Text

Comment (119) from Jon Facemire on Behalf of Nuclear Energy Institute on Part 53 Rulemaking - Risk-Informed Technology-Inclusive Regulatory Framework for Advanced Reactors
	ML25066A034
Person / Time
Site:	Nuclear Energy Institute
Issue date:	02/28/2025
From:	Facemire J; Nuclear Energy Institute
To:	; NRC/SECY
References
	NRC-2019-0062, 89FR86918, 89FR92609
	Download: ML25066A034 (1)
	v • d • e

!"#$%&'%()*

+,+-#./0.12345 67,89:

;<3=(&<<=14.

>>9+?-"#$%&'%()*

-@> 96ABC#$

? 8+DEF=*G=**

*F"E'%5E04H=I.J3%<#/K#LM.3N31(=I.LN&40O#E#1&N'53%("%'<#P3%HJ3%Q/O'.L#/E#'L53%4

>>9+ 9DEF=*G=**=**

E04H=I.J3%<#/K#LM.3N31(=I.LN&40O#E#1&N'53%("%'<#P3%HJ3%Q/O'.L#/E#'L53%4

? ->9+DEF=*G=**=REQ"K=*

F3<<#.53."ER3LS*T=TT

-@>++79 7>,+ 9 U>,V'5$W.#0X3%1

7:,9Y,+ 9D&LN#'%Z.#%1(I.4505&5#

[97,V >>9+

\\##'55'LM#/J0N#]4^XN#'4#.35#5M04PM05#_'_#%04Z.LN34&%#J3%3&%_%#O03&4N(4&$<055#/L3<<#.5

_'LH'1#DEF=*G=**=*T)X

++,`>9+

DZICM05#'_#%=KI=EIa

Q__%3'LM#453<##5'%5=Z.LN34&%#53DZIb 4F3<<#.54 cdedfghjkclmn opqrfsjtrssefrupvwxrsgjcyz{l}

~?}kdddqkddnujdu}dopqrfsjtrssefrupvwxrsgjcyz{l}

jdj

nei.org WHITE PAPER Technology-inclusive, Risk-informed, Performance-based Approaches for Development of Licensing Bases Under Part 53 Prepared by the Nuclear Energy Institute February 2025

February 2025

nei.org Acknowledgements This document was developed by the Nuclear Energy Institute working closely with Jensen Hughes, Excel Services and Michael Mayfield. NEI acknowledges and appreciates the contributions of NEI members and other organizations in providing input, reviewing and commenting on the document including Southern Company Services, Argonne National Labs and Oklo.

NEI Project Lead: Jon Facemire, jwf@nei.org Notice Neither NEI, nor any of its employees, members, supporting organizations, contractors, or consultants make any warranty, expressed or implied, or assume any legal responsibility for the accuracy or completeness of, or assume any liability for damages resulting from any use of, any information apparatus, methods, or process disclosed in this report or that such may not infringe privately owned rights.

February 2025

nei.org Executive Summary The Nuclear Energy Innovation and Modernization Act (NEIMA) directs the U.S. Nuclear Regulatory Commission (NRC) to develop a technology-inclusive, performance-based and risk-informed rule for advanced reactors that minimizes the need for exemptions [1]. The Proposed Rule [23] was published on October 31, 2024, based on the draft proposed rule provided in Enclosure 1 of SECY-23-0021 and the staff directive in SRM-SECY-23-0021. The NRC proposed rule was developed with the Licensing Modernization Project (LMP) framework in mind and industrys longstanding position has been that Part 53 must be flexible in allowing various licensing approaches to meet the intent of NEIMA. It is to be expected that different applications will reflect differences in the design and analysis processes for establishing the safety case and licensing basis to meet Part 53 requirements. Insight into the aspects of a variety of risk-informed licensing processes that use different combinations of risk information and deterministic safety analysis, sufficient to demonstrate the safety of the design, should help to inform the development of the Part 53 requirements.

This white paper (WP) describes how Part 53 requirements can be met by a variety of methodologies.

NEI 18-04, endorsed in RG 1.233 for Parts 50 and 52, provides one approach to addressing the Technology-Inclusive, Risk-Informed and Performance Based (TI-RIPB) Part 53. This white paper illustrates the flexibility that should be available in implementing a TI-RIPB process by outlining three additional examples of approaches. Each of these four examples (including that presented in NEI 18-04) reflects a different degree of reliance on deterministic safety analyses relative to risk information. Each of the four examples includes selection of Licensing Basis Events; safety classification of structures, systems, and components (SSCs) and associated risk-informed special treatments; and determination of defense-in-depth (DID) adequacy. By developing the traceability from existing and draft regulatory guidance to the Proposed Part 53 Rule language this WP provides a roadmap for:

Updating Part 53 Rule language to increase flexibility in line with the intent of NEIMA Identifying Regulatory Guidance that should be updated to acknowledge the guidance as one acceptable means to meet the new Part 53 requirements Identifying changes to regulatory guidance to increase flexibility NEI believes many of the updates require minimal changes to the Proposed Part 53, which are summarized in Section 2.1.

February 2025

nei.org Table of Contents Introduction..................................................................................................................................... 1 1.1 Background......................................................................................................................... 1 1.2 Objectives........................................................................................................................... 4 Recommended Enabling Changes to Draft Part 53......................................................................... 6 2.1 Specific Recommended Changes to Part 53....................................................................... 7 2.2 Regulatory Guidance Updates Needed............................................................................. 10 Overview of proposed Risk-Informed Methods............................................................................ 12 3.1 Example A: Process Using NEI 18¬04 (LMP)..................................................................... 13 3.2 Example B: Process with Confirmatory Use of PRA.......................................................... 21 3.3 Example C: Approach Based on IAEA Guidance................................................................ 33 3.4 Example D: Risk-Informed Bounding Approach................................................................ 69 3.5 Summary........................................................................................................................... 82 Next Steps...................................................................................................................................... 83 References..................................................................................................................................... 84 Appendix A. Definitions............................................................................................................................ A-1 Appendix B. Regulatory Guidance Mapping.............................................................................................. B-1 Table of Figures Figure 1: PRA Scope for Construction Permit Applications.......................................................................... 3 Figure 2: Frequency-Consequence Curve................................................................................................... 14 Figure 3: Bounding Frequency-Consequence Curve................................................................................... 71 Figure 4: Elements of the Risk-Informed and Performance-Based Evaluation of Defense in Depth......... 82

February 2025

nei.org 1 INTRODUCTION The Nuclear Energy Innovation and Modernization Act (NEIMA) directs the U.S. Nuclear Regulatory Commission (NRC) to develop a technology-inclusive, performance-based and risk-informed rule for advanced reactors that minimizes the need for exemptions [1]. In response, the NRC is in the process of completing a new rule, 10 CFR Part 53, that will establish the regulatory foundation to implement such a regulatory framework [2]. Part 53 needs to be structured to be flexible enough to accommodate the variety of approaches to licensing that different applicants may take. The applicants will need to present information demonstrating that a design will achieve reasonable assurance of adequate protection of public health and safety. As part of a performance-based and risk-informed framework, however, it is to be expected that different applications will reflect differences in the design and analysis processes for establishing the safety case and licensing basis to meet Part 53 requirements. Even though the methods may be different, there will be commonalities among the methods in terms of addressing common elements of safety functions, safety classification, selection of LBEs and defense in depth. Part 53 Subparts B and C do a good job of identifying these core elements and provide an excellent basis for a higher-level performance based rule. This ability to use different TI-RIPB methods is essential to meet the definition of a Technology-Inclusive Regulatory Framework from NEIMA (emphasis added):

TECHNOLOGY-INCLUSIVE REGULATORY FRAMEWORK. The term technology-inclusive regulatory framework means a regulatory framework developed using methods of evaluation that are flexible and practicable for application to a variety of reactor technologies, including, where appropriate, the use of risk-informed and performance-based techniques and other tools and methods.

Insight into the aspects of a variety of risk-informed licensing processes that use different combinations of probabilistic risk assessment (PRA) and deterministic safety analysis, sufficient to demonstrate the safety of the design, will help inform the development of the Part 53 requirements. By doing this, the staff can address the commission directive from the SRM and the requirement in Section 208 of the ADVANCE Act [25] to include alternatives to probabilistic risk assessment for microreactors. Both the staff and industry benefit from a Part 53 that is more flexible since it requires fewer exemptions and is more efficient without any reduction in safety.

1.1 Background

The goal of this document is to present a flexible framework for a technology-inclusive, risk-informed, and performance-based (TI RIPB) design and analysis process for assessing the safety adequacy of the design under Part 53. This flexibility is essential to meet two objectives:

1. Implementation of the commission directive in SRM-SECY-23-0021 [22]

2. Implementation of the ADVANCE Act Section 208

February 2025

nei.org 2 SRM-SECY-23-0021 In Staff Requirements - Secy-23-0021 - Proposed Rule: Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors (RIN 3150-AK31) the commission directed the staff as follows (emphasis added):

The staff should not apply consensus probabilistic risk assessment (PRA) standards as a strict checklist of requirements for Part 53 PRA acceptability determinations. Rather, the staff should allow PRA acceptability determinations for Part 53 applications to be appropriately flexible, considering how PRA insights are relied upon to support the licensing application, together with factors such as safety margin, simplicity of design, and treatment of uncertainties. The staff should revise the proposed rule or preamble, as appropriate, to convey this point and also seek specific comment in the Federal Register Notice (FRN) for the Part 53 proposed rule on PRA acceptability for Part 53 applications in order to develop guidance.

In order to accommodate the potential for simplified designs and utilization of passive safety features in advanced reactor applications, the staff should collect and evaluate lessons learned from advanced reactor PRA acceptability determinations to better understand the extent to which other evaluation approaches may be used in combination with quantitative, probabilistic approaches. The staff should use this knowledge in future guidance development to improve regulatory certainty in this area.

NEI notes that, as part of the voting record, Commissioner Caputo provided a markup of the Part 53 Rule Language suggesting replacing the requirement for a PRA with a requirement for a Risk Evaluation.

NRC staff chose instead to update the preamble with guidance providing clarity on the meaning of PRA in combination with other generally accepted approaches for systematically evaluating engineered systems. Clarity is provided that NRC determinations of the acceptability of such PRAs would include consideration of the appropriateness of the applicant-defined scope as part of determining the applicability of and conformance to consensus PRA standard supporting requirements consistent with the current state of practice. NEI interprets this as being consistent with RG 1.247 and RG 1.253 which allows the use of Section 3 of the non-LWR PRA Standard to define the scope of the PRA and provides some guidance on supplemental analyses at least for CP applicants utilizing the LMP methodology. This was clearly described in an NRC public meeting on RG 1.253. Similarly, for LWRs, RG 1.200 references NUREG-1855 as providing guidance on how to perform acceptable bounding analyses and on limiting the scope of the application with application specific guidance (RG 1.174, RG 1.201, RG 1.205) providing NRC expectations for specific applications.

February 2025

nei.org 3 Figure 1: PRA Scope for Construction Permit Applications NEI would note that RG 1.253 only allows flexibility for CP applicants following LMP and presumes an all-hazards, all-modes, all-sources PRA for Operating License and Combined License applicants. While it is understood that RG 1.253 was published prior to the commission directive, the update to the preamble is insufficient to meet the commission directive for flexibility for applicants without a revision to RG 1.253. The language The level of detail in a CP PRA should be established using the process provided in Section 3 of ASME/ANS RA-S-1.4-2021, Risk Assessment Application Process. from RG 1.253 should be extended to all LMP applicants to meet the commission directive. How the Part 53 requirements can be met with this context in mind will be described in more detail throughout this paper.

In addition, the language of 10 CFR 53.450(a) retains the requirement for a PRA to identify potential failures, susceptibility to internal and external hazards The requirement to have a PRA where the scope includes external hazards is inconsistent with RG 1.253, the preamble, 53.450(e) and the commission directive. The 53.450(a) language should, at a minimum, be changed to be consistent with other sections and allow PRA in combination with other generally accepted approaches for systematically evaluating engineered systems to address susceptibility to internal and external hazards.

ADVANCE Act Section 208 Whereas updated guidance and a minor change to 53.450(a) could address the intent of the SRM, a more significant revision would be required to address Section 208 of the ADVANCE Act. Section 208 states that (emphasis added):

(a) MICRO-REACTOR LICENSING.The Commission shall (1) not later than 18 months after the date of enactment of this Act, develop risk-informed and performance-based strategies and guidance to license and regulate micro-reactors pursuant to section 103 of the Atomic Energy Act of 1954 (42 U.S.C. 2133), including strategies and guidance for.

(E) risk analysis methods, including alternatives to probabilistic risk assessments; The requirement 53.450(a) and associated regulatory requirements to have a PRA explicitly contradict the law requiring a licensing strategy for microreactors that must provide an alternative to PRA.

However, the Caputo language requiring a risk evaluation would both allow for the PRA-driven approach envisioned for Part 53 and a bounding approach more in line with Draft Guide DG-1414 for

February 2025

nei.org 4 alternative evaluation of risk insights (AERI). We propose accepting the revisions provided in Commissioner Caputos voting record with regard to a risk evaluation as a means to facilitate Commission acceptance and address the ADVANCE Act Section 208. Section 3.4 of this report describes how a bounding approach, informed by DG-1414 can be used to meet all of the proposed requirements in Subparts B and C of Part 53 without significant change to the rule language.

NEI recognizes the ADVANCE Act does allow flexibility in how Section 208 can be implemented:

(A) "within the existing regulatory framework; (B) through the technology-inclusive regulatory framework to be established under section 103(a)(4) of the Nuclear Energy Innovation and Modernization Act (42 U.S.C. 2133 note; Public Law 115-439); or (C) through a pending or new rulemaking.

NEI believes that option B, Part 53, is the best pathway for implementing alternatives to PRA since:

1. Part 53 is meant to be technology-inclusive, and microreactors are an important technology for consideration.

2. The Part 53 framework would require far fewer exemptions than Parts 50 or 52 for microreactors and the Generally Licensed Reactor Operator (GLRO), Fitness for Duty (FFD),

Access Authorization (AA), Security and other Part 53 flexibilities would be particularly beneficial for microreactors.

3. As described in section 3.4, the required changes to the Part 53 rule language are achievable and could be supported by guidance in line with the directive in the SRM for Framework B. This would be more efficient than a new rulemaking.

Historical Background on the Use of PRA In implementing the PRA Policy Statement [3], the NRC has included risk-informed considerations as part of the licensing process for operating plants that were licensed under Part 50 [4], and for plants that have sought combined licenses under Part 52 [5]. For current plants, these considerations have taken the form of a variety of specific risk-informed applications (both mandatory and voluntary in nature) and NRC programs to monitor safety performance. Plants applying for licenses under Part 52 are required to perform a PRA and to report the results as part of their license application. They are also required to use the results, for example, to identify non-safety equipment that could be important to safety. The NRCs Part 52 Lessons Learned rulemaking is seeking to include these same provisions for new reactors licensed under Part 50. While the expanded use of PRA is longstanding NRC policy, this policy has not been updated since passage of the ADVANCE Act which provides a clear carveout for microreactors. Commissioner Caputos voting record points out that safety goals are intended to be applied generically and are not for plant-specific applications.

1.2 Objectives Part 53 will need to consider a spectrum of risk-informed approaches to the licensing of new nuclear power plants considering the NEIMA language for flexibility in methods, the directive of the SRM, the

February 2025

nei.org 5 PRA Policy Statement and the ADVANCE Act. As part of the October 2024 Federal Register Notice for the Part 53 Rule Package, the NRC is seeking stakeholder input on:

What additional guidance, if any, is needed regarding PRA acceptability for Part 53 applicants and licensees.

How part 53 could be revised to better enable its potential use to implement the ADVANCE Act.

Specifically, Section 208 requires the NRC to develop and implement risk-informed and performance-based strategies and guidance in several areas This report informs the response to both questions and provides recommendations on:

Regulatory Guidance updates required to address PRA acceptability as well as RG updates that would provide regulatory clarity for licensing under Part 53 for a flexible set of risk-informed approaches.

Changes to the Part 53 Rule language to provide performance-based flexibility and meet the intent of NEIMA and the ADVANCE Act.

To accomplish the above, this report reviews all requirements in Subparts B and C of the Proposed Part 53 to identify the guidance required for meeting the regulation assuming 4 different licensing approaches:

1. Example A: A process that corresponds to that detailed in NEI 18-04, in which PRA plays a foundational role in informing various aspects of safety, with deterministic analyses playing essential complementary parts.

2. Example B: A process that is similar in many respects to the one presented in NEI 18-04, except that the PRA plays a confirmatory role. In this respect, the primary emphasis is on the use of deterministic analyses for the safety case. As in Example A, insights from the PRA remain key considerations in various aspects of the safety case.

3. Example C: A process that utilizes standards and guidance developed by the International Atomic Energy Agency (IAEA), in which deterministic assessments, including a comprehensive assessment of DID, are supplemented and confirmed by insights from the PRA (called a PSA, by the IAEA).

4. Example D: A process that focuses on the identification and deterministic analysis of a bounding accident (or, potentially, on a set of such accidents). In this example, PRA is used to a more limited extent to provide perspective on specific aspects of the plants safety case, since the deterministic analyses are more bounding/conservative than in the other examples.

All of these methodologies would include a systematic search of events, an assessment of design basis accidents and an assessment of defense-in-depth as a means of informing design criteria and design requirements. All should be able to meet the intent of the requirements of Part 53 (albeit with minor changes required to the rule language and with a need for additional guidance to be developed). The TI-RIPB approaches would differ in the tools and guidance used for the risk evaluations and requirement setting. The following elements of a TI-RIPB framework in current draft sections of Part 53 are expected to require different guidance depending on the methodologies chosen above:

February 2025

nei.org 6 In §53.210 and §53.220 the NRC requires that the established limits for the adequate protection of the public health and safety be met.

In §53.230, the NRC requires that the safety functions of the design be defined.

In §53.240, the NRC requires that the licensing basis events of the design be identified and analyzed.

In §53.250, the NRC requires that the design include adequate provisions for defense in depth.

In §53.400, the NRC requires that design features be provided such that the plant will satisfy the safety criteria in §§53.210 and 53.220 and the safety functions in §53.230 will be maintained.

In §53.410 and §53.420, the NRC requires that the functional design criteria for the design be defined.

In §53.415 and §53.480, the NRC requires that design features be provided to address design basis hazards including detailed guidance on the seismic hazard.

In §53.450, the NRC provides analysis requirements including: PRA, including PRA maintenance and role in establishing the licensing basis, Code Qualification, Design Basis Accident (DBA),

non-DBA Licensing Basis Events (LBEs), Fire Hazard Analysis, Aircraft Impact Analysis and Normal Operating Dose calculations.

o §53.450(g) is expected to rely on the same guidance regardless of TI-RIPB methodology chosen.

In §53.460, the NRC requires that the safety categorization and special-treatment provisions of the design be established.

Appendix B provides the full set of requirements reviewed from Subparts B & C and provides the regulatory guidance expected to be followed. The list above was chosen based on the requirements which are directly dependent on the risk evaluation methodology chosen. Appendix B does have other regulatory guidance differences driven by the assumed technology (LWR for Example B, non-LWR for Examples A and D). Those guidance documents should be updated to be more technology-inclusive, but are not the focus of this report. It is noted that there are other Part 53 requirements relevant to the licensing basis and safety case (e.g., numerous requirements related to programmatic controls and human actions); however, these requirements are not listed here since they do not have a primary effect on the establishment of a TI-RIPB process.

RECOMMENDED ENABLING CHANGES TO DRAFT PART 53 This document describes a spectrum of TI-RIPB approaches for assuring the safety of new designs as they are designed and licensed.

These are described in detail in Section 3. This section provides a summary of the recommended change to Part 53 Rule Language and Regulatory Guidance that would facilitate the use of flexibility in TI-RIPB approaches.

February 2025

nei.org 7 2.1 Specific Recommended Changes to Part 53 This section summarizes the specific recommendations for changing the proposed Part 53 Rule language. This is informed by the detailed analysis of methodologies described in Section 3 which identifies incompatibilities with the current Proposed Part 53. Note that this is not the complete list of changes NEI is suggesting for Subparts B & C to address concerns and challenges, but is only the changes necessary to allow flexibility in TI-RIPB approaches. Other changes proposed and their basis can be found in Enclosure 2 of the NEI Part 53 comment package. Changes proposed in this report fall into 3 categories:

1. Allowance for flexibility in the use of systematic risk evaluations

2. Clarity on the interface between risk evaluations and safety classification and design criteria

3. Clarity in the scope of evaluation (i.e., codes and adequacy) 53.450(a) Requirement for a PRA Current Language

§ 53.450 Analysis requirements.

(a) Requirement to have a probabilistic risk assessment (PRA). A PRA of each commercial nuclear plant must be performed to identify potential failures, susceptibility to internal and external hazards, and other contributing factors to event sequences that might challenge the safety functions identified in § 53.230 and to support demonstrating that each commercial nuclear plant meets the safety criteria of § 53.220, or more restrictive alternative criteria adopted under § 53.470 Proposed Language Change

§ 53.450 Analysis requirements.

(a) Requirement to have a probabilistic risk evaluation assessment (PRA). A risk evaluation PRA of each commercial nuclear plant must be performed to identify potential failures, susceptibility to internal and external hazards, and other contributing factors to event sequences that might challenge the safety functions identified in § 53.230 and to support demonstrating that each commercial nuclear plant meets the safety criteria of § 53.220, or more restrictive alternative criteria adopted under § 53.470 The requirement to have a PRA is prescriptive and not in line with a flexible, Technology-Inclusive Regulatory Framework as defined in NEIMA. [1] As written, it would preclude the bounding approach described in section 3.4 and the traditional design basis-accident (DBA) approach that licensed the vast majority of the U.S. operating fleet. NEI would prefer the language to require a risk evaluation consistent with Commissioner Caputos markup of Part 53. This would be in line with the ADVANCE Act language that microreactors should develop strategies and guidance for risk analysis methods, including alternatives to probabilistic risk assessments. Conforming changes would be required for references to a PRA elsewhere in the Rule.

February 2025

nei.org 8 RG 1.247 would be one acceptable means of meeting 53.450(a) requirement, but a path should be available to LWRs through an update of RG 1.200. In addition, DG-1413 and DG-1414 should allow for a bounding approach to meet the more flexible language proposed for 53.450(a). Written appropriately, DG-1413 and DG 1414 should allow DBA analysis, potentially informed by a maximum credible accident approach (NUREG-1537), and supplemented by traditional hazard analysis to meet 53.450(a) as well.

Alternatively, there are existing DBA analysis requirements for LWRs that have acceptably licensed Large and small light water reactors. This guidance, supplemented by traditional hazard analysis, should be able to meet the Part 53 requirements.

RG 1.253 must also be updated as it currently is not aligned with the commission directive. RG 1.253 only allows flexibility for CP applicants following LMP and presumes an all-hazards, all-modes, all-sources PRA for Operating License and Combined License applicants. While it is understood that RG 1.253 was published prior to the commission directive, the update to the preamble in Part 53 is insufficient to meet the commission directive for flexibility for applicants without a revision to RG 1.253.

The language, The level of detail in a CP PRA should be established using the process provided in Section 3 of ASME/ANS RA-S-1.4-2021, Risk Assessment Application Process. from RG 1.253 should be extended to all LMP applicants, whether at the construction permit or later (OL, COL) licensing stages.

53.450(b), 53.450(c), 53.450(e), 53.1239(a)(18), 53.1416(e)(1), 53.1416(f)(1), 53.1416(g)(1), 53.1545(3),

53.800 All of these sections should be updated to reference a risk evaluation instead of a PRA consistent with the discussion of 53.450(a) above.

53.450(d) - Qualification of Analytical Codes Proposed Language Change:

(d) Qualification of analytical codes. The analytical codes used in modeling plant behavior in physics-based analyses of licensing-basis events (including but not limited to thermodynamics, reactor physics, fuel performance, and mechanistic source term codes) must be qualified for the range of conditions for which they are to be used.

This language could be understood to put unmeetable requirements on PRA software which are used in modeling plant behavior in analyses of licensing-basis events but cannot be qualified in the traditional sense of RG 1.203 compliance.

The PRA acceptability and qualification of codes such as CAFTA, SAPHIRE, FTREX, and PRAQUANT should be maintained in line with current industry practice. Acceptability of these codes is already covered appropriately by the 53.450(a) requirement and guidance in RG 1.247 and RG 1.200 (for LWRs).

53.220 Safety criteria for licensing-basis events other than DBAs Suggest modifying 53.220 to begin:

Design features and programmatic controls classified as NSRSS

February 2025

nei.org 9 RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

As discussed in Section 3 below, DID and cumulative risk metrics should be considered in the broader context of the safety case and, in line with the SRM, the NRCs approval of the metric or set of metrics is not, by itself, an indicator of adequate protection. We suggest language that aligns with RG 1.233 and the SRM to assess cumulative risk in the broader context of an integrated safety assessment.

Proposed Language Change 53.220 Safety Criteria for an Integrated Safety Assessment Design features and programmatic controls for NSRSS SSCs must be provided for each commercial nuclear plant to assure adequate protection of the public health and safety. This is achieved through an integrated safety assessment which must consider the necessary capabilities and reliability of design features and programmatic controls to address LBEs in accordance with 53.450(e), provide measures for defense in depth in accordance with § 53.250; and evaluate residual risk.

53.420 (a) - Functional Design Criteria for licensing-basis events other than DBAs Suggest modifying 53.420(a) to read:

Functional design criteria must be defined for each design feature classified as NSRSS, RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

53.240 - Licensing Basis Events Requirement 53.240(b) indicates that the LBEs for a range of event sequences, must collectively address combinations of malfunctions of plant SSCs, human errors, facility hazards, and the effects of external hazards. It is recommended this wording be revised to specify must collectively address relevant combinations of to ensure that only relevant or appropriate combinations of hazards are considered. As an example, it is longstanding PRA practice to only consider single initiators. Without clarification such as relevant or appropriate it could imply a requirement to consider an internal initiating event coincident with an independent external hazards initiator, which would not be appropriate for any TI-RIPB methodology.

53.240(c)(2) - Licensing Basis Events - adequacy of design features In 53.240(c)(2), the phrase Confirm the adequacy of design features is ambiguous and needs discussion and explanation in the Statements of Consideration. If the intent is to perform an independent engineering evaluation, then the rule and Statements of Consideration should state that.

February 2025

nei.org 10 Consider revising 53.240(b) as follows:

Evaluate Confirm the adequacy of design features and programmatic controls needed to satisfy the safety criteria defined in Sec. 53.210 and 53.220 2.2 Regulatory Guidance Updates Needed Much of Part 53 relies on regulatory guidance already endorsed for Parts 50 and 52. To increase regulatory certainty, it is important that existing RGs, SRPs, and other NRC guidance documents get updated to reflect the methodology is acceptable under Part 53. In theory, all current RGs should be acceptable for use under Part 53, at least for certain reactor types (i.e., LWRs). It may be more efficient in the near term for the NRC to identify RGs that would NOT be acceptable under Part 53 or which would only be acceptable with limitations. NEI is providing a list of the regulatory guides we consider most essential for update to support Part 53 applications.

Highest Priority These are core to a Part 53 safety case and NEI expects no applicant would be willing to pursue Part 53 without this updated guidance.

RG 1.233, which should require minimal changes to expand applicability to LWRs. If needed, NEI is happy to work with NRC to address an addendum to NEI 18-04 to address LWRs. NEI was concerned with the approach NRC implied during the November public meetings that a separate RG would be required for LWRs. NEI believes that the same or very similar guidance should be captured in one Reg Guide to facilitate regulatory clarity. The review carried out for this report identified that NEI 18-04 refers repeatedly to 50.34 dose requirements. If necessary for an update to RG 1.233, NEI 18-04 can be updated to reference both 50.34 and 53.210 dose limits.

NEI believes this is unnecessary since the requirements are equivalent.

RG 1.253, with changes in scope to address LWRs. If needed, NEI is happy to work with NRC to address an addendum to NEI 21-07 to address LWRs. Importantly, the guidance on flexibility in the scope of PRA for LMP CP applicants must be expanded to all applicants to meet the intent of the Commission directive.

RG 1.232, with changes in scope to address LWRs. The ARDC should work for LWRs and licensees should be able to pull from the GDC and/or ARDC as applicable for their LWR designs.

High Priority While some applicants may be willing to pursue Part 53 without these documents, most would be unwilling to take the regulatory risk. These are essential for broader adoption of Part 53.

Given the reliance on PRA in Part 53, it is very important to have RGs providing guidance on the acceptability of PRA for Part 52 RG 1.247 - This guidance is generally sufficient and needs to be updated to indicate acceptability for meeting Part 53 requirements, to address lessons learned from trial use in peer reviews and to address the comments provided by industry on the Trial Use RG.

February 2025

nei.org 11 RG 1.200 - Technical work remains here, but NEI as part of the comment package has provided a means to combine a Full Power Internal Events (FPIE), in combination with bounding and screening approaches to provide confidence that the Quantitative Health Objectives (QHOs) would be achieved.

RG 1.174 - NEI intends to build off EPRIs work on a technology-inclusive advanced reactor risk metric and propose a technology-inclusive risk metric, along with performance objectives that provide confidence that the QHOs will be met. This report should be provided to the NRC for consideration in 2025 and endorsement is important for the ability to meet 10 CFR 53.220(b) and related requirements.

While not directly required for a PRA, RG 1.203 is an essential input to the codes that the PRA will rely upon. It is also referenced in NEI 18-04 as the means of carrying out design-based accident analysis and therefore should be updated as acceptable for meeting the DBA requirements of Part 53.

For those applicants seeking to use a more bounding approach to risk assessments, regulatory guidance should be provided. That may take the form of DG-1413 and DG-1414 but only if significant changes were made after a series of workshops with industry stakeholders. An alternative pathway would be endorsement of a methodology similar to NUREG-1537 for meeting the requirements of Part 53. See Section 3.4 for more details.

The following are essential to meeting the requirements of Subpart D and would inform how applicants meet 53.415, 53.480 and other hazard related requirements. Since, per the discussion of Subpart D in the FRN, Existing approaches could be used to demonstrate compliance with this requirement. NEI expects these will require minimal technical work to update.

RG 1.23 - Meteorological Monitoring Programs for Nuclear Power Plants o NEI is working on an alternative methodology for meteorological data collection to meet the more flexible EP requirements in 10 CFR 50.160. It may be worth delaying an update of RG 1.23 to endorse this alternative methodology expected to be delivered to the NRC in early 2025.

Regulatory Guide 1.27, Revision 3. Ultimate Heat Sink for Nuclear Power Plants Regulatory Guide 1.29, Revision 6. Seismic Design Classification o Some technical modification is required to allow flexibility in selecting SR SSCs.

Regulatory Guide 1.59, Revision 2. Design Basis Floods for Nuclear Power Plants o Appendix K in DG-1290 is valuable and should be incorporated into the revision of RG 1.59 that supports Part 53.

Regulatory Guide 1.76, Revision 1. Design-Basis Tornado and Tornado Missiles for Nuclear Power Plants Regulatory Guide 1.91, Revision 3. Evaluations of Explosions Postulated to Occur on Transportation Routes Near Nuclear Power Plants Regulatory Guide 1.102, Revision 1. Flood Protection for Nuclear Power Plants

February 2025

nei.org 12 o Some technical modification is required to allow flexibility in selecting SR SSCs.

Regulatory Guide 1.132, Revision 3. Site Investigations for Foundations of Nuclear Power Plants Regulatory Guide 1.198, Revision 0. Procedures and Criteria for Assessing Seismic Soil Liquefaction at Nuclear Power Plant Sites Regulatory Guide 1.208, Revision 0. A Performance-Based Approach to Define the Site-Specific Earthquake Ground Motion Regulatory Guide 1.221, Revision 0. Design-Basis Hurricane and Hurricane Missiles for Nuclear Power Plant Regulatory Guide 4.7, Revision 4. General Site Suitability Criteria for Nuclear Power Stations Regulatory Guide 4.26, Revision 1. Volcanic Hazards Assessment for Proposed Nuclear Power Reactor Sites Regulatory Guide 1.189 - The fire protection requirements in 53.440(e), 53.450(g)(1) and 53.875 should be met with an update to RG 1.189 with minimal technical update.

o RG 1.205 could also be updated for more technology-inclusive language, but current licenses tend to lean into the more broadly used RG 1.189 guidance.

The ARCAP series of guidance (DANU-ISG-2022-01 through DANU-ISG-2022-09 should also be updated to provide clarity that the guidance is equally applicable to parts 50, 52 and 53. More detail is provided in Section 3 on updates to align the ARCAP guidance for use under Part 53.

OVERVIEW OF PROPOSED RISK-INFORMED METHODS As described in Section 1.2, a continuum of possible approaches can be envisioned; each approach uses risk information to different degrees to create a TI-RIPB licensing basis. Part 53 regulations must always be met, but the way these are accomplished can vary. This document outlines four examples of acceptable approaches and describes how each approach meets the Part 53 rule language. These should not be interpreted as the only means of meeting the Part 53 requirements, but provide a broad enough spectrum to inform appropriately flexible rule language. As risk evaluation methodologies improve and evolve over time, Part 53 should support innovative approaches, endorsed in guidance, without the need for rule changes or exemptions.

While these examples employ PRA insights and results in different ways, it is expected that all designers will continue to utilize Risk-Informed concepts and make use of the insights they provide as the designs evolve. Designers are encouraged to begin the use of Risk-Informed tools as early in the design process as is practical, and to continue to develop their risk evaluations to obtain the benefits available from the insights relating to safety challenges and opportunities to optimize various aspects of the designs.

Each of the four examples is described in the sections that follow. The examples map the Part 53 requirements related to the risk evaluation to the appropriate guidance from NEI 18-04 endorsed by RG 1.233 or other regulatory guidance documents. All of these methodologies would include a systematic search of events, including events driven by hazards, an assessment of design basis accidents and an assessment of defense-in-depth as a means of informing design criteria and design requirements.

February 2025

nei.org 13 3.1 Example A: Process Using NEI 18¬04 (LMP)

Example A is a process that employs the approach described in NEI 18-04. This section uses LMP as shorthand for this methodology. Since that document already provides detailed guidance, only a summary of the features and attributes of the approach are provided here to establish context for the other examples presented.

This approach envisions beginning to develop a PRA model for the plant as early as possible following definition of a conceptual design. As the design evolves, the PRA is developed in more depth. In addition to serving as a primary tool for assessing the safety of the plant, parallel and iterative development provides an opportunity to identify potential improvements to the design in a timely manner. The key guidance from NEI 18-04 is summarized below and mapped to the requirements in Subparts B and C of Part 53. For simplicity, this example assumes that LMP is being used for a non-LWR with notes capturing guidance that would be needed to support the use of LMP for an LWR.

53.210 - Safety Criteria for design-basis accidents 53.210 specifies the safety criteria for design basis accidents (DBAs) at both the (a) exclusion area boundary, and (b) low-population zone and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

Guidance to meet Regulation The design-basis accident safety criteria are met following NEI 18-04 Figure 3-2, Task 6 - Select Deterministic DBAs and Design Basis External Hazard Levels and Task 7d Perform Deterministic Safety Analyses Against 10 CFR 50.34. RG 1.203 is referenced in NEI 18-04 as the means of carrying out design basis accident analysis and therefore should be acceptable for meeting the DBA requirements of Part 53.

The review carried out for this report identified that NEI 18-04 refers repeatedly to 50.34 dose requirements. If necessary for an update to RG 1.233, NEI 18-04 can be updated to reference both 50.34 and 53.210 dose limits. NEI believes this is unnecessary since the requirements are equivalent.

53.220 - Safety criteria for licensing-basis events other than design-basis accidents 53.220 specifies the safety criteria for non-DBA Licensing Basis Events (LBEs) for both (a) each individual LBE, and (b) all LBEs cumulatively and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

53.220(a) - LBE safety criteria DID 53.220(a) specifies safety criteria in terms of reliability and capability of design features and programmatic controls and defense in depth. These safety criteria are somewhat ambiguous with details expected to be provided in guidance. The ambiguity derives from a lack of clarity in the Rule language, with 53.220(a) reference 52.240, 53.450(e) and 53.250. The pointer to 53.240 is particularly problematic as 53.220 is Safety criteria for licensing-basis events other than design-basis accidents yet 53.240 covers all LBEs including DBAs and 53.240 itself references 53.450 broadly which includes all analysis requirements including DBAs.

This report assumes that 53.220 is meant to cover safety criteria for non-DBA LBEs (anticipated event sequences, unlikely event sequences and very unlikely event sequences) and is intended to address

February 2025

nei.org 14 acceptable doses for those events sequences as well as acceptable defense in depth as discussed in 53.250 Guidance to meet Regulation The non-design-basis accident licensing basis event (LBE) safety criteria are the F-C chart shown in Figure 3-1 met following NEI 18-04 Figure 3-2, Task 7a - Evaluate LBEs Against F-C Target and the more ambiguous design criteria would be related to 53.250 for defense in depth, but are best described in Table 5-2 of NEI 18-04 and would be discussed in more detail in this reports section on 52.250.

Figure 2: Frequency-Consequence Curve (Figure 3-1 from NEI 18-04) 53.220(b) - LBE safety criteria comprehensive risk 53.220(b) specifies safety for all LBEs cumulatively. The criterion is a comprehensive risk metric to be proposed by the applicant and in line with performance objective acceptable to the NRC.

February 2025

nei.org 15 Guidance to meet Regulation The non-design-basis accident licensing basis event (LBE) safety criteria for LMP users are defined in 3.3.5 of NEI 18-04 and assessed in accordance with Task 7b Evaluate Integrated Plant Risk against QHOs and 10 CFR 20.

Suggested Changes to Part 53.220 rule language Suggest modifying 53.220 to read:

Design features and programmatic controls classified as NSRSS RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

53.220(a) as written is confusing as it references 53.240. 52.240(c) explicitly requires analysis of DBAs and analysis of LBEs to meet the criteria of 53.210 (safety criteria for design-basis accidents). 53.240(a) also references 53.450 broadly which could imply 53.220 is meant to cover safety criteria for aircraft impact assessments and fire protection. It is unclear if this was the intent. NEI suggests removing the reference to 53.240 so that safety criteria for non-DBAs dont reference requirements for all LBEs including DBAs.

RG 1.233 also considers Defense in depth holistically without separate criteria for cumulative risk metrics and with the F-C target as a target, not a strict acceptance criteria. The 53.220 requirement should align with the endorsed regulatory guidance and the SRM language that the NRCs approval of the metric or set of metrics is not, by itself, an indicator of adequate protection.

Proposed Language Change 53.220 Safety Criteria for an Integrated Safety Assessment Design features and programmatic controls for NSRSS SSCs must be provided for each commercial nuclear plant to assure adequate protection of the public health and safety. This is achieved through an integrated safety assessment which must consider the necessary capabilities and reliability of design features and programmatic controls to address LBEs in accordance with 53.450(e), provide measures for defense in depth in accordance with § 53.250; and evaluate residual risk.

53.230 - Safety Functions 53.230 defines safety functions in terms of primary (limiting the release of radioactive material) and additional (needed to support the primary function) with a reference to 53.210 and 53.220.

Guidance to meet Regulation The safety functions for LMP users are defined in accordance with NEI 18-04, Figure 3-2, Task 5a, Identify Required Safety Functions, (covers the reference to 53.210) and informed by tasks 7a, 7b, 7c

February 2025

nei.org 16 and 7e (covers the reference to 53.220). More detail is provided in the SSC classification process: NEI 18-04, Figure 4-1, steps 4b, 4c and 5b.

53.240 Licensing Basis Events 53.240 identifies the scope of LBEs that need to be identified and analyzed with a pointer to 53.450. (a) links the LBEs to the Subpart B safety requirements, (b) defines scopes including anticipated event sequences to very unlikely event sequences and covering internal events human errors, facility hazards and external hazards. (c) points to 53.450 analysis requirements including DBAs (53.450(f), 53.210, 53.330 and functional requirements (implying 53.230).

Guidance to meet Regulation Section 3 of NEI 18-04 covers selection of LBEs for LMP users and separate pieces are covered under the associated Part 53 requirements in this section.

Suggested Changes to Part 53.240 rule language Requirement 53.240(b) indicates that the LBEs for a range of event sequences, must collectively address combinations of malfunctions of plant SSCs, human errors, facility hazards, and the effects of external hazards. For facilities using a PRA, it is recommended this wording be revised to specify must collectively address appropriate combinations of to ensure that only relevant or appropriate combinations of hazards are considered. As an example, it is longstanding PRA practice to only consider single initiators. Without clarification such as relevant or appropriate, it could imply a requirement to consider an internal events initiating event coincident with an independent external hazards initiator.

53.250 Defense in Depth 53.250 discusses defense in depth requirements and covers: (a) uncertainties in meeting safety criteria, (b) uncertainties in state of knowledge, modeling capabilities, barrier capability, SSC, programmatic and personnel performance and (c) no overreliance upon a single engineered design feature, human action, or programmatic control.

Guidance to meet Regulation Section 5 of NEI 18-04 covers defense in depth for LMP users. 53.250(a) is primarily covered in Sections 5.6.1 & 5.7 of NEI 18-04, 53.250(b) state of knowledge and modelling uncertainties are covered in 5.7, primarily 5.7.2, barrier capability is covered in 5.6 and programmatic and human capability is covered in 5.8, 53.250(c) is covered by Table 5-2 qualitative guidelines for layers 3-5 and the overall qualitative guideline.

53.400 - Design Features for licensing-basis events 53.400 specifies design features must (a) be provided to satisfy the safety criteria in 53.210 and 53.220 and (b) ensure the safety functions of 53.230 are fulfilled during LBEs.

Guidance to meet Regulation

February 2025

nei.org 17 53.400 is broadly covered for LMP users in Section 4 of NEI 18-04 and particularly in Section 4.4 for Development of SSC Design and Performance Requirements. Functional definitions are covered in 53.230 and the associated safety criteria in 53.210 / 53.220. Task 2 of Figure 4-1 best aligns with this requirement, with more specificity on design features covered elsewhere in Subpart C (and associated NEI 18-04 Section 4).

53.410 - Functional Design Criteria for Design Basis Accidents 53.410(a) requires the definition of functional design criteria (FDC) for each design feature required by 53.400 and relied upon to meet the 53.210 safety criteria. 53.410(b) requires controls to ensure reliability and capability for the defined FDC, consistent with 53.210 and 53.450(f)

Guidance to meet Regulation 53.410(a) is addressed for LMP users in Section 4.4.1 of NEI 18-04, Required Functional Design Criteria for SR SSCs. 53.410(b) is met in part by Section 4.4.2 of NEI 18-04 with more detail provided in Section 4.4.5. It is important to note that the RG endorsing NEI 18-04 contains the statement Designers may likewise use the design criteria from RG 1.232 and confirm or refine them throughout the design process to develop the final PDC provided in an application. This acknowledges the overlap between PDC and FDC and suggests an update to RG 1.232 and RG 1.233 should provide clarity on expectations for FDC under Part 53.

Supplemental guidance for meeting 53.410 and providing an appropriate level of detail in the Safety Analysis Report (SAR) can be found in NEI 21-07 Section 5.3.2 which is endorsed in RG 1.253. RG 1.253 should be updated as an acceptable means of documenting how 53.410 is met in a SAR.

53.415 - Protection against external hazards 53.415 requires that SR SSCs are protected to withstand the effects of natural phenomena and constructed hazards. These requirements reference 53.510 siting requirements in establishing site-specific hazards and 53.230 for the functions that shall be maintained during the DBHLs. There is also a reference to specific earthquake engineering hazards in 53.480.

Guidance to meet Regulation The protection against hazards requirements are met following NEI 18-04 Figure 3-2, Task 6 - Select Deterministic DBAs and Design Basis External Hazard Levels. This section states: When supported by available methods, data, design, site information, and supporting guides and standards, these DBEHLs will be informed by a probabilistic external hazards analysis and will be included in the PRA after the design features that are incorporated to withstand these hazards are defined. Other external hazards not supported by a probabilistic hazard analysis will be covered by DBEHLs that are determined using traditional deterministic methods. There are no NRC endorsed methods for developing a DBEHL for a specific hazard probabilistically. Applicants may propose such an approach for endorsement, but many expect to rely on traditional deterministic methods. In line with the direction of the Commission the preamble to Part 53 now discusses this as follows: These requirements would support either traditional deterministic approaches for determining and protecting against external hazards or probabilistic approaches that are being developed for seismic and some other external hazards. Similarly, the preamble discussion of 53.510 states: Existing approaches could be used to demonstrate compliance

February 2025

nei.org 18 with this requirement. This implies that many traditional RGs should be updated as appropriate for meeting Part 53 requirements. Section 2.2 includes a list of traditional hazard RGs to be updated.

53.420 - Functional design criteria for licensing-basis events other than design-basis accidents.

53.420 requires definition of FDC for non-DBA LBEs which must (a)(1) demonstrate compliance with the 53.220 safety criteria, and (a)(2) demonstrate compliance with the evaluation criteria in 53.450(e), as well as reliability and capability requirements to meet the same criteria.

Guidance to meet Regulation The concept of design criteria for NSRST SSCs is only briefly discussed in NEI 18-04 with Section 4.4.3 acknowledging that, Although the SR SSCs are derived from an evaluation of the RSFs to mitigate the DBEs and DBAs, the SR and non-safety-related SSCs are evaluated against the full set of LBEsincluding the AOOs and BDBEs, as well as normal plant operationat the plant level to ensure that the F-C Target is met. This leads to design requirements for both the SR and non-safety-related SSCs across the full set of LBEs, including the DBAs. Then the reliability and capability associated with NSRST FDC are discussed in Section 4.4.5. The concept of complementary design criteria (CDC) is introduced in NEI 21-07 Section 5.6 tying the NSRSS functions, reliability and capability targets explicitly to principal design criteria (PDC).

Together this guidance meets 53.420 for LMP users.

Suggested Changes to Part 53.420 rule language Suggest modifying 53.420 to read:

Functional design criteria must be defined for each design feature classified as NSRSS, RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

53.450 - Analysis Requirements 53.450 describes analysis requirements and contains many parts:

53.450(a) requires an all-hazards PRA 53.450(b) stipulates the specific uses of the PRA 53.450 (c) includes maintenance and update requirements for the PRA 53.450(d) requires qualification of analytical codes 53.450(e) requires analyses of licensing basis events other than DBAs 53.450(f) requires analyses of DBAs 53.450(g)(1) covers fire protection analysis 53.450(g)(2) covers AIA

February 2025

nei.org 19 53.450(g)(3) requires analysis of normal releases in liquid and gaseous effluents and direct radiation 53.450(a) - All-Hazards PRA RG 1.247 and RG 1.253 provide guidance to meet 53.450(a). RG 1.247 endorses the non-LWR PRA standard which includes a section 3 with guidance on the appropriate scoping of a PRA. This guidance is appropriately flexible and in line with the commission directive in the Part 53 SRM and the updated Part 53 preamble as discussed below. However, RG 1.253 is more prescriptive in the requirements for PRA scope and assumes an all-hazards, all-modes, all-sources PRA for everything except a Construction Permit application. The guidance in RG 1.253 should be updated to allow flexibility for all LMP applications consistent with the SRM, Part 53 preamble, 53.450(b) and (e) and RG 1.247.

RG 1.200, RG 1.253, RG 1.233 and potentially RG 1.174 should be updated for LWRs providing a path for use of the LWR PRA standard for LMP.

Suggested Changes to Part 53.450(a) rule language NEI appreciates the increased flexibility described in the statements of consideration and the language of 53.450. Specifically:

An NRC determination of the acceptability of a PRA includes but is not limited to assessing the initial and boundary conditions and key assumptions used in the analysis, treatment of uncertainties, and the use of screening tools and bounding or simplified methods for any mode or hazard, provided the use of those tools and methods is justified by an acceptable technical basis. In that regard, the consensus PRA standards would not be applied by the NRC as a strict checklist of requirements for part 53 PRA acceptability determinations.

However, the language in 53.450(a) remains problematic and must change to align the 53.450(e), the statements of consideration and the SRM.

§ 53.450 Analysis requirements.

(a) Requirement to have a probabilistic risk assessment (PRA). A PRA of each commercial nuclear plant must be performed to identify potential failures, susceptibility to internal and external hazards, and other contributing factors to event sequences that might challenge the safety functions identified in § 53.230 and to support demonstrating that each commercial nuclear plant meets the safety criteria of § 53.220, or more restrictive alternative criteria adopted under § 53.470 While language in both the preamble and 53.450(e) suggest more flexibility should be provided, in line with the SRM directive, the 53.450(a) language clearly requires an all-hazard PRA. At a minimum, the language needs to change to PRA in combination with other generally accepted approaches for systematically evaluating engineered systems so that 53.450(a) is consistent with 53.450(e), the preamble discussion and the Commission directive in the SRM.

Note that the above change is required for alignment with LMP as endorsed in RG 1.253. For a Construction Permit, RG 1.253 already allows a Full Power Internal Events (FPIE) PRA with hazards addressed via other means such as assessments of the DBHLs. As discussed in later sections, to allow

February 2025

nei.org 20 flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(b) - Specific Uses of the PRA 53.450(b) utilizes the language PRA in combination with other generally accepted approaches for systematically evaluating engineered systems which is appropriately aligned with the Commission directive. Similar to 53.450(a), RG 1.247 and RG 1.253 provide guidance to meet 53.450(b) with guidance on meeting the references Part 53 requirements discussed in those sections of this report.

53.450(b)(4)(5) places controls on the scope of modes and sources to be considered which are aligned with existing guidance. As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(c) - Maintenance and Upgrade of PRA RG 1.247 provides guidance on configuration control and should be updated with conditions as a means of meeting 53.450(c). As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo which, if accepted, would mean the 53.450(c) PRA update requirement should be revised to risk evaluation update requirement.

53.450(d) - Qualification of Analytical Codes RG 1.203 provides guidance on Code qualification and should be updated as a means of meeting the 53.450(d) requirement.

Suggested Changes to Part 53.450(d) rule language This language could be understood to put unmeetable requirements on PRA software which are used in modeling plant behavior in analyses of licensing-basis events but cannot be qualified in the traditional sense of RG 1.203 compliance.

The PRA acceptability and qualification of codes such as CAFTA, SAPHIRE, FTREX, and PRAQUANT should be maintained in line with current industry practice. Acceptability of these codes is already covered appropriately by the 53.450(a) requirement and guidance in RG 1.247 and RG 1.200 (for LWRs). Suggest changing the 53.450(d) language as follows:

(d) Qualification of analytical codes. The analytical codes used in modeling plant behavior in physics-based analyses of licensing-basis events (including but not limited to thermodynamics, reactor physics, fuel performance, and mechanistic source term codes) must be qualified for the range of conditions for which they are to be used.

53.450(e) - Analysis of Licensing Basis Events other than DBAs RG 1.233, particularly sections 3, 4 and 5 provide guidance, along with RG 1.247 on the interaction of the non-LWR PRA with the LMP process to meet the 53.450(e) requirements. (e)(1) is met through Section 3 of NEI 18-04 in line with the PRA Standard Section 1. (e)(2) & (3) is met through assessment of Plant Capability defense in depth in line with Section 5 and would consider margin to the F-C target,

February 2025

nei.org 21 cumulative risk metrics and qualitative assessments of DID. More detail is provided in the referenced Part 53 sections of this report. (e)(4) is met for LMP users in line with Section 3.2.2, Figure 3.2 Task 7 of NEI 18-04.

As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(f) - Analysis of DBAs RG 1.203, RG 1.183 and other guidance documents on source term calculation for DBAs provide guidance on meeting the requirements of 53.450(f) and should be updated as a means of meeting Part 53 DBA requirements. More detail is provided in the referenced Part 53 sections of this report.

53.460 - Safety Categorization and special treatments NEI 18-04 section 4, specifically 4.1-4.3, provides guidance on classifying SSCs and is an acceptable method for meeting the classification criteria in 53.460(a). NEI 18-04 Figure 4-1 tasks 6a, 6b, 7a and 7b meet the requirements of 53.460(b) with more detail provided in section 4.4. Section 4.4 also specifies QA requirements in line with 53.460(b)(1) and (2). Operator requirements are embedded in these same requirements consistent with the reliability and capability required per Section 4 and this meets the requirement of 53.460(c).

RG 1.233 should be updated to indicate NEI 18-04 Section 4 is an acceptable way of meeting 53.460 for LMP Users.

Summary The PRA is the primary tool to establish the safety case, but even under LMP there is a reliance on deterministic methods. RG 1.203 is referenced and relied upon for the DBA Analysis. DBHLs in theory could be derived probabilistically, but there are no NRC endorsed methods for developing a DBHL for a specific hazard probabilistically. DBAs remain an important subset of LBEs, and drive safety classification for SR SSCs. DBAs and DBHLs may drive design requirements for SR SSCs. The Commission is right to acknowledge this in their SRM and this flexibility should inform the treatment of alternative TI RIPB approaches.

3.2 Example B: Process with Confirmatory Use of PRA Example B is similar to Example A; the major difference is that the role of the PRA in Example B is confirmatory whereas the role of the PRA in Example A is foundational. Thus, the methodology in Example B could be a variation on the process detailed in NEI 18-04. Example B relies first and foremost on more traditional deterministic assessments. For example, the functional design criteria are established deterministically (e.g., through the General Design Criteria (GDC) for LWRs or the applicable Advanced Reactor Design Criteria (ARDC) for non-LWRs), rather than through the use of a PRA process as described in NEI 18-04. Insights from the PRA may play important confirmatory roles in assuring that the spectrum of potential challenges to the plant has been adequately defined and in guiding the other elements of the process. The PRA, however, intentionally plays a secondary role.

February 2025

nei.org 22 The GDC/ARDC play an important and foundational role in this example. The designer would rely on the GDC/ARDC, the design concept, and the design goals to define the safety functions, design features and functional design criteria for the design. As the design and supporting analysis proceeds, the means to meet these design criteria may also evolve. Thus, it would be the responsibility of the designer to provide the resultant principal design criteria.

The iterative review of the design (starting at the conceptual stage) to identify potential challenges is similar in principle to that for Example A. This process iterates between deterministic inputs based on a variety of engineering reviews and assessments (including, for example, FMEA and process hazards analyses) and outputs of the design basis accident analysis and hazards analysis. As in Example A, the identification of potential challenges continues both as the design evolves and as the risk evaluation models are developed, and any additional initiating events identified as a result are incorporated into the safety analysis as needed. In this approach, the plant response to potential challenges is analyzed using the same deterministic safety analysis tools as in Example A. Based on the qualitative definitions of these challenges and the results of the deterministic analyses, the plant challenges are organized according to the categories of LBEs cited in the last section (i.e., AOOs, DBEs, BDBEs, and DBAs). The PRA results are used to confirm that the design basis accidents and hazard analysis reasonably bound scenarios that can be foreseen for plant operation. Deterministic analyses, hazards analysis and scoping risk evaluations assure that the Safety Goal QHOs are not challenged. In this process, however, the ultimate determination of the initiating events and event sequences is based upon the deterministic analyses, as validated by the use of risk insights, whereas using the process from NEI 18-04, risk insights from the PRA determine the initiating events and event sequences.

Because the PRA results are used primarily in a confirmatory manner under this approach, some aspects of the PRA may not necessarily be developed to the same level of detail and realism as is envisioned for Example A. For example, the PRA may reflect more conservative treatment of some accident scenarios that are not important contributors to risk. While this would be expected in any PRA to a degree, the extensive use of the PRA results for each of the aspects in Example A would tend to necessitate a more detailed, explicit PRA treatment. This would also be the case for the treatment of uncertainties; explicit quantitative treatment of all uncertainties might in some cases be found to be resource-intensive while yielding minimal practical benefits when the primary assessment tools are deterministic in nature.

Therefore, PRAs that provide input under Example B might make more extensive use of sensitivity studies and qualitative considerations of uncertainty.

Hazards would also be handled primarily through deterministic means until the plant is built. Early experience from Licensing Modernization Process users acknowledges the difficulties in carrying out fire, flooding or other hazard PRAs without a physical plant available to walk down. There is too much uncertainty in pipe and cable placement to complete all but the most simplistic, assumption-laden hazard PRAs. The deterministic analyses utilized for most of the operating fleet provide adequate assurance for protection of public health and safety with regards to hazards until the plant is sufficiently built to allow analysis via Hazard PRA. This has been deemed acceptable in RG 1.253 which only requires a Full Power Internal Events (FPIE) PRA for a construction permit application.

Because the PRA plays a confirmatory role, rather than being central to the safety assessment, it is expected that the PRA itself would not be submitted as part of the formal safety analysis report. Instead, a summary would be submitted, consistent with RG 1.253. The full PRA would be available for audit by the regulator unless deemed acceptable via the peer review process endorsed in RG 1.247.

February 2025

nei.org 23 The process for categorizing SSCs and for identifying special treatments is essentially the same as for Example A. The primary difference is, again, that the identification of safety functions that underlies these elements of the process are driven primarily by deterministic assessments, with confirmation by the PRA. In this example, it is also reasonable to expect that requirements for SSCs could be established without defining quantitative reliability targets. This example also assumes LWRs as a means of ensuring both LWR and non-LWR guidance is addressed in this report.

53.210 - Safety Criteria for design-basis accidents 53.210 specifies the safety criteria for design basis accidents (DBAs) at both the (a) exclusion area boundary, and (b) low-population zone and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

Guidance to meet Regulation This criterion is consistent with Parts 50 and 52 and should be achievable for licensees pursuing a more traditional safety analysis approach. The following Regulatory Guides should be applicable under Part 53, and should be updated to endorse applicability of the guidance for a Part 53 application:

RG 1.145 Atmospheric Dispersion Models for Potential Accident Consequence Assessments at Nuclear Power Plants RG 1.183 Alternative Radiological Source Terms for Evaluating Design Basis Accidents at Nuclear Power Reactors 53.220 - Safety criteria for licensing-basis events other than design-basis accidents 53.220 specifies the safety criteria for non-DBA Licensing Basis Events (LBEs) for both (a) each individual LBE, and (b) all LBEs cumulatively and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

53.220(a) - LBE safety criteria DID Guidance to meet Regulation For those pursuing a more traditional licensing approach, the F-C target may be limited to full power internal events (FPIE) with hazards and non-core sources handled in the more traditional deterministic sense. Applicants may use SRP chapter 19 and RG 1.226 for addressing BDBEs and Part 20 requirements and guidance for addressing AOOs. DBEs would be addressed via DBAs and requirements for fire hazard analysis or seismic hazard analysis which ensure that at least one train is available for safe shutdown during DBEs. This would not be a strict quantitative requirement, but a qualitative argument ensuring sufficient DID.

53.220(b) - LBE safety criteria comprehensive risk 53.220(b) specifies safety for all LBEs cumulatively. The criterion is a comprehensive risk metric to be proposed by the applicant and in line with performance objective acceptable to the NRC.

February 2025

nei.org 24 Guidance to meet Regulation It is recommended that the following be updated to endorse applicability of the guidance for a Part 53 application: RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, RG 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities. CDF and LERF should be reasonable surrogates for the QHOs and RG 1.200 should provide guidance for PRA acceptable for LWRs. Such surrogate measures for comprehensive risk metrics and associated risk performance objectives could be used in a manner similar to the use of core damage frequency and conditional containment failure probability for LWRs within the safety goal evaluation process in NUREG/BR-0058, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission, and other assessments of LWRs using the NRCs safety goals.

Consistent with NUREG-0880, the proposed comprehensive risk metrics and associated risk performance objectives required under § 53.220(b) could be expressed in terms of a biologically average individual in terms of age and other risk factors.

Traditionally PRAs did not consider all modes and all sources, but traditional design requirements and treatments can assure adequate protection of public health and safety. Screening tools and bounding or simplified methods may be used for any mode or hazard, provided the applicant provides an acceptable technical basis. Uncertainties should be addressed. Hazards will require more scrutiny, but the Design Basis External Hazard Level (DBEHL) concept ensures that risk of a set consequence remains below a certain frequency. 53.220 Safety Criteria for LBEs (other than DBAs) requires the provision of design features and programmatic controls, and inclusion of comprehensive risk metrics that satisfy risk performance objectives that are acceptable to the NRC. Traditional seismic hazards analysis, fire hazards analysis and flooding requirements provide assurance the hazards will not result in exceeding the QHOs.

If low frequency hazards must be considered for Part 53, the 53.220(b) discussion in section 3.4 provides detail on how this can be achieved.

It is noted that regulatory guidance will require updating for consistency with the flexibility accorded in Part 53, and additional flexibility should be incorporated into DG-1414, RG 1.233 or the DG under development for comprehensive risk metrics under Part 53 with respect to dose criteria and credit for highly reliable active safety features (e.g., reactor protection system) and passive safety features to provide a risk context rather than only a consequence context.

Suggested Changes to Part 53.220 rule language Suggest modifying 53.220 to read:

Design features and programmatic controls classified as NSRSS RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

RG 1.233 considers defense in depth holistically without separate criteria for cumulative risk metrics and with the F-C target as a target, not a strict acceptance criteria. The 53.220 should align with the endorsed regulatory guidance and the SRM language that the NRCs approval of the metric or set of metrics is not, by itself, an indicator of adequate protection.

February 2025

nei.org 25 53.220 Safety Criteria for an Integrated Safety Assessment Design features and programmatic controls for NSRSS SSCs must be provided for each commercial nuclear plant to assure adequate protection of the public health and safety. This is achieved through an integrated safety assessment which must consider the necessary capabilities and reliability of design features and programmatic controls to address LBEs in accordance with 53.450(e), provide measures for defense in depth in accordance with § 53.250; and evaluate residual risk.

53.230 - Safety Functions 53.230 defines safety functions in terms of primary (limiting the release of radioactive material) and additional (needed to support the primary function) with a reference to 53.210 and 53.220.

Guidance to meet Regulation 53.230 specifies the primary safety function in the rule, and the other functions can be derived from a subset of the general design criteria (GDC) and Advanced Reactor Design Criteria (ARDC) in concert with the design basis accidents (DBAs) and other licensing basis events (LBEs) identified. As described in a Topical Report submitted by X-Energy and endorsed by the NRC (ML24190A060), Tables 1 and 2 provide the Modular High Temperature Gas Reactor - Design Criteria (MHTGR-DC) that can serve the role of functional design criteria (FDC) under Part 53. Similarly, the ARDC and SFRDC in RG 1.232 can be linked to FDC for use under Part 53. The mapping would be confirmed in each application and the classifications determined by whether the FDC are credited in DBAs or solely non-DBA LBEs. Safety functions can be derived from the FDC of identified via the functions credited in DBAs and non-DBA LBEs. We suggest updating RG 1.232 with clear identification of which SFR-DC, MHTGR-DC and ARDC would appropriately be considered FDC under Part 53 and provide a mapping back to safety functions for those DC.

53.240 Licensing Basis Events 53.240 identifies the scope of LBEs that need to be identified and analyzed with a pointer to 53.450. (a) links the LBEs to the Subpart B safety requirements, (b) defines scopes including anticipated event sequences to very unlikely event sequences and covering internal events human errors, facility hazards and external hazards. (c) points to 53.450 analysis requirements including DBAs (53.450(f), 53.210, 53.330 and functional requirements (implying 53.230).

Guidance to meet Regulation The Standard Review Plan (SRP) Chapter 15 covers an appropriate set of DBAs for LWRs and should be acceptable for LWR applications under Part 53. A PRA could confirm that no DBAs are missing and identify additional LBEs for meeting the non-DBA requirements of Part 53. RG 1.233 should be updated with a pathway that allows traditional guidance to play a leading role with the PRA in support. This may require that certain assessment requirements (ATWS, SBO mitigation of beyond design basis events) carried out in a more traditional manner must inform the assessment of defense in depth. Applicants should have the flexibility to address external hazards, non-core sources and lower modes with supplemental evaluation in accordance with PRA standards endorsed by the NRC (RG 1.200, RG 1.174, RG 1.247). RG 1.253 should be updated to clarify that supplemental evaluations in line with the PRA

February 2025

nei.org 26 standard should be acceptable for all licensing applications if technically justified. NRC and industry can hold workshops to align on acceptability of supplemental evaluations in the context of Part 53.

Suggested Changes to Part 53.240 rule language Requirement 53.240(b) indicates that the LBEs for a range of event sequences, must collectively address combinations of malfunctions of plant SSCs, human errors, facility hazards, and the effects of external hazards. For facilities using a PRA, it is recommended this wording be revised to specify must collectively address appropriate combinations of to ensure that only relevant or appropriate combinations of hazards are considered. As an example, it is longstanding PRA practice to only consider single initiators. Without clarification such as relevant or appropriate, it could imply a requirement to consider an internal events initiating event coincident with an independent external hazards initiator.

In 53.240(c)(2), the phrase Confirm the adequacy of design features is ambiguous and needs discussion and explanation in the Statements of Consideration. If the intent is to perform an independent engineering evaluation, then the rule and Statements of Consideration should state that.

Consider revising 53.240(b) as follows:

Evaluate Confirm the adequacy of design features and programmatic controls needed to satisfy the safety criteria defined in Sec. 53.210 and 53.220 53.250 Defense in Depth 53.250 discusses defense in depth requirements and covers: (a) uncertainties in meeting safety criteria, (b) uncertainties in state of knowledge, modeling capabilities, barrier capability, SSC, programmatic and personnel performance and (c) no overreliance upon a single engineered design feature, human action, or programmatic control.

Guidance to meet Regulation These defense-in-depth requirements are judged reasonable and flexible for simplified and bounding analyses, where additionally analytical conservatism (e.g., with respect to defining the bounding sequences) counters uncertainties. Parts 50 and 52 address defense-in-depth through layered prescriptive requirements for LWR technology. Part 53 provides flexibility through identification and analysis of required safety functions (e.g., controlling reactivity, heat removal) appropriate to the reactor technology, with a focus on the retention of radioactive materials. Preclusion of reliance on a single design feature, human action, or programmatic control in conjunction with assessment of a broad spectrum of possible accident sequences serves to address single failure criterion. Dedicated success paths for individual DBAs contributes to inclusion of defense-in-depth layers. DG-1414 provides guidance for evaluating defense-in-depth, similar to that of RG 1.174, that would be applied.

Additionally, the DG-1414 guidance for systematic identification of risk insights includes consideration of defense-in-depth and complementary aspects such as important common cause failures and sensitivity to external hazards. Such systematic reviews in conjunction with deterministic analyses (e.g., fission product barriers), identifying bounding sequence risk evaluations, and consideration of prior analyses for similar plants (e.g., licensing bases, PRAs) would support robust evaluation of defense-in-depth.

Either an update to DG-1414 or RG 1.233 should include a pathway to meeting the DID requirements of 53.250 in a more traditional sense (SFC, multiple fission product barriers, etc.).

February 2025

nei.org 27 53.400 - Design Features for licensing-basis events 53.400 specifies design features must (a) be provided to satisfy the safety criteria in 53.210 and 53.220 and (b) ensure the safety functions of 53.230 are fulfilled during LBEs.

Guidance to meet Regulation 53.400 is covered in other sections of this report. Functional definitions are covered in 53.230 and the associated safety criteria in 53.210 / 53.220. Other sections of Part 53 Subpart C cover the specifics of 53.400 and guidance to support those requirements are covered in those sections.

53.410 - Functional Design Criteria for Design Basis Accidents 53.410(a) requires the definition of functional design criteria (FDC) for each design feature required by 53.400 and relied upon to meet the 53.210 safety criteria. 53.410(b) requires controls to ensure reliability and capability for the defined FDC, consistent with 53.210 and 53.450(f).

Guidance to meet Regulation RG 1.232, Developing Principal Design Criteria for Non-Light Water Reactors, should be updated to endorse applicability of the guidance for a Part 53 application. Scope should be expanded to cover LWRs with the ARDC as appropriate. See the discussion in the section for 53.230 for more detail.

53.415 - Protection against external hazards 53.415 requires that SR SSCs are protected to withstand the effects of natural phenomena and constructed hazards. These requirements reference 53.510 siting requirements in establishing site-specific hazards and 53.230 for the functions that shall be maintained during the DBHLs. There is also a reference to specific earthquake engineering hazards in 53.480.

Guidance to meet Regulation The protection against hazards requirements can be met following traditional hazard analysis. In line with the direction of the Commission the preamble to Part 53 now discusses this as follows: These requirements would support either traditional deterministic approaches for determining and protecting against external hazards or probabilistic approaches that are being developed for seismic and some other external hazards. Similarly the preamble discussion of 53.510 states: Existing approaches could be used to demonstrate compliance with this requirement. This implies that many traditional RGs for should be updated as appropriate for meeting Part 53 requirements. Section 2.2 includes a list of traditional hazard RGs to be updated.

53.420 - Functional design criteria for licensing-basis events other than design-basis accidents.

53.420 requires definition of FDC for non-DBA LBEs which must (a)(1) demonstrate compliance with the 53.220 safety criteria, (a)(2) demonstrate compliance with the evaluation criteria in 53.450(e) as well as reliability and capability requirements to meet the same criteria.

February 2025

nei.org 28 Guidance to meet Regulation RG 1.232, Developing Principal Design Criteria for Non-Light Water Reactors, should be updated to endorse applicability of the guidance for a Part 53 application. Scope should be expanded to cover LWRs with the ARDC as appropriate. Design criteria credited in DBAs should meet 53.410 and be SR and DC credited in other LBEs for DID or to meet the cumulative risk metrics should meet 53.420. See the discussion in the section for 53.230 for more detail.

Suggested Changes to Part 53.420 rule language Suggest modifying 53.420 to read:

Functional design criteria must be defined for each design feature classified as NSRSS, RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

53.450 - Analysis Requirements 53.450 describes analysis requirements and contains many parts:

53.450(a) requires an all-hazards PRA 53.450(b) stipulates the specific uses of the PRA 53.450 (c) includes maintenance and update requirements for the PRA 53.450(d) requires qualification of analytical codes 53.450(e) requires analyses of licensing basis events other than DBAs 53.450(f) requires analyses of DBAs 53.450(g)(1) covers fire protection analysis 53.450(g)(2) covers AIA 53.450(g)(3) requires analysis of normal releases in liquid and gaseous effluents and direct radiation 53.450(a) - All-Hazards PRA RG 1.200, RG 1.253, RG 1.233 and potentially RG 1.174 should be updated for LWRs providing a path for use of the LWR PRA standard for Part 53.

Framework for PRA Evaluation:

RG 1.200 outlines a framework for assessing the technical adequacy of PRA results. This framework is based on the PRA standards developed by the American Society of Mechanical Engineers (ASME) and other relevant standards. The guide ensures that PRAs used in regulatory decisions meet a high standard of quality and reliability.

February 2025

nei.org 29 Risk-Informed Decision Making:

The guide supports the NRCs risk-informed regulatory approach, which integrates traditional deterministic safety analysis with insights from probabilistic risk assessment. This approach allows the NRC to focus regulatory and oversight efforts on the most risk-significant areas and to make decisions that better reflect the actual safety significance of issues.

Scope of PRA Application:

RG 1.200 is applicable to various risk-informed activities including changes to the licensing basis, changes to technical specifications, and other regulatory decisions that can benefit from risk insights.

The guide provides criteria for the scope and level of detail required in PRA studies depending on the specific application and decision-making context.

Acceptance Criteria and Review Process:

The guide sets forth acceptance criteria for PRA models and results, detailing specific technical elements that must be addressed, such as initiating events, success criteria, and data analysis. It also describes a peer review process for PRA, which is critical for ensuring the independence and objectivity of the risk assessment.

Suggested Changes to Part 53.450(a) rule language NEI appreciates the increased flexibility described in the statements of consideration and the language of 53.450. Specifically:

An NRC determination of the acceptability of a PRA includes but is not limited to assessing the initial and boundary conditions and key assumptions used in the analysis, treatment of uncertainties, and the use of screening tools and bounding or simplified methods for any mode or hazard, provided the use of those tools and methods is justified by an acceptable technical basis. In that regard, the consensus PRA standards would not be applied by the NRC as a strict checklist of requirements for part 53 PRA acceptability determinations.

However, the language in 53.450(a) remains problematic and must change to align the 53.450(e), the statements of consideration and the SRM.

§ 53.450 Analysis requirements.

(a) Requirement to have a probabilistic risk assessment (PRA). A PRA of each commercial nuclear plant must be performed to identify potential failures, susceptibility to internal and external hazards, and other contributing factors to event sequences that might challenge the safety functions identified in § 53.230 and to support demonstrating that each commercial nuclear plant meets the safety criteria of § 53.220, or more restrictive alternative criteria adopted under § 53.470.

While language in both the preamble and 53.450(e) suggest more flexibility should be provided, in line with the SRM directive, the 53.450(a) language clearly requires an all-hazard PRA. At a minimum, the language needs to change to PRA in combination with other generally accepted approaches for

February 2025

nei.org 30 systematically evaluating engineered systems so that 53.450(a) is consistent with 53.450(e), the preamble discussion and the Commission directive in the SRM.

Note that the above change is required for a more traditional approach to safety analysis where PRA is used in combination with other methods of evaluation. For a Construction Permit, RG 1.253 already allows a Full Power Internal Events (FPIE) PRA with hazards addressed via other means such as assessments of the DBHLs. As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(b) - Specific Uses of the PRA 53.450(b) utilizes the language PRA in combination with other generally accepted approaches for systematically evaluating engineered systems which is appropriately aligned with the Commission directive. Similar to 53.450(a), RG 1.247 and RG 1.253 provide guidance to meet 53.450(b) with guidance on meeting the references Part 53 requirements discussed in those sections of this report.

53.450(b)(4) & (5) place controls on the scope of modes and sources to be considered which are aligned with existing guidance. As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(c) - Maintenance and Upgrade of PRA For LWRs, RG 1.200 provides guidance on configuration control and should be updated with conditions as a means of meeting 53.450(c). As discussed in later sections, to allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

Continuous Improvement:

RG 1.200 encourages the continuous improvement of PRA quality and capabilities. It recognizes that PRA is a dynamic field and that advances in technology and methodology can enhance the precision and utility of risk assessments. The guide supports the incorporation of new data and insights into existing PRA models to keep them current with the state of the art.

53.450(d) - Qualification of Analytical Codes RG 1.203 provides guidance on Code qualification and should be updated as a means of meeting the 53.450(d) requirement.

Suggested Changes to Part 53.450(d) rule language This language could be understood to put unmeetable requirements on PRA software which are used in modeling plant behavior in analyses of licensing-basis events but cannot be qualified in the traditional sense of RG 1.203 compliance.

The PRA acceptability and qualification of codes such as CAFTA, SAPHIRE, FTREX, and PRAQUANT should be maintained in line with current industry practice. Acceptability of these codes is already covered

February 2025

nei.org 31 appropriately by the 53.450(a) requirement and guidance in RG 1.247 amd RG 1.200 (for LWRs). Suggest changing the 53.450(d) language as follows:

(d) Qualification of analytical codes. The analytical codes used in modeling plant behavior in physics-based analyses of licensing-basis events (including but not limited to thermodynamics, reactor physics, fuel performance, and mechanistic source term codes) must be qualified for the range of conditions for which they are to be used.

53.450(e) - Analysis of Licensing Basis Events other than DBAs The traditional defense in depth approach is a safety philosophy used in nuclear reactor regulation that involves multiple layers of redundant safety systems. This approach is characterized by:

Multiple Physical Barriers These barriers prevent the release of radioactive materials. They include the fuel cladding, the reactor vessel, and the containment building.

Redundant and Diverse Safety Systems Multiple safety systems are designed to perform the same function, so if one fails, others can take over.

These systems are often active and require power or operator action to function.

Conservative Design and Safety Margins Traditional reactors are designed with conservative assumptions and large safety margins to account for uncertainties in the analysis of potential accidents.

The rule can generally be met as written using traditional approaches. However, a more detailed comparison to better understand the benefits should be performed to help inform the industry how to augment existing processes to meet new approaches. Key aspects to be further investigated should include the following:

Flexibility vs. Prescriptiveness The DBA approach under Part 53 is provided to be more flexible, allowing for performance-based safety criteria tailored to specific reactor designs. It is unclear the regulatory iterations it would take to satisfy the NRC to maintain this type of license basis. Cost and delays due to an undefined process are likely to cause undue regulatory burden in areas where traditional established methods are already understood and working throughout the industry. In contrast, the traditional defense in depth approach is more prescriptive, with specific engineering requirements and redundant systems that must be included regardless of the reactor design.

Inherent Safety vs. Engineered Safety Advanced reactors often incorporate inherent safety features that reduce the reliance on active safety systems. Traditional defense in depth relies heavily on engineered safety systems that are active and require human intervention or power.

February 2025

nei.org 32 Adaptability vs. Uniformity Part 53's approach is adaptable to a wide range of technologies and reactor types, potentially facilitating innovation in nuclear reactor design. The traditional approach applies a more uniform set of standards that all reactors must meet, which can limit flexibility but ensures a consistent level of safety.

53.450(f) - Analysis of DBAs RG 1.203, RG 1.183 and other guidance documents on source term calculation for DBAs provide guidance on meeting the requirements of 53.450(f) and should be updated as a means of meeting Part 53 DBA requirements. More detail is provided in the referenced Part 53 sections of this report.

53.460 - Safety Categorization and special treatments Utilizing Regulatory Guide (RG) 1.160, Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, provides guidance on ensuring that maintenance programs are effective in maintaining the functionality and reliability of equipment, including those not designated as safety-related but which may have safety implications like NSRST SSCs. Heres how RG 1.160 can be applied to meet the requirements of 10 CFR 53.460:

Performance Monitoring RG 1.160 emphasizes performance-based monitoring of maintenance effectiveness. For NSRST SSCs, this approach can ensure that these components continue to perform their intended function related to accident monitoring or radiation protection effectively, even though they are not classified as safety-related.

Maintenance Strategies The guide recommends various maintenance strategies that can be tailored to the importance and function of the equipment. For NSRST SSCs, maintenance can be optimized based on their role in accident scenarios or radiation protection, ensuring that they are maintained in a manner that supports their special function.

Reliability Assessments RG 1.160 suggests regular reliability assessments to evaluate the performance of maintenance programs. Applying these assessments to NSRST SSCs helps in identifying potential degradation in performance and ensuring that any such degradation does not compromise their special function.

It is recommended that acknowledgment in the statement of considerations (SOC) during publication of the new rule include language that existing deterministic approaches using NRC-endorsed Regulatory Guides can meet the new proposed rule by leveraging their conservative assumptions, safety margins, and compliance framework.

Suggest wording similar to the following be included in the new rules SOC: Deterministic approaches inherently incorporate conservative assumptions, which align with the new rules emphasis on ensuring safety through robust analysis. These assumptions help identify and mitigate potential risks, supporting the rules objective. The use of safety margins in deterministic approaches provides a buffer against

February 2025

nei.org 33 uncertainties, aligning with the new rules' requirement for comprehensive risk evaluation. These margins ensure that unforeseen events are unlikely to compromise safety. NRC-endorsed Regulatory Guides provide a framework for compliance with established safety criteria, which can be adapted to meet the performance-based aspects of the proposed rule. By following these guides, licensees can demonstrate adherence to both deterministic and risk-informed requirements.

RG 1.33, "Quality Assurance Program Requirements (Operation)"

This guide provides guidance on establishing and implementing quality assurance programs during the operation of nuclear power plants. It can be applied to ensure that NSRST SSCs are included in the quality assurance programs, particularly those aspects related to their special functions.

RG 1.53, "Application of the Single-Failure Criterion to Nuclear Power Plant Protection Systems" While primarily focused on safety-related systems, the principles in this guide can help in evaluating the impact of a single failure of NSRST SSCs on their ability to perform their special functions during accident conditions.

RG 1.177, "An Approach for Plant-Specific, Risk-Informed Decision making: Technical Specifications" This guide provides a methodology for risk-informed decision-making regarding technical specifications.

It can be used to determine the appropriate technical specifications for NSRST SSCs, ensuring that their operation, testing, and maintenance are aligned with their importance to safety.

3.3 Example C: Approach Based on IAEA Guidance The third example is consistent with requirements and guidance from the IAEA. This approach provides for a graded process that allows the relative roles of deterministic safety assessment and risk information to be determined by the designer, taking into account the nature of the design.

Recognizing that different member states have different regulations and requirements, the IAEA safety standards provide support for states in meeting their obligations under general principles of international law, such as those relating to environmental protection. International safety standards also promote and assure confidence in safety and facilitate international commerce and trade. The IAEA safety standards reflect an international consensus on what constitutes a high level of safety for protecting people and the environment from harmful effects of ionizing radiation by establishing safety fundamentals, safety requirements and safety guides. Within this framework, the IAEA has identified a higher-level set of principal technical requirements that include requirements aimed at assuring that the design is capable of satisfying fundamental safety functions and incorporates adequate provisions for defense in depth [15]. The designer is required to define the relevant design criteria, consistent with the needs to satisfy the principal technical requirements and taking into account the demands posed by the DBAs. The IAEA has also identified more specific requirements for design and safety assessment, some of which are very similar to principal design requirements. These include, for example, requirements for physical separation and independence of safety systems; incorporation of redundancy and diversity to address the potential for common-cause failures; and application of the single failure criterion to each safety group in the plant design. In general, this approach would appear to be consistent with the evolving Part 53 requirements [16].

February 2025

nei.org 34 The IAEA process also requires considering a set of plant states comparable to LBEs. This is addressed in the context of postulated initiating events (PIEs) and event sequences that could result from a PIE combined with additional failures of SSCs. The set of PIEs must be comprehensive and must include all foreseeable events with the potential for serious consequences and those with a significant frequency of occurrence. This process relies on engineering judgment and a combination of deterministic analysis and risk information. The IAEA also provides guidance for performing the deterministic analyses needed to support this process [17]. The designer is required to justify the extent to which deterministic analyses and risk information are used to provide confidence that the search has been adequately comprehensive.

As shown below, the IAEA plant states align reasonably well with the set of LBEs discussed in Section 4.1:

IAEA Plant States [15]

Equivalent LBEs per Part 53 Normal Operation Not explicitly considered an LBE, although potential releases during normal operation must be addressed Anticipated operational occurrences, which are expected to occur over the lifetime of the plant Abnormal operating occurrence (No direct equivalent - see design-basis accidents)

Unlikely event sequences Design extension conditions, including accidents with core melting Very unlikely event sequences Design basis accidents Design-basis accidents Thus, the PIEs and event sequences referred to in IAEA publications can be considered to be equivalent to LBEs in the U.S. context. Most significantly, the IAEA requires a systematic approach to identifying a comprehensive set of PIEs and event sequences that specifically consider all foreseeable failures of SSCs.

These failures include those arising from internal or external hazards and take into account potential operating errors. This must be done for all operating modes. Potential interactions among multiple units at a site must also be considered.

The IAEA requirements do not establish dose limits for each category of event (i.e., normal operation, accident, or beyond-design-basis). The IAEA leaves it to each member states regulatory body to establish consequence limits. This is compatible with Part 53, in that the designer would apply the consequence limits from the NRC regulations. Guidance could be established to provide more details on how the IAEA approach would incorporate the NRC consequence limits. One option would be to assess the LBEs in the context of an F-C curve such as that shown in Figure 2. It is reasonable, however, to expect that an applicant in the U.S. would apply insights from the PRA to determine whether there were any aspects of the design that would cause one or more of the targets to be approached.

Likewise, there is no explicit IAEA requirement to address the design in the context of a safety goal comparable to the quantitative health objectives. An applicant in the U.S. would be expected to apply results from the PRA to confirm the QHOs were not challenged.

February 2025

nei.org 35 The IAEA does not explicitly address uncertainties in the context of the PRA results, in large part because of the greater reliance on the results of deterministic safety analyses. It requires that uncertainties be given adequate consideration in the design of the plant and in particular that the design includes adequate margin to avoid cliff-edge effects1 and large or early releases of radionuclides. This is appropriate given the prominent role of deterministic analyses and is consistent with the emphasis on defense-in-depth elements in the IAEAs approach, as well as the somewhat more limited role of the risk information.

Defense in depth plays a prominent role in the IAEA approach, and it is discussed in some detail in a variety of IAEA publications [15, 18]. Indeed, the IAEA notes that [15]:

The primary means of preventing accidents in a nuclear power plant and mitigating the consequences of accidents if they do occur is the application of the concept of defense in depth.

The IAEA suggests a logical framework that addresses DID at five levels:

Level 1: preventing deviations from normal operations - avoidance of AOOs.

Level 2: detection and control of deviations from normal operation - avoiding escalation of AOOs to accident conditions.

Level 3: prevention of accident conditions from proceeding to damage to the plant that could lead to a release of radioactivity.

Level 4: mitigation of a severe accident (i.e., one that has progressed to the point at which the release of radioactivity is possible).

Level 5: mitigation of the consequences through appropriate onsite and offsite emergency response.

The IAEA has established a series of requirements for deterministic assessment of the adequacy of DID provisions. There is also an expectation that the results of the PRA will be used in a confirmatory manner

[12]:

The design shall take due account of the probabilistic safety analysis of the plant for all modes of operation and for all plant states, including shutdown, with particular reference to:

(a) Establishing that a balanced design has been achieved such that no particular feature or postulated initiating event makes a disproportionately large or significantly uncertain contribution to the overall risks, and that, to the extent practicable, the levels of defense in depth are independent 1 A cliff edge effect in a nuclear power plant is an instance of severely abnormal plant behavior caused by an abrupt transition from one plant status to another following a small deviation in a plant parameter, and thus a sudden large variation in plant conditions in response to a small variation in an input [19].

February 2025

nei.org 36 With respect to safety classification, the IAEA process differs somewhat from that in Part 53, but would permit classification consistent with the Part 53 requirements. The IAEA process requires a combination of deterministic and probabilistic assessments that constitutes a risk-informed approach [12]:

The method for classifying the safety significance of items important to safety shall be based primarily on deterministic methods complemented, where appropriate, by probabilistic methods, with due account taken of factors such as:

(a) The safety function(s) to be performed by the item; (b) The consequences of failure to perform a safety function; (c) The frequency with which the item will be called upon to perform a safety function; (d) The time following a postulated initiating event at which, or the period for which, the item will be called upon to perform a safety function.

The IAEA approach includes a variety of programmatic requirements to establish provisions for the design, procurement, operation, and monitoring of SSCs that are the equivalent of special treatments. It does not explicitly address using a risk-informed approach to guide these processes in general, but such an approach would be consistent with the guidance for other aspects of the safety assessment.

While there are requirements related to the reliability of SSCs, they are qualitative in nature; the IAEA approach does not impose a requirement to set quantitative reliability targets for SSCs. Once again, this is consistent with the prominent role of deterministic and defense-in-depth elements in the IAEAs approach, and the more limited role of the risk information.

While not exactly aligned, there is a pathway to NRC endorsement of IAEA standards as a means of meeting Part 53. The mapping below is high level and NEI intends to provide a report to NRC later this year providing more detail on how IAEA standards can meet U.S. licensing requirements. While the IAEA requirements are necessarily flexible to facilitate use across countries there are some key areas where the Part 53 requirements will be problematic for those pursuing licensing in an IAEA framework.

53.440(b) requires NRC endorsement of C&S which is problematic for licensees using international C&S that have largely not been endorsed by NRC.

IAEA requirements for specific systems were not addressed since Part 53 does not include system specific requirements. IAEA requirements for Rad Protection would align with Part 20, not 53.

February 2025

nei.org 37 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES

3. MANAGEMENT OF SAFETY IN DESIGN Requirement 1: Responsibilities in the management of safety in plant design An applicant for a license to construct and/or operate a nuclear power plant shall be responsible for ensuring that the design submitted to the regulatory body meets all applicable safety requirements.

N/A

§ 53.070 Completeness and accuracy of information.

53.070 seems to hit Requirement 1 directly.

Requirement 2: Management system for plant design The design organization shall establish and implement a management system for ensuring that all safety requirements established for the design of the plant are considered and implemented in all phases of the design process and that they are met in the "nal design.

3.2. The management system shall include provision for ensuring the quality of the design of each structure, system and component, as well as of the overall design of the nuclear power plant, at all times. This includes the means for identifying and correcting design de"ciencies, for checking the adequacy of the design and for controlling design changes.

3.2 3.3 3.4

§53.865 Quality Assurance 10 CFR 50, App. B

§ 53.605 Reporting of defects and noncompliance 10 CFR Part 21 53.865, App B, 53.605 and Part 21 seem to hit Requirement 2 directly.

Requirement 3: Safety of the plant design throughout the lifetime of the plant The operating organization shall establish a formal system for ensuring the continuing 3.5 3.6

§ 53.250 Defense in depth (specifically 53.250(a))

§ 53.440 Design requirements These Part 53 Sections directly address safety over the plant lifetime.

February 2025

nei.org 38 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES safety of the plant design throughout the lifetime of the nuclear power plant.

§ 53.715 Maintenance, repair, and inspection programs

§ 53.870 Integrity assessment programs

§ 53.880 Inservice inspection and inservice testing

4. PRINCIPAL TECHNICAL REQUIREMENTS Requirement 4: Fundamental safety functions Ful"lment of the following fundamental safety functions for a nuclear power plant shall be ensured for all plant states: (i) control of reactivity; (ii) removal of heat from the reactor and from the fuel store; and (iii) con"nement of radioactive material, shielding against radiation and control of planned radioactive releases, as well as limitation of accidental radioactive releases.

4.1. A systematic approach shall be taken to identifying those items important to safety that are necessary to ful"l the fundamental safety functions and to identifying the inherent features that are contributing to ful"lling, or that are aecting, the fundamental safety functions for all plant states.

4.2. Means of monitoring the status of the plant shall be provided for ensuring that the required safety functions are ful"lled.

4.1 4.2

§ 53.220 Safety criteria for licensing-basis events other than design-basis accidents.

§ 53.230 Safety functions.

§ 53.730 Defining, fulfilling, and maintaining the role of personnel in ensuring safe operations 53.220 and 53.230 seem directly related to Requirement 4.1.

Requirement 4.2 seems to be addressed by 53.730(b)(4) which states (in part) (4) Instrumentation to measure, record, and display key plant parameters related to the performance of SSCs and the integrity of barriers important to fulfilling safety functions to support operators in monitoring plant conditions and responding to plant events.

February 2025

nei.org 39 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES Requirement 5: Radiation protection in design The design of a nuclear power plant shall be such as to ensure that radiation doses to workers at the plant and to members of the public do not exceed the dose limits, that they are kept as low as reasonably achievable in operational states for the entire lifetime of the plant, and that they remain below acceptable limits and as low as reasonably achievable in, and following, accident conditions.

4.3. The design shall be such as to ensure that plant states that could lead to high radiation doses or to a large radioactive release have been practically eliminated, and that there would be no, or only minor, potential radiological consequences for plant states with a signi"cant likelihood of occurrence.

4.4. Acceptable limits for purposes of radiation protection associated with the relevant categories of plant states shall be established, consistent with the regulatory requirements.

[Footnote 8: Requirements on radiation protection and safety of radiation sources are established in IAEA Safety Standards Series No.

GSR Part 3, Radiation Protection and Safety of Radiation Sources: International Basic Safety Standards]

4.3 4.4

§ 53.210 Safety criteria for design-basis accidents.

§ 53.260 Normal operations.

§ 53.270 Protection of plant workers.

The notion of practically eliminated is not addressed in NRC regulations but could reasonably translate to outside the design or licensing basis.

The 25 rem limits are addressed in 53.210 and Part 20 limits (which includes ALARA) are addressed in 53.260 and 53.270.

Requirement 6: Design for a nuclear power plant The design for a nuclear power plant shall ensure that the plant and items important to 4.5 4.6 4.7

§ 53.210 Safety criteria for design-basis accidents.

§ 53.220 Safety criteria for licensing-basis events other than design-basis accidents Requirement 6 captures many requirements in Part 53, Subparts B and C.

February 2025

nei.org 40 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES safety have the appropriate characteristics to ensure that safety functions can be performed with the necessary reliability, that the plant can be operated safely within the operational limits and conditions for the full duration of its design life and can be safely decommissioned, and that impacts on the environment are minimized.

4.6. The design shall take due account of relevant available experience that has been gained in the design, construction and operation of other nuclear power plants, and of the results of relevant research programs.

4.8

§ 53.230 Safety functions

§ 53.400 Design features for licensing basis events

§ 53.410 Functional design criteria for design-basis accidents

§ 53.420 Functional design criteria for licensing-basis events other than design basis accidents

§ 53.425 Design features and functional design criteria for normal operations

§ 53.430 Design features and functional design criteria for protection of plant workers

§ 53.440 Design requirements Identifying the speci"c dierences would require evaluating some of the Safety Standards that provide guidance on meeting some of the Requirements.

Requirement 7: Application of defense in depth The design of a nuclear power plant shall incorporate defense in depth. The levels of defense in depth shall be independent as far as is practicable.

4.11. The design:

(a) Shall provide for multiple physical barriers to the release of radioactive material to the environment; (b) Shall be conservative, and the construction shall be of high quality, so as to provide assurance that failures and deviations from normal operation are minimized, that 4.9 4.10 4.11(a)-(f) 4.12(a)-(d) 4.13 4.13A

§ 53.250 Defense in depth

§ 53.250 Defense in depth.

(a) Measures must be taken for each commercial nuclear plant to ensure appropriate defense in depth is provided to compensate for uncertainties in the analysis of the safety criteria such that there is reasonable assurance that the safety criteria in this subpart are met over the life of the plant.

(b) The uncertainties that must be addressed under paragraph (a) of this section include those related to the state of knowledge and modeling capabilities, the ability of barriers to limit the release of radioactive

February 2025

nei.org 41 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES accidents are prevented as far as is practicable and that a small deviation in a plant parameter does not lead to a cli edge eect; (c) Shall provide for the control of plant behavior by means of inherent and engineered features, such that failures and deviations from normal operation requiring actuation of safety systems are minimized or excluded by design, to the extent possible; (d) Shall provide for supplementing the control of the plant by means of automatic actuation of safety systems, such that failures and deviations from normal operation that exceed the capability of control systems can be controlled with a high level of con"dence, and the need for operator actions in the early phase of these failures or deviations from normal operation is minimized; (e) Shall provide for systems, structures and components and procedures to control the course of and, as far as practicable, to limit the consequences of failures and deviations from normal operation that exceed the capability of safety systems; (f) Shall provide multiple means for ensuring that each of the fundamental safety functions is performed, thereby ensuring the eectiveness of the barriers and mitigating the consequences of any failure or deviation from normal operation.

materials from the facility during LBEs other than DBAs, the reliability and performance of plant SSCs and personnel, and the effectiveness of programmatic controls.

(c) The safety analysis may not rely upon a single engineered design feature, human action, or programmatic control, no matter how robust, to address the range of LBEs other than DBAs.

The requirements in 53.250 are substantially different than those in Requirement 7, and do not make use of the IAEA 5-levels approach. While an applicant making use of the 5-levels approach would, presumably, satisfy 53.250, it is not clear that an application satisfying 53.250 would be seen as meeting Requirement 7.

This is likely one topic that will warrant interaction between and among NRC, IAEA, and designers and potential applicants.

February 2025

nei.org 42 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 4.12. To ensure that the concept of defense in depth is maintained, the design shall prevent, as far as is practicable:

(a) Challenges to the integrity of physical barriers; (b) Failure of one or more barriers; (c) Failure of a barrier as a consequence of the failure of another barrier; (d) The possibility of harmful consequences of errors in operation and maintenance.

4.13. The design shall be such as to ensure, as far as is practicable, that the "rst, or at most the second, level of defense is capable of preventing an escalation to accident conditions for all failures or deviations from normal operation that are likely to occur over the operating lifetime of the nuclear power plant.

4.13A. The levels of defense in depth shall be independent as far as practicable to avoid the failure of one level reducing the eectiveness of other levels. In particular, safety features for design extension conditions (especially features for mitigating the consequences of accidents involving the melting of fuel) shall as far as is practicable be independent of safety systems.

Requirement 8: Interfaces of safety with security and safeguards Safety measures, nuclear security measures and arrangements for the state system of accounting for, and control of, nuclear N/A

§ 53.440 Design requirements Part 53, Subpart H includes requirements for applicants to discuss safety with 53.440(f) Safety and security must be considered together in the design process such that, where possible, security issues are effectively resolved

February 2025

nei.org 43 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES material for a nuclear power plant shall be designed and implemented in an integrated manner so that they do not compromise one another.

security in the FSAR for a design certification. Specifically, § 53.1239 Contents of applications for standard design certifications; technical information (14) Safety and Security. Confirmation that safety and security were considered together in the design process, as required by § 53.440(f).

through design and engineered security features.

DG-5076, Guidance for Technology Inclusive Requirements for Physical Protection of Licensed Activities at Commercial Nuclear Plants. This DG describes methods and approaches that the NRC staff considers acceptable for meeting the proposed physical security requirements of part 53 and

§ 73.100. The guidance is intended to provide methods and considerations for complying with § 53.440(f) safety and security design process considerations.

Requirement 9: Proven engineering practices Items important to safety for a nuclear power plant shall be designed in accordance with the relevant national and international codes and standards.

4.15. National and international codes and standards that are used as design rules for items important to safety shall be identi"ed and evaluated to determine their applicability, adequacy and suciency, and shall be supplemented or modi"ed as necessary to ensure that the quality of the design is commensurate with the associated safety function.

4.16. Where an unproven design or feature is introduced or where there is a departure from an established engineering practice, safety 4.14 4.15 4.16

§ 53.430 Design features and functional design criteria for protection of plant workers

§ 53.865 Quality assurance

§ 53.870 Integrity assessment programs

§ 53.880 Inservice inspection and Inservice testing Subpart H sections addressing technical requirements for application content include language the same or similar to Codes and Standards. A description of generally accepted consensus codes and standards used to design the design features, as required by § 53.440(b).

The phrasing in 53.440(b) is found in the other Part 53 Sections cited.

Specifically, generally accepted consensus codes and standards that have been endorsed or otherwise found acceptable by the U.S. Nuclear Regulatory Commission (NRC).

February 2025

nei.org 44 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES shall be demonstrated by means of appropriate supporting research programs, performance tests with speci"c acceptance criteria or the examination of operating experience from other relevant applications.

The new design or feature or new practice shall also be adequately tested to the extent practicable before being brought into service and shall be monitored in service to verify that the behavior of the plant is as expected.

Requirement 10: Safety assessment Comprehensive deterministic safety assessments and probabilistic safety assessments shall be carried out throughout the design process for a nuclear power plant to ensure that all safety requirements on the design of the plant are met throughout all stages of the lifetime of the plant, and to con"rm that the design, as delivered, meets requirements for manufacture and for construction, and as built, as operated and as modi"ed. [Footnote 10: Requirements on safety assessment for facilities and activities are established in GSR Part 4 (Rev. 1).]

4.17 4.18

§ 53.220(b) LBE safety criteria comprehensive risk

§ 53.450 Analysis requirements The requirements in 53.450 address Requirement 10 and the subparagraphs 4.17 and 4.18. However, as noted in Footnote 10, the requirements on safety assessment are established in GSR Part 4 (Rev. 1) and review of that document was beyond the scope of this eort.

Guidance for PRAs is provided in SSG-3 (Rev 1) for Level 1 PRA and in SSG-4 for Level 2 PRA. SSG-4.

Requirement 11: Provision for construction Items important to safety for a nuclear power plant shall be designed so that they can be manufactured, constructed, assembled, installed and erected in accordance with established processes that ensure the achievement of the design speci"cations and the required level of safety.

4.19

§ 53.440 Design requirements (a)(2) The design processes for SR and non-safety-related but safety-significant (NSRSS) SSCs under this part must include administrative procedures for evaluating operating, design, and construction experience and for considering applicable The requirements in 53.440 address Requirement 11 and the subparagraphs 4.19.

February 2025

nei.org 45 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 4.19. In the provision for construction and operation, due account shall be taken of relevant experience that has been gained in the construction of other similar plants and their associated structures, systems and components. Where best practices from other relevant industries are adopted, such practices shall be shown to be appropriate to the speci"c nuclear application.

important industry experiences in the design of those SSCs.

§ 53.610 Construction (a) (1) Programs to ensure that the construction of a commercial nuclear plant supports the eventual compliance with the design and analysis requirements in subpart C of this part.

Requirement 12: Features to facilitate radioactive waste management and decommissioning. Special consideration shall be given at the design stage of a nuclear power plant to the incorporation of features to facilitate radioactive waste management and the future decommissioning and dismantling of the plant.

4.20. In particular, the design shall take due account of:

(a) The choice of materials, so that amounts of radioactive waste will be minimized to the extent practicable and decontamination will be facilitated; (b) The access capabilities and the means of handling that might be necessary; (c) The facilities necessary for the management (i.e., segregation, characterization, classi"cation, pretreatment, treatment and conditioning) and storage of radioactive waste generated in operation, and provision for 4.20(a)-(c)

§ 53.440(l): Provisions are proposed to require that measures be taken during the design of commercial nuclear plants to minimize contamination of the facility and the environment, facilitate eventual decommissioning, and minimize the generation of radioactive waste in accordance with § 20.1406.

Beyond current scope

February 2025

nei.org 46 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES managing the radioactive waste that will be generated in the decommissioning of the plant.

5. GENERAL PLANT DESIGN DESIGN BASIS Requirement 13: Categories of plant states Plant states shall be identi"ed and shall be grouped into a limited number of categories primarily on the basis of their frequency of occurrence at the nuclear power plant.

5.1. Plant states shall typically cover:

(a) Normal operation; (b) Anticipated operational occurrences, which are expected to occur over the operating lifetime of the plant; (c) Design basis accidents; (d) Design extension conditions, including accidents with core melting.

5.2. Criteria shall be assigned to each plant state, such that frequently occurring plant states shall have no, or only minor, radiological consequences and plant states that could give rise to serious consequences shall have a very low frequency of occurrence.

5.1(a)(d) 5.2

§ 53.240 Licensing-basis events Well aligned between IAEA and Part 53.

IAEA requires consideration of core melt which may not be technology-inclusive or appropriate for some designs.

Requirement 14: Design basis for items important to safety The design basis for items important to safety shall specify the necessary capability, 5.3

§ 53.210 Safety criteria for design-basis Accidents

§ 53.220 Safety criteria for licensing-basis events other than design-basis accidents Well aligned with part 53 framework.

February 2025

nei.org 47 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES reliability and functionality for the relevant operational states, for accident conditions and for conditions arising from internal and external hazards, to meet the speci"c acceptance criteria over the lifetime of the nuclear power plant.

§ 53.400 Design features for licensing basis Events

§ 53.410 Functional design criteria for design-basis accidents

§ 53.415 Protection against external Hazards

§ 53.420 Functional design criteria for licensing-basis events other than design basis accidents

§ 53.425 Design features and functional design criteria for normal operations

§ 53.430 Design features and functional design criteria for protection of plant workers Requirement 15: Design limits A set of design limits consistent with the key physical parameters for each item important to safety for the nuclear power plant shall be speci"ed for all operational states and for accident conditions.

5.4. The design limits shall be speci"ed and shall be consistent with relevant national and international standards and codes, as well as with relevant regulatory requirements.

5.4

§ 53.440 Design requirements (b) The design features required by

§ 53.400 must, wherever applicable, be designed using generally accepted consensus codes and standards that have been endorsed or otherwise found acceptable by the U.S. Nuclear Regulatory Commission (NRC).

Well aligned with Subpart C design criteria and requirements.

February 2025

nei.org 48 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES Requirement 16: Postulated initiating events The design for the nuclear power plant shall apply a systematic approach to identifying a comprehensive set of postulated initiating events such that all foreseeable events with the potential for serious consequences and all foreseeable events with a signi"cant frequency of occurrence are anticipated and are considered in the design.

5.7. An analysis of the postulated initiating events for the plant shall be made to establish the preventive measures and protective measures that are necessary to ensure that the required safety functions will be performed.

5.8. The expected behavior of the plant in any postulated initiating event shall be such that the following conditions can be achieved, in order of priority:

(1) A postulated initiating event would produce no safety signi"cant eects or would produce only a change towards safe plant conditions by means of inherent characteristics of the plant.

(2) Following a postulated initiating event, the plant would be rendered safe by means of passive safety features or by the action of systems that are operating continuously in the state necessary to control the postulated initiating event.

(3) Following a postulated initiating event, the plant would be rendered safe by the actuation of safety systems that need to be brought into 5.5 5.6 5.7 5.8(1)-(4) 5.9 5.10 5.11 5.12 5.13 5.14 5.15

§ 53.240 Licensing-basis events

§ 53.450 Analysis requirements The combination of 53.240 and 52.450, and the links back to the safety criteria in 53.210 and 53.220 appear to satisfy Requirement 10.

February 2025

nei.org 49 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES operation in response to the postulated initiating event.

(4) Following a postulated initiating event, the plant would be rendered safe by following speci"ed procedures.

5.9. The postulated initiating events used for developing the performance requirements for the items important to safety in the overall safety assessment and the detailed analysis of the plant shall be grouped into a speci"ed number of representative event sequences that identify bounding cases and that provide the basis for the design and the operational limits for items important to safety.

5.11. Where prompt and reliable action would be necessary in response to a postulated initiating event, provision shall be made in the design for automatic safety actions for the necessary actuation of safety systems, to prevent progression to more severe plant conditions.

Requirement 17: Internal and external hazards All foreseeable internal hazards and external hazards, including the potential for human induced events directly or indirectly to aect the safety of the nuclear power plant, shall be identi"ed and their eects shall be evaluated.

Hazards shall be considered in designing the layout of the plant and in determining the postulated initiating events and generated 5.15A 5.15B 5.16 5.17 5.18 5.19 5.20 5.21

§ 53.220 Safety criteria for licensing-basis events other than design-basis accidents

§ 53.240 Licensing-basis events

§ 53.400 Design features for licensing basis events.

§ 53.440 Design requirements

§ 53.415 Protection against external hazards

§ 53.450 Analysis requirements Background language discusses how both internal and external hazards are addressed by various Sections in Part

53.

February 2025

nei.org 50 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES loadings for use in the design of relevant items important to safety for the plant.

Internal hazards 5.16. The design shall take due account of internal hazards such as "re, explosion, "ooding, missile generation, collapse of structures and falling objects, pipe whip, jet impact and release of "uid from failed systems or from other installations on the site.

Appropriate features for prevention and mitigation shall be provided to ensure that safety is not compromised.

External hazards 5.17. The design shall include due consideration of those natural and human induced external events (i.e., events of origin external to the plant) that have been identi"ed in the site evaluation process. Causation and likelihood shall be considered in postulating potential hazards. In the short term, the safety of the plant shall not be permitted to be dependent on the availability of o-site services such as electricity supply and "re"ghting services. The design shall take due account of site speci"c conditions to determine the maximum delay time by which o-site services need to be available. [Footnote 11:

Requirements on site evaluation for nuclear installations are established in IAEA Safety Standards Series No. NS-R-3 (Rev. 1), Site Evaluation for Nuclear Installations]

5.21A 5.22

§ 53.480 Earthquake engineering.

February 2025

nei.org 51 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 5.21A. The design of the plant shall also provide for an adequate margin to protect items ultimately necessary to prevent an early radioactive release or a large radioactive release in the event of levels of natural hazards exceeding those considered for design, derived from the hazard evaluation for the site.

Requirement 18: Engineering design rules The engineering design rules for items important to safety at a nuclear power plant shall be speci"ed and shall comply with the relevant national or international codes and standards and with proven engineering practices, with due account taken of their relevance to nuclear power technology.

5.23

§ 53.440 Design requirements (b) The design features required by

§ 53.400 must, wherever applicable, be designed using generally accepted consensus codes and standards that have been endorsed or otherwise found acceptable by the U.S. Nuclear Regulatory Commission (NRC).

Well aligned as a requirement, but IAEA and NRC accept dierent standards that may be dicult to harmonize.

Requirement 19: Design basis accidents A set of accidents that are to be considered in the design shall be derived from postulated initiating events for the purpose of establishing the boundary conditions for the nuclear power plant to withstand, without acceptable limits for radiation protection being exceeded.

5.25. The design shall be such that for design basis accident conditions, key plant parameters do not exceed the speci"ed design limits. A primary objective shall be to manage all design basis accidents so that they have no, or only minor, radiological consequences, on or o the site, and do not necessitate any o-site protective actions.

5.24 5.25 5.26

§ 53.210 Safety criteria for design-basis accidents

§ 53.240 Licensing-basis events

§ 53.410 Functional design criteria for design-basis accidents

§ 53.450 Analysis requirements (f)

Analysis of design-basis accidents Well aligned with Part 53 requirements

February 2025

nei.org 52 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 5.26. The design basis accidents shall be analyzed in a conservative manner. This approach involves postulating certain failures in safety systems, specifying design criteria and using conservative assumptions, models and input parameters in the analysis.

Requirement 20: Design extension conditions A set of design extension conditions shall be derived on the basis of engineering judgement, deterministic assessments and probabilistic assessments for the purpose of further improving the safety of the nuclear power plant by enhancing the plants capabilities to withstand, without unacceptable radiological consequences, accidents that are either more severe than design basis accidents or that involve additional failures. These design extension conditions shall be used to identify the additional accident scenarios to be addressed in the design and to plan practicable provisions for the prevention of such accidents or mitigation of their consequences.

5.27. An analysis of design extension conditions for the plant shall be performed.

The main technical objective of considering the design extension conditions is to provide assurance that the design of the plant is such as to prevent accident conditions that are not considered design basis accident conditions, or to mitigate their consequences, as far as is reasonably practicable. This might require additional safety features for design extension 5.27 5.28 5.29(a)-(c) 5.30 5.31 5.31A 5.32 N/A Design extension conditions are not explicitly addressed in Part 53. Very unlikely event sequences are addressed in 53.240(b) as LBEs which would not be included in consideration of Requirement 20.

February 2025

nei.org 53 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES conditions, or extension of the capability of safety systems to prevent, or to mitigate the consequences of, a severe accident, or to maintain the integrity of the containment.

These additional safety features for design extension conditions, or this extension of the capability of safety systems, shall be such as to ensure the capability for managing accident conditions in which there is a signi"cant amount of radioactive material in the containment (including radioactive material resulting from severe degradation of the reactor core). The plant shall be designed so that it can be brought into a controlled state and the containment function can be maintained, with the result that the possibility of plant states arising that could lead to an early radioactive release or a large radioactive release is practically eliminated. The eectiveness of provisions to ensure the functionality of the containment could be analyzed on the basis of the best estimate approach.

5.28. The design extension conditions shall be used to de"ne the design speci"cations for safety features and for the design of all other items important to safety that are necessary for preventing such conditions from arising, or, if they do arise, for controlling them and mitigating their consequences.

5.29. The analysis undertaken shall include identi"cation of the features that are designed for use in, or that are capable of preventing or

February 2025

nei.org 54 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES mitigating, events considered in the design extension conditions. These features:

(a) Shall be independent, to the extent practicable, of those used in more frequent accidents; (b) Shall be capable of performing in the environmental conditions pertaining to these design extension conditions, including design extension conditions in severe accidents, where appropriate; (c) Shall have reliability commensurate with the function that they are required to ful"l.

[Footnote 15 states For returning the plant to a safe state or for mitigating the consequences of an accident, consideration could be given to the full design capabilities of the plant and to the temporary use of additional systems.]

5.30. In particular, the containment and its safety features shall be able to withstand extreme scenarios that include, among other things, melting of the reactor core. These scenarios shall be selected by using engineering judgement and input from probabilistic safety assessments.

5.31. The design shall be such that the possibility of conditions arising that could lead to an early radioactive release or a large radioactive release is practically eliminated.

5.31A. The design shall be such that for design extension conditions, protective actions that are limited in terms of lengths of time and areas of application shall be sucient for the

February 2025

nei.org 55 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES protection of the public, and sucient time shall be available to take such measures.

Combinations of events and failures 5.32. Where the results of engineering judgement, deterministic safety assessments and probabilistic safety assessments indicate that combinations of events could lead to anticipated operational occurrences or to accident conditions, such combinations of events shall be considered to be design basis accidents or shall be included as part of design extension conditions, depending mainly on their likelihood of occurrence. Certain events might be consequences of other events, such as a "ood following an earthquake. Such consequential eects shall be considered to be part of the original postulated initiating event.

Requirement 21: Physical separation and independence of safety systems Interference between safety systems or between redundant elements of a system shall be prevented by means such as physical separation, electrical isolation, functional independence and independence of communication (data transfer), as appropriate.

5.33

§ 53.440 Design requirements (a)(1) Analysis, appropriate test programs, prototype testing, operating experience, or a combination thereof must demonstrate that each design feature required by § 53.400 meets the defined functional design criteria required by

§§ 53.410 and 53.420. This demonstration must consider interdependent effects throughout the commercial nuclear plant and the range of conditions under which the design features required by § 53.400 must function throughout the plants life (e)(1) Safety-related and NSRSS SSCs must be designed and located to minimize, Part 53 does not include speci"c requirements on physical separation and independence of safety systems.

However, the requirement in 53.440(a)(1) addresses interdependent eects and e(1) addresses locating SSCs to minimize the probability and eect of "res.

February 2025

nei.org 56 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES consistent with other safety requirements in this part, the probability and effect of fires and explosions.

Requirement 22: Safety classi"cation All items important to safety shall be identi"ed and shall be classi"ed on the basis of their function and their safety signi"cance.

5.34. The method for classifying the safety signi"cance of items important to safety shall be based primarily on deterministic methods complemented, where appropriate, by probabilistic methods, with due account taken of factors such as:

(a) The safety function(s) to be performed by the item; (b) The consequences of failure to perform a safety function; (c) The frequency with which the item will be called upon to perform a safety function; (d) The time following a postulated initiating event at which, or the period for which, the item will be called upon to perform a safety function.

5.35. The design shall be such as to ensure that any interference between items important to safety will be prevented, and in particular that any failure of items important to safety in a system in a lower safety class will not propagate to a system in a higher safety class.

5.34(a)-(d) 5.35 5.36

§ 53.460 Safety categorization and special treatments IAEA SSG-30 provides guidance on meeting Requirement 22. NRC has indicated that SSG-30 and RG 1.26, Rev.

6 adequately addresses Requirement

22. However, the language in 53.460 is suciently dierent that careful consideration of Requirement 22 versus 53.460 is warranted.

February 2025

nei.org 57 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 5.36. Equipment that performs multiple functions shall be classi"ed in a safety class that is consistent with the most important function performed by the equipment.

Requirement 23: Reliability of items important to safety The reliability of items important to safety shall be commensurate with their safety signi"cance.

5.37. The design of items important to safety shall be such as to ensure that the equipment can be quali"ed, procured, installed, commissioned, operated and maintained to be capable of withstanding, with sucient reliability and eectiveness, all conditions speci"ed in the design basis for the items.

5.37 5.38 Maintaining the reliability of SSCs is addressed in numerous Sections of Subparts B and C. For example:

§ 53.220 Safety criteria for licensing-basis events other than design-basis accidents

§ 53.250 Defense in depth

§ 53.410 Functional design criteria for design-basis accidents

§ 53.420 Functional design criteria for licensing-basis events other than design basis accidents

§ 53.460 Safety categorization and special treatments Well aligned with Part 53 requirements Requirement 24: Common cause failures The design of equipment shall take due account of the potential for common cause failures of items important to safety, to determine how the concepts of diversity, redundancy, physical separation and functional independence have to be applied to achieve the necessary reliability.

N/A N/A Part 53 does not explicitly address Common Cause Failures. 53.440(a)(1) requirement to consider interdependent eects could be considered as requiring consideration of common cause eects. However, it is addressed in RG 1.200 addressing PRAs.

Requirement 25: Single failure criterion The single failure criterion shall be applied to each safety group incorporated in the plant design.

5.39 5.40 N/A The single failure criterion is not employed in Part 53. Language in the Background Section of the FRN, page 86934 states The controls under

§ 53.710(b) justify proposed changes in

February 2025

nei.org 58 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES 5.39. Spurious action shall be considered to be one mode of failure when applying the single failure criterion17 to a safety group or safety system.

5.40. The design shall take due account of the failure of a passive component, unless it has been justi"ed in the single failure analysis with a high level of con"dence that a failure of that component is very unlikely and that its function would remain unaected by the postulated initiating event.

part 53 from the traditional or deterministic approaches in parts 50 and 52 in areas such as replacing the single-failure criterion with a probabilistic reliability criterion (see SRM-SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, dated June 26, 2003). This approach could also support the incorporation of risk insights and analytical margins to gain operational flexibilities in areas such as siting and staffing requirements described in subsequent sections of proposed subpart F.

Requirement 26: Fail-safe design The concept of fail-safe design shall be incorporated, as appropriate, into the design of systems and components important to safety.

5.41. Systems and components important to safety shall be designed for fail-safe behavior, as appropriate, so that their failure or the failure of a support feature does not prevent the performance of the intended safety function.

5.41 N/A Fail-safe design is not explicitly addressed in Part 53. However, the design requirements, requirement to consider operating experience, DID requirement, and analysis requirements provide assurance that the safety criteria in 53.210 and 53.220 will be satis"ed over the life of the plant.

Requirement 27: Support service systems Support service systems that ensure the operability of equipment forming part of a system important to safety shall be classi"ed accordingly.

5.42 5.43

§ 53.420 Functional design criteria for licensing-basis events other than design basis accidents

§ 53.450 Analysis requirements Support service systems are not explicitly addressed in Part 53.

However, the functional design criteria in 53.420 and the analysis requirements in 53.450(e) and particularly PRA analysis requirements would address the role and required

February 2025

nei.org 59 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES reliability of support systems to assure the safety criteria in 53.210 and 53.220 will be satis"ed over the life of the plant.

Requirement 28: Operational limits and conditions for safe operation The design shall establish a set of operational limits and conditions for safe operation of the nuclear power plant.

5.44. The requirements and operational limits and conditions established in the design for the nuclear power plant shall include (Requirement 6 of IAEA Safety Standards Series No. SSR-2/2 (Rev. 1), Safety of Nuclear Power Plants: Commissioning and Operation [4]):

(a) Safety limits; (b) Limiting settings for safety systems; (c) Limits and conditions for normal operation; (d) Control system constraints and procedural constraints on process variables and other important parameters; (e) Requirements for surveillance, maintenance, testing and inspection of the plant to ensure that structures, systems and components function as intended in the design, to comply with the requirement for optimization by keeping radiation risks as low as reasonably achievable; (f) Speci"ed operational con"gurations, including operational restrictions in the event 5.44(a)-(g)

§ 53.710 Maintaining capabilities and availability of structures, systems, and components (a) Technical specifications must be developed, implemented, and maintained that define conditions or limitations on plant operations that are necessary to ensure that safety-related (SR) SSCs can fulfill the safety functions identified under § 53.230 and support meeting the safety criteria of § 53.210.

Subsequent paragraphs in 53.710 address the range of requirements in Requirement

28.

Well aligned with Part 53 requirements.

February 2025

nei.org 60 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES of the unavailability of safety systems or safety related systems; (g) Action statements, including completion times for actions in response to deviations from the operational limits and conditions.

DESIGN FOR SAFE OPERATION OVER THE LIFETIME OF THE PLANT Requirement 29: Calibration, testing, maintenance, repair, replacement, inspection and monitoring of items important to safety Items important to safety for a nuclear power plant shall be designed to be calibrated, tested, maintained, repaired or replaced, inspected and monitored as required to ensure their capability of performing their functions and to maintain their integrity in all conditions speci"ed in their design basis.

5.45 5.46 5.47(a)-(b)

§ 53.715 Maintenance, repair, and inspection programs (a) A program to control maintenance activities and monitor the performance or condition of SR and NSRSS SSCs must be developed, implemented, and maintained.

§ 53.710 Maintaining capabilities and availability of structures, systems, and components (a)(3)(ii) (ii) Surveillance requirements.

Surveillance requirements are requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained and that the limiting conditions for operation will be met.

Well aligned with Part 53 requirements Requirement 30: Quali"cation of items important to safety A quali"cation program for items important to safety shall be implemented to verify that items important to safety at a nuclear power plant are capable of performing their intended functions when necessary, and in 5.48 5.49 5.50

§ 53.440 Design requirements (c) The materials used for each SR and NSRSS SSC must be qualified for their service conditions over the design life of the SSC.

Requirement 30 appears to be similar to 50.49, Environmental quali"cation of electric equipment important to safety for nuclear power plants.

However, this is generally less important for passive safety systems.

The language in 53.440(c) is relevant to

February 2025

nei.org 61 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES the prevailing environmental conditions, throughout their design life, with due account taken of plant conditions during maintenance and testing.

the speci"c language in Requirement

30.

Requirement 31: Ageing management The design life of items important to safety at a nuclear power plant shall be determined.

Appropriate margins shall be provided in the design to take due account of relevant mechanisms of ageing, neutron embrittlement and wear out and of the potential for age related degradation, to ensure the capability of items important to safety to perform their necessary safety functions throughout their design life.

5.51 5.52

§ 53.440 Design requirements (d) Possible degradation mechanisms related to aging, fatigue, chemical interactions, operating temperatures, effects of irradiation, and other environmental factors that may affect the performance of SR and NSRSS SSCs must be evaluated and used to inform the design and the development of integrity assessment programs under § 53.870.

53.440(d) is directly relevant to Requirement 31.

HUMAN FACTORS Requirement 32: Design for optimal operator performance Systematic consideration of human factors, including the human-machine interface, shall be included at an early stage in the design process for a nuclear power plant and shall be continued throughout the entire design process.

5.53. The design for a nuclear power plant shall specify the minimum number of operating personnel required to perform all the simultaneous operations necessary to bring the plant into a safe state.

5.56. The human-machine interface shall be designed to provide the operators with 5.53 5.54 5.55 5.56 5.57(a)-(d) 5.58 5.59 5.60 5.61 5.62 53.410 (b) Corresponding human actions and programmatic controls must be identi"ed and implemented in accordance with this and other subparts to achieve and maintain the reliability and capability of structures, systems, and components (SSCs) relied upon to satisfy the de"ned functional design criteria and the safety criteria required in § 53.210, and to maintain consistency with analyses required by § 53.450(f).

Aligned with 53.410(b), 53.440(n) and supporting Subpart F requirements.

February 2025

nei.org 62 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES comprehensive but easily manageable information, in accordance with the necessary decision times and action times. The information necessary for the operator to make decisions to act shall be simply and unambiguously presented.

5.57. The operator shall be provided with the necessary information:

(a) To assess the general state of the plant in any condition; (b) To operate the plant within the speci"ed limits on parameters associated with plant systems and equipment (operational limits and conditions);

(c) To con"rm that safety actions for the actuation of safety systems are automatically initiated when needed and that the relevant systems perform as intended; (d) To determine both the need for and the time for manual initiation of the speci"ed safety actions.

5.62. Veri"cation and validation, including by the use of simulators, of features relating to human factors shall be included at appropriate stages to con"rm that necessary actions by the operator have been identi"ed and can be correctly performed.

February 2025

nei.org 63 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES OTHER DESIGN CONSIDERATIONS Requirement 33: Safety systems, and safety features for design extension conditions, of units of a multiple unit nuclear power plant Each unit of a multiple unit nuclear power plant shall have its own safety systems and shall have its own safety features for design extension conditions.

5.63 N/A Design extension conditions would inform the assessment of DID for very unlikely events under Part 53.

See Notes for Requirement 20.

Requirement 34: Systems containing "ssile material or radioactive material All systems in a nuclear power plant that could contain "ssile material or radioactive material shall be so designed as: to prevent the occurrence of events that could lead to an uncontrolled radioactive release to the environment; to prevent accidental criticality and overheating; to ensure that radioactive releases are kept below authorized limits on discharges in normal operation and below acceptable limits in accident conditions, and are kept as low as reasonably achievable; and to facilitate mitigation of radiological consequences of accidents.

N/A 53.440(g), (i), (l), (m)

Part 53 requirements generally align with IAEA requirements.

Requirement 35: Nuclear power plants used for cogeneration of heat and power, heat generation or desalination Nuclear power plants coupled with heat utilization units (such as for district heating) and/or water desalination units shall be designed to prevent processes that transport radionuclides from the nuclear plant to the desalination unit or the district heating unit N/A No equivalent Part 53 requirement but covered by Part 20

February 2025

nei.org 64 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES under conditions of operational states and in accident conditions.

Requirement 36: Escape routes from the plant A nuclear power plant shall be provided with a sucient number of escape routes, clearly and durably marked, with reliable emergency lighting, ventilation and other services essential to the safe use of these escape routes.

5.64 5.65 Beyond current scope Requirement 37: Communication systems at the plant Eective means of communication shall be provided throughout the nuclear power plant to facilitate safe operation in all modes of normal operation and to be available for use following all postulated initiating events and in accident conditions.

5.66 5.67 Beyond current scope Requirement 38: Control of access to the plant The nuclear power plant shall be isolated from its surroundings with a suitable layout of the various structural elements so that access to it can be controlled.

5.68 Beyond current scope Requirement 39: Prevention of unauthorized access to, or interference with, items important to safety Unauthorized access to, or interference with, items important to safety, including computer hardware and software, shall be prevented.

N/A Beyond current scope

February 2025

nei.org 65 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES Requirement 40: Prevention of harmful interactions of systems important to safety The potential for harmful interactions of systems important to safety at the nuclear power plant that might be required to operate simultaneously shall be evaluated, and eects of any harmful interactions shall be prevented.

5.70. If two "uid systems important to safety are interconnected and are operating at dierent pressures, either the systems shall both be designed to withstand the higher pressure, or provision shall be made to prevent the design pressure of the system operating at the lower pressure from being exceeded.

5.69 5.70

§ 53.440 Design requirements (a)(1) Analysis, appropriate test programs, prototype testing, operating experience, or a combination thereof must demonstrate that each design feature required by § 53.400 meets the defined functional design criteria required by §§ 53.410 and 53.420. This demonstration must consider interdependent effects throughout the commercial nuclear plant and the range of conditions under which the design features required by § 53.400 must function throughout the plants life Requirement 40, paragraph 5.70, is the Inter-system LOCA (ISLOCA) issue.

The language in 53.440(a)(1) regarding consideration of interdependent eects appears to address Requirement 40.

Presumably, for designs that involve pressurized systems, ISLOCA would be modeled in the PRA (53.450(a)) and as an Internal hazard under Requirement 17 and the relevant Part 53 sections.

Requirement 41: Interactions between the electrical power grid and the plant The functionality of items important to safety at the nuclear power plant shall not be compromised by disturbances in the electrical power grid, including anticipated variations in the voltage and frequency of the grid supply.

N/A Beyond current scope SAFETY ANALYSIS Requirement 42: Safety analysis of the plant design A safety analysis of the design for the nuclear power plant shall be conducted in which methods of both deterministic analysis and probabilistic analysis shall be applied to enable the challenges to safety in the various 5.71 5.72 5.73 5.74

§ 53.450 Analysis requirements (a)(1) Analysis, appropriate test programs, prototype testing, operating experience, or a combination thereof must demonstrate that each design feature required by § 53.400 meets the defined functional design criteria required by Part 53 is largely PRA-based. There are areas where deterministic analysis is still required, such as for the DBA.

Consequently, Part 53 meets the intent of Requirement 42 but does so primarily using PRA analysis methods

February 2025

nei.org 66 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES categories of plant states to be evaluated and assessed.

5.71. On the basis of a safety analysis, the design basis for items important to safety and their links to initiating events and event sequences shall be con"rmed. It shall be demonstrated that the nuclear power plant as designed is capable of complying with authorized limits on discharges with regard to radioactive releases and with the dose limits in all operational states, and is capable of meeting acceptable limits for accident conditions. [Footnote 18: Requirements on safety assessment for facilities and activities are established in GSR Part 4 (Rev. 1)]

5.72. The safety analysis shall provide assurance that defense in depth has been implemented in the design of the plant.

5.73. The safety analysis shall provide assurance that uncertainties have been given adequate consideration in the design of the plant and in particular that adequate margins are available to avoid cli edge eects and early radioactive releases or large radioactive releases.

5.74. The applicability of the analytical assumptions, methods and degree of conservatism used in the design of the plant shall be updated and veri"ed for the current or as built design.

§§ 53.410 and 53.420. This demonstration must consider interdependent effects throughout the commercial nuclear plant and the range of conditions under which the design features required by § 53.400 must function throughout the plants lifetime.

(b) Specific uses of analyses. The PRA in combination with other generally accepted approaches for systematically evaluating engineered systems must be used (f) Analysis of design-basis accidents.

(1) The analysis of LBEs required by

§ 53.240 must include analysis of DBAs that address possible challenges to the safety functions identified under § 53.230.

The events selected as DBAs must be those that, if not terminated, have the potential for exceeding the safety criteria in § 53.210.

(2) The DBAs selected must be analyzed using deterministic methods that address event sequences from initiation to a safe stable end state and assume only the SR SSCs identified under § 53.460 and human actions addressed by the requirements of subpart F of this part are available to perform the safety functions identified in accordance with § 53.230.

with limited use of deterministic methods.

February 2025

nei.org 67 Deterministic approach 5.75. The deterministic safety analysis shall mainly provide:

(a) Establishment and con"rmation of the design bases for all items important to safety; (b) Characterization of the postulated initiating events that are appropriate for the site and the design of the plant; (c) Analysis and evaluation of event sequences that result from postulated initiating events, to con"rm the quali"cation requirements; (d) Comparison of the results of the analysis with acceptance criteria, design limits, dose limits and acceptable limits for purposes of radiation protection; (e) Demonstration that the management of anticipated operational occurrences and design basis accidents is possible by safety actions for the automatic actuation of safety systems in combination with prescribed actions by the operator; (f) Demonstration that the management of design extension conditions is possible by the automatic actuation of safety systems and the use of safety features in combination with expected actions by the operator.

Probabilistic approach 5.76. The design shall take due account of the probabilistic safety analysis of the plant for all modes of operation and for all plant states, including shutdown, with particular reference to:

5.75(a)-(f) 5.76(a)-(c)

§ 53.250 Defense in depth.

(a) Measures must be taken for each commercial nuclear plant to ensure appropriate defense in depth is provided to compensate for uncertainties in the analysis of the safety criteria such that there is reasonable assurance that the safety criteria in this subpart are met over the life of the plant.

February 2025

nei.org 68 IAEA SSR-2/1 (Rev. 1)

Implementing Para.

Proposed 10 CFR 53 NOTES (a) Establishing that a balanced design has been achieved such that no particular feature or postulated initiating event makes a disproportionately large or signi"cantly uncertain contribution to the overall risks, and that, to the extent practicable, the levels of defense in depth are independent; (b)

Providing assurance that situations in which small deviations in plant parameters could give rise to large variations in plant conditions (cli edge eects) will be prevented; (c) Comparing the results of the analysis with the acceptance criteria for risk where these have been speci"ed.

February 2025

nei.org 69 3.4 Example D: Risk-Informed Bounding Approach Example D entails reliance primarily on bounding deterministic assessments of a facilitys safety, with more limited, if any, use of PRA as part of the formal licensing process. This approach could be used by any design that wishes to rely on more conservative deterministic analyses in order to reduce the reliance on the PRA in the development of the safety case. This approach aligned with the direction in the ADVANCE Act Section 208 for microreactors to have an alternative to PRA.

This example draws on the smallest set of existing regulatory guidance as it assumes a smaller reactor with reduced radionuclide inventory. The guidance used to build this example includes NUREG-1537 and DG-1414 and examples of recent submittals (Kairos). This section talks through examples and possibilities, the rule language can be informed by these examples, but it is expected that guidance will be developed as licensees develop innovative approaches to meet a more flexible Part 53. We also dont want to suggest that NUREG-1537 or an update to DG-1414 are the only means of supporting a bounding approach with more flexible Part 53 rule language. The Integrated Safety Analysis (ISA) required by 10 CFR 70 for fuel cycle facilities is provided in NUREG-1513 and may be appropriate for some facilities. Per 10 CFR 70, an ISA is defined as:

a systematic analysis to identify facility and external hazards and their potential for initiating accident sequences, the potential accident sequences, their likelihood and consequences, and the items relied on for safety. As used here, integrated means joint consideration of, and protection from, all relevant hazards, including radiological, nuclear criticality, fire, and chemical.

As was the case for Examples B (Section 3.2) and C (Section 3.3), because the PRA plays a supporting role, if any, rather than being central to the safety assessment, it is expected that the PRA would not be submitted as part of the formal safety analysis report.

53.210 - Safety Criteria for design-basis accidents 53.210 specifies the safety criteria for design basis accidents (DBAs) at both the (a) exclusion area boundary, and (b) low-population zone and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

Guidance to meet Regulation These criteria are consistent with Part 50 and 52 criteria and would be met for a set of bounding analyses. Selection of the bounding events to meet these criteria will be discussed in the sections on 53.450. RG 1.203 and RG 1.183 would inform how the bounding analysis is calculated and should be updated as guidance for meeting 53.210 for those using a bounding assessment methodology.

53.220 - Safety criteria for licensing-basis events other than design-basis accidents 53.220 specifies the safety criteria for non-DBA Licensing Basis Events (LBEs) for both (a) each individual LBE, and (b) all LBEs cumulatively and explains that design features and programmatic controls must be provided to demonstrate the design criteria can be met.

February 2025

nei.org 70 53.220(a) - LBE safety criteria DID 53.220(a) specifies safety criteria in terms of reliability and capability of design features and programmatic controls and defense in depth. These safety criteria are somewhat ambiguous with details expected to be provided in guidance. The ambiguity derives from a lack of clarity in the Rule language, with 53.220(a) reference 52.240, 53.450(e) and 53.250. The pointer to 53.240 is particularly problematic as 53.220 is Safety criteria for licensing-basis events other than design-basis accidents yet 53.240 covers all LBEs including DBAs and 53.240 itself references 53.450 broadly which includes all analysis requirements including DBAs.

This report assumes that 53.220 is meant to cover safety criteria for non-DBA LBEs (anticipated event sequences, unlikely event sequences and very unlikely event sequences) and is intended to address acceptable doses for those events sequences as well as acceptable defense in depth as discussed in 53.250 Guidance to meet Regulation The selection of risk performance objectives by the applicant provides technology inclusive flexibility.

Given the significant margin to risk thresholds expected from microreactors something like an F-C chart in Figure 3 could be proposed. This example is similar to the F-C chart in NEI 18-04 but more constraining in line with the reduced amount of analytical burden. The Part 20 Iso-Risk line is used and assumed to be met via traditional compliance with Part 20. Then there is a limit of 1 rem from frequencies of 1E-1 to 1E-4. This is chosen intentionally in line with the EPA PAG and would give confidence that no design basis accident would result in significant offsite dose. It also allows the reliance on traditional design criteria for SR SSCs. If the SR SSCs (those credited in the Design Basis Accidents) are designed in accordance with traditional guidance, there should be high confidence that they will withstand 1E-4 events. Traditional guidance as discussed later would include the Single Failure Criterion unless technically justified on an application specific basis.

Beneath the 1E-4 / year frequency a maximum hypothetical accident approach, informed by NUREG-1537 and potentially a search for hazards in line with DG-1413 and DG-1414 would have to show a dose less than 25 rem. By setting this limit, and by the conservative design margin baked into the design of SR SSCs, the applicant would adequately account for uncertainty around events in the 1E-4 range. NEI acknowledges that MHA is intended to bound design basis events and may not bound beyond design basis events as suggested in the figure below. NEI suggests that industry and the NRC workshop an approach, building off of NUREG-1537, DG-1413 and DG-1414 that results in updates to those draft regulatory documents that is appropriately conservative but not unreasonable to the point of making the methodology unusable for any reactor large enough to be commercially viable. The cutoff at 5E-7 is consistent with NEI 18-04 and would take into account the same cliff-edge considerations which should factor into the MHA analysis.

February 2025

nei.org 71 Figure 3: Bounding Frequency-Consequence Curve (Proposed) 53.220(b) - LBE safety criteria comprehensive risk 53.220(b) specifies safety for all LBEs cumulatively. The criterion is a comprehensive risk metric to be proposed by the applicant and in line with performance objective acceptable to the NRC.

Guidance to meet Regulation 53.220(b) is a difficult requirement to meet for bounding analyses, but it can be done in a variety of ways without requiring a PRA. DG-1414 proposed using a frequency of 1 and the bounding event consequence as an acceptable means of meeting the cumulative risk metric requirement. While that certainly should be acceptable, there is a large disconnect between 1/yr frequency events (usually non-challenging to SR SSCs) and bounding dose consequences. A more reasonable means of assessing cumulative risk would be to use the 1/yr frequency times the consequence of the most bounding design basis accident crediting SR SSCs. The bounding DBA dose would be assessed in lines with traditional DBA methodologies (account for single failure criterion, conservative assumptions for inventory and system performance) but would be expected to result in a relatively low dose thanks to smaller consequences for smaller, safer reactors and the performance of SR SSCs which should provide ample margin to any significant fuel degradation.

Lower frequency events would be represented with a more conservative bounding assessment informed by the guidance in DG-1414. This more bounding consequence would be multiplied by 1E-4 /yr frequency to cover events that are beyond the design basis. The more bounding consequence could take an approach similar to a maximum hypothetical accident in NUREG-1537 where some reasonable bound

February 2025

nei.org 72 of fuel failure is assumed tied to potential SR feature failures. For low consequence facilities, surrogate measures could include a dose at a distance criterion, a conditional containment/confinement failure probability, a loss of fuel integrity criterion (e.g., >10% of fuel inventory), or a maximum fuel temperature criterion. Such surrogate measures could also apply a frequency to associated sequences to provide a bounding risk context (e.g., 1/yr backstop, 1E-04/yr bounding frequency, 1E-06/yr hazard exceedance frequency) and to demonstrate how the surrogate satisfies risk metrics like IEFR and ILCFR.

It is noted that the comprehensive risk metrics are expected to address the facility rather than individual reactor plants for the range of plant configurations and hazards such that summation of risks from individual analyses may be required. Simplified risk assessments and bounding approaches are judged amenable to these requirements for defining criteria.

With respect to the NRCs Safety Goal Policy definitions for QHOs, the numerical objectives were defined as IEFR<5E-07/yr and ILCFR<2E-06/yr. In view of facility risk, if the total frequency of all hazards that could result in a radiological release impacting the public is less than 5E-07/yr, then the QHOs would be met. The following considerations are presented (based on the Design Basis External Hazard Level (DBEHL) concept) for various hazards to illustrate how close advanced reactors may be to achieving these numerical objectives given the inclusion of inherent safety features.

High Winds - RG 1.76 [31] specifies that new reactors design-basis for tornado wind speeds should correspond to a 1E-07/yr exceedance frequency (calculated as best estimate). RG 1.221 [39] applies the same exceedance frequency for hurricanes. Therefore, deterministic analysis of the DBEHL High Winds event ensures that consequences greater than a bounding DBA would occur at <1E-07 frequency.

Seismic - Beginning in 1997, the safe-shutdown earthquake determination was guided by RG 1.165 [32]

using a reference frequency of 1E-05/yr. RG 1.165 was superseded by RG 1.208 [33] and employs a performance-based approach to ensure that nuclear power plants can withstand the effects of earthquakes with a desired performance, with the performance being expressed as the target value of 1E-05 for the mean annual probability of exceedance (frequency) of the onset of significant inelastic deformation. Therefore, deterministic analysis of the DBEHL seismic event ensures that consequences greater than a bounding DBA would occur at <1E-05/yr frequency. Given the potential for low frequency seismic events to dominate design considerations, newer analysis methodologies (e.g., enhanced seismic margins assessment [29]) are demonstrating the potential for additional credit of SSC capabilities based on evaluating the margins associated with high confidence low probability of failure (HCLPF) attributes (e.g., 1E-02 credit) to achieve frequencies <5E-07/yr.

Internal Fires - An internal fire hazard frequency could be conservatively estimated for advanced reactors using a simplified approach focusing on divisionalized individual fire compartments, and the potential for a fire to impact all divisions. The soon-to-be released EPRI component-based fire frequencies will support development of a compartment fire ignition frequency (estimated <0.01/yr).

NUREG/CR-6850 [30] provides compartment fire barrier failure probabilities (e.g., ~0.01) which would allow fire propagation to adjacent compartments. Alternate train components in the adjacent compartments could be conservatively assumed failed (e.g., 1.0 failure due to assumed hot gas layer propagation) or alternatively evaluated for potential credit. Most new reactor designs have passive features that are not impacted by fires. A conservative estimate for the failure of the passive feature could be applied (e.g., 1E-04) based on industry experience with similar designs (e.g., isolation condensers). Taken together, the fire frequency for a compartment with the potential to compromise two active trains and the passive feature would be estimated (e.g., <1E-08/yr). This value would need to be multiplied by the number of compartments (e.g., 40) and considerations would be required for fire

February 2025

nei.org 73 impacts on control functions (e.g., main control station) and structural steel damage that could impact the passive features (e.g., partial building collapse). Therefore, deterministic analysis of the DBEHL internal fire event ensures that consequences greater than a bounding DBA would be estimated to occur at <1E-06/yr frequency.

Internal Flood - An internal flood hazard frequency could be conservatively developed for advanced reactors using a simplified approach similar to that presented for internal fires. EPRI documents provide component-based leak and rupture frequencies for piping and components that can be summed for a given compartment (estimated <0.001/yr for a compartment). The potential for flood barrier failures can be estimated based on propagation pathways and flood levels (e.g., 0.1 barrier failure probability).

Alternate train components in the adjacent compartments or below along the propagation path could be conservatively assumed failed (e.g., 1.0 failure due to assumed flood impacts) or alternatively evaluated for potential credit. Most new reactor designs have passive features that would not be impacted by most flood events. A conservative estimate for the failure of the passive feature could be applied (e.g., 1E-04) based on industry experience with similar designs (e.g., isolation condensers).

Taken together, the flood frequency for a compartment with the potential to compromise two active trains and the passive feature would be estimated <1E-08/yr. This value would need to be multiplied by the number of compartments (e.g.,40) and considerations would be required for flood impacts on control functions and the potential for maintenance induced floods. Therefore, deterministic analysis of the DBEHL internal flood event ensures that consequences greater than a bounding DBA would be estimated to occur at <1E-06/yr frequency.

External Flood - Reactor plants are designed for external flooding events following the guidance of RG 1.59 [34] and the concept of the probable maximum flood (PMF) in view of recorded events for the site and the potential combinations of effects (e.g., dam failures, waves, maximum precipitation events, hurricane surges). Because of the combination of improbable events, it is difficult to assign a value to the frequency of a design basis flood. The data to support the determination of the design levels are typically based on the U.S. Army Corps of Engineers, National and Oceanic and Atmospheric Administration, and the U.S. Geologic Survey criteria. An external flood hazard frequency could be conservatively developed for advanced reactors using a simplified approach. A conservative flood event frequency can be estimated (e.g., <0.01/yr reflective of a once-in-hundred years flood). Many contributors to the external flooding are slowly developing events and forecast sufficiently in advance to allow for protective actions such as ensuring flood features (e.g., doors) are in place and transitioning the plant to a safe-stable state, but credit is conservatively not taken for these human actions. Assuming the reactor has a passive safety feature that is effective given a flooding event, credit can be applied (e.g., 1E-04 for passive cooling). Therefore, deterministic analysis of the DBEHL internal flood event ensures that consequences greater than a bounding DBA would be estimated to occur at <1E-06/yr frequency. It is noted that the NRC in DG-1290 (draft RG-1.59 Rev 3) [35] discusses the developing use of probabilistic flood hazard assessment (PFHA) techniques, and states that although the NRC does not provide guidance on the use of such techniques, the NRC staff currently uses an average annual probability of exceedance of <1E-06/yr as a metric to evaluate the reasonableness of combined flooding event scenarios.

Based on the individual hazard frequency estimates, as illustrated above, a very low consequence facility may satisfy IEFR and ILCFR objectives / metrics with simplified approaches.

February 2025

nei.org 74 To summarize, the proposed cumulative risk metric calculation would consist of the following contributors:

A bounding internal DBA dose times 1/yr frequency A bounding accident dose (potentially a MHA) times 1E-4/yr frequency A high wind DBHL assessment times 1E-7/yr frequency (RG 1.76)

A seismic approach accounting for 1E-5/yr frequency times a traditional seismic DBHL consequence, plus an approach informed by the ANL approach for low frequency external hazards Several bounding fire events: potentially everything outside of areas challenging SR SSCs with a frequency of 1 times the DBA dose + as many compartment fires as needed relying on assumptions as described above.

Several bounding flood events: potentially everything outside of areas challenging SR SSCs with a frequency of 1 times the DBA dose + as many compartment floods as needed relying on assumptions as described above.

External flooding in line with Appendix K of DG-1290 Hazards screening in line with 3002005287, Identification of External Hazards for Analysis in Probabilistic Risk Assessment: Update of Report 1022997 Suggested Changes to Part 53.220 rule language Suggest modifying 53.220 to read:

Design features and programmatic controls classified as NSRSS RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

While a bounding approach would utilize different guidance, the SSCs credited to meet the 53.210 dose criteria should remain SR and the SSCs credited to meet the 53.220 criteria should be NSRSS. Similar to the other TI-RIPB methodologies, the assessment of DID and plant risk should be holistic and we suggest changing the 53.220 language as follows:

53.220 Safety Criteria for an Integrated Safety Assessment Design features and programmatic controls for NSRSS SSCs must be provided for each commercial nuclear plant to assure adequate protection of the public health and safety. This is achieved through an integrated safety assessment which must consider the necessary capabilities and reliability of design features and programmatic controls to address LBEs in accordance with 53.450(e), provide measures for defense in depth in accordance with § 53.250; and evaluate residual risk.

February 2025

nei.org 75 53.230 - Safety Functions 53.230 defines safety functions in terms of primary (limiting the release of radioactive material) and additional (needed to support the primary function) with a reference to 53.210 and 53.220.

Guidance to meet Regulation The safety functions for applicants pursuing a bounding approach to risk evaluations would identify safety functions credited in the DBAs analyzed to meet 53.210 and the LBEs analyzed to meet 53.220.

Any functions credited in those analyses would be identified to meet 53.230. No change is required to the rule language to support such an approach, but regulatory guidance and discussion in the preamble would be beneficial. Suggest either significant updates to DG-1414 or endorsement of an approach similar to NUREG-1537. Alternatively, the safety functions can be derived from the advanced reactor design criteria and an update to RG 1.232 could facilitate this approach.

53.240 Licensing Basis Events 53.240 identifies the scope of LBEs that need to be identified and analyzed with a pointer to 53.450.

(a) links the LBEs to the Subpart B safety requirements, (b) defines scopes including anticipated event sequences to very unlikely event sequences and covering internal events human errors, facility hazards and external hazards. (c) points to 53.450 analysis requirements including DBAs (53.450(f), 53.210, 53.330 and functional requirements (implying 53.230).

Guidance to meet Regulation See the discussion of 53.220 for a set of events that could feasibly meet the criteria of 53.240. The design basis accident and bounding events selected would cover malfunctions of plant SSCs, human errors and facility hazards. The hazard evaluations would cover external hazards. The performance in those licensing basis events would inform design features, programmatic controls and functional requirements for plant SSCs. No change is required to the rule language to support such an approach, but regulatory guidance and discussion in the preamble would be beneficial. Regulation guidance in DG-1413 could provide a roadmap for how hazard considerations could inform an envelope for a bounding risk assessment. An alternative guidance pathway would build off an approach similar to NUREG-1537 given guidelines on how to map hazards to bounding maximum hypothetical accidents.

Suggested Changes to Part 53.240 rule language Requirement 53.240(b) indicates that the LBEs for a range of event sequences, must collectively address combinations of malfunctions of plant SSCs, human errors, facility hazards, and the effects of external hazards. For facilities using a PRA, it is recommended this wording be revised to specify must collectively address appropriate combinations of to ensure that only relevant or appropriate combinations of hazards are considered. As an example, it is longstanding PRA practice to only consider single initiators. Without clarification such as relevant or appropriate, it could imply a requirement to consider an internal events initiating event coincident with an independent external hazards initiator.

53.250 Defense in Depth 53.250 discusses defense in depth requirements and covers: (a) uncertainties in meeting safety criteria, (b) uncertainties in state of knowledge, modeling capabilities, barrier capability, SSC, programmatic and

February 2025

nei.org 76 personnel performance and (c) no overreliance upon a single engineered design feature, human action, or programmatic control.

Guidance to meet Regulation These defense-in-depth requirements are judged reasonable and flexible for simplified and bounding analyses, where additionally analytical conservatism (e.g., with respect to defining the bounding sequences) counters uncertainties. Parts 50 and 52 address defense-in-depth through layered prescriptive requirements for LWR technology. Part 53 provides flexibility through identification and analysis of required safety functions (e.g., controlling reactivity, heat removal) appropriate to the reactor technology, with a focus on the retention of radioactive materials. Preclusion of reliance on a single design feature, human action, or programmatic control in conjunction with assessment of a broad spectrum of possible accident sequences serves to address single failure criterion. Dedicated success paths for individual DBAs contributes to inclusion of defense-in-depth layers. DG-1414 provides guidance for evaluating defense-in-depth, similar to that of RG 1.174 [24], that could be applied.

Additionally, the DG-1414 guidance for systematic identification of risk insights includes consideration of defense-in-depth and complementary aspects such as important common cause failures and sensitivity to external hazards. Such systematic reviews in conjunction with deterministic analyses (e.g., fission product barriers), identifying bounding sequence risk evaluations, and consideration of prior analyses for similar plants (e.g., licensing bases, PRAs) would support robust evaluation of defense-in-depth.

53.400 - Design Features for licensing-basis events 53.400 specifies design features must (a) be provided to satisfy the safety criteria in 53.210 and 53.220 and (b) ensure the safety functions of 53.230 are fulfilled during LBEs.

Guidance to meet Regulation Practically speaking, many of the design features are tentatively established prior to comprehensive detailed analyses. Safety analyses iterations support the evolution, enhancement, and finalization of these design features, in conjunction with other analyses (e.g., fabrication, construction, costs). These design feature requirements are judged reasonable and flexible for use of simplified or bounding analyses. DG-1414 has limited use of the term design features, but its guidance related to searching for severe accident vulnerabilities supports consideration of design features. These would be considered in the assessment of LBEs described in the discussion of 53.220.

53.410 - Functional Design Criteria for Design Basis Accidents 53.410(a) requires the definition of functional design criteria (FDC) for each design feature required by 53.400 and relied upon to meet the 53.210 safety criteria. 53.410(b) requires controls to ensure reliability and capability for the defined FDC, consistent with 53.210 and 53.450(f).

Guidance to meet Regulation These functional design criteria requirements are judged reasonable and flexible for use of simplified or bounding analyses. It is noted that functional design criteria based on DBAs may represent a subset of that associated with other LBEs. For example, for a given design the radionuclide retention function may be retained as long as fuel temperature remains below 1800C and the core design is such that temperatures even with a loss of all cooling will never be greater than 1800C. Other LBEs, however, may

February 2025

nei.org 77 address sequences where fuel temperatures exceed 1800C and their associated functional design criteria are established per 53.420. It is additionally noted that DG-1413 and DG-1414 do not specifically address design criteria other than a reference to RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light Water Reactors.[36] Given that RG 1.232 was written in view of 10 CFR 50 Appendix A (General Design Criteria for Nuclear Power Plants), it is considered that RG 1.232 requires review and potential revision to reflect an acceptable approach to meeting the requirements in the proposed Part 53 rule.

53.415 - Protection against external hazards 53.415 requires that SR SSCs are protected to withstand the effects of natural phenomena and constructed hazards. These requirements reference 53.510 siting requirements in establishing site-specific hazards and 53.230 for the functions that shall be maintained during the DBHLs. There is also a reference to specific earthquake engineering hazards in 53.480.

Guidance to meet Regulation The protection against hazards requirements could be met as described in the discussion of 53.220 for design basis hazards. Lower likelihood, higher consequence hazards would be considered in the broader assessment of LBEs and defense in depth, but those are not considered essential for meeting the 53.415 requirements focusing on design-basis requirements for SR SSCs. In line with the direction of the Commission the preamble to Part 53 now discusses this as follows: These requirements would support either traditional deterministic approaches for determining and protecting against external hazards or probabilistic approaches that are being developed for seismic and some other external hazards.

Similarly, the preamble discussion of 53.510 states: Existing approaches could be used to demonstrate compliance with this requirement. This implies that many traditional RGs for should be updated as appropriate for meeting Part 53 requirements. Section 2.2 includes a list of traditional hazard RGs to be updated.

53.420 - Functional design criteria for licensing-basis events other than design-basis accidents.

53.420 requires definition of FDC for non-DBA LBEs which must (a)(1) demonstrate compliance with the 53.220 safety criteria, (a)(2) demonstrate compliance with the evaluation criteria in 53.450(e) as well as reliability and capability requirements to meet the same criteria.

Guidance to meet Regulation In general, the use of a simplified risk assessment or bounding risk assessment is judged capable of supporting development of functional design criteria. The preamble to 53.420 notes that for 53.450(e) that the LBEs would be assessed with a PRA methodology in combination with other generally accepted approaches for systematically evaluating engineered systems. The use of a simplified risk assessment or bounding risk assessment approach would have many similarities to a PRA methodology and could also be used in combination with other generally accepted approaches for evaluating engineering systems to support development of the functional design criteria. It is also noted that DBA sequences are similar to LBE (other than DBA) sequences and that DBAs functional design criteria for DBAs are established per 53.410 without the use of PRA. As discussed in the comment to 53.410 above, functional design criteria for DBAs may be a subset of functional design criteria for LBEs other than DBAs, and there may be interdependence upon criteria established for DBAs per 53.410 and for other LBEs per 53.420.

For example, a DBA design criterion may be that the fuel must retain radionuclides up to a temperature

February 2025

nei.org 78 of 1800C. Design criteria for other safety functions (e.g., reactivity control, heat removal) may be established to ensure that the fuel temperature criterion is met. Still, there may be design criteria for other LBEs that address sequences where that temperature is exceeded.

Requirement 53.420(b) requires that corresponding human actions and programmatic controls be identified and implemented to achieve and maintain the reliability and capability of SSCs relied upon for LBEs, and similar to 53.420(a), references 53.450(e) and 53.470.

Consistent with comments for 53.410, it is noted that DG-1413 and DG-1414 do not specifically address design criteria other than a reference to RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light Water Reactors [36]. Given that RG 1.232 was written in view of 10 CFR 50 Appendix A, it is considered that RG 1.232 requires revision to incorporate the requirements in the proposed Part 53 rule. Additionally, DG-1413 and DG-1414 should be updated for alignment with Part 53.

Suggested Changes to Part 53.420 rule language Suggest modifying 53.420 to read:

Functional design criteria must be defined for each design feature classified as NSRSS, RG 1.233 and RG 1.253 make a distinction between safety criteria and associated design criteria to meet the DBA requirements and safety criteria and associated design criteria to meet the non-DBA LBE requirements. This clarification in the rule language helps applicants understand and apply the appropriate level of rigor to different classifications of components and their associated requirements.

For applicants pursuing a bounding risk evaluation, design criteria required to support 53.210 would be SR and those to support 53.220 would be NSRSS.

53.450 - Analysis Requirements 53.450 describes analysis requirements and contains many parts:

53.450(a) requires an all-hazards PRA 53.450(b) stipulates the specific uses of the PRA 53.450 (c) includes maintenance and update requirements for the PRA 53.450(d) requires qualification of analytical codes 53.450(e) requires analyses of licensing basis events other than DBAs 53.450(f) requires analyses of DBAs 53.450(g)(1) covers fire protection analysis 53.450(g)(2) covers AIA 53.450(g)(3) requires analysis of normal releases in liquid and gaseous effluents and direct radiation 53.450(a) - All-Hazards PRA 53.450(a) currently precludes a bounding approach that is not reliant on PRA.

February 2025

nei.org 79 Suggested Changes to Part 53.450(a) rule language The language in 53.450(a) should address the ADVANCE Act Section 208 which directs the NRC to develop risk-informed and performance-based strategies and guidance to license and regulate micro-reactors including strategies and guidance for (E) risk analysis methods, including alternatives to probabilistic risk assessments; To allow flexibility for bounding methodologies in a way that meets the directive in the ADVANCE Act, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(b) - Specific Uses of the PRA 53.450(b) utilizes the language PRA in combination with other generally accepted approaches for systematically evaluating engineered systems which would meet the commission directive in the SRM, but would not meet the intent of the ADVANCE Act which was signed into law after the SRM. NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo.

53.450(b)(1) Use of PRA for informing the selection (identification) of LBEs. Draft guidance DG-1413 is intended to provide a technology-inclusive, systematic, and comprehensive approach to identifying licensing events and was developed in view of use for either those licensees developing a PRA or those pursuing use of AERI. A finalized version of DG-1413 (i.e., issuance of RG 1.254) could support LBE identification without a PRA. The DG-1414 process to search for severe accident vulnerabilities would support the intended goal of 53.450(b)(1).

53.450(b)(2) Use of PRA for informing the classification of SSCs according to their safety significance and identifying environmental conditions under which SSCs and operating staff must function.

With regards to environmental conditions, deterministic studies would be performed to analyze environmental conditions (e.g., temperature, radiation) and these deterministic studies would serve as inputs to alternative simplified risk assessments.

With regards to classification of SSCs, SR SSCs would be categorized deterministically based on support for DBAs to meet 53.210. Per 53.020 definition NSRSS SSCs are categorized based upon reliance for defense-in-depth or risk-significant functions. Defense-in-depth categorization can be achieved through deterministic evaluations. DG-1414 does not provide a method for risk-based categorization of SSCs.

However, risk-significance could likely be evaluated using an approach similar to that outlined in NEI 18-04, specifically:

1. SSC success is required to keep any of the LBEs within established consequence metric criteria (e.g., site boundary dose) or an established consequence contribution.

2. SSC makes a significant contribution (e.g., >1%) to the comprehensive risk metric(s) criteria established in 53.220(b).

In case 1, risk significance is effectively evaluated as consequence significance (i.e., without consideration of frequency). One example threshold could be that dose criteria are met based on success of other SSCs given an assumed failure of the SSC in question. Another example (lower)

February 2025

nei.org 80 threshold could be that of a consequence margin decrease as included in 53.53.1550(a)(2)(ix) for DBAs where a 10% margin decrease between the consequence and the safety criteria requires a license amendment.

In case 2, risk significance is evaluated considering both frequency and consequence. For a simplified risk assessment or bounding event approach, consideration would need to be given to the ability to obtain reliable risk-significance estimates given various included conservatisms (i.e., the potential for a conservatism in one aspect to mask the importance of another aspect). A series of sensitivity cases may be able to provide insights and support for categorization. Example sensitivity cases might include significantly decreasing estimated conservatisms (e.g., an order of magnitude) and re-evaluating other individual SSC contributions to the comprehensive risk metrics.

To support a simplified risk assessment or bounding approach detailed guidance would need to be developed and included in DG-1414.

53.450(b)(3) Use of PRA for evaluating the adequacy of defense-in-depth. DG-1414 provides guidance for evaluating defense-in-depth, similar to that of RG 1.174 [24], that could be applied. Also, the DG-1414 guidance for systematic identification of risk insights includes consideration of defense-in-depth and complementary aspects such as important common cause failures and sensitivity to external hazards. Such systematic reviews in conjunction with deterministic analyses (e.g., fission product barriers), identifying bounding sequence risk evaluations, and consideration of prior analyses for similar plants (e.g., licensing bases, PRAs) would support robust evaluation of defense-in-depth. DG-1414 also notes that generic results (e.g., results from other PRAs or risk assessments conducted in the past for the design) may support development of risk insights. Such generic assessments would also support evaluation of defense-in-depth.

53.450(b)(4) Use of PRA for assessing all plant operating states where there is the potential for uncontrolled release of radioactive material to the environment. DG-1413 provides guidance for consideration of all radiological sources and operating modes to serve as inputs for an alternative risk evaluation bounding AERI assessment. DG-1414 directs consideration of all radiological sources and operating modes to identify severe accident vulnerabilities, although specific guidance is limited.

53.450(b)(5) Use of PRA for assessing events that challenge plant control and safety systems (e.g.,

internal events, human errors, equipment failures, external events). This appears to be have considerable overlap duplicative with 53.450(b)(1) for LBE selection, but with added detail. As discussed for 53.450(b)(1), DG-1413 effectively addresses this scope. It is recommended that 53.450(b)(5) be deleted as duplicative to 53.450(b)(1).

Suggested Changes to Part 53.450(b) rule language (b) Specific uses of analyses. The PRA in combination with other generally accepted approaches for systematically evaluating engineered systems risk evaluation must be used 53.450(c) - Maintenance and Upgrade of PRA To allow flexibility in TI RIPB methodologies, NEIs preferred resolution is to replace the PRA requirement with a requirement for a risk evaluation in line with the voting record of Commissioner Caputo. This would be met with an update to the DG-1414 guidance.

February 2025

nei.org 81 Suggested Changes to Part 53.450(c) rule language (c) Maintenance and upgrade of analyses. The PRA risk evaluation must 53.450(d) - Qualification of Analytical Codes RG 1.203 provides guidance on Code qualification and should be updated as a means of meeting the 53.450(d) requirement for those following a bounding methodology. Clarity should be provided in an update to DG-1414 on the expectations for qualification of codes and analysis of events beyond the design basis.

53.450(e) - Analysis of Licensing Basis Events other than DBAs 53.450(e) provides various requirements for analysis of LBEs (other than DBAs), as follows:

53.450(e)(1) specifies that LBEs (other than DBAs) must be identified using insights from a PRA, in combination with other generally accepted approaches for systematically evaluating engineered systems. For plants using simplified risk approaches, DG-1414 provides detailed guidance for development of risk insights absent a full PRA. While DG-1413 and DG-1414 do not specifically indicate that the risk insights developed under DG-1414 could be used to inform the LBEs developed under DG-1413, it is anticipated that the insights developed via DG-1414 could fulfill the intent of the 53.450(e)(1) requirement. Additionally, the traditional processes used for DBA identification are also available for use for LBE identification.

53.450(e)(2) specifies that analyses for LBEs (other than DBAs) must define evaluation criteria for each LBE or specific categories of LBEs to determine acceptability of plant response to internal and external hazards. Such evaluation criteria are generally independent of PRA analysis versus alternative simplified risk assessments given that such criteria serves as input to the risk assessment, as evident by the guidance in DG-1413 for development of success criteria for use in either a PRA or an alternate risk evaluation, AERI.

53.450(e)(3) specifies that the analyses for LBEs (other than DBAs) must address event sequences from initiation to a defined end state, and with other engineering analyses, demonstrate that the functional design criteria provide sufficient barriers to satisfy the safety criteria and provide defense-in-depth. For plants using simplified risk approaches, DG-1413 guides the development of LBEs from initiation to defined end state, and DG-1414 provides guidance for consequence assessment against the safety goals and consideration of defense-in-depth.

53.450(e)(4) specifies that the methodology to identify, categorize, and analyze LBEs (other than DBAs) must include a means to identify sequences deemed significant for controlling risks posed to public health and safety. For bounding analyses with just a few LBE sequence groups identified per 53.240(b),

all those assessed could be deemed significant. (See earlier comments on 53.240(b).) If there are more than a few LBE sequence groups identified, differentiation between significant and non-significant could be performed. Comments for 53.450(b)(2) above discuss two potential approaches for significance that could be applied for identifying LBE sequences (or categories of sequences) as significant, including:

Consequence basis - Sequence conditional consequence (e.g., dose at a distance) is above an established threshold (e.g., >1% of the dose criteria of 53.210, >10% of alternative dose criteria

February 2025

nei.org 82 of 53.470). This approach would establish LBE sequences as risk-significant even if the frequency was very low.

Risk basis - Sequence risk is above an established threshold (e.g., >1% of the comprehensive risk metric criteria of 53.220, >10% of alternative risk metric criteria of 53.470)

Neither DG-1413 (LBE identification) nor DG-1414 (risk insights) currently addresses consideration of LBE significance. Therefore, updating would be required for both documents.

53.450(f) - Analysis of DBAs RG 1.203, RG 1.183 and other guidance documents on source term calculation for DBAs provide guidance on meeting the requirements of 53.450(f) and should be updated as a means of meeting Part 53 DBA requirements. For those using a bounding methodology, the single failure criterion may be appropriate.

53.460 - Safety Categorization and special treatments Safety categorization should be informed by the SSCs required to meet the criteria of 53.210 (SR) and 53.220 (NSRSS). DG-1414 should be updated to provide guidance on an acceptable way of meeting 53.460 for bounding risk evaluation applicants.

3.5 Summary This paper establishes a framework for a TI-RIPB design and analysis process that is sufficient to demonstrate the safety adequacy of the design. The paper also describes four example approaches of TI-RIPB processes that meet the Part 53 regulations. For perspective, the respective examples can be thought of as falling on the continuum presented in Figure 4.

Figure 4: Elements of the Risk-Informed and Performance-Based Evaluation of Defense in Depth

February 2025

nei.org 83 Each of these examples constitutes a viable approach to a TI-RIPB assessment of the safety of an advanced nuclear power plant. For example:

1. Example A (the approach presented in NEI 18-04) entails the most reliance on PRA, and consequently the greatest formal role of the PRA. This approach allows for a broad spectrum of technologies with differing levels of operating experience (OE) to be analyzed comprehensively and systematically. Some OE is required as well as enough data to support a PRA analysis. This approach would yield the most extensive set of risk insights with respect to categorizing SSCs and determining special-treatment requirements. It would also maximize operating efficiency over time as uncertainties are reduced and the plant is better understood.

2. Example B is similar in many respects to Example A, but in this case the PRA plays a somewhat less central role, with the assessment of safety reliant primarily on deterministic analyses. This approach works well for designs like LWRs where the licensing basis accidents are well understood thanks to operating experience of similar designs. The licensing basis would be more stable, but potential efficiency gains in operation may be missed without subsequent license amendments. This approach would rely somewhat more heavily on engineering judgment for the categorizing of SSCs and for specifying necessary special-treatment provisions.

3. Example C includes the same essential elements as in Examples A and B, but it further emphasizes deterministic safety analyses, with use of PRA insights as needed to confirm deterministic assessments. It is envisioned that this approach would be suitable for any design, although, as in Example B, it might be most relevant for designs where the licensing basis accidents are well understood thanks to operating experience. This approach may require more conservative special treatments to address DID to help ensure that the design is adequately robust since the risk insights from a more robust PRA may be lost.

4. Example D entails the greatest reliance on deterministic assessments, and consequently the most limited role for PRA in the safety analysis. Designs that might pursue licensing under Example D are likely to be those that have inherently limited potential to experience an accident that could lead to a significant release (e.g., because they have a small core containing a limited inventory of fissions products; use fuel that is particularly resistant to releasing fission products; or rely on passive safety systems and make little or no use of active systems potentially subject to interactions). The trade-off here is more definitive limits and margins with reduced opportunity to use PRA for operational flexibility.

NEXT STEPS This paper establishes the principles for a TI-RIPB process for assessing the safety adequacy of a new reactor design. In order to advance the discussion of how different approaches may fit under Part 53 and more clearly illuminate the role of PRA and risk information, it presents four examples across the spectrum of potential approaches. One of the examples is the approach presented in NEI 18-04. The discussion of this example describes how the elements from NEI 18-04 align with the proposed Part 53 rule text. Each example has a different balance between deterministic safety analyses and risk information in what is always a risk-informed process. The TI-RIPB process and example approaches in this paper are intended to inform the development of Part 53.

The next steps are to reach consensus on the following points:

February 2025

nei.org 84

1. Changes to the Part 53 rule language as described in Section 2.1.

2. Guidance updates needed as described in Section 2.2 to allow more traditional safety analysis approaches and bounding assessments to meet the Part 53 requirements.

3. Workshops and industry NRC engagement as needed to further develop guidance (DG-1414, DG-1413, RG 1.232 update, etc) to permit their use under Part 53.

It is to be expected that, in the process of seeking consensus, some differences in opinion may arise.

However, the rule language proposed in Section 2.1 has the benefit of:

1. Allowing the Part 53 Rulemaking process to proceed on schedule.

2. Allowing guidance to support LMP Users to be developed in time to support the Part 53 rulemaking.

3. Allowing more time for guidance development for applicants pursuing a more bounding approach or a more traditional approach.

4. Addressing NEIMA, the ADVANCE Act, the new NRC mission statement, the Executive Orders addressing energy dominance, and the SRM.

Once the rule language and central regulatory guidance documents are updated, it will be necessary to develop more detailed guidance for implementing the IAEA, traditional and bounding approaches. It is anticipated that testing (e.g., via table-top exercises) of the guidance will be beneficial to ensure that it is practical and effective. This guidance can be developed in such a way that it supports compliance with Part 53 as it evolves.

REFERENCES

1.

Nuclear Energy Innovation and Modernization Act. U.S. Congress Public Law No. 115-439, January 14, 2019.

2.

Rulemaking Plan on Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors. U.S. Nuclear Regulatory Commission SECY-20-0032, April 13, 2020 (ML19340A056).

3.

Use of Probabilistic Risk Assessment (PRA) Methods in Nuclear Regulatory Activities, Federal Register, 60(158), p. 42622 [ADAMS ML021980535]. U.S. Nuclear Regulatory Commission Final Policy Statement, August 16, 1995.

4.

Domestic Licensing of Production and Utilization Facilities. U.S. Nuclear Regulatory Commission, Title 10 of the Code of Federal Regulations, Part 50.

5.

Licenses, Certifications, and Approvals for Nuclear Power Plants. U.S. Nuclear Regulatory Commission, Title 10 of the Code of Federal Regulations, Part 52.

6.

Licensing and Regulation of Advanced Nuclear Reactors, Subpart A - General Provisions. U.S.

Nuclear Regulatory Commission Preliminary Rule Language, 10 CFR Part 53, April 23, 2021.

February 2025

nei.org 85

7.

Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development. Nuclear Energy Institute Report NEI 18-04, Revision 1, August 2019.

8.

Online Glossary of Regulatory Terms. U.S. Nuclear Regulatory Commission, https://www.nrc.gov/reading-rm/basic-ref/glossary.html.

9.

Probabilistic Risk Assessment Standard for Advanced Non-Light Water Reactor Nuclear Power Plants. American Society of Mechanical Engineers and American Nuclear Society Standard ASME/ANS RA-S-1.4-2021, February 8, 2021.

10.

Glossary of Risk-Related Terms in Support of Risk-Informed Decisionmaking. U.S. Nuclear Regulatory Commission Report NUREG-2122, November 2013.

11.

Gaertner, J., et al. Safety and Operational Benefits of Risk-Informed Initiatives. Electric Power Research Institute White Paper 1016308, February 2008.

12.

NEI 20-04, The Nexus Between Safety and Operational Performance in the U.S. Nuclear Industry.

Nuclear Energy Institute, March 2020.

13.

Safety Goals for the Operation of Nuclear Power Plants, Federal Register, 51, p. 30028 (Republication). U.S. Nuclear Regulatory Commission Policy Statement, August 4, 1986.

14.

Implementation of the Safety Goals. U.S. Nuclear Regulatory Commission SECY-89-102, June 15, 1990.

15.

Safety of Nuclear Power Plants: Design. International Atomic Energy Agency Specific Safety Requirements No. SSR-2/1, Rev. 1, February 2016.

16.

Licensing and Regulation of Advanced Nuclear Reactors, Subpart B - Technology Inclusive Safety Requirements. U.S. Nuclear Regulatory Commission Preliminary Rule Language, 10 CFR Part 53, October 20, 2020.

17.

Deterministic Safety Analysis for Nuclear Power Plants. International Atomic Energy Agency Specific Safety Guide No. SSG-2 (Rev. 1), July 2019.

18.

Defence in Depth in Nuclear Safety. International Atomic Energy Agency International Nuclear Safety Advisory Group Report INSAG-10, June 1996.

19.

Seismic Risk Management Solution for Nuclear Power Plants. Idaho National Laboratory Report INL/JOU-14-33436, December 2014.

20.

Technology-inclusive, Risk-informed, Performance-based Approaches for Development of Licensing Bases Under Part 53. Nuclear Energy Institute, September 2021.

21.

Proposed Rule: Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors (RIN 3150-AK31), U.S. Nuclear Regulatory Commission SECY-23-0021, March 6, 2023 (ML21162A093).

February 2025

nei.org 86

22.

"Staff Requirements - SECY-23-0021 - Proposed Rule: Risk-informed, Technology-inclusive Regulatory Framework for Advanced Reactors (RIN 3150-AK31), U.S. Nuclear Regulatory Commission SRM-SECY-23-0021, March 4, 2024.

23.

Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors, Federal Register, 89 FR, p. 86918. U.S. Nuclear Regulatory Commission Proposed Rule, October 31, 2024.

24.

Comprehensive Industry Comments on the NRCs Rulemaking on Risk-Informed, Technology-inclusive Regulatory Framework for Advanced Reactors (RIN 3150-AK31). Nuclear Energy Institute, U.S. Nuclear Innovation Council, November 5, 2021 (ML21309A578).

25.

Accelerating Deployment of Versatile, Advanced Nuclear for Clean Energy Act of 2024 (ADVANCE).

U.S. Congress Public Law 118-67, July 9, 2024.

26.

PRA Used to Implement LMP for Non-LWR CP Applications Under 10 CFR Part 50, U.S. Nuclear Regulatory Commission, April 18,2023 (ML23101A123).

27.

Commissioner Caputo Vote Sheet VR-SECY-23-0021: Part 53 Proposed Rule: Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors, U.S. Nuclear Regulatory Commission, July 18, 2023.

28.

Commissioner Wright Vote Sheet VR-SECY-23-0021: Part 53 Proposed Rule: Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors, U.S. Nuclear Regulatory Commission, October 2, 2023.

29.

An Approach for the Assessment of Low Frequency Seismic Events as Part of a Risk-Informed Performance-Based Licensing Pathway, Argonne National Laboratory, ANL/NSE-24/42, December 2024.

30.

EPRI/NRC-RES Fire PRA Methodology for Nuclear Power Facilities, NUREG/CR-6850. Electric Power Research Institute, U.S. Nuclear Regulatory Commission. September 2005.

31.

Nuclear Regulatory Commission, Regulatory Guide RG 1.76, Desing-Basis Tornado and Tornado Missiles for Nuclear Power Plants, Rev. 1, March 2007, ML070360253.

32.

Nuclear Regulatory Commission, Regulatory Guide RG 1.165, Identification and Characterization of Seismic Sources and Determination of Safe Shutdown Earthquake Ground Motion, March 1997, ML003740084.

33.

Nuclear Regulatory Commission, Regulatory Guide RG 1.208, A Performance-Based Approach to Define the Site-Specific Earthquake Ground Motion, March 2007, ML070310619.

34.

Nuclear Regulatory Commission, Regulatory Guide RG 1.59, Design Basis Floods for Nuclear Power Plants, Rev. 2, August 1977, ML003740388.

35.

Nuclear Regulatory Commission, Draft Regulatory Guide DG-1290, Design-Basis Floods for Nuclear Power Plants, Draft RG 1.59 Rev. 3, February 2022, ML19289E561.

February 2025

nei.org 87

36.

Nuclear Regulatory Commission, Regulatory Guide RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light-Water Reactors, April 2018, ML17325A611.

37.

Nuclear Regulatory Commission, Regulatory Guide RG 5.74, Managing the Safety/Security Interface, Rev. 1, April 2015, ML14323A549.

38.

Nuclear Regulatory Commission, Regulatory Guide RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Rev.

3, January 2018, ML17317A256.

39.

Nuclear Regulatory Commission, Regulatory Guide RG 1.221, Design-Basis Hurricane and Hurricane Missiles for Nuclear Power Plants, October 2011, ML110940300.

February 2025

nei.org A-1 APPENDIX A. DEFINITIONS The definition of the licensing basis under Part 53 uses some specific terminology that merits explanation in the context of this paper. The following provides the definitions as used in this document.

Deterministic safety analysis - As applied in nuclear technology, deterministic safety analysis generally deals with evaluating the safety of a nuclear power plant in terms of the consequences of a predetermined bounding subset of accident sequences [8].

Probabilistic risk assessment - A quantitative assessment of the risk associated with plant operation and maintenance that is measured in terms of frequency of occurrence and consequences of event sequences, event sequence families, or release categories. Also referred to as a probabilistic safety analysis (PSA) [9].

PRA confirmatory role - The use of results and insights from a PRA in a manner complementary to deterministic safety analysis to provide further confidence of the safety adequacy for a plant or design.

PRA foundational role - The use of the PRA as the primary tool to establish the safety adequacy of a plant or design and to provide perspective on the selection of cases and outcomes of deterministic safety analyses.

Risk Evaluation - Means of systematically evaluating engineering systems to qualitatively or quantitatively assess risk. Includes methodologies including, but not limited to PRA, HAZOPs, Failure Modes and Effect Analysis (FMEA), Maximum Hypothetical Accident Analysis, Objectives Hierarchy Risk-informed approach - A risk-informed approach to regulatory decision-making represents a philosophy whereby risk insights are considered together with other factors to establish requirements that better focus licensee and regulatory attention on design and operational issues commensurate with their importance to health and safety [10].

Risk insights - The understanding about a facilitys response to postulated accidents [8].

Risk-informed regulation - An approach which incorporates an assessment of safety significance or relative risk. This approach ensures that the regulatory burden imposed by an individual regulation or process is appropriate to its importance in protecting the health and safety of the public and the environment [8].

Risk information - Information that can demonstrate the significance or relative risk of an issue or design feature. The results and insights from a probabilistic risk assessment that meets the ASME/ANS PRA Standard [9] (i.e., that addresses significant contributors to risk in an adequately detailed, realistic, and plant-specific manner and that includes a quantitative characterization of uncertainties) is one form of risk information. Risk information can also take the form of results from bounding analyses that can demonstrate significance, or lack thereof, based on assessing the impacts of an issue or design feature using simpler, conservative inputs and models. Combinations of results from detailed PRAs and from bounding analysis are also viable forms of risk information, as long as the limitations of each are understood and accounted for in the decision-making process.

February 2025

nei.org A-2 Performance-based - An approach that focuses on desired, measurable outcomes, rather than prescriptive processes, techniques, or procedures. Performance-based regulation leads to defined results without specific direction regarding how those results are to be obtained [5].

Technology-inclusive -Broadly applicable across the spectrum of advanced reactor, small modular reactor (SMR), and microreactor designs, including light water reactors and non-light water reactors without need for extensive exemptions or alternative regulatory requirements due to unique technology features.

Technology-inclusive, risk-informed, performance-based process - A process that uses a combination of risk information and deterministic analyses to establish the safety adequacy of the design. The process may use risk information in either a foundational role or one that is confirmatory in nature. The TI-RIPB process is based on principles that guide the development of a specific approach for establishing the safety case.

February 2025

nei.org B-1 APPENDIX B. REGULATORY GUIDANCE MAPPING Part 53 Requirement Description LMP IAEA Traditional Bounding Notes 53.210 Safety criteria for design-basis accidents.

RG 1.233 (NEI 18-04 Figure 3-2, Task 6 & 7d),

RG 1.203 IAEA SSR-2/1 RG 1.145, RG 1.183, SRP Chapter 15 RG 1.145, RG 1.183 53.220 Safety criteria for licensing-basis events other than design-basis accidents.

RG 1.233 (NEI 18-04 Figure 3-1)

IAEA SSR-2/1 RG 1.233 (NEI 18-04 Figure 3-1)

NUREG-1537, DG-1414 53.220(a)

LBE safety criteria including DID RG 1.233 (NEI 18-04 Figure 3-2, Task 7a) &

reference to 53.250 below IAEA SSR-2/1 SRP chapter 19 for BDBEs, RG 1.226, Traditional Part 20 for AOOs NUREG-1537, DG-1414 53.220(b)

Comprehensive Risk Metric RG 1.233 (NEI 18-04 Figure 3-2, Task 7b)

IAEA SSR-2/1 RG 1.174, RG 1.200, RG 1.253, DG-1414 NUREG-1537, DG-1414, RG 1.76, RG 1.208, NUREG/CR-6850, RG 1.59, DG-1290 53.230 Safety functions RG 1.233 (NEI 18-04 Figure 3-2, Task 5a &

Figure 4-1 steps 4b,4c and 5b)

IAEA SSR-2/1 Derived from RG 1.232 Derived from RG 1.232, NUREG-1537, DG-1414 53.240 Licensing-basis events RG 1.233 (NEI 18-04 Figure 3-2, Task 4)

IAEA SSR-2/1 RG 1.174, RG 1.200, RG 1.253, SRP Chapter 15 & 19 NUREG-1537, DG-1413 53.250 Defense in depth RG 1.233 (NEI 18-04 Section 5)

IAEA SSR-2/1 RG 1.233, DG-1414, RG 1.174 DG-1414 53.260 Normal operations DANU-ISG-2022-03 IAEA SSR-2/1 DANU-ISG-2022-03 DANU-ISG-2022-03 Unchanged by Risk Evaluation

February 2025

nei.org B-2 Part 53 Requirement Description LMP IAEA Traditional Bounding Notes 53.270 Protection of plant workers DANU-ISG-2022-04 IAEA SSR-2/1 DANU-ISG-2022-04 DANU-ISG-2022-04 Unchanged by Risk Evaluation 53.400 Design features for licensing-basis events RG 1.233 (NEI 18-04 Section 4, 4.4)

IAEA SSR-2/1 See below See below 53.410 Functional design criteria for design-basis accidents RG 1.233(NEI 18-04 Section 4, 4.4), RG 1.232, RG 1.253 Section 5.3.2 IAEA SSR-2/1 RG 1.232 RG 1.232, DG-1414 53.415 Protection against external hazards RG 1.233 (NEI 18-04 Figure 3-2, Task 6), RG 1.203 IAEA SSR-2/1 RG 1.23, RG 1.27, RG 1.29, RG 1.59, RG 1.76, RG 1.91, RG 1.102, RG 1.132, RG 1.198, RG 1.208, RG 1.251, RG 1.252, RG 1.221, RG 4.7, RG 4.26, SRP Chapter 2 RG 1.23, RG 1.27, RG 1.29, RG 1.59, RG 1.76, RG 1.91, RG 1.102, RG 1.132, RG 1.198, RG 1.208, RG 1.251, RG 1.252, RG 1.221, RG 4.7, RG 4.26, DANU-ISG-2022-02 53.420 Functional design criteria for licensing-basis events other than design-basis accidents RG 1.233, RG 1.232 IAEA SSR-2/1 RG 1.232 RG 1.232 53.425 Design features and functional design criteria for normal operations DANU-ISG-2022-03, ARDC 60-64 IAEA SSR-2/1 GDC 60-64 DANU-ISG-2022-03, ARDC 60-64 Unchanged by Risk Evaluation 53.430 Design features and functional design criteria for protection of plant workers DANU-ISG-2022-04, ARDC 60-64 IAEA SSR-2/1 GDC 60-64 DANU-ISG-2022-04, ARDC 60-64 Unchanged by Risk Evaluation 53.440 Design requirements Various, see below IAEA SSR-2/1 Various, see below Various, see below See below

February 2025

nei.org B-3 Part 53 Requirement Description LMP IAEA Traditional Bounding Notes 53.440 (a)

Analysis, Operating experience, testing and prototypes RG 1.203, DANU-ISG-2022-06 IAEA SSR-2/1 RG 1.203, RG 1.68, DANU-ISG-2022-06 RG 1.203, DANU-ISG-2022-06 Unchanged by Risk Evaluation 53.440 (b)

Codes and Standards RG 1.26, RG 1.28, RG 1.33, RG 1.84, RG 1.87, RG 1.97, RG 1.142, RG 1.192, RG 1.243, RG 1.246 IAEA SSR-2/1 10 CFR 50.55a and supporting RGs RG 1.26, RG 1.28, RG 1.33, RG 1.84, RG 1.87, RG 1.97, RG 1.192, RG 1.243, RG 1.246 Unchanged by Risk Evaluation 53.440 (c)

Material Qualification RG 1.40, RG 1.73, RG 1.87, RG 1.89, RG 1.97, RG 1.100, RG 1.142, RG 1.152, RG 1.153, RG 1.156, RG 1.158, RG 1.180, RG 1.209, RG 1.210, RG 1.211, RG 1.213, RG 1.243 IAEA SSR-2/1 RG 1.40, RG 1.73, RG 1.87, RG 1.89, RG 1.97, RG 1.100, RG 1.142, RG 1.152, RG 1.153, RG 1.156, RG 1.158, RG 1.180, RG 1.209, RG 1.210, RG 1.211, RG 1.213, RG 1.243 RG 1.40, RG 1.73, RG 1.87, RG 1.89, RG 1.97, RG 1.100, RG 1.142, RG 1.152, RG 1.153, RG 1.156, RG 1.158, RG 1.180, RG 1.209, RG 1.210, RG 1.211, RG 1.213, RG 1.243 Unchanged by Risk Evaluation 53.440 (d)

Degradation Mechanisms RG 1.246 IAEA SSR-2/1 RG 1.147 RG 1.246 Unchanged by Risk Evaluation 53.440 (e)

Fire Protection DANU-ISG-2022-09, RG 1.189 IAEA SSR-2/1 RG 1.189 DANU-ISG-2022-09, RG 1.189 Unchanged by Risk Evaluation 53.440 (f)

Security by design RG 5.74 and DG-5076 IAEA SSR-2/1 RG 5.74 and DG-5076 RG 5.74 and DG-5076 Unchanged by Risk Evaluation 53.440 (g)

Subcriticality RG 3.71 IAEA SSR-2/1 RG 3.71, RG 1.240 RG 3.71 Unchanged by Risk Evaluation

February 2025

nei.org B-4 Part 53 Requirement Description LMP IAEA Traditional Bounding Notes 53.440 (h)

Long term cooling RG 1.233, RG 1.247 IAEA SSR-2/1 10 CFR 50.46 DG-1414 or NUREG-1537 Unchanged by Risk Evaluation 53.440 (i)

All sources RG 1.233, RG 1.247 IAEA SSR-2/1 DG-1413 to identify LBEs, Traditional Part 20 for AOOs, RG 1.143, potentially RG 1.226 DG-1413 or NUREG-1537 Unchanged by Risk Evaluation 53.440 (j)

Aircraft Impact Analysis (AIA), including functional design criteria RG 1.217 IAEA SSR-2/1 RG 1.217 RG 1.217 Unchanged by Risk Evaluation 53.440 (k)

Chemical Hazards RG 1.78, DG under development IAEA SSR-2/1 RG 1.78, DG under development RG 1.78, DG under development Unchanged by Risk Evaluation 53.440 (l)

Effluent DANU-ISG-2022-03, ARDC 60-64 IAEA SSR-2/1 DANU-ISG-2022-03, ARDC 60-64 DANU-ISG-2022-03, ARDC 60-64 Unchanged by Risk Evaluation 53.440 (m)

Criticality Monitoring RG 3.71 IAEA SSR-2/1 RG 3.71 RG 3.71 Unchanged by Risk Evaluation 53.440 (n)

Human-Systems Interface NUREG-0700 IAEA SSR-2/1 NUREG-0700 NUREG-0700 Unchanged by Risk Evaluation 53.450 Analysis requirements Various, see below IAEA SSR-2/1 Various, see below Various, see below See below 53.450(a)

PRA RG 1.247 IAEA SSR-2/1 RG 1.200 DG-1414, NUREG-1537, others 53.450(b)

PRA Scope and Interface RG 1.253 IAEA SSR-2/1 RG 1.174, RG 1.200, RG 1.233, RG 1.253 DG-1414, DG-1413, NUREG-1537, RG 1.233 53.450(c)

PRA Update RG 1.247 IAEA SSR-2/1 RG 1.200 DG-1414, NUREG-1537 Unchanged by Risk Evaluation

February 2025

nei.org B-5 Part 53 Requirement Description LMP IAEA Traditional Bounding Notes 53.450(d)

Code Qualification RG 1.203 IAEA SSR-2/1 RG 1.203 RG 1.203 Unchanged by Risk Evaluation 53.450(e)

Non-DBA LBEs RG 1.233 (NEI Figure 3-2, Task 7a, b, c & e)

IAEA SSR-2/1 RG 1.174, RG 1.200, RG 1.253, SRP Chapter 15 & 19 NUREG-1537, DG-1414, DG-1413 53.450(f)

DBA RG 1.233 (NEI Figure 3-2, Task 6 & 7d), RG 1.203 IAEA SSR-2/1 RG 1.145, RG 1.183, 1.203 RG 1.145, RG 1.183, 1.203 53.450(g)(1)

Fire Hazards Analysis / Fire Safe Shutdown Analysis DANU-ISG-2022-09, RG 1.189 IAEA SSR-2/1 RG 1.189 DANU-ISG-2022-09, RG 1.189 Unchanged by Risk Evaluation 53.450(g)(2)

AIA RG 1.217 IAEA SSR-2/1 RG 1.217 RG 1.217 Unchanged by Risk Evaluation 53.450(g)(3)

Normal Operating Dose /

ODCM DANU-ISG-2022-03, ARDC 60-64 IAEA SSR-2/1 NUREG-1301, NUREG-1302 DANU-ISG-2022-03, ARDC 60-64 Unchanged by Risk Evaluation 53.460 Safety categorization and treatments RG 1.233 (NEI Section 4)

IAEA SSR-2/1 RG 1.160, RG 1.33, RG 1.53, RG 1.177 NUREG-1537, DG-1414 53.470 Maintaining analytical safety margins used to justify operational flexibilities None None None None No guidance available, optional 53.480 Earthquake engineering DG-1410, RG 1.132 IAEA SSR-2/1 RG 1.132, RG 1.208 RG 1.132, RG 1.208, potentially DG-1410

February 2025

nei.org B-1 53.440 - Design Requirements 53.440 describes design requirements for SR and NSRSS SSCs and contains many parts:

53.440(a) covers Analysis Operating Experience, testing and prototypes and closely aligns with 50.43(e) and 50.34(f)(3)(i) 53.440(b) covers Codes and Standards 53.440(c) covers Material Qualification 53.440(d) covers degradation mechanisms to be considered 53.440(e) covers fire protection similar to GDC 3 53.440(f) covers security requirements 53.440(g) covers features to achieve and maintain criticality during events 53.440(h) covers long term cooling, not dissimilar to 50.46 but more technology-inclusive 53.440(i) specifies that all radionuclide sources must be considered in the evaluation 53.440(j) covers aircraft impact, similar to 50.150 but with more technology-inclusive language 53.440(k) covers chemical hazards and would be similar to existing Part 70 requirements 53.440(l) covers measures to minimize contamination the generation of radioactive waste in accordance with § 20.1406.

53.440(m) covers requirements for criticality monitoring similar to 10 CFR 50.68 53.440(n) covers human factors principles 53.440(a) - Prototypes and Testing 53.440(a) is expected to be met through a combination of the guidance in RG 1.203 and DANU-ISG-2022-06. Applicants, as part of their evaluation model development (to meet 53.450(d)) should develop an assessment base and identify any integrated effects tests (IETs) or separate effects tests (SETs) required to complete the database. This process will pull from prototype testing, operating experience, analysis and test programs and be supplemented, as needed, by the initial test program. DANU-ISG-2022-06 provides guidance on the initial test program and information required to inform the licensing basis.

The TI-RIPB process will inform the requirements for the evaluation model and the adequacy of the model for the set of events identified. Because of this, RG 1.203 should be updated as a means of meeting 53.440(a) and 53.450(d). The initial test program testing requirements could be considered special treatments under Part 53 and therefore DANU-ISG-2022-06 should be updated as a means of meeting 53.440(a) and 53.460. Procedural requirements to meet 53.440(a)(2) for operating experience would follow similar guidance as specified in DANU-ISG-2022-05 which should be updated.

53.440(b) - Codes and Standards NEI appreciates the NRC effort to move Codes and Standards (C&S) from Code of Federal Regulation (CFR) 50.55a to Regulatory Guidance with the inclusion of 53.440(b) for C&S. This change, while appropriate, requires C&S to be endorsed for Part 53 in Regulatory Guidance. Many of these changes will require little technical work as the technical basis should remain unchanged.

RG 1.26, RG 1.28 and RG 1.33 endorsing NQA-1 RG 1.84 endorsing ASME Section III Code Cases RG 1.87 endorsing ASME Section 3 Division 5

February 2025

nei.org B-2 RG 1.97 endorsing IEEE 497 - The 2025 edition is proposed for endorsement as it includes flexible language aligned with LMP.

RG 1.192 endorsing the ASME OM Code, or preferably a future update that endorses OM-2.

RG 1.208 or RG 1.251 endorsing ASCE 43 and ASCE 4.

DG-1410 is particularly important for LMP users and should be finalized to support Part 53.

RG 1.246 endorsing ASME Section XI Division 2 - The applicability should be extended to LWRs.

NEI is concerned about the scope of 53.440 as discussed in the detailed comments below. We propose limiting the scope to SR SSCs, but if the scope continues to include NSRSS SSCs then NRC needs to endorse the following Codes and Standards as appropriate for NSRSS SSCs:

ISO-9001 - Note that 53.460 appropriately limits the requirement of Appendix B to SR SSCs with the option to apply Appendix B to NSRSS SSCs. The 53.460 language is appropriate and in conflict with the 53.440 requirement for using generally accepted consensus codes and standards that have been endorsed or otherwise found acceptable by the U.S. Nuclear Regulatory Commission. NQA-1 is the only C&S for QA endorsed by NRC and was developed to meet the requirements of Appendix B. 53.440 effectively expands Appendix B requirements beyond SR SSCs to NSRSS SSCs.

ASME Section VIII ASME B31.1 and B31.3 ASCE 7 AISC 360 ACI 318 Any additional unendorsed C&S that may been used or proposed for use for U.S. reactors not mentioned above Note this list is incomplete and effort will be needed to identify a comprehensive set of C&S that applicants intend to use for NSRST SSCs under Part 53.

53.440(c) - Material Qualification 53.440(c) is handled through a number of Regulatory Guides such as RG 1.40, RG 1.73, RG 1.87, RG 1.89, RG 1.97, RG 1.100, RG 1.142, RG 1.152, RG 1.153, RG 1.156, RG 1.158, RG 1.180, RG 1.209, RG 1.210, RG 1.211, RG 1.213 and RG 1.243.

While some of these documents will require minimal technical update, the TI-RIPB safety case changes the traditional scope of SR and therefore technical updates may be required to align these RGs with the more flexible requirements of Part 53.

53.440(d) - Material Degradation 53.440(d) can be met following guidance in RG 1.246. NEI believes that the Reliability and Integrity Management provisions of ASME Section XI Division 2 as endorsed in RG 1.246 along with the Maintenance Rule requirements in 53.715 are sufficient to monitor and address material degradation without an additional Integrity Assessment Program as required by 53.870. However, if the 53.870 requirement and associated requirements remain, guidance must be developed to support implementation of such a program.

February 2025

nei.org B-3 The TI-RIPB methodology chosen has limited impact on the means of meeting the 54.440(d) requirement outside of identifying the operating environment of equipment.

53.440(e) - Fire Protection 53.440(e) can be met by following the regulatory guidance in DANU-ISG-2022-09 and either RG 1.189 or RG 1.205.

More PRA-centric TI-RIPB Methodologies may support implementation of RG 1.205 once RG 1.205 is updated to include technology-inclusive risk metrics, but either set of guidance should be acceptable.

Both should be updated to indicate that they are acceptable means of meeting 53.440(e).

53.440(f) - Security by Design 53.440(f) can be met by following the guidance in DG-5076 and RG 5.74. DG-5076 should be published as an RG to support Part 53 and RG 5.74 should be updated as appropriate to address Part 53.

Since the PRA explicitly excludes security events, the means of meeting 53.440(f) is independent of the level of PRA information relied upon in the licensing basis.

53.440(g) and (h) - Subcriticality and Long Term Heat Removal 53.440(g) and (h) place conditions on the safe, stable endstate relied upon in RG 1.233 and RG 1.247.

These conditions should inform an update to those RGs as appropriate for meeting 53.440(g), (h) and other requirements. For those TI-RIPB methodologies relying more on conversative assessments, DBAs already require these conditions as acceptance criteria.

53.440(i) - Scope of Radioactive Sources Regardless of TI-RIPB methodology, the full scope of radioactive sources needs to be considered.

53.440(j) - Aircraft Impact Assessment (AIA)

RG 1.217 provides guidance for how to meet 10 CFR 50.150. RG 1.217 should be updated to indicate NEI 07-13 is acceptable guidance for meeting 53.440(j) and other associated Part 53 requirements. NEI appreciates that the Part 53 language is more technology inclusive, and NEI is working on an addendum to NEI 07-13 which intends to develop additional acceptance criteria that would meet the Part 53 requirements. This guidance is not dependent on the TI-RIPB Safety Case.

53.440(k) - Chemical Hazards NEI understands NRC is developing a draft guide to support meeting 53.440(k). This draft guide should be finalized to support the Part 53 rulemaking.

NEI expects the TI-RIPB process will inform events to be considered under the new DG, but that the approach to addressing chemical hazards will be largely independent of the LBEs considered.

February 2025

nei.org B-4 53.440(l) - Minimize Contamination and Radioactive Waste DANU-ISG-2022-03 provides guidance on meeting the requirements of 53.440(l) and should be updated as applicable for Part 53. This guidance is not dependent on the TI-RIPB Safety Case.

53.440(m) - Criticality Monitoring RG 3.71 provides guidance on meeting the requirements of 53.440(m) and should be updated as applicable for Part 53. This guidance is not dependent on the TI-RIPB Safety Case.

53.440(n) - Human-Systems Interface DANU-ISG-2022-05 provides guidance on meeting the requirements of 53.440(n) and should be updated as applicable for Part 53. This guidance is not dependent on the TI-RIPB Safety Case.

53.450(g)(1) - Fire Protection 53.450(g)(1) can be met by following the regulatory guidance in DANU-ISG-2022-09 and either RG 1.189 or RG 1.205.

More PRA-centric TI-RIPB Methodologies may support implementation of RG 1.205 once RG 1.205 is updated to include technology-inclusive risk metrics, but either set of guidance should be acceptable.

Both should be updated to indicate that they are acceptable means of meeting 53.450(g)(1).

53.450(g)(2) - Aircraft Impact Assessment (AIA)

RG 1.217 provides guidance for how to meet 10 CFR 50.150. RG 1.217 should be updated to indicate NEI 07-13 is acceptable guidance for meeting 53.450(g)(2) and other associated Part 53 requirements. NEI appreciates that the Part 53 language is more technology inclusive, and NEI is working on an addendum to NEI 07-13 which intends to develop additional acceptance criteria that would meet the Part 53 requirements.

This guidance will be independent of the TI-RIPB Methodology chosen.

53.450(g)(3) - Dose to members of the public DANU-ISG-2022-03 and the referenced guidance documents provide some guidance on how to meet 53.450(g)(3) and should be updated to address Part 53. Guidance needs to be developed for an Offsite Dose Calculation Manual (ODCM) for non-LWRs similar to NUREGs 1301/1302 for BWRs and PWRs.

This guidance will be independent of the TI-RIPB Methodology chosen.

ML25066A034

Text

1.1 Background

Navigation menu

Search