such that, where possible, security issues use a phrase such as generally accepted and then use guidance are effectively resolved through design and engineered to differentiate between unique design standards, common but security features. not NRC-endorsed standards, and NRC endorsed standards.

(d) Design features must be demonstrated capable of A topic for discussion is the meaning of qualified or the potential accomplishing the safety functions defined in § 53.210 use of an alternative word in its place.

without adversely affecting other design features. The demonstration must be through analysis consistent with

§ 53.450, appropriate test programs, prototype testing, operating experience, or a combination thereof for the range of conditions under which the analysis required in

§ 53.450 assumes these features will function throughout the plants lifetime.

4

§ 53.450 Analysis Requirements This section addresses analyses requirements for both a probabilistic risk assessment and the design basis accident in (a) A probabilistic risk assessment of each advanced paragraph (e).

nuclear plant [reminder - plant definition to include multi-module and multi-source] must be performed to A requirement to update the PRA is included (similar to 10 CFR identify potential failures, degradation mechanisms, 50.71(h)) but Part 53 will include requirements to use the updates susceptibility to internal and external hazards, and other to ensure ongoing compliance with the second tier safety criteria contributing factors to unplanned events that might and to assess possible risk reduction measures under the challenge the safety functions identified in § 53.210.

proposed facility safety program in Subpart F.

(b) The probabilistic risk assessment (PRA) must:

A requirement is included to have deterministic design basis (1) Be used in determining the licensing basis events, accidents (a subset of licensing basis events) for which the as described in § 53.240, which must be considered in the analytical results are compared to the first-tier safety criteria of design to determine compliance with the safety criteria in

§ 53.220(b). The design basis accidents are stylized events (e.g.,

Subpart B of this part.

relying on only safety related SSCs) and are to be derived from (2) Be used for classifying SSCs and human actions event sequences with frequencies in the design basis event according to their safety significance in accordance with category as defined in NEI 18-04. These event sequences, which

§ 53.460 and for identifying the environmental conditions are referred to as unanticipated event sequences, have under which the SSCs and operating staff must perform frequencies (1) below anticipated operational occurrences (i.e.,

their safety functions.

those sequences with a frequency above one in one hundred (3) Be used in evaluating the adequacy of defense-in-years), and (2) above beyond design basis events (i.e., those depth measures required in accordance with § 53.250.

sequences with a frequency below one in 10,000 years).

(4) Assess all plant operating states where there is the potential for the uncontrolled release of radioactive material to the environment.

(5) Consider events that challenge plant control and safety systems whose failure could lead to the uncontrolled release of radioactive material to the environment. These include internal events, such as human errors and equipment failures, and external events, such as earthquakes, identified in accordance with Subpart D of this part.

(6) Conform with generally accepted methods, standards, and practices.

(7) Be maintained and upgraded to cover initiating events and modes of operation contained in generally 5

accepted methods, standards, and practices in effect one year prior to each required PRA upgrade. The PRA must be upgraded every two years until the permanent cessation of operations under Subpart G of this part.

(c) The analytical codes used in modeling plant behavior during licensing basis events (e.g. thermodynamics, reactor physics, fuel performance, mechanistic source term) must be qualified for the range of conditions for which they are to be used.

(d) If not addressed within the PRA under paragraph (b),

analyses must be performed to assess:

(1) measures provided to protect against, detect and suppress fires that could impact the ability of equipment to perform its safety function and challenge the safety criteria contained in §§ 53.220 and 53.230.

(2) measures provided to protect against aircraft impacts as required by 10 CFR 50.150, and (3) measures to mitigate specific beyond design basis events as required by 10 CFR 50.155.

(e) The analysis of licensing basis events required by

§ 53.240 must include analysis of a set of design basis accidents that address possible challenges to the safety functions identified in accordance with § 53.210. Design basis accidents must be selected from those unanticipated event sequences with an upper bound frequency of less than one in 10,000 years as identified using insights from a design-specific probabilistic risk assessment that systematically identifies and analyzes equipment failures and human errors. The events selected as design basis accidents should be those that, if not terminated, have the potential for exceeding the safety criteria in § 53.220(b).

The design-basis accidents selected must be analyzed 6

using deterministic methods assuming only the safety-related SSCs identified in § 53.460 and human actions addressed by § 53.8xx (reference to concept of operations sections of Subpart F) are available to perform the safety functions identified in accordance with § 53.210.

The analysis must conservatively demonstrate compliance with the safety criteria in § 53.220(b).

§ 53.460 Safety Categorization and Special Treatment This section addresses the safety classification and determination of appropriate special treatments. The terminology used for (a) SSCs and human actions must be classified according discussion here is (1) safety related, (2) non-safety-related but to their safety significance. The categories must include safety significant, and (3) non-safety significant.

Safety Related (SR), which are those SSCs and human actions relied upon to function in response to design basis A topic of discussion is the identification and treatment of human accidents to meet the safety criteria in § 53.220(b);

actions needed to support design basis accidents and the first tier Non-Safety Related but Safety Significant (NSRSS),

safety criteria and those included in safety-significant functions which are those SSCs and human actions that perform a within the PRA.

function that is necessary to achieve adequate defense-in-depth or are classified as risk significant (i.e., whose failure contributes 1% or more to cumulative plant risk, as defined in § 53.230, or would cause a licensing basis event to exceed the safety criteria in § 53.220(b)); and Non-Safety Significant (NSS), which are those SSCs not warranting special treatment.

7

(b) For SR and NSRSS SSCs and human actions, the conditions under which they must perform their safety function in § 53.210 must be identified. Special Treatment (e.g., functional design criteria and programmatic controls) must be established in accordance with this and [other Subparts to provide appropriate confidence that the SSCs will perform under the service conditions and with the reliability assumed in the analysis performed in accordance with § 53.450 to provide reasonable assurance of meeting the safety criteria in §§ 53.220(b) and 53.230(b).

(c) Human actions to prevent or mitigate licensing basis events must be capable of being reliably performed under the postulated environmental conditions present and be addressed by programs established in accordance with Subpart F of this part to provide confidence that those actions will be performed as assumed in the analysis performed in accordance with § 53.450 to provide reasonable assurance of meeting the safety criteria in

§§ 53.220(b) and 53.230(b).

§ 53.470 Application of Analytical Safety Margins to This section addresses the possible adoption of more restrictive Operational Flexibilities criteria in order to obtain safety margin for application to other areas - such as emergency planning zones. The section Where an applicant or licensee so chooses, design criteria establishes requirements to use the design goal similar to the more restrictive than those defined in § 53.230(b) may be second tier safety criteria and to ensure analysis, design features, adopted to support operational flexibilities (e.g.,

and programmatic controls are established accordingly.

emergency planning requirements under Subpart F of this part). In such cases, applicants and licensees must ensure that the functional design criteria of § 53.420(b),

the analysis requirements of § 53.450, and identification of special treatment of SSCs and human actions under

§ 53.460 reflect and support the use of alternative design criteria to obtain additional analytical safety margins.

Licensees must ensure that measures taken to provide the 8

analytical margins supporting operational flexibilities are incorporated into design features and programmatic controls and are maintained within programs required in other Subparts.

§ 53.480 Design Control Quality Assurance This section addresses quality assurance for design and analysis activities and is derived from Criterion III in Appendix B to (a) Measures must be established to assure that the 10 CFR Part 50.

design criteria, analysis, categorization and special treatment of SSCs as required by § 53.460 are correctly translated into specifications, drawings, procedures, and instructions. These measures must include provisions to assure that appropriate quality standards are specified and included in design documents and that deviations from such standards are controlled. Measures must also be established for the selection and review for suitability of application of materials, parts, equipment, and processes needed to meet the safety criteria identified per §§ 53.220 and 53.230 in accordance with § 53.xxx (construction and procurement subpart). The QA program must conform with generally accepted consensus codes and standards.

(b) Measures must be established for the identification and control of design interfaces in accordance with § 53.490.

(c) The design control measures must provide for verifying or checking the adequacy of design in a manner commensurate with its safety significance, such as by the performance of design reviews, by the use of alternate or simplified calculational methods, or by the performance of a suitable testing program. The verifying or checking process must be performed in accordance with appropriate quality standards. Design changes, including field changes, must be subject to design control measures commensurate with those applied to the original design and be approved by the organization that performed the 9

original design unless the applicant designates another qualified organization.

§ 53.490 Design and Analyses Interfaces This section requires applicants/licensees to identify, control, and maintain interfaces (i.e., integration) between design and Measures must be established for the identification and analyses activities and other activities, such as configuration control of interfaces between (a) the plant design and controls in Subpart F and the proposed facility safety program.

supporting analyses required by this Subpart and (b) the activities addressed by other Subparts over the life of each advanced nuclear plant. These measures must include procedures for the review, approval, release, distribution, and revision of documents involving design interfaces such that design decisions are made in an integrated fashion considering all aspects of the facility impacted by the design or operational change prior to its implementation. Changes to design features and related programmatic controls over the lifetime of an advanced nuclear plant must be considered along with the state of technology, the economics of improvements in relation to the state of technology, operating experience, and benefits to the public health and safety, and other factors included in the assessments performed under the facility safety program required by § 53.800.

Other Possible Topics for Discussion (1) A topic for possible discussion is the consideration and treatment of inherent design features. An inherent design feature is one where the safety function is achieved through natural processes governed by the physical laws without reliance on the activation or operation of supporting active or passive systems. It may be helpful to develop guidance on how inherent design features are credited in analyses, verified and validated, and considered under safety classification and special treatment provisions of this Subpart.

10