ML25118A036
| ML25118A036 | |
| Person / Time | |
|---|---|
| Site: | Peach Bottom  |
| Issue date: | 05/01/2025 |
| From: | Division of Operating Reactor Licensing |
| To: | |
| References | |
| EPID L-2024-LRM-0009 | |
| Download: ML25118A036 (13) | |
Text
May 1, 2025 RadICS Topical Report Safety Evaluation Conclusions on Internal Diversity
Purpose
- To clarify the conclusions found in the RadICS platform topical report (TR) safety evaluation (SE) regarding the platforms internal diversity.
- To clarify the RadICS platform TR SE plant-specific action item (PSAI) for addressing common-cause failure (CCF).
2 2
=
Background===
- During a February 21, 2025, pre-application meeting for the Peach Bottom Emergency Core Cooling System (ECCS) Compensated Level System replacement project, Constellation (the licensee) described their proposed approach for meeting the defense-in-depth and diversity (D3) criteria of BTP 7-19. The proposed new ECCS design is based on the RadICS digital platform TR.
- The licensee stated that [a] D3 Coping Analysis is not required because all potential CCFs can be eliminated per BTP 7-19 and IEEE 7-4.3.2.
- They licensee stated that, to demonstrate that the system is not susceptible to a CCF, they will:
- 1. credit the internal diversity of the RadICS platform hardware, and
- 2. perform 100% testing of the application logic.
3 3
February 21, 2025, Pre-application Meeting
- The licensee interpreted the statements in Section 3.9, Diversity and Defense-in-Depth, of the RadICS TR SE (i.e., can be credited, a licensee can credit, can be used, can use, and could be credited) to mean that the RadICS platform is not susceptible to a CCF. The licensees slides state:
- Crediting internal diversity of RadICS platform hardware is approved in the TR SE (specific NRC statements are shown in the Technical Reference Slides at the end)
- Internal diversity of RadICS platform hardware credited multiple times in RadICS Platform TR SE for the RadICS Platform (NRC statements listed at the end in the Technical Reference) 4 4
February 21, 2025, Pre-application Meeting The licensees slide 43 identified selected statements from the RadICS TR SE. It reads as follows:
- Internal diversity of RadICS platform hardware credited by the NRC multiple times in the RadICS Platform Topical Report (TR) Safety Evaluation (SE)
The RadICS platform does, however, include several internal design features that can be credited by a licensee to meet or support the criteria of BTP 7-19. [SE Section 3.9, Page 69]
The RadICS platform does however contain design features described in Section 10 of the RadICS TR including protective measures for identifying and mitigating platform component CCFs. A licensee can credit these features in a plant specific D3 assessment to determine if common mode failures of the RadICS based system have been adequately addressed. [SE Section 3.9, page 69, 70]
However, it is evident that mitigation features of the RadICS design can be used by a licensee to support a subsequent plant specific D3 analysis to meet this requirement. [SE Section 3.9, page 70]
Consistent with NUREG/CR-6303, the NRC staff determined that licensees can use these diversity attributes in future system applications of the RadICS platform for plant-specific evaluations to determine whether platform and application logic CCFs can be eliminated from further consideration. [SE Section 3.9, page 77]
The NRC agrees that some diversity strategies, as evaluated in Table 3.8-1 could be credited in the D3 analyses performed by a licensee. [SE Section 3.9, page 77]
5 5
The RadICS platform cannot be confirmed to meet all of the NRC staff positions within BTP 7-19 because a system level D3 assessment requires availability of a system specific design. Therefore, a plant specific evaluation must be performed at the time of application development. This is PSAI 7.9. The RadICS platform does, however, include several internal design features that can be credited by a licensee to meet or support the criteria of BTP 7-19.
RadICS TR SE - D3 Language The quotes from the TR SE identified by the licensee do not depict the staffs complete evaluation. Following are the licensees quotes from the RadICS TR SE (in italics) accompanied by the rest of the SE language (emphasis added in bold and underlined):
6 6
- It is understood that the statement internal design features that can be credited by a licensee to meet or support the criteria of BTP 7-19 is not a staff conclusion that those internal design features alone are sufficient to determine that the platform is not susceptible to a CCF.
- It is understood that the statement [a] licensee can credit these features in a plant specific D3 assessment to determine if common mode failures of the RadICS based system have been adequately addressed is not a staff conclusion that those design features alone are sufficient to determine that the platform is not susceptible to a CCF.
7 7
The RadICS TR does not include a plant specific application. Therefore, the effects of a CCF on plant operation or plant safety cannot be assessed as part of this SE and instead must be addressed by a licensee during application development. The RadICS platform does however contain design features described in Section 10 of the RadICS TR including protective measures for identifying and mitigating platform component CCFs. A licensee can credit these features in a plant specific D3 assessment to determine if common mode failures of the RadICS based system have been adequately addressed. See PSAI 7.9.
- It is understood that the statement it is evident that mitigation features of the RadICS design can be used by a licensee to support a subsequent plant specific D3 analysis to meet this requirement is not a staff conclusion that those design features alone are sufficient to determine that the platform is not susceptible to a CCF.
8 8
Because the RadICS TR does not include a plant specific application or plant specific accident analysis on which to base a D3 analysis, the NRC staff is unable to determine that a RadICS based safety system will meet the criteria of BTP 7-19 Point 2. However, it is evident that mitigation features of the RadICS design can be used by a licensee to support a subsequent plant specific D3 analysis to meet this requirement. Conformance with these criteria should therefore be addressed as part of PSAI 7.9.
- It is understood that the statement licensees can use these diversity attributes in future system applications of the RadICS platform for plant-specific evaluations to determine whether platform and application logic CCFs can be eliminated from further consideration is not a staff conclusion that those design features alone are sufficient to determine that the platform is not susceptible to a CCF.
- The TR SE did not conclude that sufficient diversity has been demonstrated to find the platform is not susceptible to a CCF. Rather, it says the licensee has to demonstrate such sufficient diversity.
9 9
Based on this evaluation, the NRC staff determined the RadICS platform design, development and test approaches provide a [] of the RadICS modules. Consistent with NUREG/CR-6303, the NRC staff determined that licensees can use these diversity attributes in future system applications of the RadICS platform for plant-specific evaluations to determine whether platform and application logic CCFs can be eliminated from further consideration. In the absence of comprehensive testing, elimination of CCFs from further consideration is allowed by BTP 7-19 when sufficient diversity has been demonstrated by an applicant or licensee. The NRC staff further determined the RadICS platform supports inclusion of application specific functional diversity and signal diversity, which could be implemented to achieve an additional degree of overall system diversity beyond the diversity provided by the platform design.
- The statement (from the Conclusion of Section 3.9 of the TR SE) that platform concepts alone should not be considered as sufficient diversity to eliminate the need for either a diverse actuation system or a best estimate safety analysis on a generic basis is clear that design features alone are not sufficient to determine that the platform is not susceptible to a CCF.
10 10 The NRC staff determined that platform concepts alone should not be considered as sufficient diversity to eliminate the need for either a diverse actuation system or a best estimate safety analysis on a generic basis. Therefore, an applicants or licensee should perform an application specific D3 analyses. The NRC agrees that some diversity strategies, as evaluated in Table 3.8-1 could be credited in the D3 analyses performed by a licensee. This D3 analysis should explicitly identify whether and how the RadICS platforms diversity attributes are credited and should identify any additional diversity strategies that the applicant or licensee includes in its design basis.
The applicants or licensees D3 analysis should either (1) demonstrate adequate diversity exists to mitigate plant vulnerabilities without the need for a diverse actuation system, or (2) determine the need for a diverse actuation system to provide adequate mitigation against plant vulnerabilities. See PSAI 7.9.
RadICS TR SE - PSAI PSAI 7.9 Diversity and Defense-In-Depth Analysis - An applicant or licensee referencing the topical report must perform a plant specific D3 analysis for safety protection system applications of the RadICS platform. If the RadICS platform internal diversity features are to be credited as a means of mitigating logic CCF consideration, then the following additional PSAIs should be performed by the licensee.
- 7.9.1 Self Diagnostics Design Requirements - The licensee must establish requirements for validation testing of Type III self-diagnostics features to ensure plant safety requirements are satisfied.
- 7.9.2 Plant Specific Fail-Safe Behavior Requirements Definition - Fail Safe state requirements shall be established by the licensee for all RadICS system outputs to ensure plant safety is achieved when RadICS system logic failures (e.g., Type I, II, or III faults) are detected by system self-diagnostic functions.
- 7.9.3 Conservation of Existing Diversity Measures - The applicant or licensee must confirm that diversity attributes of the existing protection system are preserved in the upgraded system. This diversity may be expressed in the signal selection and protection system functional algorithms established and accepted for the plant design.
If the RadICS protection system is to be used for performing a reactor trip function then the applicant or licensee must also ensure that the RadICS system is diverse from anticipated transients without scram (ATWS) systems as required by 10 CFR Part 50.62.
11 11
Conclusion
- Section 3.9, Diversity and Defense-in-Depth, of the RadICS TR SE does not conclude the platforms diverse design features alone result in the platform not being susceptible to a CCF.
- Licensees and applicants can choose to refer to the RadICS platforms diverse design features (along with other application-specific features) in a plant-specific D3 analysis that either (1) demonstrates adequate diversity exists to mitigate plant vulnerabilities without the need for a diverse actuation system, or (2) determines the need for a diverse actuation system to provide adequate mitigation against plant vulnerabilities.
- Therefore, licensees and applicants need to perform a plant-specific D3 analysis that addresses PSAI 7.9 (including 7.9.1, 7.9.2 and 7.9.3).
12 12
References
- RadICS Topical Report Safety Evaluation (Non-Proprietary) - ML19134A193
- Summary of February 21, 2025, Partially Closed Observation Meeting with Constellation Energy Generation, LLC Regarding Peach Bottom Atomic Power Station, Units 2 and 3 Digital Upgrade of the Emergency Core Cooling System Compensated Level System - ML25083A072 13 13