Text

THIS SECOND ITERATION OF PRELIMINARY RULE LANGUAGE IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS BEEN SUBJECT TO ONLY LIMITED NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS. THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS ITERATION OF PRELIMINARY RULE LANGUAGE AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE PART 53 RULEMAKING ACTIVITIES.

THIS SECOND ITERATION IS PROVIDED IN THE SAME GENERAL STRUCTURE AS THE ORIGINAL RELEASE OF SUBPART B, TECHNOLOGY-INCLUSIVE SAFETY REQUIREMENTS, AND SUBPART C, DESIGN AND ANALYSIS REQUIREMENTS. SOME FEEDBACK HAS SUGGESTED BROADER CHANGES TO THE STRUCTURE AND CONTENT OF PART 53. THE STAFF IS CONTINUING TO REVIEW ALL OF THE COMMENTS AND SUGGESTIONS RECEIVED TO DATE BUT IS ISSUING THIS SECOND ITERATION TO SUPPORT ONGOING DISCUSSIONS RELATED TO KEY CONCEPTS.

Subpart B, Technology-Inclusive Safety Requirements 2nd Iteration (Redline/Strikeout) of Preliminary Rule Language Discussion In sum, Subpart B defines the safety criteria that other areas of Part 53 (e.g., design & analysis (Subpart C), operations (Subpart F)) will use as performance metrics.

This 2nd iteration discussion table explains both the general purpose the preliminary proposed rule language, as well as the changes made since the last published version.

§ 53.200 Safety Objectives.

Each advanced nuclear plant must be designed, constructed, operated, and decommissioned such that there is reasonable assurance of adequate protection of to limit the possibility of an immediate threat to the public health and safety and the common defense and security.. In addition, each advanced nuclear plant must take such additional measures to protect public health and minimize danger to life or property as may be reasonableappropriate when considering technology changes, economic costs, operating experience, or other factorspotential risks to public health and safety. These safety objectives shall be carried out by meeting the safety criteria This section provides the overall qualitative safety goals.

The change is to revise the first objective from providing reasonable assurance of adequate protection to limiting the possibility of an immediate threat to the public health and safety.

This language generally aligns with standards the Commission has used for determining the content of technical specifications.

The change also revises the second objective from protect public health and minimize danger to as may be appropriate when considering potential risks to public health and safety.

The purpose of these objectives is clarified by adding the

identified in the assessments performed under the facility safety program required by § 53.800this subpart.

statement that they will be carried out by meeting the safety criteria identified in this subpart (§§ 53.210 and 53.220).

This change resulted from stakeholder comments and internal NRC discussions regarding the difficulties in using the Atomic Energy Act (AEA) Sections 182 and 161 authorities as the safety objectives for part 53, and in turn as the bases for the two-tier safety criteria framework. Instead, the use of adequate protection is expected to be used in its traditional role as an NRC regulatory finding, which is presumed through compliance with NRC regulations including part 53 or other license requirements. While Sections 182 and 161 of the AEA will be cited as enabling legislation within the rule package (e.g., in the Federal Register Notice), the staff does not foresee incorporating language from the AEA into the safety objectives or tiers in part

53.

§ 53.2120 First Tier Safety Criteria.

(a) Normal operations. Design features and programmatic controls must be provided for each advanced nuclear plant to ensure the contribution to total effective dose equivalent to individual members of the public from normal plant operation does not exceed 0.1 rem (1 mSv) in a year and the contribution to dose in any unrestricted area does not exceed 0.002 rem (0.02 millisievert) in any one hour.the public dose limits provided in Subpart D to 10 CFR part 20.

(b) Unplanned events. Design features and programmatic controls must be provided for each advanced nuclear plant such that analyses of licensing basis events in accordance with

§ 53.240, including treatment of uncertainties, demonstrate with high confidence that events with an upper bound frequency greater than approximately once per 10,000 years meet the following:

(1) An individual located at any point on the boundary of the exclusion area for any 2-hour period following the onset of the postulated fission product release would not receive a The first-tier safety criteria are metrics that establish a level of safety or backstop based on current requirements in (a) Part 20 limits on doses to members of the public and (b) the Sections 50.34, 52.79, 100.11 reference values related to the safety assessment of a site and radiological consequences from a major accident in terms of possible dose to an individual at defined distance and duration of exposure. Note that the term programmatic controls is intended to include human actions governed by procedures and training.

The change in paragraph (a) is to reference part 20 instead of summarizing the part 20 requirements in part 53.

This change resulted from stakeholder comments to reference vs. repeat part 20 requirements.

This 2nd iteration maintains the requirements for normal operations in paragraph (a) of the first tier criteria, specifically the requirements from Subpart D to part 20. The staff will revisit paragraph (a) as the remaining subparts are developed if the

radiation dose in excess of 25 rem (250 mSv) total effective dose equivalent; and (2) An individual located at any point on the outer boundary of the low population zone who is exposed to the radioactive cloud resulting from the postulated fission product release (during the entire period of its passage) would not receive a radiation dose in excess of 25 rem (250 mSv) total effective dose equivalent.1 (c) Design features and programmatic controls beyond those needed for paragraphs (a) and (b) of this section must be provided for each advanced nuclear plant to satisfy additional requirements established by the NRC for ensuring reasonable assurance of adequate protection of the public health and safety and maintaining common defense and security.

1. A whole body dose of 25 rem has been stated to correspond numerically to the once in a lifetime accidental or emergency dose for radiation workers which, according to NCRP [National Council on Radiation Protection and Measurements] recommendations at the time could be disregarded in the determination of their radiation exposure status (see NBS Handbook 69 dated June 5, 1959). However, its use is not intended to imply that this number constitutes an acceptable limit for an emergency dose to the public under accident conditions. Rather, this dose value has been set forth in this section as a reference value, which can be used in the evaluation of plant design features with respect to postulated reactor accidents, to assure that these designs provide assurance of low risk of public exposure to radiation, in the event of an accident.

distinction between first and second tier safety criteria for normal operations is not used within future subparts. If a distinction is not used in future subparts, then normal operations in the first and second tiers may instead be treated in a separate section in Subpart B similar to protection of plant workers (see § 53.260). If the distinction is used, then this paragraph in § 53.210(a) will likely remain The change in paragraph (b) is an editorial change to replace with high confidence to including treatment of uncertainties. A footnote similar to that included in §§ 50.34(a)(1)(ii)(D)(1) and 52.79(a)(1)(vi)(A) is also inserted to describe the use of 25 rem as a reference value for evaluating plant design features with respect to postulated accidents.

Paragraph (c) was deleted since the rule is no longer establishing a direct connection between the first tier safety criteria and the adequate protection standard within Section 182 of the AEA.

The NRC staff is also considering renaming §§ 53.210 and 52.220 to replace the use of First Tier and Second Tier in the section titles and throughout Part 53. However, the basic structure would remain. The use of this terminology has caused confusion due to its similarity to the Tier 1 and Tier 2 terminology used in the Part 52 design certification appendices. The staff welcomes stakeholder input on this topic.

§ 53.2320 Second Tier Safety Criteria.

(a) Normal operations. Design features and programmatic controls must be provided for each advanced nuclear plant to ensure the estimated total effective dose equivalent to individual members of the public from effluents resulting from normal plant operation are as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, operating experience, the economics of improvements in relation toand the benefits to the The second-tier safety criteria establish metrics consistent with current requirements in Part 20 on maintaining doses as low as reasonably achievable (ALARA) for normal operations in paragraph (a) through the use of design features and programmatic controls, as appropriate, taking into account the factors listed in this paragraph.

The second-tier safety criteria for licensing basis events (i.e.,

unplanned events) in paragraph (b) establishes the connection to

public health and safety and other factors included in the assessments performed under the facility safety program required by § 53.800. Performance objectives for design. Design features and programmatic controls must be established such that: [to be reworded for consistency with 10 CFR part 20 and 40 CFR part 190].

(1) The calculated annual total quantity of all radioactive material above background to be released from each advanced nuclear plant to unrestricted areas will not result in an estimated annual dose or dose commitment from liquid effluents for any individual in an unrestricted area from all pathways of exposure in excess of 3 millirems to the total body or 10 millirems to any organ.

(2) The calculated annual total quantity of all radioactive material above background to be released from each advanced nuclear plant to the atmosphere will not result in an estimated annual air dose from gaseous effluents at any location near ground level which could be occupied by individuals in unrestricted areas in excess of 10 millirads for gamma radiation or 20 millirads for beta radiation.

(b) Unplanned events. Design features and programmatic controls must be provided to:

(1) Ensure plant SSCs, personnel, and programs provide the necessary capabilities and maintain the necessary reliability to address licensing basis events in accordance with § 53.240 and provide measures for defense-in-depth in accordance with

§ 53.250; and (2) Maintain overall cumulative plant risk from licensing basis events such that the risk to an average individual within the vicinity of the plant receiving a radiation dose with the potential for immediate health effects remains below five in 10 million years, and below two in one million years forthe risk to such an individual receiving a radiation dose with the potential to cause latent health effects remains below two in one million years.

licensing basis events and defense in depth in subparagraph (1) and is taken from the NRC safety goals in subparagraph (2).

These criteria will provide a basis for Subpart C and F.

The change in paragraph (a) is to replace the material taken from Appendix I to part 50 with a placeholder to develop language more directly related to part 20.

This 2nd iteration maintains requirements for providing design features and programmatic controls to ensure doses to the public from normal plant operations are ALARA. The ALARA principle is a longstanding element of NRC regulations for all licensees (byproduct, source and special nuclear material as well as utilization facilities) and the NRC staff is proposing to retain ALARA in the second tier criteria in this preliminary rule language. Some stakeholder comments seem to raise concerns about the level of effort associated with preparing licensing applications and NRC reviews for new nuclear power designs.

This issue is addressed in part within the NRC Advanced Reactor Content of Application Project (ARCAP). Specifically, draft guidance for ARCAP Chapter 9 (ML20262H264) includes the following:

in lieu of providing detailed system descriptions and analysis of estimated effluent releases as required by 10 CFR 50.34, 50.34a, 52.47, and 52.79, an application may demonstrate compliance with the applicable regulations by describing a radiation protection program and an effluent release monitoring program that will ensure that effluent release limits will be met during normal operations for the life of the plant. Information related to physical systems can be limited to general descriptions of layout and technologies used to limit the release of the various inventories of radioactive materials within the plant.

As an additional matter, the language emphasizes that ALARA will be considered in light of the economics of improvements in relation to the state of technology. Consequently, commenters concern that the ALARA language will undermine the

predictability of the Part 53 licensing process by exposing applicants to an undefined and unwarranted set of requirements is offset by staffs recognition that such requirements must be considered in light of potential costs. See, e.g., Michigan v. EPA, 135 S. Ct. 2699 (2015).

The change in paragraph (b) is editorial.

This 2nd iteration maintains criteria in paragraph (b) for unplanned events that refer to the quantitative health objectives (QHOs) from the NRCs safety goal policy statement. The QHOs are a well-established measure used in NRC risk-informed decisionmaking and are a logical performance metric to support the risk management approaches to operations that will be reflected in Subpart F, Operations. The staff remains open to considering other reasonable alternatives to the use of the QHOs.

§ 53.230 Safety Functions.

(a) The primary safety function is limiting the release of radioactive materials from the facility and must be maintained during routine operation and for licensing basis events over the life of the plant.

(b) Additional safety functions supporting the retention of radioactive materials during routine operation and licensing basis eventssuch as controlling heat generation, heat removal, and chemical interactions--must be defined.

. (c)Design features and programmatic controls serve to fulfill the primary safety function and additional safety functions and must be maintained over the life of the plant. The primary and additional safety functions are required to meet the first and second tier safety criteria and are fulfilled by the design features and programmatic controls specified throughout this part.

The safety functions and the design features and programmatic controls used to fulfill them will be the means to satisfy the first and second tier safety criteria. These requirements are similar in concept to current requirements for LWRs to address the general design criteria and non-LWRs to provide principal design criteria; however, these safety functions are broad in order to support any technology.

The change in this section (paragraph (c)) is editorial to more clearly state the relationship between the safety functions and safety criteria.

This 2nd iteration maintains the requirement (paragraph (b)) for the identification of safety functions (e.g., controlling heat generation, heat removal, and chemical interactions) that are needed to prevent the release of radionuclides instead of prescribing a specific list. This approach is taken in order to support technology inclusiveness, including the need to define

safety functions for inventories of radionuclides outside of primary reactor systems (e.g., waste gas systems if an unplanned release could exceed the safety criteria).

§ 53.240 Licensing Basis Events.

Licensing basis events must be identified for each advanced nuclear plant and analyzed in accordance with

§ 53.[3x].450 to support assessments of the safety requirements ofin this subpart B. The licensing basis events must address combinations of malfunctions of plant SSCs, human errors, and the effects of external hazards ranging from anticipated operational occurrences to highlyvery unlikely event sequences that are notwith estimated frequencies well below the frequency of events expected to occur in the life of the advanced nuclear plant. The evaluation of licensing basis events must be used to confirm the adequacy of design features and programmatic controls needed to satisfy first and second tier safety criteria of this subpart and to establish related functional requirements for plant SSCs, personnel, and programs.

This section establishes the requirement to identify and address licensing basis events (i.e., unplanned events, both internal and external hazards) to ensure estimates of offsite consequences are below the safety criteria and that SSCs, personnel, and programs address the safety functions. This section provides a starting point for requirements in Subparts C and F.

The change in this section is editorial.

This 2nd iteration maintains the identification of licensing basis events (LBEs) within this broad, higher-level subpart because of the historical and expected continuing importance of evaluating unplanned events as part of the licensing of advanced reactors.

The possibility that this section could be addressed within Subpart C can be considered as part of the later review of the technical requirements, once complete.

§ 53.250 Defense in Depth.

Measures must be taken for each advanced nuclear plant to ensure appropriate defense in depth is provided to compensate for epistemic and aleatory uncertainties such that there is high confidence that the safety criteria in this subpart B are met over the life of the plant. The epistemic and aleatory uncertainties to be considered include those related to the state of knowledge and modeling capabilities, the ability of barriers to limit the release of radioactive materials from the facility during routine operation and for licensing basis events, and those related to the reliability and performance of plant SSCs and personnel, and programmatic controls. Measures to compensate for these uncertainties can include increased safety margins in the design of SSCs and providing alternate means to accomplish safety functions. No single engineered design or operational feature, human action, and or programmatic control, no matter how robust, should be exclusively relied upon to meet the safety criteria of 10 CFR part§ 53.220(b) or the safety functions defined in accordance with § 53.230.

This section establishes requirements based on the longstanding nuclear philosophy to ensure defense in depth to address uncertainties.

The changes in this section are editorial except for the addition of engineered design feature in the description of those items for which defense in depth is required. This change reflects that the possible crediting of inherent characteristics within the design and analysis for advanced reactors and the reduced uncertainties associated with such characteristics.

This 2nd iteration maintains defense in depth within this broad, higher-level subpart because of the historical and continued importance of its role in addressing the risks associated with nuclear power plants. The staff notes that parts 50 and 52 do not include a similar section on defense in depth because the defense-in-depth philosophy is incorporated into the prescriptive technical requirements for light water reactors (e.g., the general design criteria in Appendix A to part 50). The possibility that this section could be addressed within Subpart C can be considered as part of the later review of the technical requirements, once complete.

§ 53.260 Protection of Plant Workers.

(a) Design features and programmatic controls must exist for each advanced nuclear plant to ensure that radiological dose to plant workers does not exceed the occupational dose limits provided in subpart C to 10 CFR part 20.

(b) The licensee As required by Subpart B to 10 CFR part 20, design features and programmatic controls must use, to the extent practical, procedures and engineering controls be based upon sound radiation protection principles to achieve occupational doses and doses to members of the public that are as low as is reasonably achievable.

The change in paragraph (b) is editorial; referencing part 20 instead of repeating the requirements in part 53.

This 2nd iteration maintains the protection of plant workers within Subpart B to capture occupational exposures within the high-level safety requirements. Paragraph (b) maintains requirements for providing design features and programmatic controls to achieve occupational doses ALARA. See discussion under § 53.220.

Subpart C, Design and Analysis Requirements 2nd Iteration (Redline/Strikeout) of Preliminary Rule Language Discussion This subpart addresses requirements for designing advanced nuclear plants and performing the supporting analyses, including the analyses of licensing basis events (§ 53.240).

§ 53.400 Design Objectives and Design Features.

Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the plant will satisfy the first and second tier safety criteria defined in §§ 53.220210 and 53.230220. Design features must ensure that the safety functions identified in § 53.210230, of limiting the release of radioactive materials from the facility, is maintained during routine operations and licensing basis events by controlling the release of radioactive materials and by supporting other safety functions.

This section establishes the overall design features by referring to the underlying safety criteria and the related identification of safety functions. Subsequent sections in this Subpart address the need to define functional design criteria for the design features.

The changes in this section are editorial.

This 2nd iteration maintains this section and its role in helping to establish the general hierarchy of safety criteria, safety function, design feature, and functional design criteria.

§ 53.410 Functional Design Criteria for First Tier Safety Criteria.

(a) Normal operations. Functional design criteria must be defined for each design feature required by § 53.400 to demonstrate compliance with the first tier safety criteria defined in § 53.220210(a). Corresponding programmatic controls, including monitoring programs, must be established to confirm that the established functional design criteria and the first tier safety criteria required in § 53.220210(a) are not exceeded during normal operations.

(b) Unplanned events. Functional design criteria must be defined for each design feature required by § 53.400 relied upon to demonstrate compliance with the first tier safety criteria defined in § 53.220210(b). Corresponding programmatic controls and interfaces must be established in accordance with this and [other subparts to achieve and maintain the reliability and capability of SSCs relied upon to meet the established Functional design criteria are provided for each design feature to ensure safety functions are met and the design complies with first tier and second tier safety criteria.

The changes in this section are editorial.

This 2nd iteration maintains this section and its role in helping to establish the general hierarchy of safety criteria, safety function, design feature, and functional design criteria. Paragraph (b) will support later sections such as content of Technical Specifications.

See discussions under § 53.210(a) and § 53.220(a) related to ongoing discussions on treatment of normal operations.

functional design criteria and the first tier safety criteria required in § 53.220210(b), and to maintain consistency with analyses required by § 53.450.

§ 53.420 Functional Design Criteria for Second Tier Safety Criteria.

(a) Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the total effective dose equivalent to individual members of the public from effluents resulting from normal plant operation are as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, operating experience, and benefits to the public health and safety, and other factors included in the assessments performed under the facility safety program required by § 53.800, and the safety criteria and performance objectives in § 53.230(a). (a) Normal operations. Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with the second tier safety criteria in § 53.230220(a). Corresponding programmatic controls, including monitoring programs, must be established to confirm that the established functional design criteria and the safety criteria and performance objectives in § 53.230220(a) are not exceeded during normal operations.

(b) Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the analyses required by § 53.450 provide reasonable assurance that the estimated risks from unplanned events will be below the second tier safety criteria in § 53.230(b). (b) Unplanned events. Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with the second tier safety criteria in

§ 53.230(b).220(b) considering licensing basis events ranging from anticipated operational occurrences to very unlikely event sequences with estimated frequencies well below the frequency The changes in this section are editorial (largely deleting repetitive text copied from Subpart B).

This 2nd iteration maintains this section and its role in helping to establish the general hierarchy of safety function, design feature, and functional design criteria. Paragraph (b) will support later sections such as the identification and implementation of special treatment requirements.

See discussions under § 53.210(a) and § 53.220(a) related to ongoing discussions on treatment of normal operations and ALARA.

of events expected to occur in the life of the advanced nuclear plant. Corresponding programmatic controls and interfaces must be established in accordance with this and other subparts to achieve and maintain the reliability and capability of SSCs relied upon to meet the second tier safety criteria in § 53.230220(b) and to maintain consistency with analyses required by § 53.450.

§ 53.430 Functional Design Criteria for Protection of Plant Workers.

Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, there is reasonable assurance the requirements for the protection of plant workers in

§ 53.260 will be met. Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with § 53.260. Corresponding programmatic controls, including monitoring programs, must be established to confirm that the worker protection criteria in § 53.260(a) are not exceeded. In addition, functional design criteria must be defined for each design feature to ensure that plant SSCs and associated programmatic controls, including monitoring programs, achieve occupational doses as low as is reasonably achievable as required by § 53.260(b).

This section addresses design features and functional design criteria related to protection of plant workers.

No changes in this section for the 2nd iteration.

The 2nd iteration maintains this section but expects that future interactions related to ARCAP or other guidance will be needed to ensure an appropriate balance between initial design, licensing reviews, and performance monitoring.

See discussions under §§ 53.220 and 53.260.

§ 53.440 Design Requirements.

(a) The design features required to meet the first and second tier safety criteria defined in §§ 53.220210 and 53.230220 shall be designed using generally accepted consensus codes and standards wherever applicable.

(b) The materials used for safety related and non-safety related but safety significant SSCs ([as will be defined in § 53.460)subpart A] must be qualified for their service conditions over the plant lifetime.

(c) Safety and security must be considered together in the design process such that, where possible, security issues are This section addresses design requirements by defining the means by which functional design criteria are met through practices such as the use of generally accepted consensus codes and standards and qualification of equipment/materials -

including provisions similar to those in 10 CFR 50.43(e).

Paragraph (c) addresses security by design from the Advanced Reactor Policy Statement.

The changes in this section are editorial. The changes in paragraph (d) were made to more closely align with the language in 10 CFR 50.43(e) regarding the demonstration of capabilities

effectively resolved through design and engineered security features.

(d) Design features must be demonstrated capable of accomplishing the safety functions defined in § 53.210 without adversely affecting other design features. The demonstration must be through analysis consistent with § 53.450fulfilling functional design criteria considering interdependent effects through analysis, appropriate test programs, prototype testing, operating experience, or a combination thereof for the range of conditions under which the analysis required in § 53.450 assumes these features will function throughout the plants lifetime.

through combinations of analyses, testing, and operational experience.

§ 53.450 Analysis Requirements.

(a) Requirement to have a probabilistic risk assessment.

A probabilistic risk assessment (PRA) of each advanced nuclear plant [reminder - plant definition to include multi-module and multi-source] must be performed to identify potential failures, degradation mechanisms, susceptibility to internal and external hazards, and other contributing factors to unplanned events that might challenge the safety functions identified in § 53.210.230 and to support demonstrating that each advanced nuclear plant meets the second tier safety criteria of § 53.220(b).

(b) The probabilistic risk assessment (PRA) must:

(1) Be used in(b) Specific uses of analyses. The PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof must be used:

(1) In determining the licensing basis events, as described in § 53.240, which must be considered in the design to determine compliance with the safety criteria in Subpart B of this part.

(2) Be used forFor classifying SSCs and human actions according to their safety significance in accordance with § 53.460 and for identifying the environmental conditions under which the SSCs and operating staff must perform their safety functions.

This section addresses analyses requirements.

The change in this section is primarily to paragraph (b) and is intended to support alternative approaches to a PRA for activities such as selection of licensing basis events, safety classification, and evaluating defense in depth. The alternative language is worded similar to other requirements in terms of generally accepted to support possible standards or other guidance documents. Possible examples of alternative approaches that might be found acceptable include design-related consensus codes and standards or IAEA specific safety requirements.

This 2nd iteration does maintain a requirement to have a PRA to support the licensing and regulatory programs being developed in subsequent subparts (e.g., a risk management approach for operations). The staff is engaged in ongoing discussions on how to ensure the level of effort required for a PRA is commensurate with the complexity of the subject reactor design. This topic will continue to be discussed during the development of Part 53 and related guidance, including the development of regulatory guidance related to the non-light water reactor PRA standard.

(3) Be used inIn evaluating the adequacy of defense-in-depth measures required in accordance with § 53.250.

(4) AssessTo identify and assess all plant operating states where there is the potential for the uncontrolled release of radioactive material to the environment.

(5) ConsiderTo identify and assess events that challenge plant control and safety systems whose failure could lead to the uncontrolled release of radioactive material to the environment.

These include internal events, such as human errors and equipment failures, and external events, such as earthquakes, identified in accordance with Subpart D of this part.

(6) Conform(c) Maintenance and upgrade of analyses.

The PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof must be maintained and upgraded in conformance with generally accepted methods, standards, and practices.

(7) Be maintained and upgraded to cover initiating events and modes of operation contained in generally accepted methods, standards, and practices in effect one year prior to each required PRA upgrade. The PRA must be upgraded every two years until the permanent cessation (d) Qualification of operations under Subpart G of this part.(c)analytical codes. The analytical codes used in modeling plant behavior duringin analyses of licensing basis events (e.g.

thermodynamics, reactor physics, fuel performance, mechanistic source term) must be qualified for the range of conditions for which they are to be used.

(d) If not addressed within the PRA under paragraph (b),

analyses must be performed to assess:

(1) measures provided to protect against, detect and suppress fires that could impact the ability of equipment to perform its safety function and challenge the safety criteria contained in §§ 53.220 and 53.230.

(2) measures provided to protect against aircraft impacts as required by 10 CFR 50.150, and Paragraph (c) (formerly (b)(6) & (b)(7)) was revised to refer to generally accepted standards or guidance instead of defining specific periodicity for upgrading analysis tools.

Changes to paragraph (d) (formerly (c)) are editorial.

Former paragraph (d) relocated to paragraph (g).

Paragraph (e) added to further clarify requirements for analysis of licensing basis events, including anticipated operational occurrences. This addition was in response to comments from external stakeholders and ACRS members.

Addition to paragraph (f) to address event sequences from initiation to a safe stable end state for DBAs was in response to comments from ACRS members.

Changes to paragraph (f) on design basis accidents and paragraph (g) on other required analyses are to capture the possible use of a systematic approach other than PRA to support event selection and design processes.

(3) measures to mitigate specific beyond design basis events as required by 10 CFR 50.155.

(e)(e) Analyses of licensing basis events. Analyses must be performed for licensing basis events ranging from anticipated operational occurrences to very unlikely event sequences with estimated frequencies well below the frequency of events expected to occur in the life of the advanced nuclear plant. The licensing basis events must be identified using insights from a PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof to systematically identify and analyze equipment failures and human errors. The analyses must address event sequences from initiation to a defined end state and demonstrate that the functional design criteria required by § 53.420 provide sufficient barriers to the unplanned release of radionuclides to satisfy the second tier safety criteria of § 53.220(b) and provide defense in depth as required by § 53.250.

(f) Analysis of design basis accidents. The analysis of licensing basis events required by § 53.240 and § 53.450(e) must include analysis of a set of design basis accidents that address possible challenges to the safety functions identified in accordance with § 53.210230. Design basis accidents must be selected from those unanticipated event sequences with an upper bound frequency of less than one in 10,000 years as identified using insights from a design-specific probabilisticPRA, other generally accepted risk assessment that-informed approach for systematically identifiesevaluating engineered systems, or combination thereof to systematically identify and analyzesanalyze equipment failures and human errors. The events selected as design basis accidents should be those that, if not terminated, have the potential for exceeding the safety criteria in § 53.220210(b). The design-basis accidents selected must be analyzed using deterministic methods assumingthat address event sequences from initiation to a safe stable end state and assume only the safety--related SSCs identified in

§ 53.460 and human actions addressed by § 53.8xx (reference

to concept of operations sections of Subpart F) are available to perform the safety functions identified in accordance with

§ 53.210230. The analysis must conservatively demonstrate compliance with the safety criteria in § 53.220210(b).

(g) Other required analyses. If not addressed within the PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof under paragraph (b), analyses must be performed to assess:

(1) measures provided to protect against, detect and suppress fires that could impact the ability of equipment to perform its safety function and challenge the safety criteria contained in §§ 53.210 and 53.220.

(2) measures provided to protect against aircraft impacts as required by 10 CFR 50.150, and (3) measures to mitigate specific beyond design basis events as required by 10 CFR 50.155.

§ 53.460 Safety Categorization and Special Treatment.

(a) SSCs and human actions must be classified according to their safety significance. The categories must include Safety Related (SR), which are those SSCs and human actions relied upon to function in response to design basis accidents to meet the safety criteria in § 53.220(b); Non-Safety Related but Safety Significant (NSRSS), which are those SSCs and human actions that perform a function that is necessary to achieve adequate defense-in-depth or are classified as risk significant (i.e., whose failure contributes 1% or more to cumulative plant risk, as defined in § 53.230, or would cause a licensing basis event to exceed the safety criteria in § 53.220(b));

and Non-Safety Significant (NSS), which are those SSCs not warranting special treatmentNon-Safety Related but Safety Significant (NSRSS), and Non-Safety Significant (NSS), as defined in subpart A of this part.

This section addresses the safety classification and determination of appropriate special treatments.

The changes in this section are editorial (largely deleting text that is expected to be provided within the definitions section in Subpart A).

This 2nd iteration does maintain the use of the safety-related designation. Some stakeholders have proposed a more flexible but less defined approach to SSC classification. This is an important topic for future discussions given the potential role of SSC classification throughout part 53. The staff is interested in examples of international practices or other approaches that would not align with the preliminary rule language in Part 53.

(b) For SR and NSRSS SSCs and human actions, the conditions under which they must perform their safety function in

§ 53.210230 must be identified. Special Treatment (e.g.,

functional design criteria and programmatic controls) must be established in accordance with this and [other Subparts to provide appropriate confidence that the SSCs will perform under the service conditions and with the reliability assumed in the analysis performed in accordance with § 53.450 to provide reasonable assurance of meeting the safety criteria in

§§ 53.220210(b) and 53.230220(b).

(c) Human actions to prevent or mitigate licensing basis events must be capable of being reliably performed under the postulated environmental conditions present and be addressed by programs established in accordance with Subpart F of this part to provide confidence that those actions will be performed as assumed in the analysis performed in accordance with § 53.450 to provide reasonable assurance of meeting the safety criteria in

§§ 53.220210(b) and 53.230220(b).

§ 53.470 Application of Analytical Safety Margins to Operational Flexibilities.

Where an applicant or licensee so chooses, design criteria more restrictive than those defined in § 53.230220(b) may be adopted to support operational flexibilities (e.g.,

emergency planning requirements under Subpart F of this part).

In such cases, applicants and licensees must ensure that the functional design criteria of § 53.420(b), the analysis requirements of § 53.450, and identification of special treatment of SSCs and human actions under § 53.460 reflect and support the use of alternative design criteria to obtain additional analytical safety margins. Licensees must ensure that measures taken to provide the analytical margins supporting operational flexibilities are incorporated into design features and programmatic controls and are maintained within programs required in other Subparts.

This section addresses the potential for operational flexibility through the applicants or licensees adoption of more restrictive criteria in order to obtain safety margin for application to other areas - such as emergency planning zones. The section establishes requirements to use the more restrictive design goal similar to the second tier safety criteria and to ensure analysis, design features, and programmatic controls are established accordingly, if operational flexibilities are sought.

This 2nd iteration maintains this section on applying and subsequently controlling analyses and designs in cases where analytical margins have been used to gain operational flexibilities. The staff remains interested in feedback on the possible uses of analytical safety margins and how that concept can be best addressed within Part 53.

§ 53.480 Design Control Quality Assurance.

(a) Measures must be established to assure that the design criteria, analysis, categorization and special treatment of SSCs as required by § 53.460 are correctly translated into specifications, drawings, procedures, and instructions. These measures must include provisions to assure that appropriate quality standards are specified and included in design documents and that deviations from such standards are controlled. Measures must also be established for the selection and review for suitability of application of materials, parts, equipment, and processes needed to meet the safety criteria identified per §§ 53.220210 and 53.230220 in accordance with § 53.xxx (construction and procurement subpart).Subpart E of this part. The QA program must conform with generally accepted consensus codes and standards.

(b) Measures must be established for the identification and control of design interfaces in accordance with § 53.490.

(c) The design control measures must provide for verifying or checking the adequacy of design in a manner commensurate with its safety significance, such as by the performance of design reviews, by the use of alternate or simplified calculational methods, or by the performance of a suitable testing program. The verifying or checking process must be performed in accordance with appropriate quality standards.

Design changes, including field changes, must be subject to design control measures commensurate with those applied to the original design and be approved by the organization that performed the original design unless the applicant designates another qualified organization.

This section addresses quality assurance for design and analysis activities and is derived from Criterion III in Appendix B to 10 CFR Part 50. Paragraph (a) preliminary rule language refers to generally accepted consensus codes and standards to provide flexibility for the possible development of guidance that could identify potentially acceptable alternatives to NQA-1.

The change in this section is editorial.

§ 53.490 Design and Analyses Interfaces.

Measures must be established for the identification and control of interfaces between (a) the plant design and supporting analyses required by this Subpart and (b) the activities addressed by other Subparts over the life of each advanced nuclear plant. These measures must include procedures for the This section requires applicants/licensees to identify, control, and maintain interfaces (i.e., integration) between design and analyses activities and other activities, such as configuration controls in Subpart F and the proposed facility safety program.

No changes in the section for the 2nd iteration.

review, approval, release, distribution, and revision of documents involving design interfaces such that design decisions are made in an integrated fashion considering all aspects of the facility impacted by the design or operational change prior to its implementation. Changes to design features and related programmatic controls over the lifetime of an advanced nuclear plant must be considered along with the state of technology, the economics of improvements in relation to the state of technology, operating experience, and benefits to the public health and safety, and other factors included in the assessments performed under the facility safety program required by § 53.800.