Text

THIS PRELIMINARY RULE LANGUAGE IS BEING RELEASED TO SUPPORT INTERACTIONS WITH STAKEHOLDERS AND THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS (ACRS). THIS LANGUAGE HAS NOT BEEN SUBJECT TO COMPLETE NRC MANAGEMENT OR LEGAL REVIEW, AND ITS CONTENTS SHOULD NOT BE INTERPRETED AS OFFICIAL AGENCY POSITIONS. THE NRC STAFF PLANS TO CONTINUE WORKING ON THE CONCEPTS AND DETAILS PROVIDED IN THIS PRELIMINARY RULE LANGUAGE AND WILL CONTINUE TO PROVIDE OPPORTUNITIES FOR PUBLIC PARTICIPATION AS PART OF THE RULEMAKING ACTIVITIES. THE STAFF IS PRIMARILY SEEKING INSIGHTS REGARDING THE CONCEPTS IN THIS PRELIMINARY LANGUAGE AND SECONDARILY SEEKING INSIGHTS RELATED TO DETAILS SUCH AS NUMERICAL VALUES FOR VARIOUS CRITERIA.

Preliminary proposed rule language is provided for selected sections related to the safety and risk criteria that would provide the foundations of the regulatory framework, whether using this outline or an alternative structure. Short summaries of other possible subparts and sections are provided for context. This revision includes second iteration revisions to previously released language for Subpart B (Technology-Inclusive Safety Requirements) and Subpart C (Design and Analysis Requirements). This revision also includes previously released proposed rule language for Subpart A (General Provisions), Subpart D (Siting Requirements), Subpart E (Construction and Manufacturing Requirements), and portions of Subpart F (Requirements for Operations). This revision also includes new preliminary proposed rule language for additional portions of Subpart F (Requirements for Operations) related to emergency preparedness and security, as well as preliminary proposed changes to 10 CFR part 73, Physical Protection of Plants and Materials.

PRELIMINARY PROPOSED RULE LANGUAGE June 1, 2021 10 CFR PART 53, LICENSING AND REGULATION OF ADVANCED NUCLEAR REACTORS Subpart A - General Provisions This subpart includes sections related to topics such as scope, definitions, interpretations, relationships to other parts, communications, misconduct, employee protections, and exemptions. Most sections in this subpart were developed based on similar or identical requirements in existing parts of NRC regulations.

This iteration of subpart A includes bracketed references to existing requirements in parts 50, 52, etc.those references are for informational purposes only and will be removed as the remainder of part 53 is developed (e.g., reference to definitions in parts 50 and 52, emergency plan and security plan submittals). Some bracketed text is included in this subpart to provide explanation or indicate concepts that are still in development and may be further revised or removed.

§ 53.010 Scope.

This part provides an optional framework for the issuance, amendment, and termination of licenses, permits, certifications, and approvals for commercial advanced nuclear plants licensed under Section 103 of the Atomic Energy Act of 1954, as amended (68 Stat. 919), and Title II of the Energy Reorganization Act of 1974 (88 Stat. 1242). Also, this part gives notice to

all persons who knowingly provide to any holder of or applicant for an approval, certification, permit, or license, or to a contractor, subcontractor, or consultant of any of them, components, equipment, materials, or other goods or services that relate to the activities of a holder of or applicant for an approval, certification, permit, or license, subject to this part, that they may be individually subject to NRC enforcement action for violation of the provisions in § 53.050 of this part.

[A provision addressing the applicability of other 10 CFR Chapter I provisions will be considered in future iterations of preliminary proposed rule language for Subpart A.]

§ 53.020 Definitions. [This section will need to be updated as key terms needing definition are identified or revised as the staff works to produce the preliminary proposed rule language and deliver the proposed rule to the Commission].

For the purpose of this part:

Advanced nuclear plant [or facility] means a utilization facility consisting of one or more advanced nuclear reactors [as defined in NEIMA] and associated co-located support facilities, which may include one or more reactor modules, [using nuclear fission, nuclear fusion, or accelerator-driven reactor technologies] that are used for producing power for commercial electric or other commercial purposes. The advanced nuclear plant includes the collection of sites, buildings, radionuclide sources, and structures, systems, and components for which a license is being sought under this part.

Anticipated operational occurrences (AOOs) mean anticipated event sequences expected to occur one or more times during the life of a nuclear power plant. An event sequences with a mean frequency of 1x10-2/plant-year and greater is an AOO. AOOs take into account the expected responses of all SSCs within the plant, regardless of safety classification. AOOs are a type of licensing basis event. [Based, in part, on Appendix A to part 50]

Applicant means a person or an entity applying for a license, permit, or other form of Commission permission or approval under this part. [§ 50.2]

Combined license means a combined construction permit and operating license with conditions for a nuclear power facility issued under this part. [§ 52.1]

Commission means the Nuclear Regulatory Commission or its duly authorized representatives.

[§ 50.2]

Consensus code or standard means any technical standard (1) developed or adopted by a voluntary consensus standard body under procedures that assure that persons having interests within the scope of the standard that are affected by the provisions of the standard have reached substantial agreement on its adoption, (2) formulated in a manner that afforded an opportunity for diverse views to be considered, and (3) designated by the standards body as such a standard for the safe design, manufacture, construction, or operation of nuclear power plants.

Construction means the activities in paragraph (1) below and does not mean the activities in paragraph (2) below. [This definition is from§ 50.10, as a starting point, and will need revision to reflect the scope and content of part 53.]

(1) Activities constituting construction are the driving of piles, subsurface preparation, placement of backfill, concrete, or permanent retaining walls within an excavation, installation of foundations, or in-place assembly, erection, fabrication, or testing, which are for:

(i) Safety-related structures, systems, or components (SSCs) of a facility, as defined in

[10 CFR 50.2];

(ii) SSCs relied upon to mitigate accidents or transients or used in plant emergency operating procedures; (iii) SSCs whose failure could prevent safety-related SSCs from fulfilling their safety-related function; (iv) SSCs whose failure could cause a reactor scram or actuation of a safety-related system; (v) SSCs necessary to comply with [10 CFR part 73];

(vi) SSCs necessary to comply with [10 CFR 50.48 and criterion 3 of 10 CFR part 50, appendix A]; and (vii) Onsite emergency facilities, that is, technical support and operations support centers, necessary to comply with [10 CFR 50.47 and 10 CFR part 50, appendix E].

(2) Construction does not include:

(i) Changes for temporary use of the land for public recreational purposes; (ii) Site exploration, including necessary borings to determine foundation conditions or other preconstruction monitoring to establish background information related to the suitability of the site, the environmental impacts of construction or operation, or the protection of environmental values; (iii) Preparation of a site for construction of a facility, including clearing of the site, grading, installation of drainage, erosion and other environmental mitigation measures, and construction of temporary roads and borrow areas; (iv) Erection of fences and other access control measures; (v) Excavation; (vi) Erection of support buildings (such as, construction equipment storage sheds, warehouse and shop facilities, utilities, concrete mixing plants, docking and unloading facilities, and office buildings) for use in connection with the construction of the facility; (vii) Building of service facilities, such as paved roads, parking lots, railroad spurs, exterior utility and lighting systems, potable water systems, sanitary sewerage treatment facilities, and transmission lines; (viii) Procurement or fabrication of components or portions of the proposed facility occurring at other than the final, in-place location at the facility; (ix) Manufacture of a nuclear power reactor under a manufacturing license under subpart H of this part to be installed at the proposed site and to be part of the proposed facility; or Decommission means to remove a plant or site safely from service and reduce residual radioactivity to a level that permits:

(1) Release of the property for unrestricted use and termination of the license; or (2) Release of the property under restricted conditions and termination of the license.

[§ 50.2]

Defense in depth means inclusion of multiple independent and redundant layers of defense in the design of a facility and its operating procedures to compensate for potential human and

mechanical failures so that no single layer of defense, no matter how robust, is exclusively relied upon. Defense-in-depth includes, but is not limited to, the use of access controls, physical barriers, redundant and diverse key safety functions, and emergency response measures.

Design control means measures to ensure that applicable regulatory requirements and the design features and associated functional design criteria for structures, systems, and components are correctly translated into specifications, drawings, procedures, and instructions.

[Based on Appendix B, Criterion III, to part 50.]

Design features means the active and passive structures, systems, or components and inherent characteristics of those structures, systems or components that contribute to limiting the total effective dose equivalent to individual members of the public during normal operations and prevent or mitigate the consequences of unplanned events.

Design basis accidents (DBAs) mean postulated event sequences that are used to set functional design criteria and performance objectives for the design of safety-related structures, systems, and components. DBAs are a type of licensing basis event and are based on the capabilities and reliabilities of safety-related structures, systems, and components needed to mitigate and prevent event sequences, respectively.

Deterministic means a characteristic of decisionmaking based on engineering analyses that are not primarily based on quantitative probabilistic considerations.

End state means the set of conditions at the end of an event sequence that characterizes the impact of the sequence on the plant or resulting releases of radionuclides to the environment. In most probabilistic risk assessments, end states typically include success states (i.e., those states with negligible impact) and release categories.

Event sequence means a postulated initiating event defined for a set of initial plant conditions followed by system, safety function, and operator successes or failures, and terminating in a specified end state depending on the system, safety function, and operator successes and failures (e.g., prevention of release of radioactive material or release in one of the reactor-specific release categories). An event sequence may include many unique variations of events (e.g., minimal cut sets) that are similar in terms of how they impact the performance of safety functions along the event sequence.

Exclusion area means that area surrounding the reactor, in which the reactor licensee has the authority to determine all activities including exclusion or removal of personnel and property from the area. This area may be traversed by a highway, railroad, or waterway, provided these are not so close to the facility as to interfere with normal operations of the facility and provided appropriate and effective arrangements are made to control traffic on the highway, railroad, or waterway, in case of emergency, to protect the public health and safety. Residence within the exclusion area shall normally be prohibited. In any event, residents shall be subject to ready removal in case of necessity. Activities unrelated to operation of the reactor may be permitted in an exclusion area under appropriate limitations, provided that no significant hazards to the public health and safety will result. [§ 100.3]

Fission product release means the amount and composition of radioactive material released to the environment, after accounting for any retention of radionuclides provided by reactor design features.

Fuel means special nuclear material (SNM), discrete elements that physically contain SNM, and homogeneous mixtures that contain SNM, intended to or used to create thermal power in an advanced nuclear plant.

Functional design criteria means requirements for the performance of SSCs. For safety-related SSCs, these criteria define requirements necessary to demonstrate compliance with first tier safety criteria in § 53.210(b). For non-safety-related but safety-significant SSCs, these criteria define requirements necessary to meet the second tier safety criteria in § 53.220(b).

[Fusion reactor means a reactor that uses a process to combine two lighter atomic nuclei to form a heavier nucleus, while releasing energy.]

Inherent characteristic means an attribute of a design feature that has such a high degree of certainty in its performance that uncertainties need not be quantified.

Initiating event means a perturbation to the plant during a defined plant operating state that challenges plant control and safety systems and whose failure could potentially lead to an undesirable end state and/or radioactive material release. An initiating event is defined in terms of the change in plant status that results in a condition requiring a response to mitigate the event or to limit the extent of plant damage caused by the initiating event.

Licensee means a person who is authorized to conduct activities under a license issued by the Commission. [§ 50.2]

Licensing basis events (LBEs) mean a collection of event sequences considered in the design and licensing of the advanced nuclear plant. LBEs are unplanned events and include AOOs, unlikely event sequences, very unlikely event sequences, and DBAs.

Light-water reactor means a reactor that uses water that does not include deuterium as its coolant and neutron moderator.

Low population zone means the area immediately surrounding the exclusion area which contains residents, the total number and density of which are such that there is a reasonable probability that appropriate protective measures could be taken in their behalf in the event of unlikely or very unlikely event sequences. A permissible population density or total population within this zone is not included in this definition because the situation may vary from case to case. Whether a specific number of people can, for example, be evacuated from a specific area, or instructed to take shelter, on a timely basis will depend on many factors such as location, number and size of highways, scope and extent of advance planning, and actual distribution of residents within the area. [§ 100.3]

Manufacturing means activities conducted under a manufacturing license.

Manufacturing license means a license issued under subpart H of this part that authorizes the manufacture of nuclear power reactors but not their construction, installation, or operation at the sites on which the reactors are to be operated.

Mechanistic source term means the magnitude, mix, and timing of radionuclides that are released into the environment subsequent to an unplanned event, after accounting for any retention of radionuclides provided by reactor design features.

Microreactor means non-light-water reactors with an output of generally less than tens of megawatts thermal. [This term is under development and if a definition is needed, it may be revised in future preliminary proposed rule text.]

Non-light-water reactor means a reactor that does not use water that does not contain deuterium as its coolant and neutron moderator.

Non-Safety-Related but Safety Significant (NSRSS) [This term is under development and may be revised in future preliminary proposed rule text.] means those SSCs and human actions that warrant special treatment and are not safety-related but are relied on to achieve defense-in-depth or perform risk-significant functions.

Non-Safety-Significant (NSS) [This term is under development and may be revised in future preliminary proposed rule text.] means those SSCs not warranting special treatment, are not safety-related, and are not relied on to achieve adequate defense-in-depth or to perform risk-significant functions.

Normal plant operation or normal operation means operations that are expected to occur during planned operations or shutdown of the reactor.

Performance-based means an approach to decision-making that focuses on the desired objective of calculable or measurable, observable outcomes, rather than prescriptive design features, processes, techniques, or procedures. Performance-based decisions lead to defined results with limited specific direction regarding how those results are to be obtained.

Person means (1) any individual, corporation, partnership, firm, association, trust, estate, public or private institution, group, government agency other than the Commission, any State or any political subdivision of, or any political entity within a State, any foreign government or nation or any political subdivision of any such government or nation, or other entity; and (2) any legal successor, representative, agent, or agency of the foregoing. [AEA Section 11]

Population center distance means the distance from the reactor to the nearest boundary of a densely populated center containing more than about 25,000 residents. [§ 100.3]

Probabilistic risk assessment (PRA) means a quantitative assessment of the risk associated with plant operation and maintenance that is measured in terms of event sequence occurrence frequencies and consequences.

Programmatic controls mean administrative procedures that govern the actions of equipment and personnel of an advanced nuclear plant. Programmatic controls are specified in an application for a requested activity of the Commission, as provided in subpart H.

Prototype plant means a nuclear reactor that is used to test design features, such as the testing required under § 53.440(c). The prototype is similar to a first-of-a-kind or standard plant design in all features and size but may include additional safety features to protect the public and the plant staff from the possible consequences of accidents during the testing period. [§ 52.1]

Safety criteria means metrics that establish a level of safety based on requirements in § 53.210 and § 53.220.

Safety-related (SR) [This term is under development and may be revised in future preliminary proposed rule text.] means those SSCs and human actions that warrant special treatment and are relied upon to demonstrate compliance with the safety criteria in § 53.210(b).

Site characteristics means the meteorological, geological, seismological, topographical, hydrological, and other characteristics of the site and surrounding area that may have a bearing on the consequences of radioactive material escaping from the nuclear plant as well as demographic features of a site. (§ 53.500)

Small modular reactor means a power reactor, licensed under [§ 50.21 or § 50.22] to produce heat energy up to 1,000 megawatts-thermal, which may be of modular design [as defined in

§ 52.1 of this chapter.] [EP for SMR and ONT Notice of Proposed Rulemaking]

Special nuclear material means (1) plutonium, uranium-233, uranium enriched in the isotope-233 or in the isotope-235, and any other material which the Commission, pursuant to the provisions of section 51 of the Atomic Energy Act, determines to be special nuclear material, but does not include source material; or (2) any material artificially enriched by any of the foregoing, but does not include source material. [§ 50.2]

Special treatment means those requirements, such as measures taken to satisfy functional design criteria, quality assurance, and programmatic controls, that provide assurance that certain SSCs will provide defense-in-depth or perform risk-significant functions and that provide confidence that the SSCs will perform under the service conditions and with the reliability assumed in the analysis performed in accordance with § 53.450 to provide reasonable assurance of meeting the safety criteria in § 53.210(b) and § 53.220(b).

Standard design means a design which is sufficiently detailed and complete to support certification or approval in accordance with subpart H of this part, and which is usable for a multiple number of units or at a multiple number of sites without reopening or repeating the review. [§ 52.1]

Standard design certification or design certification means a Commission approval, issued under subpart H of this part, of a final standard design for a nuclear power facility. This design may be referred to as a certified standard design. [§ 52.1]

Total effective dose equivalent (TEDE) means the sum of the effective dose equivalent (for external exposures) and the committed effective dose equivalent (for internal exposures).

Unlikely event sequences mean event sequences that have estimated frequencies below the frequency of AOOs. Unlikely event sequences are a subset of LBEs. [For example, within the licensing modernization project, this would equate to design basis events with a frequency range of between 1x10-2 and 5x10-4 per plant year with an accounting for uncertainties.]

Very unlikely event sequences mean event sequences that have estimated frequencies well below the frequency of events expected to occur in the life of an advanced nuclear plant. Very unlikely event sequences are a subset of LBEs. [For example, within the licensing modernization project, this would equate to beyond design basis events with a frequency range of between 1x10-4 and 5x10-7 per plant year with an accounting for uncertainties.]

§ 53.040 Written communications.

[This and subsequent sections largely taken from Parts 50 & 52 as a starting point and will need revision to reflect the scope and content of part 53].

(a) General requirements. All correspondence, reports, applications, and other written communications from the applicant or licensee to the Nuclear Regulatory Commission concerning the regulations in this part or individual license conditions must be sent either by mail addressed: ATTN: Document Control Desk, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; by hand delivery to the NRC's offices at 11555 Rockville Pike, Rockville, Maryland, between the hours of 8:15 a.m. and 4 p.m. eastern time; or, where practicable, by electronic submission, for example, via Electronic Information Exchange, e-mail, or CD-ROM. Electronic submissions must be made in a manner that enables the NRC to receive, read, authenticate, distribute, and archive the submission, and process and retrieve it a single page at a time. Detailed guidance on making electronic submissions can be obtained by visiting the NRCs Web site at http://www.nrc.gov/site-help/e-submittals.html; by e-mail to MSHD.Resource@nrc.gov; or by writing the Office of the Chief Information Officer, U.S.

Nuclear Regulatory Commission, Washington, DC 20555-0001. The guidance discusses, among other topics, the formats the NRC can accept, the use of electronic signatures, and the treatment of nonpublic information. If the communication is on paper, the signed original must be sent. If a submission due date falls on a Saturday, Sunday, or Federal holiday, the next Federal working day becomes the official due date.

(b) Distribution requirements. Copies of all correspondence, reports, and other written communications concerning the regulations in this part or individual license conditions, or the terms and conditions of an early site permit or standard design approval, must be submitted to the persons listed below (addresses for the NRC Regional Offices are listed in appendix D to part 20 of this chapter).

(1) Applications for amendment of permits and licenses; reports; and other communications. All written communications (including responses to: generic letters, bulletins, information notices, regulatory information summaries, inspection reports, and miscellaneous requests for additional information) that are required of holders of licenses, permits, and design approvals issued pursuant to this part, must be submitted as follows, except as otherwise specified in paragraphs (b)(2) through (b)(7) of this section: to the NRC's Document Control Desk (if on paper, the signed original), with a copy to the appropriate Regional Office, and a copy to the appropriate NRC Resident Inspector, if one has been assigned to the site of the facility or the place of manufacture of a reactor licensed under subpart H of this part.

(2) Applications for permits and licenses, and amendments to applications. Applications for licenses, permits, and design approvals and amendments to any of these types of applications must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office, and a copy to the appropriate NRC Resident Inspector, if one has been assigned to the facility or the place of manufacture of a reactor licensed under subpart H of this part, except as otherwise specified in paragraphs (b)(3) through (b)(9) of this section. If the application or amendment is on paper, the submission to the Document Control Desk must be the signed original.

(3) Acceptance review application. Written communications required for an application for determination of suitability for docketing must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office. If the communication is on paper, the submission to the Document Control Desk must be the signed original.

(4) Security plan and related submissions. [This requirement will need updating to remove references to Part 50 and to reflect the final Alternative Physical Security for Advanced Reactors rulemaking (Docket ID NRC-2017-0227). Additional changes may be needed once security requirements for Part 53 are developed.] Written communications, as defined in paragraphs (b)(4)(i) through (iv) of this section, must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office. If the communication is on paper, the submission to the Document Control Desk must be the signed original. Submissions should include the following as appropriate:

(i) Physical security plan under [10 CFR 50.34];

(ii) Safeguards contingency plan under [10 CFR 50.34];

(iii) Change to security plan, guard training and qualification plan, or safeguards contingency plan made without prior Commission approval under [10 CFR 50.54(p)];

(iv) Application for amendment of physical security plan, guard training and qualification plan, or safeguards contingency plan under [10 CFR 50.90].

(5) Emergency plan and related submissions. [This requirement will need updating to remove references to Part 50 and to reflect the final SMR And ONT EP rule (Docket ID NRC-2015-0225) that establishes § 50.160, and to make changes to align the requirements of

§ 50.47 to the Part 53 format.] Written communications as defined in paragraphs (b)(5)(i) through (iii) of this section must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office, and a copy to the appropriate NRC Resident Inspector if one has been assigned to the site of the facility. If the communication is on paper, the submission to the Document Control Desk must be the signed original. Submissions should include the following as appropriate:

(i) Emergency plan under [10 CFR 50.34];

(ii) Change to an emergency plan under [10 CFR 50.54(q);

(iii) Emergency implementing procedures under [appendix E.V to this part].

(6) Updated FSAR. An updated Final Safety Analysis Report (FSAR) or replacement pages, under [10 CFR 50.71(e)] must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office, and a copy to the appropriate NRC Resident Inspector if one has been assigned to the site of the facility. Paper copy submissions may be made using replacement pages; however, if a licensee chooses to use electronic submission, all subsequent updates or submissions must be performed electronically on a total replacement basis. If the communication is on paper, the submission to the Document Control Desk must be the signed original. If the communications are submitted electronically, see Guidance for Electronic Submissions to the Commission.

(7) Quality assurance related submissions. (i) A change to the Safety Analysis Report quality assurance program description under 10 CFR 50.54(a)(3) or 50.55(f)(3), or a change to a licensee's NRC-accepted quality assurance topical report under 10 CFR 50.54(a)(3) or 50.55(f)(3), must be submitted to the NRC's Document Control Desk, with a copy to the appropriate Regional Office, and a copy to the appropriate NRC Resident Inspector if one has been assigned to the site of the facility. If the communication is on paper, the submission to the Document Control Desk must be the signed original.

(ii) A change to an NRC-accepted quality assurance topical report from nonlicensees (i.e., architect/engineers, NSSS suppliers, fuel suppliers, constructors, etc.) must be submitted to the NRC's Document Control Desk. If the communication is on paper, the signed original must be sent.

(8) Certification of permanent cessation of operations. The licensee's certification of permanent cessation of operations, under [Subpart G], must state the date on which operations have ceased or will cease, and must be submitted to the NRC's Document Control Desk. This submission must be under oath or affirmation.

(9) Certification of permanent fuel removal. The licensee's certification of permanent fuel removal, under [Subpart G], must state the date on which the fuel was removed from the reactor vessel and the disposition of the fuel, and must be submitted to the NRC's Document Control Desk. This submission must be under oath or affirmation.

(c) Form of communications. All paper copies submitted to meet the requirements set forth in paragraph (b) of this section must be typewritten, printed or otherwise reproduced in permanent form on unglazed paper. Exceptions to these requirements imposed on paper submissions may be granted for the submission of micrographic, photographic, or similar forms.

(d) Regulation governing submission. Licensees, applicants, and holders of standard design approvals submitting correspondence, reports, and other written communications under the regulations of this part are requested but not required to cite whenever practical, in the upper right corner of the first page of the submission, the specific regulation or other basis requiring submission.

§ 53.050 Deliberate misconduct.

(a) Any licensee, applicant for a license, employee of a licensee or applicant; or any contractor (including a supplier or consultant), subcontractor, employee of a contractor or subcontractor of any licensee or applicant for a license, who knowingly provides to any licensee, applicant, contractor, or subcontractor, any components, equipment, materials, or other goods or services that relate to a licensee's or applicant's activities in this part, may not:

(1) Engage in deliberate misconduct that causes or would have caused, if not detected, a licensee or applicant to be in violation of any rule, regulation, or order; or any term, condition, or limitation of any license issued by the Commission; or (2) Deliberately submit to the NRC, a licensee, an applicant, or a licensee's or applicant's contractor or subcontractor, information that the person submitting the information knows to be incomplete or inaccurate in some respect material to the NRC.

(b) A person who violates paragraph (a)(1) or (a)(2) of this section may be subject to enforcement action in accordance with the procedures in 10 CFR part 2, subpart B.

(c) For the purposes of paragraph (a)(1) of this section, deliberate misconduct by a person means an intentional act or omission that the person knows:

(1) Would cause a licensee or applicant to be in violation of any rule, regulation, or order; or any term, condition, or limitation, of any license issued by the Commission; or (2) Constitutes a violation of a requirement, procedure, instruction, contract, purchase order, or policy of a licensee, applicant, contractor, or subcontractor.

§ 53.060 Employee protection.

(a) Discrimination by a holder or applicant for an NRC license, permit, or design approval, or a contractor or subcontractor of a holder or applicant for an NRC license, permit, or design approval, against an employee for engaging in certain protected activities is prohibited.

Discrimination includes discharge and other actions that relate to compensation, terms, conditions, or privileges of employment. The protected activities are established in section 211 of the Energy Reorganization Act of 1974, as amended, and in general are related to the administration or enforcement of a requirement imposed under the Atomic Energy Act or the Energy Reorganization Act.

(1) The protected activities include but are not limited to:

(i) Providing the Commission or his or her employer information about alleged violations of either of the statutes named in paragraph (a) of this section or possible violations of requirements imposed under either of those statutes; (ii) Refusing to engage in any practice made unlawful under either of the statutes named in paragraph (a) to this section or under these requirements if the employee has identified the alleged illegality to the employer; (iii) Requesting the NRC to institute action against his or her employer for the administration or enforcement of these requirements; (iv) Testifying in any Commission proceeding, or before Congress, or at any Federal or State proceeding regarding any provision (or proposed provision) of either of the statutes named in paragraph (a) of this section.

(v) Assisting or participating in, or is about to assist or participate in, these activities.

(2) These activities are protected even if no formal proceeding is actually initiated as a result of the employee assistance or participation.

(3) This section has no application to any employee alleging discrimination prohibited by this section who, acting without direction from his or her employer (or the employer's agent),

deliberately causes a violation of any requirement of the Energy Reorganization Act of 1974, as amended, or the Atomic Energy Act of 1954, as amended.

(b) Any employee who believes that he or she has been discharged or otherwise discriminated against by any person for engaging in protected activities specified in paragraph (a)(1) of this section may seek a remedy for the discharge or discrimination through an administrative proceeding in the Department of Labor. The administrative proceeding must be initiated within 180 days after an alleged violation occurs. The employee may do this by filing a complaint alleging the violation with the Department of Labor, Employment Standards Administration, Wage and Hour Division. The Department of Labor may order reinstatement, back pay, and compensatory damages.

(c) A violation of paragraphs (a), (e), or (f) of this section by a holder or applicant for an NRC license, permit, or design approval, or a contractor or subcontractor of a holder or applicant for an NRC license, permit, or design approval, may be grounds for (1) Denial, revocation, or suspension of the license or standard design approval.

(2) Withdrawal or revocation of a proposed or final standard design certification.

(3) Imposition of a civil penalty on the holder or applicant for an NRC license, permit, or design approval, or a contractor or subcontractor of a holder or applicant for a Commission license, permit, or design approval.

(4) Other enforcement action.

(d) Actions taken by an employer, or others, which adversely affect an employee may be predicated upon nondiscriminatory grounds. The prohibition applies when the adverse action occurs because the employee has engaged in protected activities. An employee's engagement in protected activities does not automatically render him or her immune from discharge or discipline for legitimate reasons or from adverse action dictated by nonprohibited considerations.

(e)(1) Each holder or applicant for a license, permit, or design approval, shall prominently post the revision of NRC Form 3, "Notice to Employees," referenced in 10 CFR 19.11(e)(1). This form must be posted at locations sufficient to permit employees protected by this section to observe a copy on the way to or from their place of work. Premises must be posted not later than 30 days after an application is docketed and remain posted while the application is pending before the Commission, during the term of the license, and for 30 days following license termination.

(2) Copies of NRC Form 3 may be obtained by writing to the Regional Administrator of the appropriate U.S. Nuclear Regulatory Commission Regional Office listed in appendix D to part 20 of this chapter, via email to Forms.Resource@nrc.gov, or by visiting the NRC's online library at http://www.nrc.gov/reading-rm/doc-collections/forms/.

(f) No agreement affecting the compensation, terms, conditions, or privileges of employment, including an agreement to settle a complaint filed by an employee with the Department of Labor pursuant to section 211 of the Energy Reorganization Act of 1974, as amended, may contain any provision which would prohibit, restrict, or otherwise discourage an employee from participating in protected activity as defined in paragraph (a)(1) of this section including, but not limited to, providing information to the NRC or to his or her employer on potential violations or other matters within NRC's regulatory responsibilities.

(g) Part 19 of this chapter sets forth requirements and regulatory provisions applicable to licensees, holders of a standard design approval, applicants for a license, standard design certification, or standard design approval, and contractors or subcontractors of a Commission licensee, or holder of a standard design approval, and are in addition to the requirements in this section.

§ 53.070 Completeness and accuracy of information.

(a) Information provided to the Commission by a holder of a license, permit, design certification, or standard design approval under this part or an applicant for a license, permit, or design certification, or standard design approval under this part, and information required by statute or by the Commission's regulations, orders, license conditions, or terms and conditions of a standard design approval to be maintained by the applicant or the licensee shall be complete and accurate in all material respects.

(b) Each applicant or licensee shall notify the Commission of information identified by the applicant or licensee as having for the regulated activity a significant implication for public health and safety or common defense and security. An applicant or licensee violates this paragraph only if the applicant or licensee fails to notify the Commission of information that the applicant or licensee has identified as having a significant implication for public health and safety or common defense and security. Notification shall be provided to the Administrator of the appropriate Regional Office within two working days of identifying the information. This requirement is not

applicable to information which is already required to be provided to the Commission by other reporting or updating requirements.

§ 53.080 Specific exemptions.

The Commission may, upon application by any interested person or upon its own initiative, grant exemptions from the requirements of the regulations of this part. The Commissions consideration will be governed by § 50.12 of this chapter. The Commissions consideration of requests for exemptions from requirements of the regulations of other parts in this chapter, which are applicable by virtue of this part, shall be governed by the exemption requirements of those parts. [Note that this section may be revised to be similar to § 50.12 and related provisions in Part 52 instead of referring to those regulations.]

§ 53.090 Combining licenses; elimination of repetition.

(a) An applicant for a license under this part may combine in its application several applications for different kinds of licenses under the regulations of this chapter.

(b) An applicant may incorporate by reference in its application information contained in previous applications, statements or reports filed with the Commission, provided, however, that such references are clear and specific.

(c) The Commission may combine in a single license the activities of an applicant which would otherwise be licensed separately.

§ 53.100 Jurisdictional limits.

No permit, license, standard design approval, or standard design certification under this part shall be deemed to have been issued for activities which are not under or within the jurisdiction of the United States.

§ 53.110 Attacks and destructive acts.

Licensees and applicants under this part are not required to provide for design features or other measures for the specific purpose of protection against the effects of (a) Attacks and destructive acts, including sabotage, directed against the facility by an enemy of the United States, whether a foreign government or other person; or (b) Use or deployment of weapons incident to U.S. defense activities.

§ 53.120 Information collection requirements: OMB approval.

(a) The Nuclear Regulatory Commission has submitted the information collection requirements contained in this part to the Office of Management and Budget (OMB) for approval as required by the Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. OMB has approved the information collection requirements contained in this part under control number [TBD].

(b) The approved information collection requirements contained in this part appear in

§ 53.XX.

(c) This part contains information collection requirements in addition to those approved under the control number specified in paragraph (a) of this section. These information collection requirements and the control numbers under which they are approved are as follows:

Subpart B - Technology-Inclusive Safety Requirements Preliminary rule language for Subpart B was previously released to support interactions with stakeholders, including a public meeting on November 18, 2020 (ADAMS Accession No. ML20289A591). This iteration reflects revisions to the preliminary proposed rule language in response to those interactions and other comments received. The staff will continue to interact with stakeholders and iterate on the preliminary rule language during its development of the proposed rulemaking.

Please note that the section numbers in Subpart B have been expanded to allow for future additions compared to the version made public to support the November 18, 2020, Part 53 public meeting.

§ 53.200 Safety Objectives.

Each advanced nuclear plant must be designed, constructed, operated, and decommissioned such that there is reasonable assurance of adequate protection of to limit the possibility of an immediate threat to the public health and safety and the common defense and security.. In addition, each advanced nuclear plant must take such additional measures to protect public health and minimize danger to life or property as may be reasonableappropriate when considering technology changes, economic costs, operating experience, or other factorspotential risks to public health and safety. These safety objectives shall be carried out by meeting the safety criteria identified in the assessments performed under the facility safety program required by § 53.800this subpart.

§ 53.210 Safety Functions.

(a) The primary safety function is limiting the release of radioactive materials from the facility and must be maintained during routine operation and for licensing basis events over the life of the plant.

(b) Additional safety functions supporting the retention of radioactive materials during routine operation and licensing basis eventssuch as controlling heat generation, heat removal, and chemical interactions--must be defined.

(c) Design features and programmatic controls serve to fulfill the primary safety function and additional safety functions and must be maintained over the life of the plant.

§ 53.220 First Tier Safety Criteria.

(a) Normal operations. Design features and programmatic controls must be provided for each advanced nuclear plant to ensure the contribution to total effective dose equivalent to individual members of the public from normal plant operation does not exceed 0.1 rem (1 mSv) in a year and the contribution to dose in any unrestricted area does not exceed 0.002 rem (0.02 millisievert) in any one hour.the public dose limits provided in Subpart D to 10 CFR part 20.

(b) Unplanned events. Design features and programmatic controls must be provided for each advanced nuclear plant such that analyses of licensing basis events in accordance with

§ 53.240, including treatment of uncertainties, demonstrate with high confidence that events with an upper bound frequency greater than approximately once per 10,000 years meet the following:

(1) An individual located at any point on the boundary of the exclusion area for any 2-hour period following the onset of the postulated fission product release would not receive a radiation dose in excess of 25 rem (250 mSv) total effective dose equivalent; and (2) An individual located at any point on the outer boundary of the low population zone who is exposed to the radioactive cloud resulting from the postulated fission product release (during the entire period of its passage) would not receive a radiation dose in excess of 25 rem (250 mSv) total effective dose equivalent.1 (c) Design features and programmatic controls beyond those needed for paragraphs (a) and (b) of this section must be provided for each advanced nuclear plant to satisfy additional requirements established by the NRC for ensuring reasonable assurance of adequate protection of the public health and safety and maintaining common defense and security.

§ 53.230220 Second Tier Safety Criteria.

a) Normal operations. Design features and programmatic controls must be provided for each advanced nuclear plant to ensure the estimated total effective dose equivalent to individual members of the public from effluents resulting from normal plant operation are as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, operating experience, the economics of improvements in relation toand the benefits to the public health and safety and other factors included in the assessments performed under the facility safety program required by § 53.800.

Performance objectives for design. Design features and programmatic controls must be established such that: [to be reworded for consistency with 10 CFR part 20 and 40 CFR part 190].

(1) The calculated annual total quantity of all radioactive material above background to be released from each advanced nuclear plant to unrestricted areas will not result in an estimated annual dose or dose commitment from liquid effluents for any individual in an unrestricted area from all pathways of exposure in excess of 3 millirems to the total body or 10 millirems to any organ.

(2) The calculated annual total quantity of all radioactive material above background to be released from each advanced nuclear plant to the atmosphere will not result in an estimated annual air dose from gaseous effluents at any location near ground level which could be occupied by individuals in unrestricted areas in excess of 10 millirads for gamma radiation or 20 millirads for beta radiation.

(b) Unplanned events. Design features and programmatic controls must be provided to:

(1) Ensure plant SSCs, personnel, and programs provide the necessary capabilities and maintain the necessary reliability to address licensing basis events in accordance with § 53.240 and provide measures for defense-in-depth in accordance with § 53.250; and 1 A whole body dose of 25 rem has been stated to correspond numerically to the once in a lifetime accidental or emergency dose for radiation workers which, according to NCRP [National Council on Radiation Protection and Measurements]

recommendations at the time could be disregarded in the determination of their radiation exposure status (see NBS Handbook 69 dated June 5, 1959). However, its use is not intended to imply that this number constitutes an acceptable limit for an emergency dose to the public under accident conditions. Rather, this dose value has been set forth in this section as a reference value, which can be used in the evaluation of plant design features with respect to postulated reactor accidents, to assure that these designs provide assurance of low risk of public exposure to radiation, in the event of an accident.

(2) Maintain overall cumulative plant risk from licensing basis events such that the risk to an average individual within the vicinity of the plant receiving a radiation dose with the potential for immediate health effects remains below five in 10 million years, and below two in one million years forthe risk to such an individual receiving a radiation dose with the potential to cause latent health effects remains below two in one million years.

§ 53.230 Safety Functions.

(a) The primary safety function is limiting the release of radioactive materials from the facility and must be maintained during routine operation and for licensing basis events over the life of the plant.

(b) Additional safety functions supporting the retention of radioactive materials during routine operation and licensing basis eventssuch as controlling heat generation, heat removal, and chemical interactions--must be defined.

. (c)Design features and programmatic controls serve to fulfill the primary safety function and additional safety functions and must be maintained over the life of the plant. The primary and additional safety functions are required to meet the first and second tier safety criteria and are fulfilled by the design features and programmatic controls specified throughout this part.

§ 53.240 Licensing Basis Events.

Licensing basis events must be identified for each advanced nuclear plant and analyzed in accordance with § 53.[3x].450 to support assessments of the safety requirements ofin this subpart B. The licensing basis events must address combinations of malfunctions of plant SSCs, human errors, and the effects of external hazards ranging from anticipated operational occurrences to highlyvery unlikely event sequences that are notwith estimated frequencies well below the frequency of events expected to occur in the life of the advanced nuclear plant. The evaluation of licensing basis events must be used to confirm the adequacy of design features and programmatic controls needed to satisfy first and second tier safety criteria of this subpart and to establish related functional requirements for plant SSCs, personnel, and programs.

§ 53.250 Defense in Depth.

Measures must be taken for each advanced nuclear plant to ensure appropriate defense in depth is provided to compensate for epistemic and aleatory uncertainties such that there is high confidence that the safety criteria in this subpart B are met over the life of the plant. The epistemic and aleatory uncertainties to be considered include those related to the state of knowledge and modeling capabilities, the ability of barriers to limit the release of radioactive materials from the facility during routine operation and for licensing basis events, and those related to the reliability and performance of plant SSCs and personnel, and programmatic controls. Measures to compensate for these uncertainties can include increased safety margins in the design of SSCs and providing alternate means to accomplish safety functions. No single engineered design or operational feature, human action, and or programmatic control, no matter how robust, should be exclusively relied upon to meet the safety criteria of 10 CFR part§ 53.220(b) or the safety functions defined in accordance with § 53.230.

§ 53.260 Protection of Plant Workers.

(a) Design features and programmatic controls must exist for each advanced nuclear plant to ensure that radiological dose to plant workers does not exceed the occupational dose limits provided in subpart C to 10 CFR part 20.

(b) The licensee As required by Subpart B to 10 CFR part 20, design features and programmatic controls must use, to the extent practical, procedures and engineering controls be

based upon sound radiation protection principles to achieve occupational doses and doses to members of the public that are as low as is reasonably achievable.

Subpart C - Design and Analysis Requirements Preliminary rule language for Subpart C was previously released to support interactions with stakeholders, including a public meeting on January 7, 2021 (ADAMS Accession No. ML ML20337A432). This iteration reflects revisions to the preliminary proposed rule language in response to those interactions and other comments received. The staff will continue to interact with stakeholders and iterate on the preliminary rule language during its development of the proposed rulemaking.

Discussions are needed on the potential inclusion of requirements to address non-radiological hazards (e.g., chemical hazards) and on the potential role of an analyses of unmitigated event consequences (e.g., crediting inherent characteristics but not engineered design features).

§ 53.400 Design Objectives and Design Features.

Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the plant will satisfy the first and second tier safety criteria defined in §§ 53.220210 and 53.230220. Design features must ensure that the safety functions identified in § 53.210230, of limiting the release of radioactive materials from the facility, is maintained during routine operations and licensing basis events by controlling the release of radioactive materials and by supporting other safety functions.

§ 53.410 Functional Design Criteria for First Tier Safety Criteria.

(a) Normal operations. Functional design criteria must be defined for each design feature required by § 53.400 to demonstrate compliance with the first tier safety criteria defined in § 53.220210(a). Corresponding programmatic controls, including monitoring programs, must be established to confirm that the established functional design criteria and the first tier safety criteria required in § 53.220210(a) are not exceeded during normal operations.

(b) Unplanned events. Functional design criteria must be defined for each design feature required by § 53.400 relied upon to demonstrate compliance with the first tier safety criteria defined in § 53.220210(b). Corresponding programmatic controls and interfaces must be established in accordance with this and [other subparts to achieve and maintain the reliability and capability of SSCs relied upon to meet the established functional design criteria and the first tier safety criteria required in § 53.220210(b), and to maintain consistency with analyses required by § 53.450.

§ 53.420 Functional Design Criteria for Second Tier Safety Criteria.

(a) Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the total effective dose equivalent to individual members of the public from effluents resulting from normal plant operation are as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, operating experience, and benefits to the public health and safety, and other factors included in the assessments performed under the facility safety program required by § 53.800, and the safety criteria and performance objectives in § 53.230(a). (a) Normal operations. Functional design criteria must be

defined for each design feature relied upon to demonstrate compliance with the second tier safety criteria in § 53.230220(a). Corresponding programmatic controls, including monitoring programs, must be established to confirm that the established functional design criteria and the safety criteria and performance objectives in § 53.230220(a) are not exceeded during normal operations.

(b) Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, the analyses required by

§ 53.450 provide reasonable assurance that the estimated risks from unplanned events will be below the second tier safety criteria in § 53.230(b). (b) Unplanned events. Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with the second tier safety criteria in § 53.230(b).220(b) considering licensing basis events ranging from anticipated operational occurrences to very unlikely event sequences with estimated frequencies well below the frequency of events expected to occur in the life of the advanced nuclear plant. Corresponding programmatic controls and interfaces must be established in accordance with this and other subparts to achieve and maintain the reliability and capability of SSCs relied upon to meet the second tier safety criteria in § 53.230220(b) and to maintain consistency with analyses required by § 53.450.

§ 53.430 Functional Design Criteria for Protection of Plant Workers.

Design features must be provided for each advanced nuclear plant such that, when combined with associated programmatic controls and human actions, there is reasonable assurance the requirements for the protection of plant workers in § 53.260 will be met.

Functional design criteria must be defined for each design feature relied upon to demonstrate compliance with § 53.260. Corresponding programmatic controls, including monitoring programs, must be established to confirm that the worker protection criteria in § 53.260(a) are not exceeded. In addition, functional design criteria must be defined for each design feature to ensure that plant SSCs and associated programmatic controls, including monitoring programs, achieve occupational doses as low as is reasonably achievable as required by § 53.260(b).

§ 53.440 Design Requirements.

(a) The design features required to meet the first and second tier safety criteria defined in §§ 53.220210 and 53.230220 shall be designed using generally accepted consensus codes and standards wherever applicable.

(b) The materials used for safety related and non-safety related but safety significant SSCs ([as will be defined in § 53.460)subpart A] must be qualified for their service conditions over the plant lifetime.

(c) Safety and security must be considered together in the design process such that, where possible, security issues are effectively resolved through design and engineered security features.

(d) Design features must be demonstrated capable of accomplishing the safety functions defined in § 53.210 without adversely affecting other design features. The demonstration must be through analysis consistent with § 53.450fulfilling functional design criteria considering interdependent effects through analysis, appropriate test programs, prototype testing, operating experience, or a combination thereof for the range of conditions under which the analysis required in § 53.450 assumes these features will function throughout the plants lifetime.

§ 53.450 Analysis Requirements.

(a) Requirement to have a probabilistic risk assessment. A probabilistic risk assessment (PRA) of each advanced nuclear plant [reminder - plant definition to include multi-module and multi-source] must be performed to identify potential failures, degradation mechanisms,

susceptibility to internal and external hazards, and other contributing factors to unplanned events that might challenge the safety functions identified in § 53.210.230 and to support demonstrating that each advanced nuclear plant meets the second tier safety criteria of

§ 53.220(b).

(b) The probabilistic risk assessment (PRA) must:

(1) Be used in(b) Specific uses of analyses. The PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof must be used:

(1) In determining the licensing basis events, as described in § 53.240, which must be considered in the design to determine compliance with the safety criteria in Subpart B of this part.

(2) Be used forFor classifying SSCs and human actions according to their safety significance in accordance with § 53.460 and for identifying the environmental conditions under which the SSCs and operating staff must perform their safety functions.

(3) Be used inIn evaluating the adequacy of defense-in-depth measures required in accordance with § 53.250.

(4) AssessTo identify and assess all plant operating states where there is the potential for the uncontrolled release of radioactive material to the environment.

(5) ConsiderTo identify and assess events that challenge plant control and safety systems whose failure could lead to the uncontrolled release of radioactive material to the environment. These include internal events, such as human errors and equipment failures, and external events, such as earthquakes, identified in accordance with Subpart D of this part.

(6) Conform(c) Maintenance and upgrade of analyses. The PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof must be maintained and upgraded in conformance with generally accepted methods, standards, and practices.

(7) Be maintained and upgraded to cover initiating events and modes of operation contained in generally accepted methods, standards, and practices in effect one year prior to each required PRA upgrade. The PRA must be upgraded every two years until the permanent cessation(d) Qualification of operations under Subpart G of this part.(c)analytical codes. The analytical codes used in modeling plant behavior duringin analyses of licensing basis events (e.g. thermodynamics, reactor physics, fuel performance, mechanistic source term) must be qualified for the range of conditions for which they are to be used.

(d) If not addressed within the PRA under paragraph (b), analyses must be performed to assess:

(1) measures provided to protect against, detect and suppress fires that could impact the ability of equipment to perform its safety function and challenge the safety criteria contained in

§§ 53.220 and 53.230.

(2) measures provided to protect against aircraft impacts as required by 10 CFR 50.150, and (3) measures to mitigate specific beyond design basis events as required by 10 CFR 50.155.

(e)(e) Analyses of licensing basis events. Analyses must be performed for licensing basis events ranging from anticipated operational occurrences to very unlikely event sequences with estimated frequencies well below the frequency of events expected to occur in the life of the advanced nuclear plant. The licensing basis events must be identified using insights from a PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof to systematically identify and analyze equipment failures and human errors. The analyses must address event sequences from initiation to a defined end state and demonstrate that the functional design criteria required by § 53.420 provide sufficient

barriers to the unplanned release of radionuclides to satisfy the second tier safety criteria of § 53.220(b) and provide defense in depth as required by § 53.250.

(f) Analysis of design basis accidents. The analysis of licensing basis events required by

§ 53.240 and § 53.450(e) must include analysis of a set of design basis accidents that address possible challenges to the safety functions identified in accordance with § 53.210230. Design basis accidents must be selected from those unanticipated event sequences with an upper bound frequency of less than one in 10,000 years as identified using insights from a design-specific probabilisticPRA, other generally accepted risk assessment that-informed approach for systematically identifiesevaluating engineered systems, or combination thereof to systematically identify and analyzesanalyze equipment failures and human errors. The events selected as design basis accidents should be those that, if not terminated, have the potential for exceeding the safety criteria in § 53.220210(b). The design-basis accidents selected must be analyzed using deterministic methods assumingthat address event sequences from initiation to a safe stable end state and assume only the safety--related SSCs identified in § 53.460 and human actions addressed by § 53.8xx (reference to concept of operations sections of Subpart F) are available to perform the safety functions identified in accordance with § 53.210230. The analysis must conservatively demonstrate compliance with the safety criteria in § 53.220210(b).

(g) Other required analyses. If not addressed within the PRA, other generally accepted risk-informed approach for systematically evaluating engineered systems, or combination thereof under paragraph (b), analyses must be performed to assess:

(1) measures provided to protect against, detect and suppress fires that could impact the ability of equipment to perform its safety function and challenge the safety criteria contained in

§§ 53.210 and 53.220.

(2) measures provided to protect against aircraft impacts as required by 10 CFR 50.150, and (3) measures to mitigate specific beyond design basis events as required by 10 CFR 50.155.

§ 53.460 Safety Categorization and Special Treatment.

(a) SSCs and human actions must be classified according to their safety significance.

The categories must include Safety Related (SR), which are those SSCs and human actions relied upon to function in response to design basis accidents to meet the safety criteria in

§ 53.220(b); Non-Safety Related but Safety Significant (NSRSS), which are those SSCs and human actions that perform a function that is necessary to achieve adequate defense-in-depth or are classified as risk significant (i.e., whose failure contributes 1% or more to cumulative plant risk, as defined in § 53.230, or would cause a licensing basis event to exceed the safety criteria in § 53.220(b)); and Non-Safety Significant (NSS), which are those SSCs not warranting special treatmentNon-Safety Related but Safety Significant (NSRSS), and Non-Safety Significant (NSS), as defined in subpart A of this part.

(b) For SR and NSRSS SSCs and human actions, the conditions under which they must perform their safety function in § 53.210230 must be identified. Special Treatment (e.g.,

functional design criteria and programmatic controls) must be established in accordance with this and [other Subparts to provide appropriate confidence that the SSCs will perform under the service conditions and with the reliability assumed in the analysis performed in accordance with

§ 53.450 to provide reasonable assurance of meeting the safety criteria in §§ 53.220210(b) and 53.230220(b).

(c) Human actions to prevent or mitigate licensing basis events must be capable of being reliably performed under the postulated environmental conditions present and be addressed by programs established in accordance with Subpart F of this part to provide confidence that those actions will be performed as assumed in the analysis performed in accordance with § 53.450 to

provide reasonable assurance of meeting the safety criteria in §§ 53.220210(b) and 53.230220(b).

§ 53.470 Application of Analytical Safety Margins to Operational Flexibilities.

Where an applicant or licensee so chooses, design criteria more restrictive than those defined in § 53.230220(b) may be adopted to support operational flexibilities (e.g., emergency planning requirements under Subpart F of this part). In such cases, applicants and licensees must ensure that the functional design criteria of § 53.420(b), the analysis requirements of

§ 53.450, and identification of special treatment of SSCs and human actions under § 53.460 reflect and support the use of alternative design criteria to obtain additional analytical safety margins. Licensees must ensure that measures taken to provide the analytical margins supporting operational flexibilities are incorporated into design features and programmatic controls and are maintained within programs required in other Subparts.

§ 53.480 Design Control Quality Assurance.

(a) Measures must be established to assure that the design criteria, analysis, categorization and special treatment of SSCs as required by § 53.460 are correctly translated into specifications, drawings, procedures, and instructions. These measures must include provisions to assure that appropriate quality standards are specified and included in design documents and that deviations from such standards are controlled. Measures must also be established for the selection and review for suitability of application of materials, parts, equipment, and processes needed to meet the safety criteria identified per §§ 53.220210 and 53.230220 in accordance with § 53.xxx (construction and procurement subpart).Subpart E of this part. The QA program must conform with generally accepted consensus codes and standards.

(b) Measures must be established for the identification and control of design interfaces in accordance with § 53.490.

(c) The design control measures must provide for verifying or checking the adequacy of design in a manner commensurate with its safety significance, such as by the performance of design reviews, by the use of alternate or simplified calculational methods, or by the performance of a suitable testing program. The verifying or checking process must be performed in accordance with appropriate quality standards. Design changes, including field changes, must be subject to design control measures commensurate with those applied to the original design and be approved by the organization that performed the original design unless the applicant designates another qualified organization.

§ 53.490 Design and Analyses Interfaces.

Measures must be established for the identification and control of interfaces between (a) the plant design and supporting analyses required by this Subpart and (b) the activities addressed by other Subparts over the life of each advanced nuclear plant. These measures must include procedures for the review, approval, release, distribution, and revision of documents involving design interfaces such that design decisions are made in an integrated fashion considering all aspects of the facility impacted by the design or operational change prior to its implementation. Changes to design features and related programmatic controls over the lifetime of an advanced nuclear plant must be considered along with the state of technology, the economics of improvements in relation to the state of technology, operating experience, and

benefits to the public health and safety, and other factors included in the assessments performed under the facility safety program required by § 53.800.

Subpart D - Siting Requirements

§ 53.500 General Siting.

Considerations must be given to the siting of each advanced nuclear plant such that, when combined with associated design features and programmatic controls, the plant will satisfy the first and second tier safety criteria defined in §§ 53.220210 and 53.230220. A siting assessment for each advanced nuclear plantsplant must be performed and must ensure that external hazards and site characteristics that might contribute to the initiation, progression, or consequences of licensing basis events analyzed in accordance with § 53.240 are identified and addressed by design features or programmatic controls. The siting assessments must address the potential adverse impacts that an advanced nuclear plant may have on nearby environs as a result of normal operations or radiological accidents as required by Part 51, Environmental protection regulations for domestic licensing and related regulatory functions, of this chapter.

§ 53.510 External Hazards.

(a) Structures, systems, and components needed to ensure the first tier safety criteria defined in § 53.220210(b) are met must be designed to withstand the effects of natural phenomena (e.g., earthquakes, tornadoes, hurricanes, floods, tsunami, and seiches) and man-related hazards (e.g., dams, transportation routes, military and industrial facilities) of magnitudes up to the design basis external hazard levels without losing the capability to perform the safety functions defined in § 53.210230. The design bases external hazard level for the relevant external hazards for a site must be identified and must address a range of estimated external hazard frequencies from routine to once in one hundred thousand years, with sufficient margin for the limited accuracy, quantity, and period of time used to estimate the hazard.

(b) Safe Shutdown Earthquake Ground Motion. The geologic and seismic siting factors considered for design must include a determination of the Safe Shutdown Earthquake Ground Motion for the site. The Safe Shutdown Earthquake Ground Motion is the vibratory ground motion for which certain structures, systems, and components must be designed to remain functional. The Safe Shutdown Earthquake Motion for the site is characterized by both horizontal and vertical free-field ground motion response spectra at the free ground surface.

The Safe Shutdown Earthquake Ground Motion for the site is determined considering the results of the geological, seismological, and engineering characteristics of a site and its environs. The size of the region to be investigated and the type of data pertinent to the investigations must be determined based on the nature of the region surrounding the proposed site. Data on vibratory ground motion, earthquake recurrence rates, fault geometry and slip rates, and site subsurface material properties must be obtained by reviewing pertinent literature and carrying out field investigations. Uncertainties are inherent in the parameters and models used to estimate the Safe Shutdown Earthquake Ground Motion for the site. These uncertainties must be addressed through an appropriate analysis, such as a probabilistic seismic hazard analysis or suitable sensitivity analyses. The horizontal component of the Safe Shutdown Earthquake Ground Motion in the free-field at the foundation level of the structures must be an appropriate response spectrum with a peak ground acceleration of at least 0.1g.

(c) The analyses required by § 53.450 must address external hazard frequencies and related SSC fragilities in determining reasonable assurance that the second tier safety criteria defined in § 53.230220(b) will be met. Corresponding functional design criteria, programmatic controls and interfaces must be established to achieve and maintain the performance of SSCs relied upon to meet the safety criteria in § 53.230220(b) and to maintain consistency with analyses required by § 53.450.

§ 53.520 Site Characteristics.

Meteorological, geological, seismological, topographical, hydrological, and other characteristics of the site and surrounding area that may have a bearing on the consequences of radioactive material escaping from the subject advanced nuclear plant should be identified, estimated, and considered in the design and analyses required by Subpart C of this part.

§ 53.530 Population-related Considerations.

Every site must have an exclusion area, low population zone, and provide a population center distance as defined in § 53.120. [Note proposed definitions currently provided in 10 CFR 100.3] The offsite radiological consequences estimated by the supporting analyses required by

§ 53.430450 to ensure meeting the second tier safety criteria of § 53.230220(b) are used to define:

(a) An exclusion area of such size that an individual located at any point on its boundary for any two-hour period following onset of the postulated fission product release would not receive in excess of 25 rem (250 mSv) total effective dose equivalent (TEDE).

(b) A low population zone of such size that an individual located at any point on its outer boundary who is exposed to the radioactive cloud resulting from the postulated fission product release (during the entire period of its passage) would not receive in excess of 25 rem (250 mSv) TEDE.

(c) The population center distance must be at least one and one-third times the distance from the reactor to the outer boundary of the low population zone. The boundary of the population center shall be determined upon consideration of population distribution. Political boundaries are not controlling in the calculation of population center distance.

(d) Reactor sites should be located away from very densely populated centers. Areas of low population density are, generally, preferred. However, in determining the acceptability of a particular site located away from a very densely populated center but not in an area of low population density, consideration will be given to safety, environmental, economic, or other factors, which may result in the site being found acceptable.

§ 53.540 Siting Interfaces.

External hazards and site characteristics must be incorporated into, confirmed to be consistent with, or otherwise addressed by the design features, programmatic controls, and supporting analyses used to demonstrate that the first and second tier safety criteria in

§§ 53.220210 and 53.230220 are met for each advanced nuclear plant. Site characteristics must be such that adequate emergency plans and security plans can be developed and maintained. Changes to external hazards or site characteristics over the lifetime of an advanced nuclear plant should be considered in the assessments performed under the facility safety program required by § 53.8008xx.

§ 53.550 Environmental Considerations.

Requirements to address environmental protection regulations must be addressed in accordance with 10 CFR part 51.

Subpart E - Construction and Manufacturing Requirements This subpart is envisioned to address areas such as construction, manufacturing, and procurement.

Specific sections are likely to address areas such as quality assurance, testing, and interfaces with design (change control).

§ 53.600 Construction and Manufacturing - Scope and Purpose.

This subpart applies to those construction and manufacturing activities authorized by a Construction Permit (CP), Combined License (COL), Manufacturing License (ML) or a Limited Work Authorization (LWA) under subpart H of this regulation. The term construction, as defined in § 53.xyz, refers to those activities contributing to meeting the first and second tier safety criteria defined in §§ 53.210 and 53.220, respectively, that are conducted on-site to build the nuclear facility in support of subsequent operations. [Note - Definition of construction to exclude items currently excluded by § 50.10(a)(2)]. The term manufacturing, as defined in

§ 53.xyz, refers to those activities conducted at one or more facilities under a ML for transport to a licensed location for installation and operation.

These requirements are intended to provide assurance that construction and manufacturing activities are managed and conducted such that when combined with associated design features and programmatic controls, the plant will satisfy the first and second tier safety criteria required in §§ 53.210 and 53.220 throughout the plants lifecycle.

§ 53.610 Construction.

(a) Management and Control. Before starting construction activities, the licensee or permit holder must ensure that the following plans, programs, and organizational units are in place to manage and control the construction activities:

(1) Design and analyses that are sufficiently complete to provide assurance that construction will conform with associated requirements in subpart C of this part.

(2) An organization, headed by qualified personnel, responsible for managing, controlling and evaluating the adequacy of the construction activities.

(3) Approved procedures describing the qualifications for personnel in key positions in the licensees or permit holders management and control organization and the organizational responsibilities, authority and interfaces with other parts of the licensees or permit holders organization.

(4) Procedures to evaluate the applicability of other national and international construction experience to the planned and ongoing construction activities and to ensure the applicable experience will be provided to those constructing the plant.

(5) A preliminary plan for coping with emergencies that includes an on-site emergency organization capable of providing first aid, transporting individuals to off-site treatment facilities, decontaminating any radiological hazard and establishing and maintaining arrangements with local off-site organizations that can provide support services, if needed.

(6) A fitness-for-duty program, in accordance with 10 CFR part 26, applicable to the licensees or permit holders construction management and control personnel and to the construction work force.

(7) A Quality Assurance (QA) Program conforming with generally accepted consensus codes and standards, applicable to construction activities, describing the policies, procedures and instructions to be used to ensure the facility is constructed in accordance with the design.

The QA Program must provide control over the activities affecting quality and performance of the safety-related (SR) SSCs and the special treatment of SSCs determined to be safety-significant (SS). As a minimum, the QA Program must include the following:

I. Organization: A description of the personnel and organizational units within the licensees or permit holders organization responsible for QA, including their qualifications, authority and duties. The personnel and organizational units responsible for QA must have sufficient authority and freedom to identify quality problems, initiate or recommend corrective actions and verify satisfactory resolution.

The personnel and organizational units performing the QA functions must report to the construction management and control organization at a high enough level to be independent from other competing interests.

II. Scope: The licensee or permit holder must identify the SR and SS SSCs and other activities covered by the QA program. The planned QA to be performed should be identified in consideration of (1) the requirements contained in the codes and standards used in the design and construction, (2) the specifications and instructions from the design organization, and (3) the potential for other activities to affect the quality or performance of the SR and SS SSCs.

III. Use of Procedures: Construction, fabrication and test activities that could affect the quality or performance of SR and SS SSCs must be conducted using approved procedures, instructions or drawings, where appropriate. The procedures, instructions and drawings must contain qualitative or quantitative acceptance criteria that can be used to determine if the work is satisfactorily completed.

IV. Use of Qualified Personnel: The SR and SS construction activities must be conducted by personnel qualified for the work assigned. The required qualification and associated training must be documented along with records that show the personnel performing the work have been appropriately qualified.

V. Document Control: Measures must be in place to control the issuance of documents such as procedures, instructions and drawings, including any subsequent changes.

These measures must assure that the documents, including any subsequent changes, are reviewed and approved for use by authorized and qualified personnel.

Any document changes must be reviewed and approved by the same organization that approved the original document, unless there is a justified reason for changing the approval process. The measures must also assure that the documents are distributed to and used at the place where the construction activity takes place.

VI. Quality of Purchased Items: Purchase documents for materials, components and services must contain information on quality, such as regulatory requirements, applicable codes and standards, cleanliness requirements and other relevant controls. When appropriate, suppliers should be required to submit to the licensee or permit holder a copy of their QA program that will be used to ensure quality.

Measures must be established to assure that purchased material, components and services for SR and SS SSCs conform to the purchase documents. This applies to material, components and services purchased directly by the licensee or permit holder or indirectly through contractors or subcontractors. These measures must consider objective evidence of quality, such as previous satisfactory performance by the supplier, relevant information submitted by the supplier demonstrating quality, inspections of the supplier carried out by the licensee or permit holder and receipt inspection of the finished product. Documentation that the products conform to the purchase specifications must be maintained by the licensee or permit holder.

Periodic assessments of contractor and subcontractor performance in controlling quality must be conducted by the licensee or permit holder to determine if a degradation in quality has occurred over time and what corrective action is appropriate.

VII. Identification: Measures must be established for the identification and control of materials, parts and components used in the construction of SR SSCs. This must include identification of each item by part number, serial number or other means of identification such that the origin and acceptability of the item can be determined.

Appropriate special treatment associated with construction must be defined and implemented to ensure SSCs determined to be SS satisfy the requirements of

§ 53.460.

VIII. Handling, Shipping and Storage: Measures must be established for the handling, cleaning, storage and shipping of purchased materials and components. These measures must address protection of purchased material and components from damage or contamination during shipping, protection from damage, deterioration, theft or tampering during storage and, if required, providing a special protective environment (e. g. inert atmosphere) for certain items, as specified in the purchase documents.

IX. Control of Items Released for Use in Construction: Measures must be established to control the release of materials, components and other items used in construction (e.g. weld rod, NDE materials) to ensure the released items are consistent with the procedures, instructions or drawings used for construction.

X. Special Conditions and Processes: Measures must be established to ensure that the construction activities and processes (e.g. welding, NDE, testing) are conducted under controlled conditions. These measures include using qualified personnel and procedures in accordance with applicable codes, standards, specifications or other special requirements and establishing a controlled environment, when necessary.

XI. Inspection: An inspection program to verify construction activities are conducted in conformance with approved procedures, instructions or drawings must be established. An inspection plan and schedule must be developed and maintained up to date, in coordination with the construction schedule, identifying the planned inspections. Risk insights should be used to focus the inspection program on the most risk significant components, subcomponents, construction activities and

processes. The inspections must be conducted by personnel independent from those who performed the work. Hold points must be established where there is a critical activity or milestone requiring witnessing or inspection by the licensees or permit holders designated representative. The hold points must be included in the inspection plan and described in the procedures or instructions for conducting the construction activity. Where field changes are proposed or made to the design, the inspection must confirm that the design organization has approved the change, that the change was made using approved procedures, instructions or drawings, including acceptance criteria, and that the change is acceptable.

XII. Testing: All testing required to demonstrate that the SR and SS SSCs perform satisfactorily must be identified in the inspection plan and in the construction procedures and instructions. The testing must be performed using approved written procedures which also contain the acceptance criteria and identify any prerequisites, special test instrumentation, and environmental conditions needed for the test. The test program may include proof tests conducted prior to installation and proof of performance tests conducted after installation to demonstrate satisfactory completion of construction. All instrumentation, tools or other devices used to verify the acceptance criteria have been met must be properly calibrated and controlled to maintain accuracy.

XIII. Inspection and Test Status: Measures must be established to indicate the status of each SR and SS SSC with respect to inspection, testing and acceptance. In addition, the operating status of equipment such as valves, switches, pumps, etc.

should be clearly indicated to prevent inadvertent operation or a change in power status.

XIV. Corrective Action: Measures must be established to ensure that defective material, components or other non-conforming items are identified and corrected. The cause of the non-conformance must be identified and, along with the corrective action, reported to management. Where repetitive non-conformances are identified, management should be notified and action taken to correct any systemic cause.

XV. Record Keeping: Measures must be established for the retention of records related to procurement, receipt inspection, inspections, tests and test logs, procedures, instructions, and drawings used for construction, personnel qualification, corrective actions, and audits. The licensee or permit holder is responsible for determining the duration, location, and responsibility for the record keeping.

XVI. Audits of the QA Program: Planned and periodic audits shall be carried out to verify compliance with all aspects of the QA Program and to determine the effectiveness of the program. Audits shall be conducted using written procedures or checklists using trained personnel not having direct responsibilities in the areas being audited. Audit results shall be documented and reviewed by management having responsibility in the areas audited.

(8) A radiation protection program, that includes measures for monitoring the dose to individuals working with radioactive materials brought onto the site, must be established in accordance with 10 CFR part 20.

(9) An information security program must be established in accordance with 10 CFR 73.21, 73.22 and 73.23, as applicable.

(10) Construction activities must conform to a cyber security program established in accordance with 10 CFR 73.54, as applicable.

(11) Posting of Requirements.

(i) Signs and labels, in accordance with subpart J of 10 CFR part 20, must be posted where there is a potential radiation hazard.

(ii) Each individual, licensee, permit holder, partnership, corporation, dedicating entity, or other entity subject to the regulations in this subpart must post current copies of the regulations in this subpart; Section 206 of the Energy Reorganization Act of 1974 (ERA); and procedures adopted under the regulations in this subpart.

(iii) If posting of the regulations in this subpart or the procedures adopted under the regulations in this subpart is not practical, the licensee, permit holder or firm subject to the regulations in this subpart must, in addition to posting Section 206 of the ERA, post a notice which describes the regulations/procedures, including the name of the individual to whom reports may be made, and states where the regulation, procedures, and reports may be examined.

(b) Construction Activities (1) Licensees or permit holders must meet the following requirements:

I. As appropriate, considering the types and quantities of radioactive materials being brought onto the site.

i. The licensee or permit holder must maintain and follow a special nuclear material (SNM) Material Control and Accounting (MC&A) Program, a measurement control program, and other material control procedures that include corresponding record management requirements as required by the provisions of 10 CFR 70.32. Prior to initial receipt of SNM onsite, the permit holder (or licensee) shall implement a SNM MC&A Program in accordance with 10 CFR part 74.

ii. Procedures must be in place to receive, possess, and use source, byproduct, and SNM in accordance with applicable portions of 10 CFR parts 30, 40, and 70.

iii. A plant staff training program associated with the receipt of radioactive material must be approved and implemented prior to initial receipt of byproduct, source or SNM (excluding exempt quantities as described in 10 CFR 30.18).

II. For construction of nuclear power plants to be operated on multi-unit sites, plans and procedures must be in place prior to the start of construction activities to prevent and/or mitigate potential hazards to the SSCs of operating units resulting from construction activities, including the managerial and administrative controls to be used to provide assurance that the limiting conditions for operation of the operating units are not exceeded as a result of construction activities at the multi-unit sites. [The term site refers to the contiguous real estate on which nuclear units are located and for which one or more licensees has the legal right to control access by individuals and to restrict and use for purposes of limiting the potential doses from radiation or radioactive material during normal operation of the units.]

III. Procedures must be in place prior to the start of construction activities that describe how construction will be controlled so as not to impact other features important to the design, such as dewatering, slope stability, backfill, compaction and seepage.

IV. A plan must be developed for redress of activities performed under the CP or LWA should one of the following situations arise:

(a) CP or LWA work activities are terminated by the holder of the CP or LWA (b) the CP or LWA is revoked by the NRC (c) the Commission denies the associated operating license application.

(2) On-site fresh fuel storage must be in compliance with 10 CFR 73.67 or within a protected area in compliance with 10 CFR 73.55. Before fuel is brought within a protected area, a cyber security program that meets the requirements of 10 CFR 73.54, a physical security program that meets the requirements of 10 CFR 73.55 and an access authorization program that meets the requirements of 10 CFR 73.56 must be established.

(3) Fire protection measures for work and storage areas (including adjacent fire areas that could affect the work or storage area) must be implemented before initial receipt of byproduct, source, or non-fuel SNM (excluding exempt quantities as described in 10 CFR 30.18). The fire protection measures for areas associated with new fuel (including all fuel handling, fuel storage, and adjacent fire areas that could affect the new fuel) must be implemented before receipt of fuel. Prior to the receipt of fuel, a formal letter of agreement must be in place with the local fire department specifying the nature of arrangements in support of the fire protection program.

(c) Inspection and Acceptance (1) The licensee or permit holder must have a process for accepting individual or groups of SSCs upon completion of construction and protecting them from damage or tampering as other construction activities continue.

(2) The post construction acceptance process must consider the results of the inspections, pre-operational tests, and analyses that have been performed and the acceptance criteria that are necessary and sufficient to conclude that there is reasonable assurance the facility has been constructed and will be operated in conformity with the operating license, the provisions of the Atomic Energy Act, and the Commissions rules and regulations.

(d) Communication Procedures for communication among elements of the construction program must be established that require:

(1) Interfacing among construction activities, inspections and other ongoing work.

(2) Coordination with operating units on the site.

(3) Coordination with site preparation activities for other units being built on the site to ensure site characteristics (e.g. drainage) remain acceptable.

(4) Coordination with NRC on planned inspections.

§ 53.620 Manufacturing (a) Management and Control

Before starting manufacturing activities, the licensee must ensure that the following plans, programs and organizational units are in place to manage and control the manufacturing activities:

(1) Design and analysis performed in accordance with subpart C.

(2) An organizational and management structure responsible for the managing, controlling and evaluating the adequacy of the reactor design and manufacturing activities.

(3) Approved procedures describing the qualifications for personnel in key positions in the licensees management and control organization and the organizational responsibilities, authority, and interfaces with other parts of the licensees organization.

(4) A program to evaluate the applicability of other national and international design and manufacturing experience to the planned and ongoing manufacturing activities.

(5) A fitness for duty program, in accordance with 10 CFR part 26, applicable to the licensees management and control organization personnel and the manufacturing work force.

(6) A QA program conforming with generally accepted consensus codes and standards, applicable to design and manufacturing activities, describing the policies, procedures and instructions to be used to ensure that the reactor is designed and manufactured must be established. The QA Program must provide control over the activities affecting quality and performance of the SR SSCs and the special treatment of SSCs determined to be SS consistent with their risk significance. As a minimum, the QA Program must include the following:

I. Organization: A description of the personnel and organizational units within the licensees organization responsible for QA, including their qualifications, authority and duties. The personnel and organizational units responsible for QA must have sufficient authority and freedom to identify quality problems, initiate or recommend corrective actions and verify satisfactory resolution. The personnel and organizational units performing the QA functions must report to the design and manufacturing management and control organization at a high enough level to be independent from other competing interests.

II. Scope: The licensee must identify the SR and SS SSCs and activities covered by the QA program. The planned QA activities to be performed should be identified in consideration of (1) the requirements contained in the codes and standards used in the design and manufacturing, (2) the specifications and instructions from the design organization, (3) best industry practices and (4) the potential for other activities to affect the quality or performance of the SR and SS SSCs.

III. Use of Procedures: Design, manufacturing, fabrication and test activities that could affect the quality or performance of SR and SS SSCs must be conducted using approved procedures, instructions or drawings, where appropriate. The procedures, instructions and drawings must contain qualitative or quantitative acceptance criteria that can be used to determine if the work is satisfactory.

IV. Use of Qualified Personnel: The SR and SS design and manufacturing activities must be conducted using personnel qualified for the work assigned. The required

qualification and associated training must be documented along with records that show the personnel performing the work have been appropriately qualified.

V. Document Control: Measures must be in place to control the issuance of documents such as procedures, instructions and drawings, including any subsequent changes.

These measures must assure that the documents, including any subsequent changes, are reviewed and approved for use by authorized and qualified personnel.

Any document changes must be reviewed and approved by the same organization that approved the original document, unless there is a justified reason for changing the approval process. The measures must also assure that the documents are distributed to and used at the place where the manufacturing activity takes place.

VI. Quality of Purchased Items: Purchase documents for materials, components and services must contain information on quality, such as regulatory requirements, applicable codes and standards, cleanliness requirements and other relevant controls. When appropriate, suppliers should be required to submit to the licensee a copy of their QA program that will be used to ensure quality. Measures must be established to assure that purchased material, components and services for SR and SS SSCs conform to the purchase documents. This applies to material, components and services purchased directly by the licensee or indirectly through contractors or subcontractors. These measures must consider objective evidence of quality, such as previous satisfactory performance by the supplier, relevant information submitted by the supplier demonstrating quality, inspections of the supplier carried out by the licensee and receipt inspection of the finished product. Documentation that the products conform to the purchase specifications must be maintained by the licensee.

Periodic assessments of contractor and subcontractor performance in controlling quality must be conducted by the licensee to determine if a degradation in quality has occurred over time and what corrective action is appropriate.

VII. Identification: Measures must be established for the identification and control of materials, parts and components used in the manufacturing of SR SSCs. This must include identification of each item by part number, serial number or other means of identification such that the origin and acceptability of the item can be determined.

Appropriate special treatment must be defined and implemented to ensure SSCs determined to be SS satisfy the requirements of § 53.460 VIII. Handling, Shipping and Storage: Measures must be established for the handling, cleaning, storage and shipping of purchased materials and components. These measures must address protection of purchased material and components from damage or contamination during shipping, protection from damage, deterioration, theft or tampering during storage and, if required, providing a special protective environment (e. g. inert atmosphere) for certain items, as specified in the purchase documents.

IX. Control of Items Released for Use in Manufacturing: Measures must be established to control the release of materials, components and other items used in manufacturing (e. g. weld rod, NDE materials) to ensure the released items are consistent with the manufacturing license.

X. Special Conditions and Processes: Measures must be established to ensure that the manufacturing activities and processes (e.g. welding, NDE and testing) are conducted under controlled conditions. These measures include using qualified personnel and procedures in accordance with applicable codes, standards,

specifications, manufacturing license, or other special requirements and establishing a controlled environment, when necessary.

XI. Inspection: An inspection program to verify manufacturing activities are conducted in conformance with approved procedures, instructions or drawings must be established. An inspection plan and schedule must be developed and maintained up to date, in coordination with the manufacturing schedule, identifying the planned inspections. Risk insights should be used to focus the inspection program on the most risk significant components, subcomponents, manufacturing activities and processes. The inspections must be conducted by personnel independent from those who performed the work. Hold points must be established where there is a critical activity or milestone requiring witnessing or inspection by the licensees designated representative. The hold points must be described in the inspection plan and included in the procedures or instructions for conducting the manufacturing activity. Where field changes are proposed or made to the design, the inspection must confirm that the design organization has approved the change, that the change was made using approved procedures, instructions or drawings, including acceptance criteria, and that the change was satisfactorily made.

XII. Testing: All testing required to demonstrate that the SR and SS SSCs will perform satisfactorily must be identified in the inspection plan and in the manufacturing procedures or instructions. The testing must be performed using approved written procedures which also contain the acceptance criteria and identify any prerequisites, special test instrumentation and environmental conditions needed for the test. The test program may include proof tests conducted prior to installation and proof of performance tests conducted after installation to demonstrate satisfactory completion of manufacturing. All instrumentation, tools or other devices used in the testing must be properly calibrated and controlled to maintain accuracy.

XIII. Inspection and Test Status: Measures must be established to indicate the status of each SR and SS SSC with respect to inspection, testing and acceptance. In addition, the operating status of equipment such as valves, switches, pumps, etc. should be clearly indicated to prevent inadvertent operation or a change in power status.

XIV. Corrective Action: Measures must be established to ensure that defective material, components or other non-conforming items are identified and corrected. The cause of the non-conformance must be identified and, along with the corrective action, reported to management. Where repetitive non-conformances are identified, management should be notified and action taken to correct any systemic cause. If the non-conformance could represent a substantial safety hazard, reporting in compliance with 10 CFR part 21 should also made.

XV. Record Keeping: Measures must be established for the retention of records related to design, procurement, receipt inspection, inspections and inspection records, tests and test logs, procedures, instructions and drawings used in manufacturing, personnel qualification, corrective actions and audits. The licensee is responsible for determining the duration, location and responsibility for the record keeping.

XVI. Audits of the QA Program: Planned and Periodic audits shall be carried out to verify compliance with all aspects of the QA Program and to determine the effectiveness of the program. Audits shall be conducted using written procedures or checklists using trained personnel not having direct responsibilities in the areas being audited. Audit

results shall be documented and reviewed by management having responsibility in the areas audited (7) A Radiation Protection Program that includes measures for monitoring the dose to individuals working with radioactive materials must be established in accordance with 10 CFR part 20.

(8) An information security program must be established in accordance with 10 CFR 73.21, 73.22 and 73.23, as applicable.

(9) A cyber security program must be established in accordance with 10 CFR 73.54, as applicable.

(10) Posting of Requirements (i) Signs and labels, in accordance with subpart J of 10 CFR part 20, must be posted where there is a potential radiation hazard.

(ii) Each individual, licensee, partnership, corporation, dedicating entity, or other entity subject to the regulations in this subpart must post current copies of the regulations in this part, Section 206 of the Energy Reorganization Act of 1974 (ERA) and procedures adopted under the regulations in this subpart.

(iii) If the posting of the regulations in this subpart or the procedures adopted under the regulations in this subpart is not practical, the licensee or firm subject to the regulations in this subpart must, in addition to posting Section 206 of the ERA, post a notice which describes the regulations/procedures, including the name of the individual to whom reports may be made, and states where the regulation, procedures and reports may be examined.

(b) Manufacturing Activities (1) Licensees must meet the following requirements:

I. The manufacturing process must be conducted within facilities that are controlled by the manufacturing license holder. This licensee must establish access controls to the portions of each facility involved in the manufacturing processes governed by the ML II. Manufacturing processes must be performed in accordance with the ML and the referenced generally accepted consensus codes and standards III. Quality control of the manufacturing process and key steps within the process must be ensured by appropriate verifications, inspections, and tests as required by paragraph (a) of this section.

IV. As appropriate considering the types and quantities of radioactive materials being brought into the manufacturing facility;

i. Procedures must be in place to receive, possess and use source, byproduct and SNM in accordance with the applicable portions of 10 CFR parts 30, 40 and 70.

ii. A fire protection program must be approved and implemented before the initial receipt of byproduct, source, or non-fuel SNM (excluding exempt quantities as described in 10 CFR 30.18). The fire protection measures for areas associated with fresh fuel (including all fuel handling, fuel storage and adjacent areas where a fire could affect the fresh fuel) must be implemented before receipt of fresh fuel at the

manufacturers facility. Prior to the receipt of fuel at the manufacturers facility, a formal letter of agreement must be in place with the local fire department specifying the nature of arrangements in support of the fire protection program.

iii. An emergency plan for responding to the radiological hazards of an accidental release of special nuclear material and to any associated chemical hazards directly incident thereto must be approved and implemented prior to the receipt of byproduct, source, or SNM (excluding exempt quantities as described in 10 CFR 30.18).

iv. A plant staff training program associated with the receipt of radioactive material must be approved and implemented before initial receipt of byproduct, source or SNM (excluding exempt quantities as described in 10 CFR 30.18).

v. Prior to the receipt of fresh fuel at the manufacturers facility, the following measures must be in place:

a. A physical security program for the storage of fresh fuel in accordance with 10 CFR 73.67 or 10 CFR 73.54, 10 CFR 73.55, and 10 CFR 73.56.

b. An access authorization program in accordance with 10 CFR 73.56.

c. A Material Control and Accounting Program in accordance with 10 CFR part 74.

d. Measures to prevent criticality accidents in accordance with 10 CFR 70.24.

vi. Procedures shall be in place to describe how the facility design and manufacturing process will minimize, to the extent practicable, contamination of the facility and the environment, facilitate eventual decommissioning, and minimize, to the extent practicable, the generation of radioactive waste. Manufacturing licensees shall, to the extent practical, conduct operations to minimize the introduction of residual radioactivity into the facility site, including the subsurface, in accordance with the approved radiation protection program.

vii. A post manufacturing inspection and acceptance process must be established and implemented prior to fuel loading or shipping. The process must consider the results of inspections, pre-operational tests and analyses that have been performed and the acceptance criteria that are necessary and sufficient to conclude that there is reasonable assurance the reactor has been manufactured in accordance with the ML.

(c) Fuel Loading [to be more fully developed if pursued]

(1) If the ML authorizes fuel loading at the manufacturing facility, the following must be in place prior to the receipt of SNM:

(I) Radiation monitoring instrumentation and alarms.

(II) Criticality monitoring instrumentation and alarms.

(III) Procedures, equipment, and personnel qualified to handle fresh fuel, load it into the reactor, monitor the reactivity, conduct any low power physics tests necessary for acceptance and secure the fuel and reactor assembly for shipment.

(IV)A physical security program that meets the requirements of 10 CFR 73.55.

(V) An access control program that meets the requirements of 10 CFR 73.56.

(VI) A cyber security program must be established in accordance with 10 CFR 73.54, as applicable.

(2) If the ML authorizes criticality testing or other nuclear-related testing at the manufacturing facility, design features and programmatic controls must be developed, implemented, and maintained to achieve the following:

(I) Criticality Control (II) Radiation Protection (III) Safety Protocols (IV)Other ?

(d) Communication The applicant must coordinate with NRC on planned manufacturing activities, inspections, and nuclear-related testing.

(e) Transportation (1) A holder of a manufacturing license may not transport or allow to be removed from the places of manufacture the manufactured reactor or major portions thereof as defined in the ML except to the site of a licensee with either a construction permit or a combined license. The construction permit or combined license must authorize the construction of a nuclear power facility using the manufactured reactor(s).

(2) A holder of a manufacturing license shall include, in any contract governing the transport of a manufactured reactor or major portions thereof as defined in the ML from the places of manufacture to any other location, a provision requiring that the person or entity transporting the manufactured reactor to comply with all NRC-approved shipping requirements in the manufacturing license.

(3) Procedures governing the preparation of the manufactured reactor or major portions thereof as defined in the ML for transport and the conduct of the transport must be prepared and approved prior to transport. The procedures must implement the protective measures and restrictions described in the ML to protect the reactor from damage, contamination, or accidental criticality, if containing fuel.

(4) If the reactor contains fuel, the packaging and shipping must be done in compliance with 10 CFR parts 71 and 73.

(f) Acceptance and Installation at the Site (1) Installation at the site must follow the regulations in §53.610 of this subpart.

(2) Upon arrival at the site, the manufactured reactor must be certified to be in compliance with the ML and inspected, using approved procedures, to verify it is in acceptable condition. These procedures must also include confirming appropriate interfaces between the manufactured reactor and the remaining portions of the nuclear power plant. Upon completion of the inspections, but prior to installation at the site, it must be concluded that:

(i) The reactor has arrived with no damage or contamination that could affect its safe operation.

(ii) The reactor has been manufactured in conformity with the manufacturing license; the provisions of the Act, and the Commission's rules and regulations; and (iii) The manufactured reactor can be operated safely in conformity with the approved design.

For Information; Current Definitions

[10 CFR 50.10] (a) Definitions. As used in this section, construction means the activities in paragraph (a)(1) of this section, and does not mean the activities in paragraph (a)(2) of this section.

(1) Activities constituting construction are the driving of piles, subsurface preparation, placement of backfill, concrete, or permanent retaining walls within an excavation, installation of foundations, or in-place assembly, erection, fabrication, or testing, which are for:

(i) Safety-related structures, systems, or components (SSCs) of a facility, as defined in 10 CFR 50.2; (ii) SSCs relied upon to mitigate accidents or transients or used in plant emergency operating procedures; (iii) SSCs whose failure could prevent safety-related SSCs from fulfilling their safety-related function; (iv) SSCs whose failure could cause a reactor scram or actuation of a safety-related system; (v) SSCs necessary to comply with 10 CFR part 73; (vi) SSCs necessary to comply with 10 CFR 50.48 and criterion 3 of 10 CFR part 50, appendix A; and (vii) Onsite emergency facilities, that is, technical support and operations support centers, necessary to comply with 10 CFR 50.47 and 10 CFR part 50, appendix E.

(2) Construction does not include:

(i) Changes for temporary use of the land for public recreational purposes; (ii) Site exploration, including necessary borings to determine foundation conditions or other preconstruction monitoring to establish background information related to the suitability of the site, the environmental impacts of construction or operation, or the protection of environmental values; (iii) Preparation of a site for construction of a facility, including clearing of the site, grading, installation of drainage, erosion and other environmental mitigation measures, and construction of temporary roads and borrow areas; (iv) Erection of fences and other access control measures; (v) Excavation; (vi) Erection of support buildings (such as, construction equipment storage sheds, warehouse and shop facilities, utilities, concrete mixing plants, docking and unloading facilities, and office buildings) for use in connection with the construction of the facility;

(vii) Building of service facilities, such as paved roads, parking lots, railroad spurs, exterior utility and lighting systems, potable water systems, sanitary sewerage treatment facilities, and transmission lines; (viii) Procurement or fabrication of components or portions of the proposed facility occurring at other than the final, in-place location at the facility; (ix) Manufacture of a nuclear power reactor under a manufacturing license under subpart F of part 52 of this chapter to be installed at the proposed site and to be part of the proposed facility; or (x) With respect to production or utilization facilities, other than testing facilities and nuclear power plants, required to be licensed under Section 104.a or Section 104.c of the Atomic Energy Act of 1954, as amended, the erection of buildings which will be used for activities other than operation of a facility and which may also be used to house a facility (e.g., the construction of a college laboratory building with space for installation of a training reactor).

Subpart F - Requirements for Operation Preliminary rule language for Subpart F, § 53.890 - Facility Safety Program, was previously released to support interactions with stakeholders, including a public meeting on January 7, 2021 (ADAMS Accession No. ML20337A432). This version does not reflect possible revisions in response to those interactions but is being provided to provide context for preliminary versions of other Subparts.

This revision does include new preliminary proposed rule language for Subpart F, § 53.820 -

Emergency Preparedness, and § 53.830 - Security Program.

§ 53.700 Operational objectives.

Each licensee shall define, implement, and maintain controls for plant SSCs, responsibilities of plant personnel, and plant programs during the operating life of each advanced nuclear plant such that the first and second tier safety criteria defined in §§ 53.210 and 53.220 are satisfied. Each licensee shall maintain the capabilities and reliabilities of facility structures, systems, and components to ensure that the safety functions identified in § 53.230 will be performed if called upon during normal operations and licensing basis events. Each licensee shall ensure that plant personnel have adequate knowledge and skills to perform their assigned duties that support the performance of the safety functions identified in § 53.230.

Each licensee shall implement plant programs during operations sufficient to ensure that the safety functions identified in § 53.230 will be performed if called upon during normal operations and licensing basis events.

§ 53.710 Transition from construction/manufacturing to operation.

The applicant or licensee shall prepare a transition plan from construction to operations for each advanced nuclear plant. The plan must identify all testing or verifications required to:

(a) Before plant operation, demonstrate that the SR and NSRSS SSCs have been appropriately constructed or manufactured to further ensure those SSCs have the capabilities needed to perform or support the safety functions of § 53.230 and satisfy the first and second tier safety criteria defined in §§ 53.210 and 53.220; (b) Demonstrate that plant personnel are appropriately licensed, trained, and otherwise capable and available to support the safety functions of § 53.230 and satisfy the first and second tier safety criteria defined in §§ 53.210 and 53.220;

(c) Demonstrate that all programs, procedures, and controls have been prepared and implemented to support the safety functions of § 53.230 and satisfy the first and second tier safety criteria defined in §§ 53.210 and 53.220.

§ 53.720 Maintaining capabilities and availability of structures, systems, and components.

Controls must be provided for each advanced nuclear plant such that the capabilities and reliability of SSCs, when combined with associated programmatic controls and human actions, provide reasonable assurance that the safety criteria defined in §§ 53.210(b) and 53.220(b) will be met.

(a) Technical Specifications must be developed and implemented that define conditions or limitations on plant operations that are necessary to provide reasonable assurance that SR SSCs fulfill the safety functions identified in § 53.230 and that satisfy the first tier safety criteria of § 53.210(b). The technical specifications must describe the following requirements:

(1) Limits on the inventory of radioactive materials within the reactor system and supporting systems with the potential, individually or collectively, to cause a release exceeding the safety criteria in § 53.210(b) as a result of a design basis accident analyzed in accordance with § 53.450(e).

(2) Operating limits for the facility that if exceeded could lead to a failure to perform a required safety function necessary to meet the safety criteria in § 53.210(b).

(3) For each SSC classified as SR in accordance with § 53.460, technical specifications must define:

(i) Limiting conditions for operation. Limiting conditions for operation are the lowest functional capability or performance levels of SR SSCs required to provide reasonable assurance that the design basis accidents analyzed in accordance with § 53.450(e) would not give rise to an immediate threat to the public health and safety as represented by the first tier safety criteria of § 53.210(b). When a limiting condition for operation is not met, the licensee must shut down the plant or follow any remedial action permitted by the technical specifications until the condition will be met.

(ii) Surveillance requirements. Surveillance requirements relate to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained and that the limiting conditions for operation will be met.

(4) Design attributes. Design attributes to be included are those attributes of the facility such as materials of construction and geometric arrangements, which, if altered or modified, would have a significant effect on safety and are not covered in categories described in paragraphs (a)(1)-(3) of this section.

(5) Administrative controls. Administrative controls are the provisions relating to organization and management, procedures, recordkeeping, review and audit, and reporting necessary to assure operation of the facility in a safe manner. Each licensee must submit any reports to the Commission pursuant to approved technical specifications as specified in § 53.40.

(6) Decommissioning. This paragraph applies only to advanced nuclear plants that have submitted the certifications required by subpart G of this part. Technical specifications involving limiting conditions for operation; surveillance requirements; design features; and administrative controls will be developed on a case-by-case basis.

(b) Controls on plant operations, including availability controls, must be developed and implemented to provide reasonable confidence that the configurations and special treatments for NSRSS SSCs provide the capabilities and reliabilities required to satisfy the second tier safety criteria of § 53.220(b). The controls must:

(1)(i) Identify who within the advanced nuclear plant has authority to make configuration changes;

(ii) Establish processes to make configuration changes to the advanced nuclear plants system; and (iii) Establish processes to ensure that all departments of the advanced nuclear plant affected by the configuration changes are formally notified and approve of the change; and (2) Describe the means by which the special treatments for each NSRSS SSC will be provided and maintained over the operating life of the advanced nuclear plant. [examples would include appropriate surveillances, reliability assurance programs, etc.]

§ 53.730 Maintenance, repair and inspection programs.

(a) A program to control maintenance activities and monitor the performance or condition of SR and SS SSCs must be developed and implemented to provide reasonable assurance that the safety criteria defined in §§ 53.210(b) and 53.220(b) of this part will be met.

(b) Whenever a licensee determines through activities related to maintenance, repair, and inspection of SSCs, the activities under § 53.720, or otherwise that the performance or condition of a NSRSS SSC does not meet established special treatment requirements or performance goals related to capabilities or reliabilities, the licensee must take appropriate corrective action.

(c) Performance and condition monitoring activities and associated goals and preventive maintenance activities must be evaluated at least every 24 months. The evaluations must take into account, where practical, industry-wide operating experience. Adjustments must be made where necessary to ensure that the objective of preventing failures of SSCs through maintenance is appropriately balanced against the objective of minimizing unavailability of SSCs due to monitoring or preventive maintenance.

(d) Before performing maintenance activities (including but not limited to surveillance, post-maintenance testing, and corrective and preventive maintenance), the licensee must assess and manage the increase in risk that may result from the proposed maintenance activities. The scope of the assessment may be limited to SSCs that a risk-informed evaluation process determines are necessary to provide reasonable assurance that the performance measures defined in §§ 53.210(b) and 53.220(b) of this part will be met.

§ 53.740 Design control.

The potential for adverse effects on safety, security, EP, operations, or other items related to plant safety must be assessed during the design process and before implementing design or operational changes. This includes planned and emergent changes, such as physical modifications, procedural changes, changes to operator actions or security assignments, maintenance activities, system reconfigurations, access modifications or restrictions, and changes to the emergency plan and security plan or their implementation. Accordingly, measures must be established for the identification and control of interfaces among plant activities. These measures must include procedures for the review, approval, release, distribution, and revision of documents involving design interfaces such that design decisions are made in an integrated fashion considering all aspects of the facility impacted by the design or operational change prior to its implementation.

§ 53.800 Programs Programs must be provided for each advanced nuclear plant such that, when combined with associated design features and human actions, the plant will satisfy the first and second tier safety criteria defined in §§ 53.210 and 53.220. Programs must also support continued assurance that the safety functions identified in § 53.230 are maintained during normal operations and licensing basis events. The required plant programs must include but are not necessarily limited to the programs described in the following sections of this Subpart.

§ 53.810 Radiation Protection (a) Each licensee under this part must develop and implement a Radiation Protection Program for operations that is commensurate with the scope and extent of licensed activities under this part and includes measures for limiting and monitoring radioactive plant effluents and limiting and monitoring the dose to individuals working with radioactive materials in accordance with 10 CFR part 20.

(b) Each licensee under this part must develop, implement, and maintain a program for the control of radioactive effluents and for keeping the doses to members of the public from radioactive effluents as low as reasonably achievable. The program shall be contained in an Offsite Dose Calculations Manual (ODCM), shall be implemented by procedures, and shall include remedial actions to be taken whenever the program limits are exceeded. The ODCM shall:

(i) contain the methodology and parameters used in the calculation of offsite doses resulting from radioactive gaseous and liquid effluents, in the calculation of gaseous and liquid effluent monitoring alarm and trip setpoints, and in the conduct of the radiological environmental monitoring program; and (ii) contain the radioactive effluent controls and radiological environmental monitoring activities, and descriptions of the information that should be included in the Annual Radiological Environmental Operating, and Radioactive Effluent Release Reports required by § 53.xyz

[Subpart J].

(c) [Additional provisions may be added if needed]

§ 53.820 Emergency Preparedness [work in progress]

Each licensee under this part must develop and maintain, an emergency response plan that provides reasonable assurance that adequate protective measures can and will be taken in the event of a radiological emergency.

(a) The emergency plan must contain information needed to demonstrate compliance with the elements set forth in:

(1) 10 CFR 50.160 of this chapter; or (2) the requirements in appendix E to 10 CFR part 50 and the planning standards in

§ 50.47.

(b) [Reserved]

§ 53.830 Security Program (a) Physical Protection Program. Each licensee under this part must establish, maintain, and implement a physical protection program meeting the following requirements:

(1) The licensee must implement security requirements for the protection of special nuclear material based on the form, enrichment, and quantity in accordance with 10 CFR part 73, as applicable, and implement security requirements for the protection of Category 1 and Category 2 quantities of radioactive material in accordance with 10 CFR part 37, as applicable; and (2) The licensee must meet the provisions set forth in either 10 CFR 73.55 or 73.100, unless the licensee meets the following criterion.

(i) The radiological consequences from a hypothetical, unmitigated event involving the loss of engineered systems for decay heat removal and possible breaches in physical structures surrounding the reactor, spent fuel, and other inventories of radioactive materials result in offsite doses below the values in § 53.210(b)(1) and (2) of this chapter.

(ii) The licensee must perform a site-specific analysis to demonstrate that the criterion in § 53.830(a)(2)(i) is met. The licensee must maintain the analysis [consistent with the requirements for maintaining licensing basis information in Subpart I, currently under development] until the permanent cessation of operations under § 53.XXX.

(b) Fitness for Duty. Each licensee under this part must establish, maintain, and implement a fitness for duty (FFD) program that meets the requirements in 10 CFR part 26.

(c) Access Authorization. Each licensee under this part must establish, maintain, and implement an Access Authorization program that meets the requirements in 10 CFR 73.120 if the criterion in § 53.830(a)(2)(1) is met, or § 73.56, if the criterion is not met.

(d) Cyber Security. Each licensee under this part must establish, maintain, and implement a cyber security program that meets the requirements in 10 CFR 73.110.

(e) Information Security. Each licensee under this part must establish, maintain, and implement an information protection system that meets the requirements of 10 CFR 73.21, 73.22, and 73.23, as applicable.

§ 53.840 Quality Assurance (a) Each licensee under this part is responsible for the establishment and execution of the quality assurance program (QAP). The licensee may delegate to others, such as contractors, agents, or consultants, the work of establishing and executing the quality assurance program, or any part thereof, but shall retain responsibility for the QAP. The authority and duties of persons and organizations performing activities affecting the safety-related functions of structures, systems, and components shall be clearly established and delineated in the QAP. A written QAP manual must be developed and used to guide the conduct of the program in accordance with generally accepted consensus codes and standards. QA activities must be based upon written procedures and address the following:

1. Use of qualified personnel and written procedures

2. Procurement of goods and services

3. Handling, shipping and storage of materials and components

4. Testing and inspections

5. Corrective actions

6. Document control

7. Configuration control

8. Design control

8. Record keeping

9. Auditing (b) The results of the QA activities must be documented, along with any recommendations, and provided to facility management for action. Audits, both planned and unannounced, of the QAP must be performed to assess its effectiveness, with the results documented and provided to facility management.

(c) [Additional provisions may be added if needed]

§ 53.850 Integrity Assessment Programs Each licensee under this part must develop and implement an integrity assessment program to monitor, evaluate and manage:

(a) the effects of plant aging on SR and NSRSS SSCs as well as any NSS SSCs whose failure could affect the performance of plant safety functions. The program may refer to surveillances, tests, and inspections conducted for specific SSCs in accordance with other requirements in this part or conducted in accordance with applicable accepted consensus codes and standards; (b) cyclic or transient load limits to ensure SSCs are maintained within the applicable design limits; (c) degradation mechanisms related to chemical interactions, operating temperatures, effects of irradiation, and other environmental factors to ensure the capabilities and reliabilities of SSCs satisfy the functional design criteria of §§ 53.410(b) and 53.420(b).

§ 53.860 Fire Protection (a)(1) Each licensee under this part must have a fire protection plan that describes the overall fire protection program for the facility, identifies the various positions within the licensee's organization that are responsible for the program, states the authorities that are delegated to each of these positions to implement those responsibilities, and outline the plans for fire protection, fire detection and suppression capability, and limitation of fire damage.

(2) The fire protection plan must also describe specific features necessary to implement the program described in paragraph (a)(1) of this section such as: administrative controls and personnel requirements for fire prevention and manual fire suppression activities; automatic and manually operated fire detection and suppression systems; and the means to limit fire damage to SR and NSRSS structures, systems, or components so that the capability to meet the requirements of § 53.210 is ensured.

(b)(1) Each licensee under this part must develop a performance-based or deterministic fire protection program that seeks to meet the safety criteria outlined in §§ 53.210 and 53.220, related safety functions outlined in § 53.230, and defense in depth as outlined in § 53.250 with specific fire protection measures related to fire prevention, fire detection, and fire suppression.

(2) The fire protection program must comply with the following: (i) SR and NSRSS structures, systems, and components must be designed and located to minimize, consistent with other safety requirements, the probability and effect of fires and explosions.

(ii) Noncombustible and fire- resistant materials shall be used wherever practical throughout the facility, particularly in locations with SR and NSRSS structures, systems, or components.

(iii) Fire detection and fighting systems of appropriate capacity and capability shall be provided and designed to minimize the adverse effects of fires on SR and NSRSS structures, systems, and components.

(iv) Firefighting systems shall be designed to ensure that their rupture or inadvertent operation does not significantly impair the safety capability of these structures, systems, and components.

§ 53.870 Inservice Inspection/Inservice Testing (a) Each applicant and licensee under this part must develop and implement programs for In-Service Inspection (ISI) and In-Service Testing (IST) prior to receiving an operating license. The ISI/IST program must include all inspections and tests required by the codes and standards used in the design and be supplemented by risk insights that identify the most important SSCs to plant safety. The types of testing and inspections and their frequency should be informed by the risk insights so as to maintain the SSC reliability and performance consistent with the design. Risk insights must also be used to determine when to conduct the inspections and tests (e.g., full power, shutdown, refueling) so as to minimize risk to the plant and the public. The ISI/IST program must be documented in a written manual and managed by qualified personnel reporting to the Plant Manager.

(b) Prior to starting plant operation, baseline inspections and testing must be performed using the same techniques as will be used for future inspections and testing. These inspection and testing results must be used as benchmarks for evaluating the results of future inspections and tests. Sufficient room and support must be provided to accommodate the personnel, ISI/IST equipment and shielding necessary to perform the inspections and testing. Acceptance criteria for determining whether or not corrective action is needed must be developed (or taken from the codes and standards used in the design) for evaluating the results of the inspections and tests.

The results of the inspections and testing must be provided to the Plant Manager who is responsible for determining what, if any, corrective action is needed and when it should be done. The ISI/IST results and corrective actions must be documented and retained over the life of the plant.

§ 53.880 Criticality Safety Program (a) Each licensee under this part must have a criticality safety program. The program must address the requirements in 10 CFR 70.24 of this chapter for maintaining a monitoring system capable of detecting a criticality, having emergency procedures, and providing radiation protection for plant workers.

§ 53.89000 Facility Safety Program.

Each licensee must establish and implement a facility safety program (FSP) that routinely and systematically evaluates potential hazards, operating experience related to plant SSCs, human actions, and programmatic controls affecting the safety functions required by

§ 53.210230, and the resulting changes in risks to the public from operation of the facility over its operating lifetime. An FSP must include a risk-informed, performance-based process to proactively identify new or revised internal or external hazards to the facility and performance issues related to plant SSCs, human actions, and programmatic controls and must consider measures to mitigate or eliminate the resulting risks using the criteria defined in § 53.89210.

The FSP must be implemented and supported by a written FSP as required in § 53.89420.

§ 53.89210 Facility Safety Program Performance Criteria.

(a) Each licensee for an advanced nuclear plant must take measures to protect public health and minimize danger to life or property as may be reasonably achievedappropriate when considering potential risks to public health and safety, technology changes, economic costs, operating experience, new or revised hazard assessments, or other factors included in the FSP plan required by § 53.89420. Performance objectives for design features and programmatic controls must be established such that the risks to public health and safety from an advanced nuclear plant due to normal operation or licensing basis events must not be a significant addition to other societal risks.

(1) Each licensee must assess risk reduction measures related to the release or potential release of radioactive materials in plant effluents during normal operation whenever such a release could result in a member of the public receiving an annual radiation dose in excess of 0.3 millirems from liquid effluents or 1 millirem from gaseous effluents. The assessment and risk reduction measures must maintain doses to members of the public as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, operating experience, and the economics of improvements in relation to benefits to the public health and safety.

(2) Each licensee must assess potential risk reduction measures related to licensing basis events, identified hazards, or other specific contributors to the overall cumulative risk from unplanned events as follows:

(i) For new or revised hazards, plant features, or other contributors to licensing basis events with an estimated upper bound frequency above one in one thousand years, licensees must consider risk reduction measures whenever the estimated radiation dose to a member of the public exceeds 2.5 millirem and the estimated frequency weighted cumulative dose to nearby populations increases by [5 person-rem].

(ii) For new or revised hazards, plant features, or other contributors to licensing basis events with an estimated lower bound frequency below one in one thousand years, licensees must consider risk reduction measures whenever the estimated frequency weighted cumulative dose to nearby populations increases by [5 person-rem] and either the frequency of a member of the public receiving a radiation dose with the potential for immediate health effects approaches five in one hundred million years or a radiation dose with the potential to cause latent health effects approaches two in ten million years.

(iii) For new or revised hazards, plant features, or other contributors to licensing basis events with an estimated dose to a member of the public less than or equal to a threshold value used for operational flexibilities in accordance with § 53.470, licensees must consider risk reduction measures whenever changes to the estimated consequences reduce the margin to the subject threshold value by more than ten percent and the estimated frequency weighted cumulative dose to nearby populations increases by [5 person-rem].

(iv) The assessment and risk reduction measures must maintain doses to members of the public as low as is reasonably achievable taking into account the state of technology, the economics of improvements in relation to the state of technology, information available on potential hazards, operating experience, and the economics of improvements in relation to benefits to the public health and safety.

(b) Risk reduction measures taken at advanced nuclear plants whose licenses refer to certified designs or manufacturing licenses must also follow the change control and reporting provisions of 10 CFR part 52 or subpart H of this part related to changes to standardized designs.

§ 53.89420 Facility Safety Program Plan (a) General. Each licensee must adopt and implement an FSP using a written FSP plan that, at a minimum, contains the elements in this section. This FSP plan must be approved by NRC under the process required in § 53.89630.

(b) Scope. (1) Each licensee must set forth in its FSP plan a statement describing the facility or facilities covered by the plan. The description must include the facility, personnel, programmatic controls, and facility environs that influence the assessments used in assessing potential risks in accordance with subparts B and C of this part and potential reduction measures using the performance criteria in § 53.89210. The scope of the program plan must consider new or revised information related to:

(i) The performance of SSCs in terms of their capability and availability to perform the required safety functions required by § 53.210230 during normal operation and licensing basis events and assessing potential risk reduction measures using the performance criteria in

§ 53.89210; (ii) The role of personnel in making decisions, operating plant SSCs, or otherwise supporting the safety functions required by § 53.210230 and assessing potential risk reduction measures using the performance criteria in § 53.89210; (iii) The programmatic controls required within this part or otherwise implemented by a licensee to ensure capabilities and availabilities of SSCs and personnel performing the safety functions required by § 53.210230 and assessing potential risk reduction measures using the performance criteria in § 53.892810; (iv) Natural and manmade hazards with the potential to affect plant SSCs or personnel supporting the safety functions required by § 53.210230 and assessing potential risk reduction measures using the performance criteria in § 53.89210; and (v) Operating experience related to plant SSCs, personnel, or programmatic controls supporting the safety functions required by § 53.210230 and assessing potential risk reduction measures using the performance criteria in § 53.89210.

(2) The methods used to analyze the technologies identified under paragraph (f)(1)(i) of this section against the criteria provided in § 53.89210.

(3) Each licensee must set forth in its FSP plan a description of its overall safety philosophy and intended safety culture to be practiced by its management, employees and contractors; and (4) Each licensee must identify the required participants in the FSP plan, which will include managers, employees, and contractors that directly support facility operations; maintain,

inspect, or change plant SSCs or programmatic controls; or assess potential risk reduction measures as required by § 53.89220.

(c) Implementation. Each licensee must describe in its FSP plan the process the licensee will use to implement and maintain its FSP. As part of the licensees implementation process, the licensee must describe roles and responsibilities of each position that has significant responsibility for implementing the FSP, including those held by employees and other persons utilizing or providing significant services as identified by the licensee pursuant to paragraph (b)(3) of this section.

(d) Facility safety program training:

(1) Each manager, employee, and contractor identified under paragraph (b)(3) of this section will be trained on the licensees FSP.

(2) Each licensee must establish and describe in its FSP plan the licensees facility safety program training plan. An FSP training plan must set forth the procedures by which managers, employees, and contractors identified under paragraph (b)(3) of this section will be trained on the licensees FSP. An FSP training plan must help ensure that all personnel who are responsible for implementing and supporting the FSP understand the goals of the program, are familiar with the elements of the program, and have the requisite knowledge and skills to fulfill their responsibilities under the program.

(3) For each position identified pursuant to paragraph (b)(3) of this section, the training plan must describe the frequency and content of the FSP training that the position receives.

(4) Training under this subpart F may include, but is not limited to, classroom, computer-based, or correspondence training.

(5) The licensee must keep a record of all training conducted under this part and update that record as necessary. The FSP training plan must set forth the process used to maintain and update the necessary training records required by this part.

(6) The FSP training plan must set forth the process used by the licensee to ensure that it is complying with the training requirements set forth in the training plan.

(e) Risk-informed hazard management program. Each licensee must establish a risk-informed hazard management program as part of the licensees FSP. The risk-informed hazard management program must be fully described in the FSP plan. The risk-informed hazard management program must establish:

(1) The processes or procedures used in the risk-informed hazard analysis to identify internal and external hazards having the potential to increase the frequency or consequences of radiological releases from normal operation or licensing basis events; (2) The processes or procedures used in the risk-informed hazard analysis to analyze identified hazards and support assessments against the criteria provided in § 53.89210; (3) The methods used to identify and implement actions that mitigate or eliminate hazards based on assessments against the criteria provided in § 53.89210.

(4) The methods used to ensure changes to the facility design or operations do not adversely affect measures in place to mitigate or eliminate hazards or that such changes have been assessed pursuant to the appropriate change control and have been incorporated into models used for assessments against the criteria provided in § 53.89210.

(5) The methods used to maintain records of identified hazards and risks and the mitigation or elimination of the identified hazards and risks throughout the life of the facility.

(6) The position title(s) of the individual(s) responsible for administering the risk-informed hazard management program.

(f) Technology assessment program. Each licensee must establish a technology assessment program as part of the licensees FSP. The technology assessment program must be fully described in the FSP plan. The technology assessment program must establish:

(1) The methods used to identify and analyze current, new, or novel technologies that will mitigate or eliminate internal or external hazards and resulting risks from the release of radioactive materials from a facility during normal operations or licensing basis events; (2) The methods used to analyze the technologies identified under paragraph (f)(1) of this section against the criteria provided in § 53.89210.

(3) The methods used to identify and implement actions related to technologies identified under paragraph (f)(1) of this section based on assessments against the criteria provided in

§ 53.89210.

(4) The methods used to maintain records of technology assessments throughout the life of the facility.

(5) The position title(s) of the individual(s) responsible for administering the technology assessment program.

(g) Internal facility safety program assessment. (1) The licensee must describe in the FSP plan methods to annually confirm:

(i) The FSP is fully implemented and effective; (ii) The licensees overall safety philosophy and intended safety culture are being implemented and effective; (iii) The facility safety program training program is implemented and effective; (iv) The facility continues to meet the performance criteria set forth in § 53.210230 and effectively consider risk reduction measures using the performance criteria set forth in § 53.89210.

(2) As part of its FSP plan, the licensee must describe the processes used to:

(i) Conduct internal FSP assessments; (ii) Internally report the findings of the internal FSP assessments to a management level so that the required authority and organizational freedom, including sufficient independence from cost and schedule when opposed to safety considerations, are provided; (iii) Develop, track, and review recommendations as a result of the internal FSP assessments; (iv) Develop improvement plans based on the internal FSP assessments; and (v) Manage revisions and updates to the FSP plan based on the internal facility safety program assessments.

§ 53.89630 Review, Approval, and Retention of Facility Safety Program Plans (a) Initial Filing. Each applicant for a license under this part must include its FSP plan as part of the application.

(b) Approval. The NRC will review the FSP plan to determine if the elements prescribed in this part are sufficiently addressed in the applicants submission. Approval of an FSP plan under this part does not constitute approval of the specific actions the licensee will implement under its FSP plan pursuant to § 53.89420 and must not be construed as establishing an NRC standard regarding those specific actions.

(c) Review of amendments. Need to work out nature of reviews, notices, opportunities for hearing, etc. on amendments to the FSP plan. (CRITERIA X OK report w/in x days, NRC respond within y days). CRITERIA Y follow process in § 53.xyz (license amendment)

Subpart G - Decommissioning Requirements This subpart is envisioned to address transition to decommissioning.

Subpart H - Licenses, Certifications, and Approvals This subpart is envisioned to address requirements for initial applications for licenses, certifications, or approvals. The subpart will support either licensing under the Part 50 or Part 52 frameworks.

Assessment and update of manufacturing licenses is possible. Other improvements could include combining Part 50 process for first of a kind (FOAK) applications and simper transition to Part 52 for subsequent applications.

Subpart I - Maintaining and Revising Licensing Basis Information This subpart is envisioned to address requirements for maintaining and revising licensing basis information related to licenses, certifications, or approvals. Specific provisions would include maintaining and updating safety analysis reports and amending licenses.

Subpart J - Reporting and Other Administrative Requirements This subpart is envisioned to address requirements for maintaining records, making reports, and other administrative-type activities

PRELIMINARY PROPOSED RULE LANGUAGE June 1, 2021 10 CFR PART 73, PHYSICAL PROTECTION OF PLANTS AND MATERIALS

§ 73.100 Technology neutral requirements for physical protection of licensed activities at advanced nuclear plants against radiological sabotage.

(a) Introduction. (1) An advanced nuclear plant licensee under 10 CFR part 53 who does not meet the criterion in 10 CFR 53.830(a)(2)(i) must implement the requirements of this section through its Commission-approved Physical Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, and Cyber Security Plan, referred to collectively hereafter as security plans.

(2) The security plans must identify, describe, and account for site-specific conditions that affect the licensees capability to satisfy the requirements of this section.

(b) General performance objective and requirements. (1) The licensee must establish and maintain a physical protection program and a security organization, which will have as their objective to provide reasonable assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to the public health and safety. The design and implementation of the physical protection program must achieve and maintain at all time the capabilities for meeting the following performance requirements:

(i) Intrusion detection systems. Physical security structures, systems, and components relied on for interior and exterior intrusion detection functions must be designed to detect attempted and actual unauthorized access. The design must provide diverse methods for achieving the intended intrusion detection functions, sufficient to ensure the reliability and availability of systems and components.

(ii) Intrusion assessment systems. Physical security structures, systems, and components relied on for intrusion assessment functions must be designed to provide rapid remote assessment for determining cause and initiating appropriate security responses. The design must provide diverse methods for achieving the intended intrusion assessment functions, sufficient to ensure the reliability and availability of systems and components.

(iii) Security communication systems. Structures, systems, and components relied on for security communications must be designed to provide continuity and integrity of communications. Communication systems must account for design basis threats that can interrupt or interfere with continuity or integrity of communications. The design must provide diverse and redundant methods for achieving the intended communication functions.

(iv) Security delay systems. Structures, systems, and components relied on for delay functions must be designed to provide for timely security responses to adversary attacks with adequate defense-in-depth.

(v) Security response. Engineered physical security structures, systems, and components performing neutralization functions and engineered fighting positions relied on to protect security personnel performing neutralization functions must be designed to provide overlapping fields of fire. The design configuration must provide layers of security response, with each layer assuring that a single failure does not result in the loss of capability to neutralize the design basis threat adversary.

(vi) Control measures protecting against land and waterborne vehicle bomb assaults.

Physical security structures, systems, and components, in conjunction with site-specific natural features, that are relied on to protect against a design basis threat land vehicle and waterborne vehicle bomb assault must be designed to protect of the reactor building and structures containing safety or security related structures, systems, and components from explosive effects that are based on the maximum design basis threat quantity of explosives.

The vehicle control measures (passive and active barrier systems) to deny land or waterborne

vehicle bomb assaults must be located at a bounding minimum safe stand-off distance to adequately protect all structures, systems, and components required for safety and security.

(vii) Access control portals: Access control portals must be designed to detect and deny unauthorized access to persons and pass-through of contraband materials (e.g.,

weapons, incendiaries, explosives). The design must provide diverse and redundant methods for achieving the intended intrusion access control functions.

(2) To satisfy the general performance objective and requirements of paragraph (b)(1) of this section, the physical protection program must protect against the design basis threat of radiological sabotage as stated in § 73.1 of this part. Specifically, the licensee must (i) Ensure that the physical protection program capabilities to protect against the design basis threat of radiological sabotage are maintained at all times.

(ii) Provide defense-in-depth in achieving performance requirements through the integration of engineered systems, administrative controls, and management measures to assure effectiveness of the physical protection program to protect the plant against the design basis threat of radiological sabotage.

(3) The licensee must identify and analyze site-specific conditions that may affect the physical protection program needed to implement the requirements of this section. The licensee must account for these conditions in meeting the requirements of this section.

(4) The licensee must establish, maintain, and implement a performance evaluation program to assess the effectiveness of the licensees implementation of the physical protection program to protect against the design basis threat of radiological sabotage.

(5) The licensee must establish, maintain, and implement an access authorization program in accordance with § 73.56 and must describe the program in the Physical Security Plan.

(6) The licensee must establish, maintain, and implement a cyber security program in accordance with § 73.110 and must describe the program in the Cyber Security Plan.

(7) The licensee must establish, maintain, and implement an insider mitigation program and must describe the program in the Physical Security Plan.

(i) The insider mitigation program must monitor the initial and continuing trustworthiness and reliability of individuals granted or retaining unescorted access or unescorted access authorization, and implement defense-in-depth methodologies to minimize the potential for an insider (active, passive, or both) to adversely affect, either directly or indirectly, the licensees capability to protect against radiological sabotage.

(ii) The insider mitigation program must integrate elements of:

(A) The access authorization program described in § 73.56; (B) The fitness-for-duty program described in part 26 of this chapter; (C) The cyber security program described in § 73.110; and (D) The physical protection programs described in this section.

(8) The licensee must use the site corrective action program to track, trend, correct, and prevent recurrence of failures and deficiencies in the implementation of the requirements of this section.

(9) Implementation of security operations and plans must be coordinated with plant operations and plans to preclude conflict during both normal and emergency conditions and ensure the adequate management of the safety and security interface.

(c) Security organization. The licensee must establish and maintain a security organization that is staffed, trained, qualified, and equipped to implement the physical protection program in accordance with the requirements of this section.

(1) The licensee must establish a management system for maintaining and implementing security policies and procedures to implement the requirements of this section and the security plans.

(2) Implementing procedures must document the conduct of security operations, design and configuration controls, maintenance, training and qualification, and contingency responses.

(3) The licensee must:

(i) Establish a process for the approval of designs, policies, processes, and procedures and changes by the individual with overall responsibility for the physical protection program.

(ii) Ensure that revisions and changes to the physical protection program and implementing policies, processes, and procedures satisfy the requirements of this section.

(4) The licensee must retain, in accordance with § 73.70, all analyses, assessments, calculations and descriptions of the technical basis for meeting the performance requirements of § 73.100(b). Safeguards information must protect these records in accordance with the requirements of § 73.21.

(5) The licensee may not permit any individual to implement any part of the physical protection program unless the individual has been trained, equipped, and qualified to perform their assigned duties and responsibilities in accordance with the Training and Qualification Plan.

(d) Search requirements. The licensee must establish and implement searches to detect and prevent the introduction of firearms, explosives, incendiary devices, or other items and material which could be used to commit radiological sabotage. The program must accomplish this through search of individuals, vehicles, and materials consistent with the performance requirements of paragraph (b)of this section.

(e) Security reviews. The licensee must establish and implement security reviews to assess the effectiveness of the implementation of the physical protection program and the requirements in this section. Security reviews must be performed by individuals independent of those personnel responsible for program management and any individual who has direct responsibility for implementing the onsite physical protection program (1) The licensee must review each element of the physical protection program at a frequency commensurate with the importance or significance to safety of plant operations, to ensure timely identification and documentation of vulnerabilities, improvements, and corrective actions. The objective of these reviews must be maintaining effective implementation of the engineered and administrative controls required to achieve the physical protection program functions and the management system required to implement programs and requirements in this section.

(2) The licensee must establish, maintain, and perform a self-assessment to ensure the effective implementation of the physical protection program functions of detection, assessment, communication, delay, and interdiction and neutralization to protect against the design basis threat of radiological sabotage. The licensee must perform design verification and assessments of the capabilities of active and passive engineering systems relied on to protect against the design basis threat.

(f) Performance evaluation. Licensee performance evaluation must:

(1) establish methods appropriate and necessary to assess, test, and challenge the integration of the physical protection programs functions to protect against the design basis threat, measures protecting against cyber attack, and engineered systems designed to protect against the design basis threat standalone ground vehicle bomb attack.

(2) The licensee must establish the appropriate and necessary frequencies for performance evaluations, verifications, and assessments based on the importance, security significance, reliability, and availability of physical protection program functions and implementation of programs and requirements in this section.

(3) The licensee must document processes and procedures and maintain records, including results, findings, and corrective actions, for implementing the performance evaluations, verifications, and assessments.

(g) Maintenance, testing, and calibration and corrective actions. (1) The licensee must ensure that security systems and equipment, including supporting systems, are inspected, tested, and/or calibrated for operability and performance at intervals necessary and sufficient to meet the requirements in this section.

(2) The licensee must implement corrective actions necessary and sufficient to ensure resolution of identified vulnerabilities and deficiencies to meet the requirements in this section.

(3) The licensee must establish and implement timely compensatory measures for degraded or inoperable security systems, equipment, and components to meet the requirements of this section. Compensatory measures must provide a level of protection that is equivalent to the protection that was provided by the degraded or inoperable, systems, equipment, or components.

(4) The licensee must document processes and procedures and maintain records for implementing the corrective actions, compensatory measures, and maintenance, inspection, testing, and calibration of security structures, systems and equipment.

(h) Suspension of security measures. (1) The licensee may suspend implementation of affected requirements of this section in accordance with §§ 50.54(x) and 50.54(y) of this chapter under the following conditions:

(i) In an emergency, when action is immediately needed to protect the public health and safety; and (ii) During severe weather, when the suspension of affected security measures is immediately needed to protect the personal health and safety of personnel.

(2) Suspended security measures must be reinstated as soon as conditions permit.

(3) The suspension of security measures must be reported and documented in accordance with the provisions of § 73.71.

(i) Records. (1) The licensee must maintain all records required to be kept by Commission regulations, orders, or license conditions, until the Commission terminates the license for which the records were developed, and must maintain superseded portions of these records for at least 3 years after the record is superseded, unless otherwise specified by the Commission.

(2) If a contracted security force is used to implement the onsite physical protection program, the licensees written agreement with the contractor must be retained by the licensee as a record for the duration of the contract.

(3) All records must be available for inspection, for a period of 3 years.

§ 73.110 Technology neutral requirements for protection of digital computer and communication systems and networks (a) Each licensee under 10 CFR part 53 shall establish, implement, and maintain a cyber security program that is commensurate with the potential consequences resulting from cyber attacks. Accordingly, each licensee shall provide reasonable assurance that digital computer and communication systems and networks are adequately protected against cyber attacks that are capable of causing the following consequences:

(1) Does not satisfy the criterion in § 53.830(a)(2)(i);

(2) Adversely impacting the functions performed by the digital assets used by the licensee for implementing the physical security requirements in § 53.830(a)(1) of this chapter for special nuclear material, source material, and byproduct material.

(b) The licensee shall protect digital computer and communication systems and networks associated with the functions listed in [§ 73.54(a)(1)] in a manner that is commensurate with the potential consequences resulting from cyber attacks.

(c) The licensee shall meet the confidentiality, integrity, and availability requirements in

§ 73.54(a)(2) for the systems and networks covered by paragraph (b) of this section in a manner that is commensurate with the potential consequences resulting from cyber attacks.

(d) The licensee shall:

(1) Analyze the potential consequences resulting from cyber attacks on digital computer and communication systems and networks and identify those assets that must be protected to satisfy paragraphs (a), (b) and (c) of this section; and, (2) Establish, implement, and maintain a cyber security program for the protection of the assets identified under paragraph (d)(1) of this section.

(e) The cyber security program must be designed in a manner that is commensurate with the potential consequences resulting from cyber attacks through the following steps:

(1) Implement security controls to protect the assets identified under paragraph (d)(1) of this section from cyber attacks, commensurate with their safety and security significance; (2) Apply and maintain defense-in-depth protective strategies to ensure the capability to detect, delay, respond to, and recover from cyber attacks capable of causing the consequences identified in paragraph (a) of this section; (3) Mitigate the adverse effects of cyber attacks capable of causing the consequences identified in paragraph (a) of this section; and (4) Ensure that the functions of protected assets identified under paragraph (d)(1) of this section are not adversely impacted due to cyber attacks capable of causing the consequences identified in paragraph (a) of this section.

(f) The licensee shall implement the following requirements in a manner that is commensurate with the potential consequences resulting from cyber attacks:

(1) As part of the cyber security program, the licensee shall meet the requirements in

§§ 73.54(d)(1), 73.54(d)(2), 73.54(d)(4), and the following:

(i) Ensure that modifications to assets, identified under paragraph (d)(1) of this section, are evaluated before implementation to ensure that the cyber security performance objectives identified in paragraph (a) of this section are maintained.

(2) The licensee shall establish, implement, and maintain a cyber security plan that implements the cyber security program requirements of this section in accordance with the requirements in § 73.54(e).

(3) The licensee shall develop and maintain written policies and procedures to implement the cyber security plan in accordance with the requirements in § 73.54(f).

(4) The licensee shall review the cyber security program in accordance with the requirements in § 73.100(e).

(5) The licensee shall retain all records and supporting technical documentation required to satisfy the requirements in § 73.54(h).

§ 73.120 Access Authorization (a) Introduction and Scope. (1) Each applicant for an operating license for an advanced nuclear reactor under 10 CFR part 53, who meets the criterion in 10 CFR 53.830(a)(2)(i), shall establish, maintain, and implement an access authorization program in accordance with this section as part of its Commission-approved Physical Security Plan. Applicants not meeting the

criterion in 10 CFR 53.830(a)(2)(i) shall establish, maintain, and implement an access authorization program in accordance with the requirements of 10 CFR 73.56.

(2) [Reserved]

(b) Applicability. (1) The following individuals shall be subject to an access authorization program under this section:

(i) Any individual to whom a licensee intends to grant unescorted access to a nuclear power plant protected area, vital area, material access area, or controlled access area where the material is used or stored; (ii) Any individual whose duties and responsibilities permit the individual to take actions by electronic means, either on site or remotely, that could adversely impact the licensee's or applicant's operational safety, security, or emergency preparedness; (iii) Any individual who has responsibilities for implementing a licensee's or applicant's protective strategy, including armed security force officers, alarm station operators, and tactical response team leaders but not including Federal, State, or local law enforcement personnel; and (iv) The licensee or applicant access authorization program reviewing official or contractor or vendor access authorization program reviewers.

(2) The licensee or applicant may subject other individuals, including employees of a contractor or a vendor who are designated in access authorization program procedures, to an access authorization program that meets the requirements of this section.

(c) General Performance Objectives and Requirements. Each licensee's or applicants access authorization program under this section must provide reasonable assurance that the individuals who are specified in paragraph (b) of this section are trustworthy and reliable, such that they do not constitute an unreasonable risk to public health and safety or the common defense and security. The design and implementation of the licensees access authorization program shall establish and maintain the capabilities for meeting the following performance requirements:

(1) Background investigation. Background investigations shall be completed for any individual whom a licensee or applicant intends to grant unescorted access. Background investigations shall include the program elements contained under § 73.56(d) of this part.

(2) Behavioral observation. Behavioral observation shall be performed to detect behaviors or activities that may constitute an unreasonable risk to the safety and security of the licensees facility. The access authorization program shall ensure that the individuals specified in paragraph (b) are subject to behavioral observation. Behavioral observation shall include self-reporting of legal actions in accordance with § 73.56(g) of this part.

(3) Unescorted access. Unescorted access shall be granted only after the licensee has verified an individual is trustworthy and reliable. A list of persons currently approved for unescorted access to a protected area, vital area, material access area, or controlled access area must be maintained at all times. Unescorted access determinations shall be reviewed annually in accordance with § 73.56(i)(1)(iv). Criminal history updates shall be completed within 10 years of the last review.

(4) Termination of unescorted access. Unescorted access shall be promptly terminated when a licensee determines this access is no longer required or a reviewing official determines an individual is no longer trustworthy and reliable in accordance with this section.

(5) Determination basis for access. Any unescorted access determination shall be made by a reviewing official who will determine whether to permit, deny, unfavorably terminate,

maintain, or administratively withdraw an individual's unescorted access based on an evaluation of all of the information collected to meet the requirements of this section.

(6) Review Procedures. Review procedures shall be established in accordance with

§ 73.56(l) of this part, to include provisions for the notification of individuals who are denied unescorted access or who are unfavorably terminated.

(7) Protection of Information. A system of files and procedures shall be established and maintained in accordance with § 73.56(m) of this part to ensure personal information is not disclosed to unauthorized persons.

(8) Audits and corrective action. Procedures for use of audits and corrective actions shall be established in accordance with § 73.56(n) of this part to ensure the continuing effectiveness of the access authorization program and to ensure that the access authorization program and program elements are in compliance with the requirements of this section.

(9) Records. Records used or created to establish an individuals trustworthiness and reliability or to document access determination must be maintained in accordance with

§ 73.56(o) of this part.