SECY-22-0095, Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure and License Amendment Requests

From kanterella
(Redirected from ML22222A148)
Jump to navigation Jump to search
SECY-22-0095: Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure and License Amendment Requests
ML22222A148
Person / Time
Issue date: 10/25/2022
From: Dan Dorman
NRC/EDO
To:
NRC/Chairman, NRC/OCM
Jain B, NRR/DORL/LPL4
References
SECY-22-0095
Download: ML22222A148 (9)


Text

October 25, 2022 SECY-22-0095 FOR:

The Commissioners FROM:

Daniel H. Dorman Executive Director for Operations

SUBJECT:

ANNUAL UPDATE ON ACTIVITIES TO MODERNIZE THE U.S. NUCLEAR REGULATORY COMMISSIONS DIGITAL INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE AND LICENSE AMENDMENT REQUESTS PURPOSE:

This paper provides the Commission with an annual update of the status of ongoing work and planned future activities to modernize and improve the U.S. Nuclear Regulatory Commissions (NRCs) digital instrumentation and controls (DI&C) regulatory infrastructure and licensee-requested licensing action reviews. This paper does not address any new commitments or associated resource implications.

SUMMARY

The NRC staff has made significant progress in improving the clarity and reliability of the DI&C regulatory infrastructure and implementing it to enable the safe, expanded use of digital technologies in new reactor designs and operating plants. The NRC staff is transitioning to using the improved infrastructure to support the review of licensees DI&C modernization license amendment requests (LARs). This paper summarizes the NRC staffs significant accomplishments and ongoing activities in these areas since the last update in 2021 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML21253A212).

CONTACTS: Bhagwat P. Jain, NRR/DORL 301-415-6303 Michael Marshall, NRR/DORL 301-415-2871

The Commissioners 2

BACKGROUND:

The NRC staff presented the initial integrated action plan (IAP) to modernize the DI&C regulatory infrastructure to the Commission for approval in SECY-16-0070, Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated May 31, 2016 (ML16126A137). In October 2016, the Commission approved the IAP through Staff Requirements Memorandum (SRM)-SECY-16-0070 (ML16299A157) and directed the staff to provide annual updates. In SECY-19-0112, Annual Update on the Integrated Strategy to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated November 4, 2019 (ML19261B815), the staff informed the Commission that it would no longer update the IAP. Instead, the staff would manage the remaining activities included in the IAP through routine processes and continue to provide annual status updates on activities to modernize the DI&C regulatory infrastructure.

DISCUSSION:

The NRC staff continues to complete DI&C infrastructure modernization activities and is implementing the improved infrastructure to support the regulation of DI&C modernization projects in accordance with the principles of good regulation. The staff is continuing to look for opportunities to innovate, to be risk-informed, and to use the Be riskSMART approach as efforts to modernize the DI&C infrastructure continue in parallel with completing requested licensing action reviews. The staff has made progress on several key activities that support the improved clarity and reliability of the DI&C regulatory infrastructure, and it continues to engage stakeholders in implementing the infrastructure for DI&C modernization projects. Further, the staff is reviewing major DI&C modernization LARs for operating reactors and preparing for anticipated advanced reactor DI&C designs with the updated infrastructure. These activities support the NRCs vision to establish a modern, risk-informed regulatory infrastructure with reduced uncertainty that will enable the expanded safe use of digital technologies.

Significant Accomplishments: Licensing and Inspection As summarized in the last update in 2021, one of the most transformative regulatory innovations was the updated interim staff guidance (ISG) in DI&C-ISG-06, Revision 2, Licensing Process, issued December 2018 (ML18269A259). This updated guidance adopted a new streamlined alternate review process to improve the timeliness of licensing reviews and incorporated lessons learned from DI&C licensing experience. In August 2021, the NRC approved an LAR for the DI&C upgrade of the Waterford Steam Electric Station, Unit 3, core protection calculator system using the alternate review process.

The NRC staff also revised Inspection Procedure 52003, Digital Instrumentation and Control Modification Inspection, in July 2021 (ML21113A169), to support regional inspection of DI&C modifications, including those performed under the alternate review process. The NRC staff implemented the revised inspection procedure to inspect the Waterford Unit 3 DI&C upgrade.

The NRC staff successfully inspected the test procedures and records, observed activities and assessed licensee performance and compliance with Commission rules and regulations during factory acceptance testing (ML21308A066), site acceptance testing (ML22067A159), and site installation and power ascension (ML22255A144), to confirm that the licensee developed, implemented, tested, installed, operated, and maintained the design according to the Waterford Unit 3 license amendment safety evaluation. The staff also confirmed the licensees implementation of the manufacturers recommendations as appropriate, licensee commitments,

The Commissioners 3

and the commitments provided in the licensees cybersecurity plan. In June 2022, the licensee completed the installation and returned to service the digital replacement of the core protection calculator system at Waterford Unit 3.

On March 23, 2022, the NRC staff held a DI&C public workshop with various stakeholders to share insights and to discuss the licensing and inspection lessons learned from recent DI&C modernization projects and the human factors engineering (HFE) requirements for control room modifications (ML22104A086). The staff and industry stakeholders discussed licensing lessons learned from the recently approved LAR for the DI&C upgrade of the Waterford Unit 3 core protection calculator system project and observations from several preapplication activities for the DI&C modernization projects at Turkey Point Nuclear Generating, Units 3 and 4, and Limerick Generating Station, Units 1 and 2. One of the lessons learned from the review of the Waterford Unit 3 LAR is that the open items list process and the electronic reading room system are very effective and efficient means of communication between the staff and the licensee. The staff uses these tools to ensure information upon which the staff relies in the safety evaluation is placed on the docket and to verify information and conclusions in the license amendment application. The staff is implementing the open items list process and the electronic reading room system for the Turkey Point and Limerick DI&C LAR reviews.

The NRC staff proactively engaged the NextEra/Florida Power & Light Company (FPL) and Constellation Energy licensees in the Turkey Point and Limerick pre-application activities respectively, to discuss how HFE reviews of the licensees control room design would be conducted to verify that acceptable HFE practices and guidelines are incorporated into the control room design. This enhanced engagement was necessary because during the development of the alternate review process guidance in DI&C-ISG-06, stakeholders did not envision large-scale DI&C upgrades with significant control room modifications. Therefore, the alternate review process did not include alternative guidance for verifying that acceptable HFE practices and guidelines are incorporated into major digital control room upgrades. During the March 23, 2022, DI&C public workshop and in a series of planned public preapplication meetings, the staff clarified the HFE information needed to complete DI&C LAR reviews with significant control room modifications. The staff took an opportunity to innovate and proactively provided an approach known as multistage validation, which allows licensees to conduct human factors validation activities early in the design process. Multistage validation differs from the more common integrated system validation method accepted by the NRC, which relies on a single validation at the end of the design process. The multistage validation approach supports the timely NRC approval of a major digital modification given current industry trends in seeking significant control room changes with major DI&C modifications.

Significant Accomplishments: Guidance In implementing the agencys strategy for modernizing DI&C regulatory infrastructure, the NRC staff has engaged extensively with external stakeholders to complete significant improvements to the guidance associated with DI&C licensing reviews. These improvements have enhanced the clarity and reliability of the NRCs licensing process, thereby increasing the confidence of licensees, applicants, and vendors in the NRCs readiness to effectively license and inspect the use of DI&C in nuclear reactors.

Diversity and Defense in Depth On January 25, 2021, the NRC staff published Revision 8 to Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Defense in Depth and Diversity to Address

The Commissioners 4

Common-Cause Failure Due to Latent Design Defects in Digital Safety Systems (ML20339A647). The revision incorporated the five guiding principles outlined in SECY-18-0090, Plan for Addressing Potential Common Cause Failure in Digital Instrumentation and Controls, dated September 12, 2018 (ML18179A067), and provided guidance to tailor staff reviews based on safety significance.

The guidance in BTP 7-19 continues to implement the current policy from SRM-SECY-93-087, SECY-93-087-Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, dated July 21, 1993 (ML003708056). The staff is applying this guidance to the ongoing key licensing actions discussed below.

On August 8, 2022, the NRC staff submitted SECY-22-0076 (ML22193A290) to recommend updating the current policy from SRM-SECY-93-087. The staff has recommended that the Commission expand the current common cause failure (CCF) policy in DI&C systems that provides for the use of risk-informed approaches. In developing SECY-22-0076, the staff held several public meetings and had extensive engagement with industry, the public, and the Advisory Committee on Reactor Safeguards (ACRS) to obtain their feedback on potential areas of improvement and on the staffs proposed changes to the policy. The staff also reviewed and considered the Nuclear Energy Institutes (NEIs) risk-informed approaches submitted on April 8 and June 1, 2022 (ML22098A218 and ML22152A271, respectively).

If approved by the Commission, the NRC staff will develop guidance to implement the expanded CCF policy including a revision to BTP 7-19 and re-engaging NEI on the review of NEI 20-07, Guidance for Addressing Common Cause Failure in High Safety-Significant Safety-Related Digital I&C Systems (ML21278A472). The staff will continue to engage stakeholders and the public to seek comments on the staffs guidance to implement the expanded CCF policy.

Commercial-Grade Dedication In October 2022, the NRC staff plans to issue Regulatory Guide (RG) 1.250, Dedication of Commercial-Grade Digital Instrumentation and Control Items for Use in Nuclear Power Plants.

The RG describes an approach that is acceptable to the staff to meet, in part, regulatory requirements for the dedication of commercial-grade DI&C items for use in nuclear power plant safety applications. Specifically, the guidance supports digital modernization by enabling licensees to procure and accept commercial-grade digital equipment using safety integrity level (SIL) certification provided by an accredited third-party SIL certification body for nuclear safety-related applications. RG 1.250 endorses, with clarifications, NEI 17-06, Guidance on Using IEC [International Electrotechnical Commission] 61508 Safety Integrity Level (SIL)

Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related Applications, Revision 1, issued December 2021. On March 18, 2022, the staff engaged external stakeholders by issuing the draft RG (DG-1402) for public comment (ML22003A180). The staff addressed stakeholder comments and briefed the ACRS DI&C Subcommittee and the full committee.

Ongoing Key Activities: Licensing The NRC staff engaged NextEra/FPL and Constellation Energy licensees in several preapplication interactions and innovatively developed a process for reviewing the defense in depth and diversity (D3) coping assessment before the submittal of their associated LARs. The D3 coping assessment is a critical element of the LAR. The purpose of engaging with a licensee on the D3 coping assessment before the LAR review is to facilitate future presubmittal

The Commissioners 5

discussions and to optimize the staffs technical review time after LAR submittal. The NextEra/FPL and Constellation licensees have submitted their D3 coping assessments in advance of the associated LARs. The Limerick LAR is part of a public-private partnership between the licensee and the U.S. Department of Energy (DOE) under the DOEs Light Water Reactor Sustainability Program. Constellation and the DOE will share the planning, development, and implementation experiences from this effort with the operating reactor fleet to support broader plant modernization efforts.

On July 30, 2022, NextEra/FPL submitted the Turkey Point LAR to support a major DI&C upgrade (ML22213A045). The LAR requested NRC staff approval to replace the Turkey Point reactor protection system, engineered safety features actuation system, and nuclear instrumentation system with digital systems based on the Framatome Tricon Programmable Logic Controller Version 10 digital-based platform. The license amendment includes revisions to the Turkey Point technical specifications. The staff performed an acceptance review of the LAR and on September 15, 2022, requested the licensee to supplement it with sufficient technical information to allow the NRC staff to complete its detailed technical review (ML22255A050). If accepted for review, the NRC staff will evaluate the amendment request using the guidance in DI&C-ISG-06 and BTP 7-19. The licensee plans to implement the digital modifications for these systems at Turkey Point Unit 3 during the refueling outage scheduled in fall 2024 and at Unit 4 during the refueling outage scheduled for spring 2025.

On September 26, 2022, Constellation submitted a LAR for Limerick Generating Station, Units 1 and 2, to support a major DI&C upgrade of the reactor protection system, nuclear steam supply shutoff system, and emergency core cooling system. The licensee plans to integrate three systems into a single new system called the plant protection system, which is a first-of-a-kind approach. The NRC staff will perform an acceptance review of the LAR and, if accepted for review, the NRC staff will evaluate the amendment request using the guidance in DI&C-ISG-06 and BTP 7-19. The licensee plans to implement the digital modifications for Unit 1 during the spring 2024 refueling outage and for Unit 2 during the spring 2025 refueling outage.

Constellation also plans to submit two additional LARs to support installation of the digital modification at Limerick and apply risk-informed completion times, if approved by the NRC.

Ongoing Key Activities: Guidance In December 2019, the NRC staff completed a strategic assessment (ML19351D933) that integrates performance-based and technology-neutral safety engineering concepts to identify additional activities intended to improve the regulatory infrastructure through such integration.

As a result of this assessment, the NRC staff developed an overall framework for how it will streamline and integrate the existing set of RGs on DI&C, which the staff discussed with external stakeholders in a public meeting on April 28, 2020 (ML20125A344). The staff has commenced implementing the RG updates in accordance with the framework.

DI&C Safety Criteria The NRC staff is still developing a path forward for RG 1.153, Criteria for Safety Systems to best communicate with stakeholders on the use of the Institute of Electrical and Electronics Engineers Standard 603-2018, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations. The NRC staff continues the development of an update to RG 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants. RG 1.152 describes an approach that is acceptable to the NRC staff to meet regulatory requirements for promoting high functional reliability, design quality, and a secure development and operational

The Commissioners 6

environment for the use of programmable digital devices in the safety-related systems of nuclear power generating stations. The updated RG 1.152, Revision 4, (Draft Guide (DG)-1374) endorses, with exceptions and clarifications, Institute of Electrical and Electronic Engineers (IEEE) Standard (Std) 7-4.3.2-2016, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations. The IEEE Std reflects the latest advances in digital technology and techniques for designing and implementing computers into new and operating plants. The updated regulatory guidance is expected to enhance the efficiency and effectiveness of the staffs licensing reviews of upgraded DI&C systems. The staff is scheduled to brief the ACRS DI&C Subcommittee in November 2022 before issuing DG-1374 (ML22124A313) for public comment. The staff anticipates issuing DG-1374 for public comment by December 31, 2022.

Digital Computer Software The NRC staff continues to assess regulatory options to revise RG 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants, to endorse IEEE Std 1012-2016, System, Software, and Hardware Verification and Validation. The staff is evaluating the use of the graded approach in IEEE Std. 1012-2016, Annex B, for applying software integrity level verification and validation rigor based on the associated safety importance of a DI&C system. Under a holistic theme of Software Development and Digital Reliability, the staff is also evaluating the feasibility of consolidating RGs 1.168-1.173 into a single RG that endorses individual IEEE computer standards. The staff intends to further engage stakeholders on this topic.

Nonnuclear Insights The NRC staff has completed a summary report, Boeing 737 Crashes: Lessons Learned for NRC Digital Instrumentation and Controls Evaluation Process, (ML22241A039). The report documented the staffs evaluation of lessons learned from the Boeing design process and Federal Aviation Administration certification process for the Boeing 737 MAX 8 stabilizer trim control digital modification, including the findings and recommendations from authoritative investigation reports surrounding the 2018 and 2019 crashes of Boeing 737 MAX 8 aircrafts.

The NRC staff has determined that no significant gaps exist in the NRCs regulatory infrastructure for DI&C licensing and inspection as related to the findings and recommendations of the investigative reports. However, the report identifies aspects of the NRCs current DI&C regulatory program and staff organizational capabilities that should be maintained or could be further enhanced to ensure the continued safe use of evolving DI&C technologies in regulated nuclear facilities. The NRC staff intends to implement the reports recommendations and to continue to evaluate these lessons as part of the normal infrastructure development processes.

The lessons learned will be communicated to the NRCs broader DI&C community and will be incorporated into the training program for DI&C staff which includes a review of major events relevant to DI&C safety issues.

International Engagement The NRC staff continues its engagement in several international DI&C activities to assess how approaches used by other regulatory authorities could improve the efficiency, clarity, and reliability of the NRCs current DI&C regulatory framework. The staff conducts periodic bilateral technical exchanges with other competent authorities to address DI&C technical and regulatory challenges that are common to respective agencies. In September, the NRC staff engaged regulators from Romania, Canada, and India in a multi-lateral technical exchange on DI&C

The Commissioners 7

topics, such as approaches to qualification of commercial grade digital systems, reviews of DI&C modernization license amendment requests, and improvements made to the regulatory infrastructure. In addition, the NRC staff experts lead and participate in several technical and guidance development activities for DI&C at the International Atomic Energy Agency and the International Electrotechnical Commission. The NRC participates in the working group on DI&C within the Organisation for Economic Co-operation and Development (OECD)/Nuclear Energy Agencys (NEAs) Committee on Nuclear Regulatory Activities. These engagements are beneficial in building international technical consensus on common DI&C issues and in developing standards and technical documents introducing performance-based approaches to safety analysis of DI&C systems As part of the OECD/NEA Halden Human Technology Organization joint project (formerly known as the Halden Reactor Project), operated by the Institute for Energy Technology in Norway, the NRC participates in the Halden Human Technology Organizations digital systems research for existing and new reactors. This regulatory research potentially enables risk-informed safety assurance and evaluation of the supporting evidence. The research intends to enable migration towards a safety-outcome-oriented, performance-based, risk-informed approach and away from more traditional approaches based on prescriptive guidance, providing increasing flexibility to the licensees and license applicants.

The NRC also participates in the Regulator Task Force on Safety Critical Software for nuclear reactors, collaborating with regulators and their technical support organizations from the United Kingdom, Germany, Sweden, Finland, Belgium, Spain, Canada, Republic of Korea, and China.

This task force updates and publishes annually its report titled Licensing of safety critical software for nuclear reactors: Common position of international nuclear regulators and authorised technical support organisations. The report (https://cps-vo.org/node/78252) focuses on issues experienced by the task force participants and serves them and their stakeholders as a technical reference.

CONCLUSION:

The NRC staff continues to implement improvements to the clarity and reliability of the DI&C regulatory infrastructure to facilitate the expanded safe and secure use of DI&C in nuclear reactors. The staff is transitioning from DI&C infrastructure modernization to using the improved modernized infrastructure to review requested licensing and certification actions. The staff continues to extensively engage with external stakeholders on both the development and the implementation of key DI&C activities. The staff also continues to look for opportunities to innovate, to be risk-informed, and to use the Be riskSMART approach as efforts to modernize the DI&C infrastructure continue in parallel with licensing action reviews.

The NRC staff will continue to provide the Commission with information and recommendations, as appropriate, related to emerging policy issues and the status of the staffs DI&C infrastructure, licensing, and certification activities.

Licensees continue to make DI&C upgrades under Title 10 of the Code of Federal Regulations 50.59, Changes, tests and experiments, and have requested NRC approval for the more extensive upgrades that require license amendments as determined by the licensees screening processes under 10 CFR 50.59. These upgrades submitted by licensees, which NRC reviews using the improved infrastructure, demonstrate stakeholder confidence in, and the effectiveness of, the staffs DI&C regulatory infrastructure modernization activities.

The Commissioners 8

COORDINATION:

The Office of the General Counsel has reviewed this paper and has no legal objections.

Daniel H. Dorman Executive Director for Operations Signed by Dorman, Dan on 10/25/22

ML22222A148 (Annual Update)

OFFICE NRR/DORL/LPL4/PM NRR/DORL/LPL4/LA NRR/DEX/EICA/BC NRR/DEX/EICB/BC NAME BJain PBlechman JPaige MWaters DATE 8/15 /2022 8/15/2022 8/25/2022 8/25/2022 OFFICE RES/DE/ICEEB/BC RES/DE/RGPMB/BC RES/DE/D NRR/DORL/D NAME CCook MRahimi LLund BPham DATE 8/19/2022 8/19/2022 8/31/2022 8/31/2022 OFFICE NRR/DEX/D QTE OGC NRR/D NAME EBenner Azariah-Kribbs RWeisman AVeil DATE 8/31/2022 08/31/2022 9/29/2022 9/29/2022 OFFICE EDO NAME DDorman DATE 10/25/22