DG-1251, Revision 1, Guidance for Protection and Safety Systems for Nuclear Power Plants

ML25114A021
Person / Time
Issue date:	11/26/2025
From:	Rodriguez G NRC/NMSS/DREFS/RRPB
To:
References
RIN 3150-AL06, NRC-2024-0045, DG-1251 RG-1.153, Rev. 2
Download: ML25114A021 (15)
v • d • e

Text

U.S. NUCLEAR REGULATORY COMMISSION DRAFT REGULATORY GUIDE DG-1251, Revision 1 Proposed Revision 2 to Regulatory Guide 1.153 Issue Date: December 2025 Technical Lead: Gilberto Blas Rodriguez This RG is being issued in draft form to involve the public in the development of regulatory guidance in this area. It has not received final staff review or approval and does not represent an NRC final staff position. Public comments are being solicited on this DG and its associated regulatory analysis. Comments should be accompanied by appropriate supporting data. Comments may be submitted through the Federal rulemaking website, https://www.regulations.gov, by searching for draft regulatory guide DG-1251. Alternatively, comments may be submitted to Office of the Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Rulemakings and Adjudications Staff.

Comments must be submitted by the date indicated in the Federal Register notice.

Electronic copies of this DG, previous versions of DGs, and other recently issued guides are available through the NRCs public website under the Regulatory Guides document collection of the NRC Library at https://nrc.gov/reading-rm/doc-collections/reg-guides. The DG is also available through the NRCs Agencywide Documents Access and Management System (ADAMS) at https://www.nrc.gov/reading-rm/adams.html, under Accession No. ML25114A021. The regulatory analysis is associated with a rulemaking and may be found in ADAMS under Accession No. ML24353A321.

GUIDANCE FOR THE POWER, INSTRUMENTATION, AND CONTROL PORTIONS OF SAFETY SYSTEMS FOR NUCLEAR POWER PLANTS A. INTRODUCTION Purpose This regulatory guide (RG) provides guidance to implement the requirements for the power, instrumentation and control (I&C) portions of safety systems for nuclear power plants as specified in Section 50.55a(h), Title 10, Part 50 of the Code of Federal Regulations (10 CFR Section 50.55a(h)) (Ref.

1), which incorporates by reference, among other standards, Institute of Electrical and Electronics Engineers (IEEE) Standard (IEEE Std) 603-2018, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, (Ref. 2). This revision provides supplemental and clarifying information for implementing certain criteria in IEEE Std 603-2018.

Applicability This RG applies to applicants and licensees subject to 10 CFR Part 50, Domestic Licensing of Production and Utilization Facilities or 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants (Ref. 3). Under 10 CFR Part 50, this RG applies to applicants for and holders of licenses, as defined in 10 CFR 50.2, Definitions. Under 10 CFR Part 52, this RG applies to applicants for and holders of combined licenses, standard design approvals and manufacturing licenses, and applicants for standard design certifications for nuclear power plants.

Applicable Regulations 10 CFR Part 50 governs the licensing of nuclear power plants, and it requires, in part, that structures, systems, and components (SSCs) that are important to safety in a nuclear power plant must be designed to remain functional under postulated design-basis events.

o 10 CFR 50.49 Environmental qualification of electric equipment important to safety for nuclear power plants establishes requirement criteria for qualifying electric equipment.

DG-1251, Page 2 o 10 CFR 50.55a, Codes and standards, requires, in part, that SSCs be designed, fabricated, erected, constructed, tested, and inspected to quality standards commensurate with the importance of the safety function to be performed. Furthermore, 10 CFR 50.55a(h) provides requirements for protection and safety systems and incorporates by reference IEEE Std 279-1968, Proposed IEEE Criteria for Nuclear Power Plant Protection Systems (Ref. 4), IEEE Std 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations (Ref.

5), IEEE Std 603-1991, Criteria for Safety Systems for Nuclear Power Generating Stations (Ref. 6) (including the correction sheet dated January 30, 1995 (Ref. 7)) and IEEE Std 603-2018, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations.

The applicability of each of these standards to a given nuclear power plant depends on the plants licensing date and other criteria.

o 10 CFR Part 50, Appendix A, General Design Criteria for Nuclear Power Plants, contains, in part, requirements for the design, reliability, qualification, and testability of safety systems.

o 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants establishes quality assurance requirements for the design, manufacture, construction and operation of SSCs that prevent or mitigate the consequences of postulated accidents that could cause undue risk to the health and safety of the public.

10 CFR Part 52 governs the issuance of early site permits, standard design certifications, combined licenses, standard design approvals, and manufacturing licenses.

Related Guidance RG 1.28, Quality Assurance Program Criteria (Design and Construction), (Ref. 8) provides guidance for establishing and implementing a quality assurance program.

RG 1.32, Criteria for Power Systems for Nuclear Power Plants, (Ref. 9) provides guidance on the design, operation, and testing of electric power systems in nuclear power plants.

RG 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems, (Ref. 10) provides guidance on bypassed and inoperable status indication for nuclear power plant safety systems.

RG 1.53, Application of the Single-Failure Criterion to Safety Systems, (Ref. 11) provides guidance on the application of the single-failure criterion to the electrical power, instrumentation, and control portions of safety systems.

RG 1.75, Criteria for Independence of Electrical Safety Systems, (Ref. 12) provides guidance on physical independence requirements of the circuits and electric equipment that comprise or are associated with safety systems.

RG 1.89, Environmental Qualification of Certain Electric Equipment Important to Safety for Nuclear Power Plants, (Ref. 13) provides guidance on environmental qualification of electric equipment important to safety to ensure that the equipment can perform its safety function during and after a design basis accident and endorses IEEE Std 323-1974, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations (Ref. 14).

DG-1251, Page 3 RG 1.97. Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants (Ref. 15) provides guidance on accident monitoring instrumentation.

RG 1.105, Setpoints for Safety-Related Instrumentation, (Ref. 16) provides guidance on the subject related to setpoints for safety systems.

RG 1.118, Periodic Testing of Electric Power and Protection Systems, (Ref. 17) provides guidance with respect to periodic testing of the electric power and protection systems.

RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants, (Ref. 18) provides guidance on high functional reliability, design quality, and a secure development and operational environment for the use of digital computers in the safety systems.

RG 1.180, Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems, (Ref. 19) provides guidance to on design, installation, and testing practices for addressing the effects of electromagnetic and radio-frequency interference and power surges on safety-related I&C systems.

RG 1.209, Guidelines for Environmental Qualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants, (Ref. 20) provides guidance on environmental qualification procedures for safety-related computer-based I&C systems for service and addresses the application of microprocessor-based technology and endorses IEEE Std 323-2003, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations (Ref. 21).

NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, (Ref. 22). The Standard Review Plan provides guidance to NRC staff in performing safety reviews under Part 50 and 52.

NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems, (Ref. 23) describes a method for analyzing computer-based nuclear reactor protection systems that discovers design vulnerabilities to common-mode failure.

NUREG/CR-7007, Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems, (Ref. 24) presents the technical basis for establishing acceptable mitigating strategies that resolve diversity and defense-in-depth assessment findings.

Purpose of Regulatory Guides The NRC issues RGs to describe methods that are acceptable to the staff for implementing specific parts of the agencys regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to describe information that the staff needs in its review of applications for permits and licenses. Regulatory guides are not NRC regulations and compliance with them is not required. Methods and solutions that differ from those set forth in RGs are acceptable if the applicant provides sufficient basis and information for the NRC staff to verify that the alternative methods comply with the applicable NRC regulations.

DG-1251, Page 4 Paperwork Reduction Act This RG provides voluntary guidance for implementing the mandatory information collections in 10 CFR Parts 50, 50.55a, and 10 CFR Part 52 that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et. seq.). These information collections were approved by the Office of Management and Budget (OMB), under control numbers 3150-0011, 3150-0264, and 3150-0151. Send comments regarding this information collection to the FOIA, Library, and Information Collections Branch, Office of the Chief Information Officer, Mail Stop: T6-A10M, U.S. Nuclear Regulatory Commission, Washington, DC 20555 0001or by email to Infocollects.Resource@nrc.gov, and to the OMB reviewer at: OMB Office of Information and Regulatory Affairs 3150-0011, 3150-0264, and 3150-0151), Attn: Desk Officer for the Nuclear Regulatory Commission, 725 17th Street, NW, Washington, DC, 20503.

Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the document requesting or requiring the collection displays a currently valid OMB control number.

DG-1251, Page 5 B. DISCUSSION Reason for Revision RG 1.153, Criteria for Safety Systems, (Ref. 25) provides guidance on addressing the requirements of 10 CFR 50.55a(h) when implementing or modifying safety systems in nuclear power plants. This revision was issued to support the revision to 10 CFR 50.55a(h) that incorporates by reference IEEE Std 603-2018 in addition to IEEE Std 279-1968, IEEE Std 279-1971, and IEEE Std 6031991 including its correction sheet dated January 30, 1995, as discussed in Federal Register notice 64 FR 17944 (Ref. 26).

Background

IEEE Std 603-2018 provides criteria for functional and design requirements of power and I&C portions of safety systems in nuclear power plants. This revision provides guidance on criteria found in IEEE Std 603-2018. IEEE superseded IEEE Std 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, (Ref. 27) and its correction sheet Errata to IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, (Ref. 28) with IEEE Std 603-2018 and 10 CFR 50.55a(h) was revised to incorporate it by reference.

Alternatives to IEEE Std 603-2018 Criteria The staff understands that applicants, particularly with new or advanced reactor designs (e.g.,

inherent reactor safety physics or multiple passive safety features), may be able to justify alternatives to certain criteria in IEEE Std 603-2018 to make its overall safety case. In these scenarios, the applicant may choose to apply 50.55a(z), Alternatives to codes and standards requirements.

Addressing Common-Cause Failure The first sentence of Clause 5.16, Common-cause failure, of IEEE Std 603-2018 states, The safety system design and development shall address common-cause failures (CCF) that create a potential to degrade or defeat the safety system function. This statement is consistent with the NRCs policy in Staff Requirements Memorandum (SRM)-SECY22-0076, Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control Systems, (Ref. 29) on CCF and has been incorporated into 10 CFR 50.55a(h).

The NRC staff considers the remainder of Clause 5.16 (i.e., after the first sentence) as guidance on how CCF could be addressed. The methods included in Clause 5.16 may be acceptable for licensees or applicants to address CCF as part of their overall defense-in-depth and diversity (D3) analyses, in appropriate circumstances; however, the list is not comprehensive and does not include flexibilities the Commission recently directed the NRC staff to incorporate into its licensing reviews. In its direction to the NRC staff in SRM-SECY22-0076, the Commission approved expanded acceptance of risk-informed approaches in performing the D3 assessment and in determining the adequacy of design techniques, prevention measures, and mitigation measures other than diversity, to address a postulated digital I&C (DI&C) CCF. This policy provides additional flexibility in addressing CCFs beyond the methods described in Clause 5.16. Therefore, licensees or applicants may use the methods described in Clause 5.16 and other methods referenced in this draft guidance in their overall D3 analyses. The NRC staff would review such applications on a case-by-case basis using the guidance in Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Defense in Depth and Diversity to Address Common-Cause Failure

DG-1251, Page 6 due to Latent Design Defects in Digital Instrumentation and Control Systems, (Ref. 30) and the Design Review Guide, Design Review Guide (DRG): Instrumentation and Controls for Non-Light-Water Reactor (Non-LWR) Reviews (Ref. 31) as applicable. Further, regarding the last paragraph in Clause 5.16, if a determination concludes that the consequences of a CCF are low or a determination concludes that the CCF has a very low likelihood of occurrence, that conclusion could be credited in a plant-specific analysis toward justification of the proposed safety system design in an overall risk-informed D3 approach on a case by case basis. However, a risk-informed approach requires that risk insights are considered together with other factors to establish requirements that better focus licensee and regulatory attention on design and operational issues commensurate with their importance to public health and safety, consistent with SRM-SECY-98-144, Risk-informed and Performance Based Regulation, (Ref.

32) and SRM-SECY-22-0076. Finally, the NRC staff agrees that each identified source of CCF should be evaluated, but also addressed, on a case-by-case basis.

Data Communications Independence DI&C architectures may employ data communications between safety systems, between redundant portions of a safety system, and between systems of different safety classes. One of the more significant regulatory implications is maintaining not only physical, functional, and electrical independence but also data communication independence, thereby ensuring that faults from data communications do not propagate and adversely affect safety functions. Otherwise, fault propagation can lead to undesired behavior of I&C systems, which could create hazards that challenge plant safety.

Hazards may result from lost independence because of interconnectivity or functional relationships among DI&C systems through their data communications. These hazards may be more difficult to identify and control because of system complexity, when the potential for faults and their impacts are considered. Thus, communication independence is needed between safety systems, between redundant divisions of a safety system, and between systems of different safety classes to ensure that faults from data communications do not propagate and adversely affect safety functions. Section C of this RG provides guidance on addressing data communications independence for DI&C.

Consideration of International Standards The International Atomic Energy Agency (IAEA) works with member states and other partners to promote the safe, secure, and peaceful use of nuclear technologies. The IAEA develops Safety Requirements and Safety Guides for protecting people and the environment from harmful effects of ionizing radiation. This system of safety fundamentals, safety requirements, safety guides, and other relevant reports, reflects an international perspective on what constitutes a high level of safety. To inform its development of this RG, the NRC considered IAEA Safety Requirements and Safety Guides pursuant to the Commissions International Policy Statement (Ref. 33) and Management Directive and Handbook 6.6, Regulatory Guides (Ref. 34).

The international standards and guides listed below are generally consistent with the principles in the standards incorporated by reference in 10 CFR 50.55a(h). These international standards and guides provide useful information for implementing safety systems in nuclear power plants and utilization facilities, although they may not provide a one-to-one correlation with the standards incorporated by reference in 10 CFR 50.55a(h). However, the NRC does not endorse these standards and guides and does not recognize these standards and guides as an acceptable means for complying with the requirements of 10 CFR 50.55a(h).

DG-1251, Page 7 IAEA Safety Standard Guide SSG-39, Design of Instrumentation and Control Systems for Nuclear Power Plants (Ref. 35).

IAEA Specific Safety Guide No. SSG-34, Design of Electrical Power Systems for Nuclear Power Plants (Ref. 36).

International Electrotechnical Commission (IEC) 60709, Edition 3.0, Nuclear Power Plants Instrumentation and Control Systems Important to SafetySeparation (Ref. 37).

IEC/IEEE 60780-323, Edition 1.0, Nuclear facilitiesElectrical equipment important to safetyQualification (Ref. 38).

IAEA Specific Safety Guide No. SSG-69, Equipment Qualification for Nuclear Installations (Ref. 39).

IEC 60880, Edition 2.0, Nuclear Power PlantsInstrumentation and Control Systems Important to SafetySoftware Aspects for Computer-Based Systems Performing Category A Functions (Ref. 40).

IEC/IEEE 60980-344, Edition 1.0, Nuclear Facilities - Equipment Important to Safety - Seismic Qualification (Ref. 41).

IEC 61226, Edition 4.0, Nuclear Power PlantsInstrumentation, control and electrical power systems important to safetyCategorization of functions and classification of systems (Ref. 42).

IEC 61888, Edition 1.0, Nuclear Power PlantsInstrumentation Important to Safety Determination and Maintenance of Trip Setpoints (Ref. 43).

IEC 62385, Edition 1.0, Nuclear Power PlantsInstrumentation and Control Important to SafetyMethods for Assessing the Performance of Safety System Instrument Channels (Ref. 44).

Documents Discussed in Staff Regulatory Guidance This regulatory guidance addresses the use of a standard developed by the IEEE. This standard contains references to other IEEE standards (secondary references). If a secondary reference has itself been incorporated by reference into NRC regulations as a requirement, then licensees and applicants must comply with that standard as set forth in the regulation. If the secondary reference has been endorsed in an RG as an acceptable approach for meeting an NRC requirement, then the standard constitutes a method acceptable to the NRC staff for meeting that regulatory requirement as described in the specific RG. If the secondary reference has neither been incorporated by reference into NRC regulations nor endorsed in an RG, then the secondary reference is neither a legally-binding requirement nor a generic NRC-approved acceptable approach for meeting an NRC requirement. However, licensees and applicants may consider and use the information in the secondary reference, if appropriately justified, consistent with current regulatory practice, and consistent with applicable NRC requirements.

DG-1251, Page 8 C. STAFF REGULATORY GUIDANCE Supplemental and clarifying guidance for implementing certain criteria in IEEE Std 603-2018 are identified below:

1. Supplement Clause 5.5 of IEEE Std 603-2018 with the following: For the purposes of this clause, predictable and repeatable means that: (1) events that support the operation of the system, including the transmission of signals between or among sensor data input and safety control device actuation, that occur at a given time that can be defined in advance through known relationships among the controlled system states. The required responses to those states make them regular or expected at a known frequency such that a given set of input signals will always produce the same output signals; and (2) the output of such a system being consistently achieved given the same input and system properties (including internal and external conditions).

2. Clause 5.6 of IEEE Std 603-2018 and its sub-clauses deal with Independence requirements including those associated with safety systems and other systems. For programmable digital devices in the safety-related systems of nuclear power plants, RG 1.152 endorses, with clarifications, the communication independence criteria within the normative parts of IEEE Std 7-4.3.2, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations, (Ref. 45). Furthermore, RG 1.152 endorses, with clarification, the IEEE Std 7-4.3.2 Annex D, Identification and Control of Hazards, guidance for identifying and controlling hazards. In addition, when implementing this guidance for digital I&C, all signal processing between or among sensor data input and safety control device actuation is accomplished in a manner that is independent of redundant portions of the safety system or other external systems, such that the required safety function capability remains independent of the performance of any one channel.

3. Clause 5.9 of IEEE Std 603-2018 deals with Control of Access. The regulatory guidance on this subject for programmable digital devices in the safety-related systems of nuclear power plants is provided in RG 1.152. For example, the guidance in RG 1.152 Section C, Staff Regulatory Guidance, Subsection 1.b.3.4 related to Control of Access states that the use of a hardware-based unidirectional device is one approach the NRC staff would consider acceptable to ensure that safety-related I&C systems do not present an electronic path that could enable unauthorized access to the plants safety-related systems.

4. The first sentence of Clause 5.16 of IEEE Std 603-2018, Common-cause failure, states, The safety system design and development shall address common-cause failures (CCF) that create a potential to degrade or defeat the safety system function. Changes to plant designs, equipment, or technology may introduce latent design defects in active hardware components, software, or software-based logic. Latent design defects in safety systems can remain undetected despite traditional design-basis development, verification, validation, and testing processes. Certain events, unexpected external stresses, failures occurring within shared resources, or plant conditions can trigger latent design defects within redundant portions of a system designed to perform safety functions and thus lead to a systematic failure of the redundant portions. Licensees and applicants should address systematic CCFs that are the result of latent design defects. RG 1.152, which endorses IEEE Std 7-4.3.2, provides an acceptable method for performing evaluations of systematic CCFs due to latent design defects. In addition, the NRC staff uses the guidance in BTP 7-19 and the DRG, to evaluate the applicants D3 assessments using either best-estimate methods or a risk-informed approach or both, to address CCFs due to latent design defects in digital safety-related systems. For digital I&C, the Commissions policy on addressing CCF documented in SRM-SECY22-0076 allows the use of risk-informed approaches to demonstrate the appropriate level

DG-1251, Page 9 of defense-in-depth, and the use of design techniques or mitigation measures other than diversity to address a potential CCF. If diversity is used as an approach, then independent and diverse means not susceptible to the same CCFs (e.g., a diverse and independent digital system, or a diverse and independent analog/hardware-based system) are acceptable for the system(s), that monitor and produce a diverse trip or actuation in the affected redundant portion of the digital safety systems if the common processing unit ceases operation or locks-up.

5. Table 1 below identifies relevant additional guidance applicable to certain clauses of IEEE Std 603-2018. (Note: The guidance described in this table is not exhaustive or comprehensive.)

Table 1. IEEE Std 603-2018 Clauses - Relevant Additional Guidance Clause Relevant Additional Guidance 4.g - Includes electromagnetic interference as an additional environmental factor in the design basis RG 1.89, Environmental Qualification of Certain Electric Equipment Important to Safety for Nuclear Power Plants RG 1.180, Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems 5.1, Single-failure criterion RG 1.53, Application of the Single-Failure Criterion to Safety Systems 5.3, Quality RG 1.28, Quality Assurance Program Criteria (Design and Construction) 5.4, Equipment qualification RG 1.89, Environmental Qualification of Certain Electric Equipment Important to Safety for Nuclear Power Plants RG 1.209, Guidelines for Environmental Qualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants 5.6, Independence RG 1.75, Criteria for Independence of Electrical Safety Systems RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants 5.6.3.2, Equipment in proximity RG 1.75, Criteria for Independence of Electrical Safety Systems

DG-1251, Page 10 Table 1. IEEE Std 603-2018 Clauses - Relevant Additional Guidance (continued)

Clause Relevant Additional Guidance 5.7, Capability for testing and calibration RG 1.118, Periodic Testing of Electric Power and Protection Systems RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants 5.8.3, Indication of bypasses RG 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems 5.8.4, Location RG 1.97, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants 5.9, Control of access RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants 5.13, Multi-unit stations RG 1.32, Criteria for Power Systems for Nuclear Power Plants 5.16, Common-cause failure RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants Note: The NRC staff uses the guidance in the BTP 7-19 and in the DRG to evaluate the applicants D3 assessment using either best-estimate methods or a risk-informed approach or both, as a means to address CCFs due to latent design defects in digital safety-related systems.

6.2, Manual control RG 1.62, Manual Initiation of Protective Actions 6.8, Setpoints RG 1.105, Setpoints for Safety-Related Instrumentation 8.1, Electrical power sources RG 1.32, Criteria for Power Systems for Nuclear Power Plants 8.3, Maintenance bypass RG 1.32, Criteria for Power Systems for Nuclear Power Plants

DG-1251, Page 11 D. IMPLEMENTATION Licensees generally are not required to comply with the guidance in this regulatory guide. If the NRC proposes to use this regulatory guide in an action that would constitute backfitting, as that term is defined in 10 CFR 50.109, Backfitting, and as described in NRC Management Directive 8.4, Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests (Ref. 46); affect the issue finality of an approval issued under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants; or constitute forward fitting, as that term is defined in Management Directive 8.4, then the NRC staff will apply the applicable policy in Management Directive 8.4 to justify the action.

If a licensee believes that the NRC is using this regulatory guide in a manner inconsistent with the discussion in this Implementation section, then the licensee may inform the NRC staff in accordance with Management Directive 8.4.

DG-1251, Page 12 REFERENCES1 These references indicate the versions of the documents available at the time of issuance of this regulatory guide (RG). Licensees or applicants using this RG should check all referenced documents to verify that no change has occurred since the issuance of the RG.

1.

U.S. Code of Federal Regulations, Domestic Licensing of Production and Utilization Facilities, Part 50, Title 10, Energy.

2.

Institute of Electrical and Electronics Engineers (IEEE), Std 603-2018, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Piscataway, NJ. 2

3.

U.S. Code of Federal Regulations, Licenses, Certifications, and Approvals for Nuclear Power Plants, Part 52, Title 10, Energy.

4.

IEEE, Std 279-1968, Proposed IEEE Criteria for Nuclear Power Plant Protection Systems, Piscataway, NJ.

5.

IEEE, Std 279-1971, IEEE Standard: Criteria for Protection Systems for Nuclear Power Generating Stations, Piscataway, NJ.

6.

IEEE, Std 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Piscataway, NJ.

7.

IEEE, Std 603-1991 correction sheet dated January 30, 1995, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Piscataway, NJ.

8.

U.S. Nuclear Regulatory Commission (NRC), RG 1.28, Quality Assurance Program Criteria (Design and Construction), Washington, DC.

9.

NRC, RG 1.32, Criteria for Power Systems for Nuclear Power Plants, Washington, DC.

10.

NRC, RG 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems, Washington, DC.

11.

NRC, RG 1.53, Application of the Single-Failure Criterion to Safety Systems, Washington, DC.

1 Publicly available NRC published documents are available electronically through the NRC Library on the NRCs public website at http://www.nrc.gov/reading-rm/doc-collections/ and through the NRCs Agencywide Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-rm/adams.html. For problems with ADAMS, contact the Public Document Room staff at 301-415-4737 or (800) 397-4209, or email pdr.resource@nrc.gov. The NRC Public Document Room (PDR), where you may also examine and order copies of publicly available documents, is open by appointment. To make an appointment to visit the PDR, please send an email to PDR.Resource@nrc.gov or call 1-800-397-4209 or 301-415-4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except Federal holidays.

2 Copies of Institute of Electrical and Electronics Engineers (IEEE) documents may be purchased from the Institute of Electrical and Electronics Engineers Service Center, 445 Hoes Lane, PO Box 1331, Piscataway, NJ 08855 or through the IEEEs public Web site at http://www.ieee.org/publications_standards/index.html.

DG-1251, Page 13

12.

NRC, RG 1.75, Criteria for Independence of Electrical Safety Systems, Washington, DC.

13.

NRC, RG 1.89, Environmental Qualification of Certain Electric Equipment Important to Safety for Nuclear Power Plants, Washington, DC.

14.

IEEE, Std 323-1974, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations, Piscataway, NJ.

15.

NRC, RG 1.97, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants, Washington, DC.

16.

NRC, RG 1.105, Setpoints for Safety-Related Instrumentation, Washington, DC.

17.

NRC, RG 1.118, Periodic Testing of Electric Power and Protection Systems, Washington, DC.

18.

NRC, RG 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants, Washington, DC.

19.

NRC, RG 1.180, Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems, Washington, DC.

20.

NRC, Guidelines for Environmental Qualification of Safety Related Computer Based Instrumentation and Control Systems in Nuclear Power Plants, Washington, DC.

21.

IEEE, Std 323-2003, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations, Piscataway, NJ.

22.

NRC, NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Washington, DC.

23.

NRC, NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems, Washington, DC.

24.

NRC, NUREG/CR-7007, Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems, Washington, DC.

25.

NRC, RG 1.153, Criteria for Safety Systems, Washington, DC.

26.

Office of the Federal Register, Nuclear Regulatory Commission, 10 CFR Part 50, Incorporation by Reference of Institute of Electrical and Electronics Engineers Standard 603-2018, Federal Register Notice, 64 FR 17944.

27.

IEEE, Std 603-2009, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Piscataway, NJ.

28.

IEEE, Std 603-2009 correction sheet dated March 10, 2015, Errata to IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Piscataway, NJ.

29.

NRC, SRM-SECY-22-0076, Expansion of Current Policy on Potential Common-Cause Failures in Digital Instrumentation and Control systems, Washington, DC.

DG-1251, Page 14

30.

NRC, Branch Technical Position, 7-19, NUREG 0800, Guidance for Evaluation of Defense in Depth and Diversity to Address Common-Cause Failure due to Latent Design Defects in Digital Instrumentation and Control Systems, Washington, DC.

31.

NRC, Design Review Guide (DRG): Instrumentation and Controls for Non-Light-Water Reactor (Non-LWR) Reviews, Washington, DC.

32.

NRC, SRM-SECY-98-144, Risk-informed and Performance Based Regulation, Washington, DC.

33.

NRC, Nuclear Regulatory Commission International Policy Statement, Federal Register, Vol. 79, No. 132, pp. 39415-39418 (79 FR 39415), Washington, DC.

34.

NRC, Management Directive and Handbook 6.6, Regulatory Guides, Washington, DC.

35.

IAEA, Safety Standards Guide SSG-39, Design of Instrumentation and Control Systems for Nuclear Power Plants, Vienna, Austria.3

36.

IAEA, Safety Standards Series No. SSG-34, Design of Electrical Power Systems for Nuclear Power Plants,, Vienna, Austria.

37.

International Electrotechnical Commission, (IEC) 60709, Edition 3.0, Nuclear Power Plants Instrumentation and Control Systems Important to SafetySeparation, Geneva, Switzerland.4

38.

IEC/IEEE 60780-323, Edition 1.0, Nuclear facilities - Electrical equipment important to safety -

Qualification, Geneva, Switzerland.

39.

IAEA, Safety Standards Series No. SSG-69, Equipment Qualification for Nuclear Installations, Vienna, Austria.

40.

IEC, 60880, Edition 2.0, Nuclear Power PlantsInstrumentation and Control Systems Important to SafetySoftware Aspects for Computer-Based Systems Performing Category A Functions, Geneva, Switzerland.

41.

IEC, 60980, Edition 1.0, Recommended Practices for Seismic Qualification of Electrical Equipment of the Safety System for Nuclear Generating Stations, Geneva, Switzerland.

42.

IEC, 61226, Edition 4.0, Instrumentation, control and electrical power systems important to safety

- Categorization of functions and classification of systems, Geneva, Switzerland.

43.

IEC, 61888, Edition 1.0, Nuclear Power PlantsInstrumentation Important to Safety Determination and Maintenance of Trip Setpoints, Geneva, Switzerland.

3 Copies of International Atomic Energy Agency (IAEA) documents may be obtained through their Web site:

WWW.IAEA.Org/ or at http://iaea.org/Publications and by writing the International Atomic Energy Agency P.O. Box 100 Wagramer Strasse 5, A-1400 Vienna, Austria. Telephone (+431) 2600-0, Fax (+431) 2600-7, or E-Mail at Official.Mail@IAEA.Org 4

Copies of International Electrical Commission (IEC) documents may be obtained through their Web site: http://www.iec.ch/

or http://webstore.iec.ch/ and by writing the IEC Central Office at P.O. Box 131, 3 Rue de Varembé, 1211 Geneva, Switzerland, Telephone +41 22 919 02 11.

DG-1251, Page 15

44.

IEC, 62385, Edition 1.0, Nuclear Power PlantsInstrumentation and Control Important to SafetyMethods for Assessing the Performance of Safety System Instrument Channels, Geneva, Switzerland.

45.

IEEE, Std 7-4.3.2, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations, Piscataway, NJ.

46.

NRC, Management Directive 8.4, Management of Backfitting, Forward Fitting, Issue Finality, and Information Requests.