ML26007A324
| ML26007A324 | |
| Person / Time | |
|---|---|
| Issue date: | 12/22/2025 |
| From: | Mclatchie H NRC/NRR/DANU |
| To: | Chisholm B Southern Co Services |
| References | |
| L-2024-NFG-0012 | |
| Download: ML26007A324 (0) | |
Text
From:
Hannah McLatchie To:
Chisholm, Brandon M.
Cc:
troy.reiss@inl.gov; steve.nesbit@lmnt-consulting.com
Subject:
NRC Initial Comments for TIMaSC White Paper Date:
Monday, December 22, 2025 11:28:00 AM Attachments:
TIMaSC_NRC Comments.pdf Brandon Chisholm, Senior Research Engineer Southern Company Services
Mr. Chisholm,
The purpose of this email is to provide you with the NRCs initial comments on the document titled, Technology Inclusive Management of Safety Case (TIMaSC): White Paper (ADAMS Accession No. ML25239A009). The attached document with NRC comments will be discussed during the planned January 29, 2026, public meeting on this document. The meeting notice and agenda for this meeting will be issued shortly.
Please note that these comments are preliminary. These comments are not regulatory findings on any specific licensing matter and are not official agency positions.
This email will be captured in ADAMS. Both the email and document with comments will be made publicly available so that interested stakeholders will have access to the information for the January 29, 2026 public meeting.
If you have any immediate questions regarding the attached document, please contact me.
Thank you,
Hannah McLatchie Project Manager Advanced Reactor Policy Branch Division of Advanced Reactors and Non-Power Production and Utilization Facilities Office of Nuclear Reactor Regulation US Nuclear Regulatory Commission Phone: 301-415-8507 Email: Hannah.McLatchie@nrc.gov
Technology Inclusive Management of Safety Case:
White Paper iii Technology Inclusive Management of Safety Case (TIMaSC) :
White Paper Document Number SC - 21256 - 100 Revision 0 Baelle Energy Alliance, LLC Contract No. 2 97493 SOW - 21256 August 202 5 Prepared for:
U.S. Department of Energy DOE
(
)
Oce of Nuclear Energy Under DOE Idaho Operaons Oce Contract DE - AC07 - 05 ID 14517
Technology Inclusive Management of Safety Case (TIMaSC):
White Paper Document Number SC - 21256 - 100 Revision 0 Baelle Energy Alliance, LLC Contract No. 297493 SOW - 21256 August 2025 Prepared for:
U.S. Department of Energy (DOE)
Oce of Nuclear Energy Under DOE Idaho Operaons Oce Contract DE - AC07 - 05 ID 14517 Issued for Collaborave Review by:
Brandon M. Chisholm, Senior Research Engineer Date Southern Company Services 22 August 2025
Technology Inclusive Management of Safety Case:
White Paper v
Disclaimer This report was prepared as an account of work sponsored by an agency of the United States (U.S.) Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, nor Southern Company, Inc., nor any of its employees, nor any of its subcontractors, nor any of its sponsors or co-funders, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the U.S. Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the U.S. Government or any agency thereof.
Technology Inclusive Management of Safety Case:
White Paper vi Abstract Between the nuclear industry and the Nuclear Regulatory Commission (NRC), much progress has been made toward establishing a risk-informed and performance-based (RIPB) licensing framework for advanced nuclear reactors. The Technology Inclusive Management of Safety Case (TIMaSC) project is intended to build upon the Licensing Modernization Project (LMP),
Technology Inclusive Content of Application Project (TICAP), and Technology Inclusive Risk Informed Change Evaluation project (TIRICE) to broaden and deepen the RIPB licensing framework with a focus on achieving efficient reactor operations while providing reasonable assurance of adequate protection of the public. This white paper addresses the many elements of the RIPB licensing basis, how they relate to one another, and how to ensure changes are properly addressed and reflected in the licensing basis. This white paper provides a vehicle for dialog among the TIMaSC guidance development team, the advanced reactor industry, and NRC that will aid in the ultimate development of additional industry guidance that is endorsable by NRC.
Technology Inclusive Management of Safety Case:
White Paper vii Acknowledgements The TIMaSC team expresses its appreciation for the contributions of Mr. Ed Wallace in developing key building blocks of the RIPB licensing framework for advanced reactors as it exists today. While he is not formally part of the TIMaSC project, his ideas and approaches continue to enable the TIMaSC work. Also, the TIMaSC team continues to rely upon the excellent technical editing of Ms. Ruth Ann Yongue, a service she provided ably for LMP, TICAP, and TIRICE as well.
Technology Inclusive Management of Safety Case:
White Paper viii Table of Contents 1.0 Introducon.......................................................................................................................................... 1 1.1 Purpose....................................................................................................................................... 1 1.2 Background................................................................................................................................. 2 1.3 Scope........................................................................................................................................... 5 2.0 De"nion and Scope of RIPB Licensing Basis for Advanced Reactors.................................................. 6 2.1 Discussion of Relevant Terms, Concepts, and De"nions.......................................................... 6 2.2 Network Diagram of RIPB Licensing Basis for Advanced Reactors............................................. 8 2.3 Propagaon of Changes Through an RIPB Licensing Basis....................................................... 10 2.4 Treatment of DID Within an RIPB Licensing Basis for an Advanced Reactor............................ 13 3.0 Facility Changes Addressed by NEI 22-05........................................................................................... 16 3.1 Background............................................................................................................................... 16 3.2 NEI 22 Applicability............................................................................................................ 17 Changes to Technical Speci"caons............................................................................. 17 Changes to the Facility or Procedures Controlled by Other More Speci"c Requirements and Criteria Established by Regulaon................................................. 17 Maintenance Acvies................................................................................................. 17 Maintenance Procedures............................................................................................. 18 Updated Final Safety Analysis Report Modi"caons................................................... 18 Changes to Procedures Governing the Conduct of Operaons................................... 18 Changes to Methods of Evaluaon.............................................................................. 18 Changes to the PRA...................................................................................................... 19 3.3 Screening to Determine If an Evaluaon Is Required for the Acvity and If There Are Any Adverse Eects.................................................................................................................. 19 3.4 Impact of Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis........................................................................................................................... 19 4.0 Facility Changes Not Addressed by NEI 22-05.................................................................................... 21 4.1 Emergency Planning.................................................................................................................. 21 Background.................................................................................................................. 21 Change Control: Regulaon and Guidance.................................................................. 22 Change Control: Proposed Addional Guidance.......................................................... 25 4.2 Security..................................................................................................................................... 27 Physical Security........................................................................................................... 27 Cyber Security.............................................................................................................. 29 5.0 New Informaon................................................................................................................................. 30 5.1 Technology Inclusive Risk Informed Change Evaluaons (NEI 22-05)...................................... 30
Technology Inclusive Management of Safety Case:
White Paper ix 5.2 Operability Determinaons...................................................................................................... 31 5.3 Correcve Acons..................................................................................................................... 32 5.4 Updates to the Safety Analysis (10 CFR 50.71(e))..................................................................... 32 5.5 Reporng (10 CFR 21 / 50.55 / 50.72 / 50.73).......................................................................... 33 Reporng of Defects (10 CFR Part 21 and 10 CFR 50.55)
............................................. 33 No"caon Requirements and Licensee Event Reporng System (10 CFR 50.72 and 50.73).................................................................................................................... 33 5.6 Updates and Revisions to the PRA............................................................................................ 35 5.7 License Amendments................................................................................................................ 35 5.8 NRC Communicaons and Follow-up....................................................................................... 36 5.9 Applicaon of the Back"t Rule.................................................................................................. 37 5.10 Impact of Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis........................................................................................................................... 38 6.0 Probabilisc Risk Assessment............................................................................................................. 39 6.1 Evoluon of PRAs for Advanced Non-LWRs.............................................................................. 39 6.2 Role of PRA in De"ning the LMP Licensing Basis...................................................................... 40 What Is a PRA?............................................................................................................. 40 PRA Uses in the LMP Methodology............................................................................. 41 Managing Changes to the PRA..................................................................................... 44 Risk Metrics for Evaluang Changes............................................................................ 49 Need for Criteria for Evaluang Impact of Changes..................................................... 49 Role of Integrated Decision Process............................................................................. 50 6.3 Key Documents Impacng PRA in LMP..................................................................................... 51 Regulatory Guide 1.247............................................................................................... 51 PRA Requirements in 10 CFR Part 50 and Part 52........................................................ 52 LMP Documents Impacng the PRA............................................................................ 53 6.4 Takeaways for the Role of PRAs in TIMaSC............................................................................... 56 7.0 Other Topics........................................................................................................................................ 58 7.1 Risk Metrics............................................................................................................................... 58 Background.................................................................................................................. 58 Risk Metric Impact on Management of the Safety Case.............................................. 59 7.2 Risk-Informed Technical Speci"caons.................................................................................... 59 Background.................................................................................................................. 59 Evaluaon..................................................................................................................... 60 RITS Impact on Management of the Safety Case......................................................... 61 7.3 Reliability Assurance Program.................................................................................................. 61
Technology Inclusive Management of Safety Case:
White Paper x
Background.................................................................................................................. 61 Standard Review Plan................................................................................................... 63 Reliability Assurance Program Impact on Management of the Safety Case................ 66 7.4 Maintenance Rule..................................................................................................................... 66 Background.................................................................................................................. 66 Maintenance Rule Impact on Management of the Safety Case.................................. 67 7.5 Quality Assurance..................................................................................................................... 67 7.6 Reactor Oversight Process........................................................................................................ 67 Background.................................................................................................................. 67 Oversight Process Impact on Management of the Safety Case................................... 68 7.7 Risk-Informed Inservice Inspecon and Inservice Tesng........................................................ 68 7.8 Fire Protecon.......................................................................................................................... 69 Adherence to Advanced Reactor Design Criterion 3, Fire Protecon....................... 70 NRC and Industry Guidance Related to Fire Protecon Available to Advanced Non-LWR Developers........................................................................................................... 70 Examples of Potenal Licensing Approaches Available to Advanced Reactor Developers to Sasfy Fire Protecon Requirements................................................... 75 Management of Changes to the PRA for Advanced non-LWRs that Ulize a Risk-Informed, Performance-Based Fire Protecon Program............................................. 76 Impact of Fire Protecon Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis............................................................................. 77 Summary...................................................................................................................... 78 7.9 Risk-Informed Performance-Based NRC Inspecon Program................................................... 78 Background.................................................................................................................. 78 Iden"caon and Classi"caon of SSCs....................................................................... 79 Acceptance Criteria...................................................................................................... 80 Signi"cance of Inspecon Findings.............................................................................. 80 7.10 Operang Experience............................................................................................................... 80 7.11 Aging Management................................................................................................................... 81 8.0 Summary............................................................................................................................................. 83 Appendix A: De"nions of Some Terms Associated with TIMaSC............................................................. A-1 Appendix B: Glossary of LMP-Related Terms............................................................................................. B-1
Technology Inclusive Management of Safety Case:
White Paper xi Appendix C: Preliminary Dra Detailed TIMaSC Network Diagram.......................................................... C-1 List of Figures Figure 1. Components of NRC Regulaon.....................................................................................................
1 Figure 2. Preliminary Noonal High-Level TIMaSC Network Diagram..........................................................
9 Figure 3. Noonal Representaon of Potenal Changes Within Scope of TIMaSC Guidance..................... 9 Figure 4. Preliminary Modi"caon of NEI 18-04 Figure 5-4 to Consider Propagaon of Changes to RIPB Safety Case................................................................................................................... 12 Figure 5. Proposed EP 50.54(q) Process.....................................................................................................
26 Figure C-1. Preliminary Dra Detailed Network Diagram of an RIPB Licensing Basis for Advanced Reactors............................................................................................................................................. C-2
Technology Inclusive Management of Safety Case:
White Paper xii List of Tables Table 1. Examples of RIEs from RG 1.219...................................................................................................
23 Table 2. Standard Review Plan Criteria for a Reliability Assurance Program............................................. 64 Table 3. Issues to Be Addressed in TIMaSC Guidance................................................................................
84 Table 4. Issues Not to Be Addressed in TIMaSC Guidance..........................................................................
85 Table 5. Issues Under Evaluaon for Inclusion in TIMaSC Guidance..........................................................
87 Table A-1. De"nions of Some Terms Associated with TIMaSC................................................................ A-1 Table B-1. Glossary of LMP-Related Terms................................................................................................ B-1
Technology Inclusive Management of Safety Case:
White Paper xiii List of Abbreviaons ANS American Nuclear Society AOO Ancipated Operaonal Occurrence APSR Alternate physical security requirements ARCAP Advanced Reactor Content of Applicaon Project ARCOP Advanced Reactor Construcon Oversight Program ARDC Advanced Reactor Design Criteria AROP Advanced Reactor Oversight Process ASME American Society of Mechanical Engineers BDBE Beyond Design Basis Event CDF Core damage frequency CFR Code of Federal Regulaons COL Combined construcon and operang license CP Construcon permit D-RAP Design Reliability Assurance Program DBA Design Basis Accident DBE Design Basis Event DID Defense-in-Depth EAL Emergency acon level EP Emergency Preparedness EPRI Electric Power Research Instute EPZ Emergency Planning Zone F-C Frequency-Consequence FSAR Final Safety Analysis Report GL Generic Leer I&C Instrumentaon and control IDP Integrated Decision-Making Process IDPP Integrated Decision-Making Process Panel ISG Interim Sta Guidance ISI Inservice Inspecon IST Inservice Tesng ITAAC Inspecons, tests, analyses, and acceptance criteria LAR License Amendment Request LBE Licensing Basis Event LCO Liming Condion of Operaon LERF Large early release frequency LMP Licensing Modernizaon Project LSSS Liming Safety System Seng LWR Light water reactor NEI Nuclear Energy Instute NFPA Naonal Fire Protecon Associaon non-LWR Non-light water reactor NRC Nuclear Regulatory Commission NSRST Non-Safety-Related with Special Treatment
Technology Inclusive Management of Safety Case:
White Paper xiv NUREG NRC technical report designaon O-RAP Operaonal Reliability Assurance Program PITAP Post-Construcon Inspecon, Tesng, and Analysis Program PRA Probabilisc risk assessment PRISM Power Reactor Innovave Small Module QA Quality assurance QHO Quantave Health Objecve RAP Reliability Assurance Program RG Regulatory Guide RICT Risk-informed compleon me RIDM Risk-informed decision-making RIE Reducon in eecveness RIM Reliability and integrity management RIPB Risk-informed and performance-based RITS Risk-informed technical speci"caon (Tech Spec)
ROP Reactor Oversight Process RSF Required Safety Funcon SAR Safety Analysis Report SFCP Surveillance Frequency Control Program SRM Sta Requirements Memorandum SSCs Structures, Systems, and Components SRP Standard Review Plan TICAP Technology Inclusive Content of Applicaon Project TIMaSC Technology Inclusive Management of the Safety Case TIRICE Technology Inclusive Risk Informed Change Evaluaon UFSAR Updated Final Safety Analysis Report
Technology Inclusive Management of Safety Case:
White Paper 1
1.0 INTRODUCTION
1.1 Purpose Some of the most pressing national priorities are: 1) generation of affordable, reliable, sustainable, and clean energy; 2) energy security; 3) developing national human capital and infrastructure; and 4) protecting national security interests through global leadership. Nuclear energy is the only energy production option that consistently fulfills this value proposition. The future of nuclear energy will include advanced nuclear fission systems that promise superior economics, improved efficiency, greater fissile fuel utilization, reduced high-level waste generation, and/or increased margins of safety. These technologies can also expand the traditional use of nuclear energy by providing a more environmentally responsible alternative to fossil fuels for industrial process heat production and other applications. An efficient and costeffective licensing framework that facilitates safe and cost-effective construction and operation of such reactors will be a critical element for incentivizing private sector investment and addressing these national priorities.
The Nuclear Regulatory Commission (NRC) regulates commercial nuclear power plants through initial licensing followed by inspections and enforcement during the life cycle of the licensed facilities. Figure 1 describes the five main components of NRCs regulatory process and the relationships of the components.
Figure 1. Components of NRC Regulaon1 1 https://www.nrc.gov/about-nrc/regulatory.html, accessed 7/14/2023.
Commented [WR1]: For awareness - there are a number of significant changes to NRC regulations under way in response to executive orders and some of these could affect regulations mentioned in this white paper.
Technology Inclusive Management of Safety Case:
White Paper 2
As recognized by all stakeholders (including regulators and industry), many of the current requirements are based on the same concepts and principles that have been in place for over 45 years: deterministic and stylized design basis events. Additionally, new insights and information gained from operating experience have resulted in new prescriptive requirements typically added in a siloed manner without an overall safety-benefit assessment considering the resources required to implement them. Although these regulations have provided reasonable assurance of adequate protection of public health and safety, they do not constitute an optimized approach.
Adopting a risk-informed and performance-based (RIPB) approach would significantly enhance the protection of public health and safety through increased licensee and NRC focus on safety-significant matters. Since the implementation of probabilistic risk assessments (PRAs) for evaluating reactor designs and operations half a century ago, significantly enhanced tools and processes have been developed and are widely available. Incorporating these tools and processes into new systematic and transparent regulatory requirements can provide flexibility and, at the same time, predictability.2 The resulting regulatory framework would provide the needed agility3 to innovate and promote the drive towards excellence while meeting regulatory requirements.
The Technology Inclusive Management of Safety Case (TIMaSC) effort will take a comprehensive look at the licensing basis for an advanced reactor and provide clarity regarding how various processes, including deterministic requirements from legacy regulations, as well as recently endorsed RIPB approaches, interact with one another. The high-level objectives of the TIMaSC effort are to:
Clarify how a RIPB safety case is utilized in establishing the licensing basis for an advanced reactor under the existing NRC regulatory frameworks; Identify how changes to the RIPB safety case can be managed in a right-sized manner (i.e., such that the regulator can confirm reasonable assurance of adequate protection while optimizing focus on non-trivial changes);
Prioritize future work to further reduce uncertainty and risk associated with the licensing of advanced reactors; and Socialize the outcomes, results, and insights with key stakeholders (including regulators and industry) to maximize alignment.
2 The term predictable means that expected performance objectives are explicitly established. In a predictable regulatory framework, technology-inclusive guidance to meet the expected objectives is provided.
3 The term agile is herein applied to a coherent technology-inclusive framework for the life cycle of a plant that provides the platform to treat all options systematically and consistently while providing predictable flexibility.
Commented [WR2]: Consider scope of TIMaSC guidance document. It has ties to LMP/TCAP/TIRICE which were for practical reasons limited in scope to non-LWRs. The timing of the guidance and ongoing rulemakings may support a broader use of a TIMaSC type framework (e.g., could easily be adapted for use for Part 53). However, expansions of applicability could also be addressed via future revisions.
Commented [WR3]: Consider..establishing and maintaining.. The RIPB framework provides more flexibilities than does the traditional, rather static Part 50 structure but also includes performance-based features for monitoring and response that includes an updating of the licensing basis. This is the primary function of TIMaSC -
the maintenance and coordination of various parts that assess and provide the safety case.
Technology Inclusive Management of Safety Case:
White Paper 3
A key element of the TIMaSC approach to achieve the above objectives is to leverage the results, lessons learned, and expertise developed from previous and ongoing RIPB safety and licensing efforts. Those activities are summarized in Section 1.2.
1.2 Background
The work accomplished during the Licensing Modernization Project (LMP) represented the first step in the development of a technology inclusive RIPB framework for licensing advanced non-light water reactors (non-LWRs). The guidance developed as part of this effort, i.e., the Nuclear Energy Institute (NEI) document NEI 18-04, Risk-Informed Performance-Based TechnologyInclusive Guidance for Non-Light Water Reactor Licensing Basis Development,4 provides a process for selection of Licensing Basis Events (LBEs); safety classification of Structures, Systems, and Components (SSCs) and associated risk-informed special treatments; and determination of Defense-in-Depth (DID) adequacy for non-LWRs. The guidance in document NEI 18-04, developed through an industry-led and DOE cost-shared project, was endorsed by NRC in Regulatory Guide 1.233.5 Section 6.2.2 provides additional information on the NEI 18-04 methodology and the role of PRA therein.
The objective of the next step, the Technology Inclusive Content of Application Project (TICAP) effort, was to define the necessary information to be included for specific portions of a license application to NRC that was based on the NEI 18-04 process. TICAP built on best practices as well as previous activities through DOE and industry-sponsored advanced reactor licensing initiatives. The guidance document developed for this effort, NEI 21-07, is entitled TechnologyInclusive Guidance for Non-Light Water Reactors: Safety Analysis Report Content for Applicants Utilizing NEI 18-04 Methodology.6 NEI submitted NEI 21-07 Revision 1 to NRC for endorsement in March 2022, and NRC issued Regulatory Guide (RG) 1.253, Guidance for a Technology Inclusive Content of Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light Water Reactors, in March 2024.7 4 Nuclear Energy Institute, NEI 18-04, Rev 1, Risk-Informed Performance-Based Technology-Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, August 2019. ADAMS Accession No. ML19241A472.
5 U.S. Nuclear Regulatory Commission, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Application for Licenses, Certifications, and Approvals for NonLight-Water Reactors, Regulatory Guide 1.233, June 2020. ADAMS Accession No. ML20091L698.
6 Nuclear Energy Institute, NEI 21-07, Rev 1, Technology Inclusive Guidance for Non-Light Water Reactors: Safety Analysis Report Content for Applicants Utilizing NEI 18-04 Methodology, February 2022. ADAMS Accession No. ML22060A190.
7 U.S. Nuclear Regulatory Commission, Guidance for a Technology-Inclusive Content-Of-Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors, Regulatory Guide 1.253, March 2024. ADAMS Accession No. ML23269A222.
Technology Inclusive Management of Safety Case:
White Paper 4
Along with RG 1.253, NRC issued nine Interim Staff Guidances (ISGs) in March 2024 to address various aspects of an advanced reactor application under 10 CFR Part 50 or 52 as part of the NRC-led Advanced Reactor Content of Application Project (ARCAP).8 The ISGs cover topic areas beyond those addressed in NEI 18-04 and NEI 21-07.
Two applicants submitted construction permit (CP) applications utilizing the LMP methodology and TICAP guidance. TerraPower, LLC submitted a CP application for a Natrium sodium-cooled reactor in Wyoming on March 28, 2024, and Long Mott Energy submitted a CP application for an X-energy Xe-100 high-temperature gas reactor in Texas on March 31, 2025.
Following TICAP, the industry-led and DOE cost-shared Technology Inclusive Risk Informed Change Evaluation (TIRICE) project developed RIPB guidance for evaluating changes to the facility. Such guidance is essential in order to manage changes to a facility that uses the NEI 18-04 guidance to develop and NEI 21-07 guidance to document its safety case. The ability to implement such an RIPB process extends the benefits of NEI 18-04 and NEI 21-07 into the operational phase of the life cycle of an advanced non-LWR facility. The guidance developed through the TIRICE project was formulated so that it can be used by Part 50 or 52 applicants using the NEI 18-04 guidance for developing their safety cases. The guidance is documented in NEI 22-05, Technology Inclusive Risk Informed Change Evaluation (TIRICE) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07. NEI submitted NEI 22-05 to NRC for endorsement on January 31, 2024. The NRC issued Draft Regulatory Guide DG-14399 in August 2025 which proposes to endorse NEI 22-05 with certain clarifications.
For the purpose of this report, phrases like following LMP or with an LMP licensing basis are sometimes used as shorthand for reactors following the methodology described in NEI 18-04, NEI 21-07, and NEI 22-05.
LMP, TICAP, and TIRICE rely on plant PRAs to provide quantitative information and risk insights. The guidance assumes that the technical adequacy of the plant PRAs is provided through adherence to the non-LWR PRA Standard (ASME/ANS PRA Standard RA-S-1.42021)10 and the NEI PRA Peer Review Process in NEI 20-09.11 Those documents were endorsed without 8 See https://www.nrc.gov/reactors/new-reactors/advanced/modernizing/guidance/advanced-reactor-content-of-applicationproject.html for the ISGs and additional information.
9 U.S. Nuclear Regulatory Commission, Draft Regulatory Guide DG-1439, Guidance for Technology-Inclusive Risk-Informed Change Evaluation, July 2025.
10 ASME/ANS-RA-S-1.4-2021, Probabilistic Risk Assessment Standard for Advanced Non-LWR Nuclear Power Plants, February 8, 2021.
11 Nuclear Energy Institute, NEI 20-09, Performance of PRA Peer Reviews Using the ASME/ANS Advanced Non-LWR PRA Standard, Washington, DC, May 2021. (ADAMS Accession No. ML21125A284).
Commented [WR4]: Important context for white paper but best to limit including information in guidance document that will become dated
Technology Inclusive Management of Safety Case:
White Paper 5
exception by NRC in trial use RG 1.247.12 A license applicant/licensee choosing not to follow the non-LWR PRA guidance would need to develop and justify to NRC its own approach to ensuring PRA technical adequacy.
In addition to the three major industry-led, DOE cost-shared projects discussed above and providing guidance for applicants with advanced reactor designs, there are other activities -
completed, ongoing, and planned - that relate to the incorporation of RIPB elements into the licensing basis for advanced reactors. Examples are listed below.
The LMP approach to the use of reliability and capability targets to inform the selection of special treatments is consistent with the use of such targets in ASME Section XI Division 2, for Reliability and Integrity Management (RIM) for non-LWRs,13 which is endorsed in RG 1.246.14 Argonne National Laboratory led the development of a risk-informed methodology for emergency planning that NEI submitted to NRC for endorsement as NEI 24-05, An Approach for Risk-Informed Performance-Based Emergency Planning.15 The American Society of Civil Engineers Standard 43-1916 incorporates LMP into seismic design and the methodology was endorsed in a draft NRC RG on seismic design.17 The TIMaSC project will use the results from these and other efforts as building blocks to understand how these components and other components interface with each other. The project will leverage participants in these projects to contribute lessons learned about how changes that propagate from one component to another can be identified, characterized, managed, and communicated.
12 U.S. Nuclear Regulatory Commission, Regulatory Guide 1.247 (Trial Use), Acceptability of Probabilistic Risk Assessment Results for Non-Light Water Reactor Risk-Informed Activities, March 2023.
13 American Society of Mechanical Engineers, ASME Code,Section XI, Division 2, Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Power Plants, 2019.
14 U.S. Nuclear Regulatory Commission, RG 1.246, Acceptability of ASME Code,Section XI, Division 2, Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Power Plants, for Non-Light Water Reactors, October 2022.
15 Nuclear Energy Institute, NEI 24-05, Rev 0, An Approach for Risk-Informed Performance-Based Emergency Planning, 2024.
16 American Society of Civil Engineers, ASCE 43-19, Seismic Design Criteria for Structures, Systems, and Components in Nuclear Facilities, 2020.
17 U.S. Nuclear Regulatory Commission, Draft Regulatory Guide Technology-inclusive, Risk-informed, and Performance-based Methodology for Seismic Design of Commercial Nuclear Plants, October 3, 2022.
Commented [WR5]: Ongoing review.. Place in appropriate context (approved or under review) in TIMaSC guidance document.
Commented [WR6]: Ongoing activity.. Place in appropriate context (preliminary draft guide, draft regulatory guide, or regulatory guide) in the TIMaSC guidance document.
Technology Inclusive Management of Safety Case:
White Paper 6
At this time, the NRC staff is also developing 10 CFR Part 53, which will be a new g finalized.
For this reason, the TIMaSC project is not formally integrated with Part 53 development and is focused on advanced reactor license applicants under Parts 50 or 52.
1.3 Scope This white paper describes the licensing basis for advanced reactors that choose to use the NEI 18-04, NEI 21-07, and NEI 22-05 guidance. The key interfaces between different facets of the licensing basis will be described, and the relationship between different processes will be depicted visually using the TIMaSC Network Diagram (see Section 2 and Appendix C). This white paper will also identify gaps where additional guidance will be provided, and it will point to other efforts and activities that provide, or are expected to provide, applicable information.
Finally, the white paper will identify areas in which further guidance may be needed to support a holistic RIPB licensing basis.
The white paper is the first substantive step toward developing TIMaSC guidance. The white paper is intended to provide a vehicle for dialog among the TIMaSC team, the advanced reactor industry, and NRC about the key elements of the RIPB licensing basis and how those elements should interact with one another. Ultimately, the TIMaSC project intends to produce a guidance document under the auspices of NEI for NRC review and endorsement, similar to the approach used in the TIRICE project. The TIMaSC Guidance Document is expected to include some additional guidance beyond what currently exists; however, it is anticipated that the effort will identify other ongoing activities and future efforts that will support the advanced reactor RIPB licensing basis. At this time, it is anticipated that an additional report (separate from the Guidance Document) will be developed as part of the TIMaSC effort to provide insights and considerations from the TIMaSC team regarding how to best align these efforts with the TIMaSC approach.
2.0 DEFINITION AND SCOPE OF RIPB LICENSING BASIS FOR ADVANCED REACTORS This section discusses key concepts and context regarding a holistic approach to an advanced reactor licensing basis, including the treatment of DID. It introduces the TIMaSC Network Diagram (Section 2.2) and provides an overview of the relationships between different licensing basis elements, such as the interactions between deterministic and risk-informed elements.
Consistent with the previous industry-led and DOE-cost-shared regulatory modernization efforts discussed in Section 1.2 (e.g., LMP, TICAP, and TIRICE), the primary focus of the TIMaSC project is the public health and safety portion of NRCs regulatory scope; however, consistent Commented [WR7]: The timing of the guidance and ongoing rulemakings may support a broader use of a TIMaSC type framework (e.g., could easily be adapted for use for Part 53 since LMP type approach recognized as one acceptable methodology in that rulemaking). However, expansions of applicability could also be addressed via future revisions.
Technology Inclusive Management of Safety Case:
White Paper 7
with NRCs mission statement,18 the licensing basis for a nuclear reactor includes elements and information that are broader than and/or go beyond the protection of public health and safety. For this reason, the scope of the methodology and guidance developed as part of the TIMaSC effort may identify relationships, interactions, and/or gaps that have not been included in the industryled and DOE-cost-shared regulatory modernization efforts to date.
2.1 Discussion of Relevant Terms, Concepts, and De"nions In order to ensure a comprehensive understanding of (ii) the elements, interactions, and relationships to be considered for inclusion within the TIMaSC project scope and (ii) the potential vehicles for communicating changes of these elements of a licensing basis to NRC, the TIMaSC team determined that a detailed understanding of an advanced reactor safety case and licensing basis must be developed. To ensure clear and effective communication and support maximal alignment in understanding TIMaSC project scope, objectives, and guidance, existing definitions of relevant terms were compiled and reviewed; these terms and definitions are documented in Appendix A.
Various uses of terms (e.g., safety case) over time combined with the absence of a single consensus definition can contribute to ambiguity regarding what information and/or documentation is considered to belong to a given category. It is generally accepted that terms like licensing basis and safety case have distinct meanings but are related concepts. Discussion in RG 1.253 supports this idea in Staff Position C.2, which (in part) states the following (with emphasis added):
Clarification: NEI 21-07, Revision 1, includes use of the terms affirmative safety case, safety case, and licensing case. To avoid confusion and potential unforeseen consequences, applicants using NEI 21-07, Revision 1, should instead continue to use the established terminology in the current regulatory framework, including use of safety analysis and licensing basis.
The NRC staff notes that neither the LMP methodology in NEI 18-04 nor the staff endorsement of that methodology in RG 1.233 use these terms, and no NRC regulation or guidance defines them. These terms are unnecessary to implement the LMP approach.
18 Per NRC press release No.25-005 (January 24, 2025), the agencys mission statement is as follows: The NRC protects public health and safety and advances the nations common defense and security by enabling the safe and secure use and deployment of civilian nuclear energy technologies and radioactive materials through efficient and reliable licensing, oversight, and regulation for the benefit of society and the environment.
Commented [WR8]: It seems that the guidance could, if desired, be developed to parallel the scope of LMP/TICAP.
If gaps are identified during the development of the guidance, they could be listed (most likely with a pointer to other processes). Some elements of ARCAP such as IST/ISI can be included in a LMP/TICAP scope as vehicles to monitor the performance of SR/NSRST SSCs (i.e., a special treatment) and thereby limit the distinction between TICAP and ARCAP. It will likely be appropriate for the TIMaSC guidance to cover those matters that are addressed by supplementary analyses as described in the non-LWR PRA standard and these may be a bit more challenging since the methodology might be targeted to a specific issue/hazard. In addition, some topics can be addressed within LMP or by mention to more traditional overlay type approaches (e.g.,
fire protection) and TIMaSC could address the LMP or both approaches. As mentioned later in the white paper, there is a logical reason to exclude normal operations as included in ARCAP since that are largely addressed by Part 20.
Technology Inclusive Management of Safety Case:
White Paper 8
Considering the various usages and definitions of the terms documented in Appendix A, it was concluded that the TIMaSC methodology will likely benefit from focusing guidance on the concept of the advanced reactor licensing basis (rather than on the safety case). In general, safety is considered to be most closely associated with owner/operator19 work; however, the licensing basis comprises the topics and boundaries established in the process to gain permission to build, operate, and ultimately decommission a facility in satisfaction of regulatory outcome requirements.
As such, the safety case includes all the aspects of a nuclear facility that contribute to protecting human health from potential harm that could be caused due to the radioactive material used or stored therein. The licensing basis is in part derived from the safety case,20 and it serves as a formal mechanism through which licensee and regulator manage compliance with regulatory requirements throughout the facilitys life cycle. In this sense, the licensing basis is an agreement between regulator and licensee on those aspects of the safety case that must be maintained to ensure reasonable assurance of adequate protection of the public. However, some of the scope of the licensing basis extends beyond the safety case (e.g., compliance with regulatory requirements associated with nonproliferation or environmental stewardship).
In the aftermath of the Three Mile Island core damage accident in 1979, questions arose regarding whether the existing mindset that compliance with a set of regulations was sufficient to provide appropriate confidence required that nuclear power plants could be operated safely. In addition to the regulatory changes ushered in as a result of the Three Mile Island incident, there were industry initiatives21 put in place to foster a nuclear safety culture and a commitment to excellence that extended beyond simple compliance with regulations. Although the design, operation, and deployment of advanced reactors may represent substantial departures from the large LWRs that constitute the current U.S. fleet, these advanced reactors will still be required to operate with a strong nuclear safety culture and commitment to excellence, which are also key elements of the overall safety case. These expectations and commitments are examples of portions of the safety case that are not explicitly captured within the scope of TIMaSC because, as discussed above, the primary focus is on the licensing basis, i.e., that working agreement between regulator and licensee.
In practicality, there are actually multiple types of safety cases that have relevance within NRC licensing processes for commercial nuclear power plants. For example, the methodology and 19 The term owner/operator is used here consistent with the majority of the existing experience in the commercial nuclear industry. It is possible that new/novel approaches to deployment of nuclear power plants may require more precise description of the specific role(s) that a given organization may be fulfilling for a given project (technology developer/vendor, applicant, licensee, owner, operator, etc.).
20 In fact, a major aspiration of the development and implementation of RIPB approaches (e.g., LMP and ARCAP/TICAP) is to increase the portion of the licensing basis that is informed by and/or derived from the safety case.
21 An example was the formation of the Institute of Nuclear Power Operations, or INPO, an industry run organization with a mission of promoting excellence in nuclear power operations.
Commented [WR9]: Another approach to describing the scope can be to refer to NEI 18-04 and say that the LMP/TICAP guidance is related to licensing basis events and associated safety functions (excluding normal operations and selected other matters). TIMaSC becomes important because LMP increases the use of risk assessments which rely on licensee programs to define and maintain appropriate capability and reliability targets for many SSCs and otherwise take a more coordinated approach to maintaining consistency between licensing basis and operating plant.
Defining it in these terms might avoid the discussions of safety case and licensing basis.
Technology Inclusive Management of Safety Case:
White Paper 9
guidance in NEI 18-04 used the term public radiological safety to differentiate protecting members of the public from potential unanticipated harm associated with radioactive material from other concepts - such as occupational radiation safety22 and/or occupational safety and health.23 The existence of distinct safety cases within a single licensing basis is partly due to the fragmentation of the various NRC mission requirements and the subsequent fragmentation of the regulations into subparts that became the domain of specialty groups within the organization. The fact that some of these safety cases involve performance objectives, requirements, and/or expectations that can be significantly different from one another adds complexity to the process of establishing a meaningful and consistent definition of a licensing basis for an advanced reactor. Considering the foregoing, the TIMaSC Network Diagram (introduced in the following subsection) is intended to be used as a communication tool to facilitate a common understanding of the scope of the licensing basis for an advanced reactor that was licensed using the LMP and ARCAP/TICAP methodologies and the function of key elements of that licensing basis.
Finally, it is noted that this report uses terminology that was developed, in part, from the work documented in NEI 18-04, NEI 21-07, and NEI 22-05. As further reference for terminology, a glossary, derived from the aforementioned reports, is included as Appendix B.
2.2 Network Diagram of RIPB Licensing Basis for Advanced Reactors The integrated and iterative nature of the methodology used to develop a safety case and/or licensing basis according to the guidance in NEI 18-04, NEI 21-07, NEI 22-05, etc. results in relationships (or linkages) between different elements (or nodes) such that a change to one element may result in a change to another element. The propagation of changes in an RIPB safety case and/or licensing basis is discussed at a high level in the following section and at a topic-specific level in the remainder of this report; however, an important product developed over the course of the TIMaSC effort will be a network diagram that attempts to visually represent the key relationships that link the elements of an RIPB licensing basis.
Network diagrams are commonly chosen to visualize data such as social networks, communication networks, and biological networks; in these diagrams, entities are displayed as nodes and relationships between the entities are usually displayed as lines connecting the nodes.24 In the TIMaSC Network Diagram, the entities of interest are the elements of an RIPB 22 That is, protecting workers against potential harm from ionizing radiation.
23 That is, protecting workers from potential harm due to workplace hazards not associated with ionizing radiation, such as chemically hazardous material and from slips, trips, and falls.
24 Ware, Colin Ware, Information Visualization: Perception for Design (Fourth Edition), Morgan Kaufmann, 2021, Pages 425456, ISBN 9780128128756.
Commented [WR10]: Not to quibble, but industry was often equally fragmented and so if this makes its way into guidance, perhaps revise to within the NRC, industry, and licensee organizations. One can also point out that LMP and the related documents take a more holistic approach to design and licensing versus the SRP or piece-part model that was developed in support of licensing LWRs from 1970s to recent times
Technology Inclusive Management of Safety Case:
White Paper 10 licensing basis. The comprehensive identification of the relevant entities relies upon the definition of the scope of an advanced reactor licensing basis (as discussed in Section 2.1) and the systematic identification and understanding of relationships between the elements is a prerequisite to the development of the TIMaSC guidance, which will be focused on the management of changes that may affect one or more elements.
A preliminary high-level network diagram is depicted in Figure 2, and Figure 3 is a modified version of his high-level Network Diagram to illustrate examples of the types of changes to the licensing basis that are being considered within the scope of the TIMaSC project. A preliminary version of a more detailed and comprehensive TIMaSC Network Diagram is included in Appendix A. These diagrams were prepared to support the framing and drafting of this report and will be revised, augmented, and/or improved as appropriate over the course of the TIMaSC project as the associated guidance (and understanding of the underlying concepts) evolves.
Figure 2. Preliminary Noonal High-Level TIMaSC Network Diagram Commented [WR11]: Just an observation that linear nature of figures 2 and 3 may not reflect the discussion of an iterative approach taken for both initial plant design and development of operational programs and the subsequent changes to plant design and programs during operation.
Consider a revision or discussion to reflect connections are iterative and include feedback loops (in some ways TIMaSC is a roadmap for those feedback loops).
Technology Inclusive Management of Safety Case:
White Paper 11 Figure 3. Noonal Representaon of Potenal Changes Within Scope of TIMaSC Guidance The scope of the preliminary draft TIMaSC Network Diagram - and, by extension, that of this report - was primarily determined based upon the list of elements in DANU-ISG-2022-01, Interim Staff Guidance: Review of Risk-Informed, Technology-Inclusive Advanced Reactor Applications - Roadmap.25 Additional insights were also gained from the Southern Company white paper entitled Follow-on RIPB Implementation Guidance Needed for Advanced NonLight Water Reactors.27 Specific areas of future consideration include:
The most appropriate treatment of the box currently entitled Choice of Regulatory Framework. It is clear to the TIMaSC team that requirements and/or expectations for an acceptable licensing basis (and/or management thereof) vary somewhat across different regulatory frameworks; however, it is possible that there may be a more accurate or appropriate representation of these elements via the Network Diagram.
Enforcement (e.g., Notice of Violation significance criteria)26 is a key element of NRCs regulation of nuclear power plants as depicted in Figure 1; as such, enhanced and/or revised treatment of these topics in the TIMaSC Network Diagram may be warranted.
25 ADAMS Accession No. ML23277A139. 27 ADAMS Accession No. ML21237A051.
26 The NRC has also used the term licensing pathway to describe the grouping of licensing requirements/expectations - see Table 1 in DG-1414 (ADAMS Accession No. ML22257A173) for one specific example of how different licensing pathways have been compared by the staff.
Commented [WR12]: Consider revising or adding a new figure adapted from DiD figure 5-2 in NEI 18-04, which shows iterative and relational nature of design/analysis/operational programs. For example, Figure 3 has a box for LMP safety case that feeds operational programs which is probably more reflective of the traditional approach. Under LMP, the operational programs along with the design provide the safety case - which is best represented by the margins between LBEs and the F-C targets Commented [WR13]: This guidance could focus only on those that picked LMP type approach. Broader topic can be separate from this document (keeping it simpler)
Technology Inclusive Management of Safety Case:
White Paper 12 Experience in the regulation of the current fleet suggests that routine and/or nonroutine reporting is another potential area that may benefit from enhanced and/or revised treatment in the TIMaSC Network Diagram.
2.3 Propagaon of Changes Through an RIPB Licensing Basis The integrated, iterative, risk-informed,27 and performance-based attributes of the methodology and relevant guidance for developing the safety case and licensing basis for an advanced reactor result in a series of nuanced relationships between elements and associated information that may challenge the definition of a single, uniform manner that changes can be evaluated and/or characterized. One potentially useful tool that will be leveraged to the maximum extent practicable during the TIMaSC effort is the integrated process for incorporation and evaluation of DID shown in Figure 5-4 of NEI 18-04, Rev 1.28 Although the evaluation of adequate DID is one element of an RIPB licensing basis (see the following section of this report for further discussion of DID), the fact that DID is an emergent property - rather than a component or fundamental property29 - enables the integrated process in Figure 5-4 of NEI 18-04, Rev 1 to serve as a systematic framework for considering the following in the context of a change being introduced to an RIPB safety case and/or licensing basis:
- 1. Does the change affect more than one element?
- 2. If so, what is the nature of the propagation of this change?
a) Is the change due to the relationship between two or more elements (e.g., the reliability of a PRA Safety Function changes, which changes the likelihood of an event sequence family in the PRA, which changes the frequency associated with a given LBE, which changes the SSC classification of a given function/component)?
b) Is there a point in the propagation of this change where a qualitative, subjective, and/or deterministic method may limit or exacerbate the relationship of the 27 That is, involving both probabilistic and deterministic methods and approaches.
28 This figure is sometimes affectionately referred to as the snake chart.
29 Supported by discussion in Section 3.2 of Engineering a Safer World: Systems Thinking Applied to Safety by Nancy G.
Leveson (2011), DID is an emergent property because it can be determined only in the context of the whole. This concept is discussed in Section 5 of NEI 18-04, Rev. 1, and additional details on the history, definition, and evolution of DID can be found in NUREG/KM-0009, Historical Review and Observations of Defense-in-Depth, U.S. Nuclear Regulatory Commission and Brookhaven National Laboratory, April 2016 (ADAMS: ML16104A071).
Commented [WR14]: See below on whether TIMaSC is another change evaluation process or an umbrella type program that connects more specific items such as design, programs, performance monitoring, etc. with the analyses to maintain alignment. Maintaining alignment was expected to be included in the specific items anyway and so TIMaSC could largely just be a verification and means to fill a gap if identified.
Technology Inclusive Management of Safety Case:
White Paper 13 change in two connected elements (e.g., expert judgment as an input to the integrated decision-making process within the evaluation of adequate DID)?
A preliminary modification of Figure 5-4 in NEI 18-04, Rev 1 to consider the propagation of changes to an RIPB safety case is depicted in Figure 4.
Commented [WR15]: Consider if TIMaSC is to be primarily a change evaluation process (as figure sort of indicates) or a broader assessment performance monitoring program (periodic reconciling of licensing basis to actual plant design/performance)- one element of which could be an actual plant change. This could then tie into what could be the hub of TIMaSC which is the configuration control of the PRA (including any supplementary analyses) - and getting input from RAP or maintenance rule program, design engineering, program owners, etc.. For example, one feeder could be the performance targets - if met: OK and no change to PRA or other key parts of the licensing basis, if not met: a corrective action needed and that could be a combination of revising analyses, programs or design. Much of figure 5 might still be there if desired to say how an item might show up in the licensing basis as presented in the FSAR but TIMaSC was thought to be a broader framework that is also addressing a level of supporting information below what is in the FSAR
Technology Inclusive Management of Safety Case:
White Paper 14 Figure 4. Preliminary Modi"caon of NEI 18-04 Figure 5-4 to Consider Propagaon of Changes to RIPB Safety Case
Technology Inclusive Management of Safety Case:
White Paper 15 As the TIMaSC guidance is developed further, the need to augment this figure/concept will be evaluated due to the relationship between the (narrower) scope of the safety case considered in NEI 18-04 compared to the (broader) scope of the RIPB licensing basis shown in Appendix A.
Relating to Question 1 above, Section 4.2 of NEI 22-05 also provides the following commentary on interdependence:
Each element of a proposed activity must be screened except in instances where linking elements of an activity is appropriate, in which case the linked elements can be considered together. A test for linking elements of proposed changes is interdependence.
It is appropriate for discrete elements to be considered together if (1) they are interdependent as in the case where a modification to a system or component necessitates additional changes to other systems or procedures; (2) they are performed collectively to address a design or operational issue; or (3) one or more of the elements are planned to ensure that the overall change preserves DID adequacy (see Criterion (h) in Section 4.3 of this document). To state it another way, it is allowable to include an additional element or elements in the TIRICE screening and evaluation of a proposed change if that additional element or elements are being performed to address what might otherwise be an undesirable result for Criterion (h).
If concurrent changes are being made that are not linked, each must be screened separately and independently of each other. If, however, there are changes to the DID baseline that are made to offset any adverse impacts of a change to DID adequacy through applying the change process in NEI 18-04 Sections 5.9.6 and 5.9.7, such concurrent changes are considered linked.
As the TIMaSC effort progresses, additional information will be developed to support refinement and augmentation of the flowchart in Figure 4 to reflect more specific guidance related to connections from the elements of the snake chart in Figure 5-4 of NEI 18-04 and other elements of the licensing basis, such as those discussed in the remainder of this white paper.
Furthermore, a key aspect that is not yet reflected in the preliminary version of the modified snake chart in Figure 4 is appropriate communication with the regulator - i.e., criteria and/or evaluation steps that would ultimately support the determination regarding if a specific change is above the threshold to require communication from the licensee to NRC or if the change is below the threshold and remains under the licensees control.
Technology Inclusive Management of Safety Case:
White Paper 16 2.4 Treatment of DID Within an RIPB Licensing Basis for an Advanced Reactor Regarding the relationship between safety case change control and DID, Section 5.9.6 of NEI 18-04, Rev 1 states the following:
The development of the baseline should support and complement existing change control requirements such as 10 CFR 50.59 where the impact on DID is considered.
The threshold for evaluating a change to the DID baseline should be informed by the risk significance of changes in LBE performance in the PRA. This involves the following considerations as part of the RIPB-DM process for plant changes:
Does the change introduce a new LBE for the plant?
Does the change increase the risk of LBEs previously considered to be of no/low risk significance to the point that it will be considered risk-significant after the change is made?
Does the change reduce the number of layers of defense for any impacted LBEs or materially alter the effectiveness of an existing layer of defense?
Does the change significantly increase the dependency on a single feature relied on in risk-significant LBEs?
If the answer to any of the above questions is yes, a complete evaluation of all the DID attributes is performed. As a result of the more comprehensive evaluation of DID changes, the Integrated Decision-Making Process (IDP) will reject the change or recommend additional compensatory actions to plant capability or programmatic capability, if practical, to return a baseline LBE performance to within the current DID baseline. If the adequate compensatory actions are not identified, the change may require prior NRC review and approval in accordance with current license and regulatory requirements.
NEI 22-05 expands upon these comments via discussion of Criterion (h) in Section 4.3.8, as follows:
Criterion (h) addresses adverse effects on DID adequacy that change the DID adequacy determination. DID has an important, formalized role in the licensing basis of a reactor following NEI 18-04 as addressed in Chapter 5 of NEI 18-04 and Chapter 4 of NEI 21-07. Elements of the DID baseline may relate to plant capability (e.g.,
SSCs) or be programmatic in nature (e.g., testing). DID elements will vary among technology types, specific designs, and the nature of the safety case, so the DID baseline for one reactor may be very different from another.
Technology Inclusive Management of Safety Case:
White Paper 17 Any changes which would alter the conclusion of the DID adequacy determination would require prior NRC approval. In this instance, the adverse effect of the change relates to the design function the SSC is intended to accomplish in support of DID adequacy. Some of the confirmatory DID criteria are amenable to quantitative assessment (e.g., performance targets for SSC reliability and capability are identified), while others require a qualitative evaluation (e.g., prevention/mitigation balance is sufficient). Given the potential for variability in the DID baselines for different designs, it is not practical for guidance to specify, in advance, finite change control acceptance criteria for all considerations related to DID adequacy. The evaluation will be based on the DID baseline information in NEI 21-07 Safety Analysis Report (SAR) Section 4.2.3 and the design records.
The nature of the change and its impact on the licensing basis will affect the approach taken to carrying out the DID portion of the change evaluation. It is anticipated that many changes will be simple and limited in scope such that the evaluation against Criterion (h) will be relatively straightforward, using the information and criteria documented in the SAR and the plant records. However, some changes may require a more comprehensive IDP review of DID adequacy, including the possibility of utilizing an Integrated Decision-Making Process Panel (IDPP), as described in NEI 18-04 Chapter 5.
Considering the foregoing, the evaluation, characterization, and/or management of changes to DID adequacy and/or the DID baseline must reflect the following:
- 2. The nature of the evaluation of adequate DID as described in NEI 18-04, Rev 1 and as endorsed in RG 1.233
- 3. The importance of the RIPB safety case in the context of an advanced reactor licensing basis These concepts and topics will be further explored and developed (e.g., through tabletop exercises) over the course of the TIMaSC effort to verify and/or refine as appropriate in order to provide as much detail as practicable regarding the role of DID in the management of changes within an RIPB licensing basis for an advanced reactor.
Technology Inclusive Management of Safety Case:
White Paper 18 3.0 FACILITY CHANGES ADDRESSED BY NEI 22-05
3.1 Background
This section of the white paper will address what activities are and are not evaluated by NEI 22-05 with the intent of identifying activities that could impact the RIPB licensing basis that may need additional controls that should be considered as a part of the TIMaSC project.
NEI 22-05 provides a process for evaluating changes, tests, and experiments, hereafter referred to collectively as activities, to: 1) determine if the process is applicable for evaluating the activity;
- 2) determine if an evaluation is required for the activity; and 3) evaluate the activity to determine whether it crosses a regulatory threshold for requiring NRC review and approval prior to implementing the change. NEI 22-05 guidance does not perform a determination of safety nor of overall acceptability of an activity, it simply defines the boundary between those proposed changes to the facility that can be implemented by the licensee without prior NRC approval and those that must receive NRC review and approval before implementation. NEI 22-05 is applicable to reactors that were licensed using the methodologies in NEI 18-04, Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, and NEI 21-07, Technology Inclusive Guidance for Non-Light Water Reactors - Safety Analysis Report Content for Applicants Using the NEI 18-04 Methodology.
Other licensees that deviate from elements of NEI 18-04, NEI 21-07, or ASME/ANS-RA-S-1.42021, Probabilistic Risk Assessment Standard for Advanced Non-Light Water Reactor Nuclear Power Plants, may still be able to use the NEI 22-05 guidance; however, they must first justify the application of the guidance for their circumstances to NRC.
NEI 22-05 is applicable only to activities that take place subsequent to initial licensing. The guidance does not address the Design Certification pathway, so its applicability is limited to the 10 CFR Part 52 Combined Operating License and the 10 CFR Part 50 Operating License licensing pathways. The guidance was developed to be utilized initially by advanced reactors in lieu of 10 CFR 50.59 Changes, tests and experiments, through the use of an enabling license condition and an exemption to the requirements of 10 CFR 50.59. During the development of NEI 22-05, NRC was in the process of developing Part 53, and so it was not possible to align the change evaluation process and criterion with the ongoing development of the new rule. However, the TIRICE development team envisioned a risk-informed performance-based 10 CFR Part 53 rule that supports the use of a licensing basis established in accordance with NEI 18-04 and NEI 21-07. Ideally, Part 53 would use a risk-informed performance-based change evaluation process consistent with NEI 22-05.
The NEI 22-05 change evaluation process was developed over the period from January 2022 to January 2024 and was submitted to NRC for review and endorsement by the Nuclear Energy Institute on January 24, 2024. During the period of development there were numerous
Technology Inclusive Management of Safety Case:
White Paper 19 interactions between the guidance development team and the NRC staff. These interactions included public meetings and a series of three tabletop exercises supported by advanced reactor developers and observed by members of NRC staff. Following the tabletop exercises, the TIRICE team developed lessons learned and associated revisions to the draft guidance. In addition, the development team had numerous interactions with advanced reactor vendors and potential advanced reactor owner-operators through NEI. These interactions included presentations on the development of the guidance and review and comment on the various interim products and associated supporting documents as well as the guidance submitted to NRC for endorsement.
3.2 NEI 22 Applicability In order to be able to assess the impact of an activity on the management of the RIPB licensing basis, it is important to determine if the change can be evaluated using NEI 22-05. There are several categories of changes outside the scope of NEI 22-05, including those listed below.
Changes to Technical Speci"caons As required by 10 CFR 50.59 and duplicated in NEI 22-05 proposed activities that require a change to the technical specifications (often referred to as Tech Specs) must be made via the license amendment process which requires NRC prior approval. Changes that require license amendments have appropriate controls in place (i.e., 10 CFR 50.90) to ensure appropriate management and control of the RIPB licensing basis.
Changes to the Facility or Procedures Controlled by Other More Speci"c Requirements and Criteria Established by Regulaon NEI 22-05 guidance notes that to reduce duplication of effort, changes to the facility or procedures that are controlled by other more specific requirements and criteria established by regulation are specifically excluded from the scope of activities that are required to be evaluated using the guidance. For example, 10 CFR 50.54 specifies criteria and reporting requirements for changing quality assurance, physical security, and emergency plans so changes being made to items covered by these specific requirements would not be governed by NEI 22-05. In addition to 50.90 and 50.54(a), (p) and (q), the following regulations include change control requirements that meet the intent of applicable regulations that establish more specific criteria for accomplishing such changes and must take precedence over the use of this guidance for control of specific changes:
10 CFR 50.65 (Maintenance Rule) 10 CFR Part 50, Appendix B, (Quality Assurance Criteria)
Technology Inclusive Management of Safety Case:
White Paper 20 10 CFR 50.48 and the Standard Fire Protection license condition (if applicable) 10 CFR 50.55a (Codes and Standards) 10 CFR 50.12 (Specific Exemptions) 10 CFR Part 20 (Standards for Radiation Protection)
Maintenance Acvies Maintenance activities are activities that restore SSCs to their as-designed condition, including activities that implement already approved design changes. Maintenance activities include troubleshooting, calibration, refurbishment, maintenance-related testing, identical replacements, housekeeping, and similar activities that do not permanently alter the design, performance requirements, operation, or control of SSCs. Maintenance activities also include temporary alterations to the facility or procedures that directly relate to and are necessary to support the maintenance.
Maintenance activities are not subject to the NEI 22-05 screening and evaluation process but are subject to the provisions of 10 CFR 50.65(a)(4) as well as corrective action program, quality assurance, and Tech Specs where applicable.
Maintenance Procedures Changes to procedures for performing maintenance are made in accordance with applicable 10 CFR Part 50, Appendix B criteria and licensee procedures. Licensee processes should ensure that changes to plant configurations called for by procedures are consistent with the Tech Specs.
The NEI 22-05 screening and evaluation process does not apply to such changes because, like the maintenance activities themselves, changes to procedures for performing maintenance do not permanently alter the design, performance requirements, operation, or control of SSCs.
Certain maintenance procedures, including those for technical specification required surveillance and inspection, may contain important information concerning SSC design, performance, operation, or control. Examples include acceptance criteria for valve stroke times or other SSC functions, torque values, and types of materials (gaskets, elastomers, lubricants, etc.). Licensee design and/or configuration control processes should ensure that the TIRICE screening and evaluation process is applied to changes in such information and that maintenance procedure changes do not inadvertently alter the design, performance requirements, operation, or control of SSCs.
Updated Final Safety Analysis Report Modi"caons Modifications to the Updated Final Safety Analysis Report (UFSAR) that are not the result of activities performed under the NEI 22-05 screening and evaluation process are not subject to
Technology Inclusive Management of Safety Case:
White Paper 21 control under NEI 22-05. Examples of these types of changes include reformatting and simplification of UFSAR information and removal of obsolete or redundant information and excessive detail.
Changes to Procedures Governing the Conduct of Operaons Even if described in the UFSAR, changes to managerial and administrative procedures governing the conduct of facility operations are controlled under 10 CFR Part 50, Appendix B, programs and are not subject to control under the NEI 22-05 screening and evaluation process.
Changes to Methods of Evaluaon Changes to methods of evaluation not included in the UFSAR or to methodologies included in the UFSAR that are not used in the safety analyses or to establish design bases are not evaluated using NEI 22-05; this includes most PRA methods. However, if a method of evaluation used in the PRA is also included in the UFSAR for a DBA analysis, then a change to that method would screen in to be evaluated using NEI 22-05. Changes to PRA methods that are outside the scope of NEI 22-05 have the potential to impact the RIPB licensing basis and the controls for these types of changes should be considered as a part of the TIMaSC project.
Changes to the PRA Changes to the PRA are not specifically within the scope of NEI 22-05; however, changes within the scope of NEI 22-05 may result in changes to the PRA. These changes are covered under NEI 22-05. A change to the PRA that is a result of an activity outside of the scope of NEI 22-05 can occur, for example the PRA can be impacted by new information which is outside the scope of what is considered in NEI 22-05 as well as 10 CFR 50.59. Consideration of how new information that impacts the PRA and PRA results is discussed in Section 6 of this paper.
3.3 Screening to Determine If an Evaluaon Is Required for the Acvity and If There Are Any Adverse Eects If an activity has been determined to be within the scope of applicability of NEI 22-05, the next step is to determine whether the activity affects a design function, method of performing or controlling a design function or an evaluation that demonstrates that design functions will be accomplished.
If the proposed activity does not affect any of these things an evaluation is not required. If the activity does not have adverse effects, or has positive effects, it may be screened out. Only adverse changes have the potential to increase the likelihood of malfunctions, increase consequences, create new LBEs or otherwise meet the evaluation criteria delineated in NEI 22-
Technology Inclusive Management of Safety Case:
White Paper 22 05 need to be evaluated. A change that decreases the reliability of a design function whose failure could initiate an LBE would adversely affect a design function and would screen in. It should also be noted that a change in reliability that occurs that either (i) does not adversely affect a design function, method of performing or controlling a design function or an evaluation, or (ii) is not associated with an activity evaluated under NEI 22-05 would not be evaluated using NEI 22-
- 05.
TIMaSC guidance should address how changes that screen out as not requiring evaluation under NEI 22-05 could potentially impact the RIPB licensing basis of a facility and how those changes would be appropriately controlled.
3.4 Impact of Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis As stated earlier in this section, the sole purpose of NEI 22-05 is to provide a process for determining the boundary between those proposed activities that can be implemented without prior NRC approval and those that must be reviewed and approved by NRC prior to implementation. The process for performing the evaluation of activities does not provide guidance on what needs to be done to manage (i.e., update) the RIPB licensing basis after implementing the change. The LMP30 framework licensing basis is risk-informed and performance-based, in contrast to the deterministic licensing framework that was utilized to license reactors prior to the LMP. Utilizing a RIPB licensing basis has the added obligation to consider the impact changes which occur over the life of a facility that result in changes to the PRA that impact the RIPB licensing basis. Some, but not all, of these activities are within the scope of activities covered under NEI 22-05 or other more directly applicable regulations. The management of changes that could potentially impact the RIPB licensing basis for activities outside the scope or applicability of NEI 22-05 or activities covered by other more directly applicable regulations should be addressed as a part of the TIMaSC project.
30 In the context of this report, the LMP framework licensing basis (or LMP licensing basis) refers to the approach established by NEI 18-04, NEI 21-07, and NEI 22-05, as discussed in Section 1.2.
Technology Inclusive Management of Safety Case:
White Paper 23 4.0 FACILITY CHANGES NOT ADDRESSED BY NEI 22-05 Section 3.2 discusses several categories of facility changes that would not be evaluated by NEI 22-05. For example, changes to the facility or procedures that are controlled by other more specific requirements and criteria established by regulation are specifically excluded from the scope of activities that are required to be evaluated using the guidance in NEI 22-05 (see Section 3.2.2).
This section identifies specific types of facility changes outside the scope of NEI 22-05 that are intended for discussion in TIMaSC guidance. Notably, although changes to the PRA are one type of change to which NEI 22-05 is not applicable, it is addressed in its own section (see Section 6).
This approach is taken because of the major role PRA plays in the NEI 18-04 methodology.
4.1 Emergency Planning
Background
NRC requires nuclear power reactor licensees to maintain emergency plans and programs that provide reasonable assurance that adequate protective measures can and will be taken in the event of a radiological emergency. The capabilities enabled by these plans and programs are the final line of the DID framework established to protect public health and safety during an accident. A facilitys emergency plan is a licensing basis document that describes the site plume exposure pathway Emergency Planning Zone (EPZ), if necessary, and the staffing and resources that will be available to respond to an emergency.
NRC Emergency Preparedness (EP) Frameworks The EP regulatory framework established by NRC in the wake of the 1979 accident at Three Mile Island is specified in 10 CFR 50.47 and 10 CFR Part 50, Appendix E. All large LWRs are licensed under this framework. 10 CFR 50.47 provides EP requirements for nuclear power reactors, including planning standards for onsite and offsite emergency response plans, while Appendix E identifies the specific items required to be included in emergency plans. The regulations also stipulate that each site have a plume exposure pathway EPZ consisting of an area about 10 miles in radius. Additional EP-related regulations are presented in §50.54, Conditions of licenses, paragraphs (q), (s), and (t).
In November of 2023, NRC published the Emergency Preparedness for Small Modular Reactors and Other New Technologies: Final Rule. This rule amends NRC regulations to create an alternative EP framework for small modular reactors and other new technologies. This alternative framework consists of two major elementsthe EPZ size determination criteria found in
§50.33(g)(2) and a set of performance-based requirements for emergency plans, specified in
§50.160. The size of an EPZ is scalable based on factors such as accident source term, fission product release, and associated dose characteristics. The requirements applicable to an
Technology Inclusive Management of Safety Case:
White Paper 24 emergency plan are performance-based and specify the functions or capabilities that must be addressed. Applicants and licensees demonstrate how they meet these requirements through the implementation their own performance objective scheme and the conduct of drills and exercises.
Guidance in NEI 24-05 To assist applicants and licensees with the development and maintenance of an EP program based on NRCs alternative EP framework for small modular reactors and other new technologies, Argonne National Laboratory and the NEI developed NEI technical report NEI 24-05, An Approach for Risk-Informed Performance-Based Emergency Planning.31 The approach described in this document leverages the insights from technology-inclusive, riskinformed and performance-based design and licensing methods to develop an EP program that provides reasonable assurance of adequate protection of the public health and safety while allocating resources in an efficient and effective manner. NEI 24-05 has been submitted to NRC for review and endorsement.
The approach described in NEI 24-05 utilizes the LBEs identified and categorized through the LMP approach as the spectrum of events to be considered in an EPZ sizing analysis and the development of an emergency plan. LBEs are screened and then analysed based on a variety of factors including likelihood, whether a release occurs, release timing and consequences, etc.
Dose versus distance curves are developed for those LBEs with a radionuclide release and compared to frequency thresholds to guide the decision-making on EPZ sizing.
The timing and characteristics of the LBEs also inform emergency plan development, such as necessary resources and entry conditions into emergency action levels (EALs). The emergency classification levels defined by NRC were updated to make them technology-inclusive in nature and to align with the Required Safety Function (RSF) concept from LMP and TICAP. Initiating conditions and EALs can then be defined based on the SSCs performing RSFs for LBEs.
Change Control: Regulaon and Guidance Requirements in 10 CFR 50.54(q)
The change control requirements for emergency plans are contained in §50.54(q). At a high level, for applicants and licensees using the alternative EP framework defined in §50.33(g)(2) and
§50.160, a licensee:
may make changes to its emergency plan without NRC approval only if the licensee performs and retains an analysis demonstrating that the changes do not reduce the effectiveness of the plan and the plan, as changed, continues to meet the requirements in §50.160 31 Nuclear Energy Institute, NEI 24-05, Rev 0, An Approach for Risk-Informed Performance-Based Emergency Planning, 2024.
Technology Inclusive Management of Safety Case:
White Paper 25 Any change that results in a reduction in effectiveness (RIE) must be submitted to and approved by NRC before being implemented, where an RIE is a change that results in reducing the licensees capability to perform an emergency planning function in the event of a radiological emergency.
Regulatory Guide 1.219 RG 1.21932 describes methods that the NRC staff considers acceptable for use by nuclear power reactor licensees to change their emergency preparedness plans. The guidance includes screening and evaluation steps for identifying changes that constitute an RIE. As required by § 50.54(q)(3),
any change to an emergency plan requires a documented analysis demonstrating whether it results in an RIE.
The RG provides a recommended review process that complies with the requirements in
§ 50.54(q). The process begins by checking if a change is controlled by other processes, such as
§ 50.59. Even though it may be controlled by another process, if a change affects the content of the emergency plan such that a revision is necessary, then the evaluation required by § 50.54(q) must be performed. If a change does not require a revision to the emergency plan, then no further analysis is necessary. For changes that require a revision to an emergency plan, the licensee will perform an evaluation to determine whether plan, as changed, continues to comply with § 50.47(b) and Appendix E. If so, and the change impacts an emergency planning function, the licensee will determine if the change constitutes an RIE of the emergency plan. If the change is determined to be an RIE, then NRC review and approval prior to implementation is required.
RG 1.219 provides examples of changes that may or may not be considered an RIE; some of these examples are presented in Table 1. In general, an RIE is a change that results in a reduced capability to respond to an emergency, such as reduced staffing or ability to assess emergency conditions. A non-RIE includes changes to personnel, equipment, or thresholds that do not affect response capabilities or intent.
Table 1. Examples of RIEs from RG 1.219 Type Selected Examples 32 U.S. Nuclear Regulatory Commission, RG 1.219, Guidance on Making Changes to Emergency Plans for Nuclear Power Plants, 2011.
Technology Inclusive Management of Safety Case:
White Paper 26 RIEs A change could require prior NRC approval if it would cause any of the major funconal areas or major tasks iden"ed in the emergency plan to be unassigned. An example of this type of change would be replacing quali"ed radiaon protecon technicians with other personnel who do not have the requisite quali"caon to oer radiaon protecon coverage to personnel other than themselves (e.g., coverage for an osite "re department responding onsite).
A change could require prior NRC approval if it reduces the availability or scope of the onsite services supplied by local agencies (e.g., local law enforcement and "re"ghng).
A change could require prior NRC approval if it would reduce the licensees capability to assess, classify, and declare an emergency condion within 15 minutes of the availability of indicaons that an EAL has been exceeded and to promptly declare the emergency condion as soon as possible following the iden"caon of the appropriate emergency classi"caon level.
A change to Emergency Response Organizaon stang levels resulng from changes in circumstances or gains in eciency would generally not require prior NRC approval provided that it does not aect the meliness and accuracy of the Emergency Response Organizaons performance of major funconal areas or major tasks in accordance with the emergency plan. The installaon of digital display screens that eliminate the need for status board keepers, the collocaon of osite personnel at the Emergency Operaons Facility that eliminates the need for liaison posions, and Type Selected Examples the installaon of messaging systems that reduce the number of needed communicators are examples of this type of change.
Non-RIEs A change to an EAL numeric threshold to re"ect an approved change in a technical speci"caon, provided that the basis of the approved EAL is unchanged (e.g., an EAL basis refers to a parcular technical speci"caon but not a liming condion for operaon value).
A change to an EAL numeric threshold to re"ect a change in a plant design parameter, instrument response characteriscs, or design calculaon, provided that the meaning or intent of the basis of the approved EAL is unchanged.
A change that replaces exisng ERF equipment with equipment of like quality, reliability, performance, and user interface would generally not require prior NRC approval. (The licensees 10 CFR 50.54(q) evaluaon must document the basis of this equivalency conclusion.)
RG 1.219 also addresses changes to a site emergency plan, including the EPZ, when the facility transitions to decommissioning. This guidance recognizes changes in the plant risk profile as it moves through the different stages of decommissioning. The Regulatory Guide notes that the RIE evaluation should be performed against the current (latest) version of the emergency plan approved by NRC, even if portions of that plan are no longer required due to the change in operations:
Technology Inclusive Management of Safety Case:
White Paper 27 The reduction in effectiveness evaluation is a comparison between the current NRCapproved emergency plan, and the emergency plan with the changes being considered. In other words, compare the licensees commitment in the current NRCapproved emergency plan with what would be the commitment after the plan is modified. Plant reconfigurations enabled by other change processes (e.g., 10 CFR 50.59, 10 CFR 50.48(f), 10 CFR 50.82, 10 CFR 52.110, etc.) do not factor into this comparison. This is a yes-no decision: the change would reduce the effectiveness of the emergency plan, or it would not. There are no degrees of reduction (e.g., minor reduction). It is inappropriate for a licensee to conclude that certain commitments made in the NRC-approved plan are no longer required and to then compare the emergency plan as modified to this conclusion, rather than the NRC-approved plan.
Finally, RG 1.219 specifically prohibits the use of risk information when performing an evaluation pursuant to § 50.54(q). Specifically, it states:
The effectiveness of an emergency plan is independent of probability.
The probability of a reactor accident requiring the implementation of a licensees emergency plan has no relevance in determining whether a particular change reduces the effectiveness of the emergency plan.
These statements should be understood to mean that an RIE determination performed under § 50.54(q) cannot consider accident probability. That said, it should be kept in mind that analyses of plant design and safety are outside the scope of § 50.54(q). For example, there is no need for an applicant or licensee to apply § 50.54(q) to activities related to the selection of LBEs and performance of accident analyses. However, if the insights from a new or revised LBE or results from a new or revised accident analysis drive a change to the emergency plan (i.e., to the size of the EPZ or elimination of an EAL), then the RIE determination cannot consider accident probability in that assessment - the change is assessed as either reducing emergency response capabilities or not. If there is a reduced response capability, then the change will be submitted to NRC for review and approval prior to implementation. During its review, NRC will have an opportunity to understand how probability-related information used in an LBE or accident analysis led to the need for a change to the emergency plan.
Regulatory Guide 1.242 RG 1.24233 provides guidance for compliance with the alternative EP framework requirements found in § 50.33(g)(2) and § 50.160. The guidance specifically points the reader to RG 1.219 and notes that RG 1.219 provides guidance for nuclear power reactor licensees implementing the requirements in 10 CFR 50.54(q) for following, maintaining the effectiveness of, and evaluating 33 U.S. Nuclear Regulatory Commission, RG 1.242, Rev 0, Performance-Based Emergency Preparedness for Small Modular Reactors, Non-Light-Water Reactors, and Non-Power Production or Utilization Facilities, 2023.
Technology Inclusive Management of Safety Case:
White Paper 28 and implementing changes to emergency plans. With respect to assessing changes to an emergency plan, the RG states the following:
The emergency plan should describe the process for maintaining and making changes to the emergency plan and associated procedures, including methods to account for facility changes and the methods used to conduct independent reviews of the EP program. Licensees may make changes to capabilities described in the emergency plan without creating a reduction in effectiveness, consistent with the requirements in 10 CFR 50.54(q).
Change Control: Proposed Addional Guidance As previously discussed, the guidance in NEI 24-05 utilizes LBEs from the LMP approach, which are derived from the plant PRA, for EPZ determination and emergency plan development.
Over the life of a facility, modifications to the plant design or operational programs, or new information, may result in changes to the PRA and new or revised LBEs. Therefore, the findings of the EPZ determination process and contents of the emergency plan may be impacted.
Currently, NEI 24-05 notes the necessity to track changes to the plant risk profile and assess the potential impact on the EPZ determination process and emergency plan, but the details of a program to do this were deferred pending the outcome of the TIRICE and TIMaSC efforts (see Section 5.1 of NEI 24-05).
To meet the needs of applicants and licensees following the alternative EP framework, an emergency plan change evaluation process was developed and is outlined in Figure 5. This process follows the general structure provided by RG 1.219. Additional steps are included to provide clarity regarding changes to LBE characteristics.
Technology Inclusive Management of Safety Case:
White Paper 29
Technology Inclusive Management of Safety Case:
White Paper 30 Figure 5. Proposed EP 50.54(q) Process The process begins by checking whether the plant or PRA change has resulted/will result in a change to LBE characteristics, which can include frequency, consequence, or other attributes (such as timing). If so, the process then examines whether the change is controlled by another process (such as § 50.59). The next steps evaluates whether the change impacts the emergency plan, including the EPZ sizing determination. If not, then no further action is necessary; however, this conclusion and its basis should be documented. If the emergency plan is affected, then the emergency plan, as it would be changed, is compared to the requirements of
§ 50.33(g)(2) and § 50.160 to determine whether compliance is maintained. If the change affects an emergency planning function, as defined by § 50.54(q), then an RIE evaluation is necessary.
As discussed in RG 1.219, if the change results in a reduction in EP capabilities, even if the change is commensurate with changes to plant characteristics, it is considered an RIE and requires NRC review and approval prior to implementation. Regarding reporting, 50.54(q)(5) requires licensees to retain a record of each change to the emergency plan made without prior NRC approval for a period of three years from the date of the change. A report of each change, including a summary of its analysis, must be submitted to NRC within 30 days after the change is put in effect.
4.2 Security Physical Security Under current regulations, each nuclear power reactor licensee maintains plans (e.g., Physical Security Plan, Cyber Security Plan) which collectively are referred to as security plans and which implement the means of addressing security requirements in 10 CFR Part 73, Physical Protection of Plants and Materials. Change control guidance for security plans is documented in 10 CFR 50.54(p). In general, a licensee may change a security plan without prior NRC approval if the changes do not decrease the safeguards effectiveness of the plan. The licensee must submit a report describing the change to NRC within two months after the change is made. Because changes to security plans are subject to specific requirements and criteria other than 10 CFR 50.59, such plans are not subject to the change control guidance in NEI 22-05 (see NEI 22-05, Section 4.1.1).
Requirements in 10 CFR Part 73 are prescriptive in nature. Security is an area that is generally considered challenging for probabilistic approaches because of the difficulty inherent in assigning probabilities to human-initiated security events. However, assessments of success or failure in thwarting hostile actions are typically made based on doses to the public which occur as a result of the security scenario. Surrogates for public dose, such as large early release frequency in LWRs, may also be used. The same methodologies that are used to calculate dose to the public in advanced reactor PRAs will likely be applied to calculating dose to the public in security scenarios. Accordingly, there is a potential link between some consequence analysis
Technology Inclusive Management of Safety Case:
White Paper 31 portions of the PRA (e.g., source term, radionuclide transport models) and the assessment of the ability to meet security requirements. PRA models may be exercised as part of a determination of whether a security plan change results in a decrease in safeguards effectiveness.
Beyond this analytical PRA-security nexus, the PRA is expected to be an important tool in assessing potential plant vulnerabilities and identifying target sets for adversaries. PRA insights may be used to identify opportunities for DID and mitigative strategies and thus shape the content of the security plans.
The NRC security requirements for advanced reactors are subject to change in the relatively near future. An ongoing limited scope security rulemaking for small modular reactors and non-LWRs would provide alternate physical security requirements (APSRs) for such reactors. The APSRs offer the potential for relief from some deterministic requirements, such as numbers of onsite security responders, location of the Secondary Alarm Station, etc. The rulemaking also includes proposed §73.55(s)(2)(ii) that would allow the licensee to rely on law enforcement or other offsite armed responders for certain protective functions against radiological sabotage. Using APSRs requires justification in terms of evaluating offsite dose consequences for applicable scenarios. As noted above, PRA consequence models will likely be used to assess offsite dose during security scenarios. For a licensee taking advantage of APSRs, the justification for doing so would likely be tied to the PRA, and changes to some PRA models as they evolve over the plant lifetime could impact that justification.
Beyond the limited scope of Part 73 rulemaking, proposed changes to 10 CFR Part 73 contemplated as part of the ongoing 10 CFR Part 53 rulemaking could be even more significant.
Per the NRC 10 CFR Part 53 proposed rule (Federal Register Vol. 89, No. 211, 10/31/24, p.
87005), This proposed rule would add §73.100, which would establish a performance-based regulatory framework for physical protection as an alternative to the prescriptive requirements of
§73.55 The proposed rule would allow for significant departures from current nuclear power plant security practices, including relying on the use of onsite responders, law enforcement or other offsite armed responders, or a combination thereof, to fulfill the interdiction and neutralization functions (Federal Register Vol. 89, No. 211, 10/31/24, p. 87120). As with the limited scope rulemaking, determining performance would likely involve offsite dose calculations using PRA consequence models, so the analytical nexus between security and the PRA would be important for licensees electing to follow a new 10 CFR 73.100.
Of course, linkages between the PRA and security for both rulemaking scenarios (limited scope and Part 53) are only speculative until the respective rulemakings have been completed. The TIMaSC project will follow the ongoing rulemakings and incorporate appropriate measures into guidance to address any PRA-physical security linkage. Even if security rule changes are not fully resolved by the time TIMaSC guidance is issued, the guidance will address the likely analytical nexus between the PRA consequence models and the plant security plans.
Technology Inclusive Management of Safety Case:
White Paper 32 In addition to the need to control security changes, NRC regulations recognize the potential for plant changes to impact security. 10 CFR 73.58 Safety/security interface requirements for nuclear power reactors enjoins licensees to assess and manage the potential for adverse effects on safety and security, including the site emergency plan, before implementing changes to plant configurations, facility conditions, or security. Thus, programs for implementation of plant changes should include provisions for assessing impacts on security as well as on the NEI 18-04 safety licensing basis.
Cyber Security The discussion of cyber security builds off the discussion of physical security in Section 4.2.1. 10 CFR 73.54 Protection of digital computer and communication systems and networks requires each licensee under Part 50 to have and maintain a cyber security plan addressing the objectives in 10 CFR 73.54(1) and (2). As with the physical security plan, change control is managed in accordance with 10 CFR 50.54(p).
The limited scope rulemaking for 10 CFR Part 73 discussed in Section 4.2.1 does not address cyber security. However, NRC is also developing guidance related to cyber security in the context of 10 CFR Part 53, the planned new rule for licensing advanced reactors. Part 53 would reference a new set of cyber security requirements in Part 73 (specifically, 10 CFR 73.110).
There is an associated draft Regulatory Guide, DG-5075. The draft version of 10 CFR 73.110 includes performance-based elements in that SSCs would not require cyber protection if their failure did not result (directly or indirectly) in an offsite dose exceeding 25 rem. Also, the draft cyber security regulation is a three-tiered approach that progresses from facility level to function level to SSC level. This would appear to work well with an NEI 18-04 approach that progresses from Fundamental Safety Functions to RSFs to required functional design criteria to safetyrelated design criteria at the SSC level.
Rather than complying with the existing 10 CFR 73.54 framework, an advanced reactor applicant under 10 CFR Parts 50 or 52 may prefer to adopt the new cyber security framework being developed for 10 CFR Part 53 and implemented by 10 CFR 73.110 and associated guidance. It is also likely an applicant under 10 CFR Part 50 would not address cyber security in a CP application but wait until the operating license portion of the application. Depending on the outcome of 10 CFR Part 53, an applicant that chooses to follow Part 50 or Part 52 may choose to follow 10 CFR 73.110 either directly, or through exemptions. If so, there would be a potential analytical linkage between security and PRA consequence models that determine if SSCs are required to limit doses to 25 rem or less. As with physical security, linkages between the PRA and cyber security are only speculative until the Part 53 rulemaking has been completed. The TIMaSC project will follow the ongoing rulemakings and incorporate appropriate measures into guidance to address any likely PRA-cyber security linkage.
Technology Inclusive Management of Safety Case:
White Paper 33 5.0 NEW INFORMATION New information34 is expected to be identified as a result of the compilation of the knowledge from operating experience, experiments, and testing. New information must be systematically evaluated by licensees whether from operational experience, research, industry events, or vendor notifications. Depending on its significance, new information can lead to:
Technology Inclusive Risk Informed Change Evaluations (NEI 22-05)
Operability Determinations Corrective Actions UFSAR updates Event reporting PRA updates/revisions License amendments NRC communications and follow-ups Application of the Backfit Rule NRC has several regulations and processes that prescribe how new information that could impact the licensing basis of a nuclear facility must be addressed. The licensing basis of a facility includes the set of NRC requirements, licensee commitments, and safety analyses that provide the basis for acceptable operation. These processes remain essentially the same under the LMP licensing framework with additional clarification needed for new information that impacts the PRA. The actions to be considered under the LMP licensing framework addressing new information impacting the PRA will reflect insights obtained from the requirements of RG 1.174 and the non-LWR PRA Standard which will be discussed in greater detail in Section 6, PRA.
The regulatory requirements, guidance, and processes discussed below will be utilized, as applicable, for advanced non-LWRs when evaluating new information and its impacts and determining what actions need to be taken.
5.1 Technology Inclusive Risk Informed Change Evaluaons (NEI 22-0535)
When considering the discovery of new information, if no change is being proposed, an evaluation under NEI 22-05 will not be required in most situations. Therefore, the discovery of 34 New information is sometimes referred to as changes in the state of knowledge. This white paper uses the new information terminology, which is consistent with NEI 22-05.
35 NEI 22-05, following endorsement by the NRC, will be applicable to licensees who implement the LMP licensing framework (i.e., follow the guidance in NEI 18-04 and NEI 21-07) and invoke it use via an exemption to 10 CFR 50.59 and an enabling license condition.
Technology Inclusive Management of Safety Case:
White Paper 34 new information does not always necessitate actions be taken using NEI 22-05 until a change to the facility is being proposed. NEI 22-05 Section 4.1.6 addresses new information, stating:
New Information is routinely acquired as a natural part of the design, operation, and maintenance of nuclear facilities. New information for new reactor designs is expected to be identified as a result of the compilation of the knowledge from operating experience, experiments, and testing.
However, there are two situations where the discovery of specific types of new information requires evaluation in accordance with NEI 22-05.
First, if the new information results in a change to input parameters36 described in the FSAR, then the change in the input parameter is to be considered a change to the facility that would require evaluation under the criterion in Sections 4.3.1 through 4.3.8 of NEI 22-05.
Second, if the new information results in a change to an input parameter that is considered to be an element of a methodology37 then it would be required to be evaluated as a potential change to a method of evaluation38 under Section 4.3.9 of NEI 22-05. Evaluation under this section is performed to determine if the new information results in a departure from a method of evaluation described in the FSAR (as updated) used in establishing the design bases or the safety analyses.
5.2 Operability Determinaons The regulatory obligation regarding operability is compliance with the requirements specified in technical specifications. NRC inspection guidance concerning new information that results in degraded or nonconforming conditions is contained in NRC Regulatory Issue Summary (RIS) 2005-20, Rev. 2, Operability Determinations and Functionality Assessments for Resolution of Degraded or Nonconforming Conditions Adverse to Quality or Safety and NRC Inspection Manual Part 9900 - Technical Guidance (TG 9900). The associated NEI guidance is NEI 18-03, Operability Determination.39 36 Input parameters are defined in NEI 22-05 Section 3.7 as those values derived directly from the physical characteristics of SSC or processes in the plant, including flow rates, temperatures, pressures, dimensions or measurements (e.g., volume, weight, and size), and system response times.
37 NEI 22-05 Section 3.7 describes situations in which an input parameter is considered to be an element of the methodology.
38 Method of Evaluation is defined in NEI 22-05 Section 3.9 as the calculational framework used for evaluating behavior or response of the facility or an SSC. Departure from a method of evaluation described in the FSAR (as updated) means (i) changing any of the elements of the method described in the FSAR (as updated) unless the results of the analysis are conservative or essentially the same; or (ii) changing from a method described in the FSAR to another method unless that method has been approved by NRC for the intended application.
39 Nuclear Energy Institute, NEI 18-03, Operability Determination, October 2019.
Technology Inclusive Management of Safety Case:
White Paper 35 Following the approaches laid out in TG 9900, NEI 18-03, and related licensee guidance documents provides a process to ensure that licensees maintain compliance with Tech Specs and the plant's licensing basis when degraded or nonconforming conditions are identified following the discovery of new information.
Consider an example where the new information identifies a new failure mode that affects a safety-related system. In this situation a licensee must:
Immediately evaluate the operability of affected SSCs and determine whether the system/component is still operable.
If the system/component is not operable as per its design basis declare it inoperable, determine if it needs to be taken out of service and enter into required Technical Specification action statements.
Initiate corrective actions, as appropriate, such as enhanced surveillance, or compensatory measures.
Application of NEI 18-03 would need to be tailored to the specific safety case of the advanced reactor. NEI 18-03 is derived from the Limiting Condition of Operation /technical specification framework under 10 CFR Part 50 Appendix B and NRC inspection manuals. Advanced nonLWRs may use RIPB licensing with functional-based technical requirements instead of traditional prescriptive technical specifications. Therefore, the operability decision logic may need to be recast in terms of performance criteria, not just compliance with existing technical specifications.
5.3 Correcve Acons Under 10 CFR Part 50, Appendix B, Criterion XVI, Corrective Action, the discovery of new information, especially if it identifies a condition adverse to quality, triggers specific regulatory obligations for licensees to evaluate, document, and correct the condition.
Examples of new information that may invoke corrective action requirements include:
New failure modes or degradation mechanisms (e.g., from operating experience)
Updated seismic hazard data or material aging research Previously unrecognized design vulnerabilities Noncompliance with current regulatory or licensing requirements Internal assessments or PRA updates revealing increased risk or performance gaps
Technology Inclusive Management of Safety Case:
White Paper 36 Discovery of new information that invokes corrective action requirements under 10 CFR Part 50, Appendix B, Criterion XVI requires that a licensee:
Identify conditions adverse to quality (e.g., new failure mode),
Promptly determine the cause, and Take corrective action to prevent recurrence. This may include updating procedures, component modifications, or further analysis.
5.4 Updates to the Safety Analysis (10 CFR 50.71(e))
If the discovery of new information results in a change to the facility as described in the FSAR, the licensee must evaluate whether the UFSAR needs to be updated and if so, include it in the next scheduled update.
5.5 Reporng (10 CFR 21 / 50.55 / 50.72 / 50.73)
All Part 50 and Part 52 licensees must comply with reporting requirements found in Part 21, 50.55, 50.72, and 50.73.
Reporng of Defects (10 CFR Part 21 and 10 CFR 50.55) 10 CFR Part 21 addresses notification of NRC about defects that could create a substantial safety hazard as well as evaluation of such defects. It applies to constructors and suppliers as well as owners and operators of nuclear power plants. An example of a Part 21 evaluation performed after the identification of new information is the reporting of a vendor defect in circuit breakers.
In this situation the vendor notified a plant that a batch of circuit breakers had a manufacturing defect that can prevent proper tripping. The defect was reported under Part 21 as it could create a substantial safety hazard if used in safety-related applications.
All Part 50 licensees must comply with reporting requirements found in Part 21. For the operating fleet, Part 21 guidance can be found in NEI 14-09, informed by the guidance in NUREG-0302 and endorsed in RG 1.234. The term Basic Component is defined in 10 CFR 21.3, and the guidance related to that definition relies on the traditional definition of Safety-Related. For LMP users, the Basic Component definition should align with the safetyrelated definition in NEI 18-04.
10 CFR 50.55 (Conditions of construction permits, early site permits, combined licenses, and manufacturing licenses) has substantial overlap with 10 CFR Part 21 in that 10 CFR 50.55 also requires notification of NRC about defects. However, there is a unique reporting requirement in 10 CFR 50.55(e) that is not found in 10 CFR 21. The reporting criterion in 10 CFR
Technology Inclusive Management of Safety Case:
White Paper 37 50.55(e)(3)(iii)(C) pertains to any significant breakdown in any portion of the quality assurance program conducted under the requirements of Appendix B to 10 CFR Part 50 which could have produced a defect in a Basic Component. These breakdowns in the quality assurance program are reportable whether or not the breakdown actually resulted in a defect in a design approved and released for construction, installation, or manufacture. This provision will be equally applicable to advanced reactors.
The regulations and processes discussed in this subsection do not require revision for an LMP licensing basis with the exception that the definition of a Basic Component in NEI 14-09 should be changed to align with NEI 18-04, and that clarification should be endorsed by NRC.
No"caon Requirements and Licensee Event Reporng System (10 CFR 50.72 and 50.73) 10 CFR §§ 50.72 and 50.73 are NRC regulations that govern the reporting of events by nuclear power reactor licensees. These requirements ensure that NRC is promptly informed about potentially significant safety issues or abnormal events at nuclear facilities. 10 CFR 50.72 addresses prompt telephone notifications to NRC and 10 CFR 50.73 covers written reports.
The different reporting times under 10 CFR § 50.72 are linked to the safety significance and urgency of the event or condition. The regulation provides three main reporting timeframes: 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, and 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. Each is triggered by specific types of events.
a) 1-Hour Reports are required for immediate threats to public health and safety or the plant. Specifically, 10 CFR 50.72(a)(1)(i) reports are required for emergency declarations (Notification of Unusual Event, Alert, Site Area Emergency, or General Emergency) and 10 CFR 50.72(b)(1) requires reports for deviations from license conditions or Tech Specs pursuant to 10 CFR 50.54(x) (unplanned deviations required to protect public health and safety).
b) 4-Hour Reports are required for significant but non-immediate safety-related events. 10 CFR 50.72(b)(2) reports are required for unplanned technical specification-required safety system actuations, such as emergency core cooling system or reactor protection system actuation, even if the system functioned correctly; degraded safety system performance; reactor scrams; significant technical specification violations; or events that could result in media/public interest or involve serious plant risk.
c) 8-Hour Reports are required for conditions that could have affected safety functions but did not result in immediate harm. 10 CFR 50.72(b)(3): reports are required for: any condition that could have prevented safety functions (shutdown, heat removal, release control, accident mitigation); inoperable SSCs required by
Technology Inclusive Management of Safety Case:
White Paper 38 technical specifications; degraded barriers (e.g., loss of containment integrity);
reportable events under § 50.73 that are identified earlier.
In general, 10CFR50.72 reporting requirements apply to advanced nonLWRs under the RIPB LMP framework just as they do for traditional LWRs, because these regulations are written broadly and tied to safety function performance, not reactor type. However, the regulations include reference to LWR systems that may not be used in the traditional sense in some advanced reactors, such as containment isolation and emergency core cooling.
With respect to written reports, under 10CFR50.73(a)(2)(v), the regulation explicitly requires submission of a Licensee Event Report when there is:
any event or condition that could have prevented the fulfillment of the safety function of structures or systems that are needed to:
a) Shut down the reactor and maintain it in a safe shutdown condition; b) Remove residual heat; c) Control the release of radioactive material; or d) Mitigate the consequences of an accident.
This language is not limited to LWRsit applies broadly to all nuclear power plants licensed under Part50 or 52, including advanced nonLWRs. However, there are some differences in terminology that should be addressed. For example, § 50.73(a)(2)(iv)(B) provides a list of systems to which the requirements of paragraph § 50.73 (a)(2)(iv)(A) apply. The systems listed are specific to LWRs (both pressurized water reactors and boiling water reactors).
The implementing regulatory guidance for event reporting is NUREG 1022, Event Report Guidelines 10 CFR 50.72 and 50.73.40 NUREG-1022 would benefit from being updated to more explicitly address advanced non-LWRs, especially those licensed under the RIPB LMP framework. While NUREG-1022 is technologically neutral in structure, it utilizes LWR examples and terminology, is based on traditional deterministic design basis and technical specifications, and is not clearly aligned with SSC categorization under LMP (e.g., safetyrelated, Non-Safety-Related with Special Treatment [NSRST], and No Special Treatment [NST]) or the typical characteristics of advanced non-LWRs (e.g., passive safety, inherent safety, and low source terms). These differences can lead to uncertainty or inconsistency when applying event reporting thresholds to designs with nontraditional safety systems or containment, different 40 U.S. Nuclear Regulatory Commission, NUREG-1022, Rev 3, Event Report Guidelines 10 CFR 50.72 and 50.73, January 2013.
Technology Inclusive Management of Safety Case:
White Paper 39 safety classifications, performance-based licensing requirements, and different or less clearly defined "barriers" and accident sequences.
With respect to event reporting, the LWR-specific language in the regulations and guidance will need to be addressed in some manner. NRC discusses potential means of addressing such issues in the ARCAP Roadmap DANU-ISG-2022-01, Appendix B, Table 5, which states:
For this reason, the NRC staff anticipates that non-LWR applicants may request exemptions from these regulations, or that a rule of particular applicability or case specific order may be appropriate, but the precise nature of the approach chosen under the circumstances will depend on the specific technology and how other regulations are being met. The NRC staff will engage with non-LWR applicants with the goal of affording applicants as much flexibility as possible in implementing solutions to meet the underlying purpose of these regulations.
With that being said, it should be noted that the NEI 18-04 licensing basis offers an opportunity to recast reporting to take advantage of its risk-informed basis. Such an approach would focus on impairment of RSFs and be informed by the risk significance of SSCs.
5.6 Updates and Revisions to the PRA New information can arise from changes to the PRA. It is addressed in Section 6 of this report, along with other issues pertaining to PRA and the NEI 18-04 licensing basis.
5.7 License Amendments 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit, establishes the regulatory process a licensee must follow to propose a change to information impacts the licensing basis. 10 CFR 50.90 does not directly require licensees to act on new information, but it provides the mechanism by which licensees request NRC approval if they determine that new information necessitates a change to their licensing basis that requires prior NRC approval.
5.8 NRC Communicaons and Follow-up As noted earlier, new information may arise from a variety of sources. Processes and requirements related to NRC and the communication of new information to licensees are discussed in this section. These include: 50.54(f) requests for information, Generic Letters (GLs),
Information Notices, Bulletins, and RIS, each of which is covered below.
Technology Inclusive Management of Safety Case:
White Paper 40 50.54(f) Requests for Informaon If the new information has broad industry implications, NRC may issue a 50.54(f) request for information. This is a formal request from NRC to licensees when the Commission determines that additional data is necessary to assess whether a facility is operating in accordance with its licensing basis or to determine if regulatory action is needed. An example of NRC issuing a 10 CFR 50.54(f) request for information in response to new information after the Fukushima Daiichi accident in Japan. This event revealed new insights about external hazards and plant response capabilities.
Generic Leers NRC issues GLs under specific circumstances when it needs to formally communicate with licensees and applicants across the industry on matters of regulatory importance. These letters often require action or a formal response. An example is NRC issuing a GL in response to new information was GL 2003 Control Room Habitability. NRC issued GL 2003-01 after finding industry-wide issues with control room envelope integrity and post-accident air quality assumptions. Licensees were required to review their analyses and, if necessary, update procedures or the UFSAR. In certain cases, licensees filed license amendments to revise assumptions in their radiological habitability analyses.
Informaon Noces The NRC issues an Information Notice to alert licensees to significant operating experience, lessons learned, or conditions that do not require regulatory action or response but are nonetheless important. An example of the NRC issuing an Information Notice after identifying new information is NRC Information Notice 2016-05, Digital Instrumentation and Control System Issues Identified During NRC Design Certification Reviews. This NRC Information Notice communicated significant reliability concerns identified during NRC reviews of digital instrumentation and control (I&C) systems for new reactor designs and license amendments.
Bullens The NRC issues a Bulletin when it identifies a potential or actual urgent safety or security issue that may affect multiple facilities and requires prompt attention, assessment, and often a response from licensees. An example is the NRC issuing a Bulletin following the discovery of new information was NRC Bulletin 2012-01, Design Vulnerability in Electric Power System. This Bulletin was issued following the discovery of a previously unrecognized design vulnerability where a single-phase open circuit on an offsite power transformer went undetected, leaving protection systems unaware that power was lost. The Bulletin alerted licensees to examine their designs for similar vulnerabilities and confirm system protection schemes would work under similar conditions.
Technology Inclusive Management of Safety Case:
White Paper 41 Regulatory Informaon Summary NRC issues a RIS to inform, clarify, or remind licensees and stakeholders about regulatory requirements, guidance, or NRC staff positions. Unlike Bulletins or GLs, RISs do not require any response or action from recipients. An example is NRC issued RIS 2022-02 to address the potential confusion between NRC requirements and ASME Code interpretations for evaluation, control, and treatment of operational leakage in systems required to be operable by plant Tech Specs.
5.9 Applicaon of the Back"t Rule A backfit refers to a situation when NRC proposes a change in requirements for a facility protected by regulation from certain changes applicable to its licensed activities. NRC uses the Backfit Rule to decide when and how to require changes to existing licensees facilities or procedures in response to new information that raises safety concerns. For example, the rule may be utilized when new operating experience, research, or event analysis shows that an existing design or procedure has an unacceptable safety risk or vulnerability.
There are two categories of backfits. First, a backfit may be required to ensure compliance with existing rules, regulations, or license conditions. This type of backfit is referred to as a compliance backfit. Risk assessments are not required to justify these backfits, although risk information may be used to inform the regulatory analysis. Second, there are backfits where NRC seeks to impose new requirements beyond compliance, typically due to new safety insights, emerging risks, or operational experience. These are referred to as cost-justified, substantial safety enhancement backfits and the use of risk information in considering these types of backfits is crucial in determining: whether the safety enhancement is substantial, and whether the benefit justifies the cost. NRCs policy statement on the use of PRA methods in nuclear regulatory activities includes the statement that, where appropriate, PRA should be used to support a proposal for additional regulatory requirements, in accordance with 10 CFR 50.109.
In considering a backfit, NRC evaluates whether imposing new or modified requirements would reduce risk or improve safety significantly. Before imposing new or more restrictive requirements beyond the existing licensing basis, NRC must demonstrate that the benefits outweigh the costs (risk reduction justifies the burden).
NRC invokes the Backfit Rule to control when and how new safety-related information leads to changes in an operating plants licensing basis, ensuring the changes are necessary, justified, and balanced against cost and operational impact. An example of where NRC has utilized the Backfit Rule was following increased reliance on digital I&C systems in nuclear plants in the early 2000s. NRC identified that some digital systems were vulnerable to fire-induced failures. After identifying potential vulnerabilities, NRC conducted a review and issued regulatory guidance and backfit requirements to ensure digital I&C systems would maintain functionality during and after a fire event. Existing plants with digital upgrades had to perform evaluations and modify
Technology Inclusive Management of Safety Case:
White Paper 42 their fire protection programs and plant layouts to address vulnerabilities in order to comply with the new requirements. This issue was first communicated to licensees and stakeholders by NRC issuance of IN 2005-22 followed by RIS 2006-06. The staffs recommendation to the Commission to impose new requirements was provided in SECY-05-0190: Fire Protection Issues Related to Digital Instrumentation and Control Systems.
10 CFR 50.109, the Backfit Rule, provides a framework for evaluating whether new regulatory requirements (backfits) are justified for currently operating LWRs. It is reasonable to expect that for backfit decisions involving advanced non-LWRs, NRC will use a risk-informed approach consistent with the fundamental principles of 10 CFR 50.109, with risk metrics tailored to the specific design and safety basis of the reactor.
5.10 Impact of Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis Overall existing processes appear to adequately address the treatment of new information. That conclusion should not be taken to imply that no guidance is needed on the treatment of new information for advanced reactors with an LMP-based safety case. TIMaSC intends to explore the area of new information through tabletop exercises and, potentially, through examples in the guidance document.
Technology Inclusive Management of Safety Case:
White Paper 43 6.0 PROBABILISTIC RISK ASSESSMENT 6.1 Evoluon of PRAs for Advanced Non-LWRs PRA will play an important role in supporting the licensing basis for most future advanced nonlight water reactor plants. For plants following the LMP methodology in NEI 18-04 and supporting guidance documents, information from the PRA is used to inform the selection of LBEs, safety classification of SSCs, development of Principal Design Criteria, setting targets for the reliability and capability and selecting special treatments for safety-significant SSCs, and evaluating DID adequacy. Background on the development of PRAs for advanced non-LWRs is available in the PRA report41 that supports NEI 18-04.
Although many are aware of the history of PRA for LWRs starting with the publication of WASH-1400, Reactor Safety Study in 1975,42 there is a long history of PRA on advanced reactors extending back to similar or even earlier time frames. Reginald Farmer at the United Kingdom Atomic Energy Authority led a team that performed the first PRA on nuclear power plants in the 1960s, in part to help justify the siting of Magnox and Advanced Gas-Cooled Reactors near population centers without containments. PRA has been applied to multiple gas reactor designs over past decades, including licensing interactions with NRC. In a recent example, X-energys Xe-100 conceptual design benefitted from a pre-conceptual design PRA, with risk insights incorporated into the safety design concept for both active and passive core heat removal systems. The Xe-100 PRA is described in the Construction Permit Application for the Long Mott Plant.43 There is also a long history of PRAs performed for sodium-cooled reactor PRAs. A good history of early work on sodium-cooled reactor PRAs is provided in the paper, A Review of U.S.
Sodium Fast Reactor PRA Experience.44 This history begins with the Clinch River Breeder Reactor PRA that was published in 1968.45 In the same year a PRA was performed to support the review of a Preliminary Safety Information Document for the Power Reactor Innovative Small Module (PRISM) sodium-cooled fast reactor.46 A modernized version of the PRISM PRA 41 Southern Company, Modernization of Technical Requirements for Licensing of Advanced Non-Light Water Reactors:
Probabilistic Risk Assessment Approach, Document Number SC-29980-101 Rev 1, March 2020.
42 U.S. Nuclear Regulatory Commission, WASH-1400 (NUREG 75/014), Reactor Safety Study, October 1975.
43 Long Mott Energy, LLC, Long Mott Generating Station Xe-100 Power Reactor Application, Construction Permit Application Part II Preliminary Safety Analysis Report, https://www.nrc.gov/docs/ML2509/ML25090A061.pdf.
44 David Grabaskas, A Review of U.S. Sodium Fast Reactor PRA Experience, Probabilistic Safety Assessment and Management PSAM 12, June 2014, Honolulu, Hawaii.
45 Technology For Energy Corporation, Clinch River Breeder Reactor Plant Probabilistic Risk Assessment, CRBRP-4, 1984.
46 U.S. Nuclear Regulatory Commission, NUREG-1368, Preapplication Safety Evaluation Report for the Power Reactor Innovative Small Module (PRISM) Liquid-Metal Reactor, Final Report, February 1994.
Commented [WR16]: Consider a statement that makes clear that PRA as used in this context includes the supporting plant simulations using code systems such as MELCOR/MACCS or other tools used to determine the consequences, usually using a mechanistic source term model to demonstrate the integrity of barriers or estimate radiological releases.
A challenging area for the guidance document is likely to be the supplementary analyses mentioned in the non-LWR PRA standard and being discussed for certain topics such as seismic hazards. As much as possible, these could be considered within the configuration control of the PRA and the general TIMaSC framework. The TIMaSC guidance could, if needed, be the vehicle to ensure there are no loose strings for areas addressed outside of the general F-C plotting in the LMP.
Technology Inclusive Management of Safety Case:
White Paper 44 provided the foundations for PRAs on the Advanced Test Reactor47 and the Natrium reactor. The Natrium PRA is described in the CP application for Kemmerer Power Station, Unit 1.48 The history of PRAs on molten salt reactors is less extensive than that for high-temperature gascooled reactors and sodium-cooled reactors. However, there have been significant developments in developing PRA models for these reactors based on projects sponsored by the Electric Power Research Institute (EPRI) at Vanderbilt University using the Molten Salt Reactor Experiment at Oak Ridge National Laboratory.49 In addition, initial PRA models for the Fluoride Salt-Cooled High-Temperature Reactor developed by Kairos were used in piloting the LMP methodology.
The experience in performing non-LWR PRAs to date has demonstrated the capability of nonLWR PRA technology to support implementing key tasks in the LMP methodology. This includes reactor technology and design-specific definition of LBEs, selection of RSFs, safety classification of SSCs, selection of reliability and capability targets and special treatment requirements, and evaluation of DID adequacy.
6.2 Role of PRA in De"ning the LMP Licensing Basis The term LMP refers to advanced reactors following the methodology described in NEI 18-04, NEI 21-07, and NEI 22-05, as discussed in Section 1.2.
What Is a PRA?
A probabilistic risk assessment is a systematic evaluation of a complex engineered system such as a nuclear power plant that is intended to answer the following questions, quantitatively:
What can go wrong?
How likely is it?
What are the consequences?
47 David Grabaskas, et al., Application of the Licensing Modernization Project Approach to the Authorization of the Versatile Test Reactor. American Nuclear Society Transactions, Volume 121; Number 1; Pages 1396-1398. November 2019 48 TerraPower, LLC, Submittal of the Construction Permit Application for the Natrium Reactor Plant, Kemmerer Power Station, Unit 1, Accession Number: L24088A059, April 10, 2024.
49 Electric Power Research Institute, Molten Salt Reactor Experiment (MSRE) Case Study Using Risk-Informed, PerformanceBased Technical Guidance to Inform Future Licensing for Advanced Non-Light Water Reactors, Prepared for U.S. Department of Energy, September 2019.
Technology Inclusive Management of Safety Case:
White Paper 45 This formulation of the risk triplet is based on the accepted quantitative definition of risk used in the PRA standards by Kaplan and Garrick.50 The contents of a modern PRA that addresses the requirements in the non-LWR PRA Standard that are available to support applications in implementing the LMP methodology include:
A set of PRA models that define a comprehensive set of event sequences and calculate their frequencies and consequences.
PRA documentation that describes the process used to define and quantify the frequencies and consequences of the event sequences and associated uncertainties.
The documentation also includes the technical basis for screening out events that were considered but meet the screening criteria in the standard but could be affected by plant changes or changes in the state of knowledge reflected in the PRA inputs.
The PRA documentation normally tracks the requirements in the PRA Standard to facilitate peer reviews. Many requirements require the documentation of sources of uncertainty in the identification and quantification of the event sequence frequencies and consequences.
A set of risk insights that capture the risk-significant event sequence families, SSCs, and basic events that are represented in the PRA models.
A Peer Review report that documents the findings of PRA peer reviews required by the PRA Standard.
A closure review report or record that documents the resolution of Peer Review findings.
It is noted that uses of the PRA such as evaluating the risk significance of specific changes are not part of the PRA itself but rather are considered PRA applications. The technical requirements for the PRA in the PRA Standard are for the PRA itself and do not apply to specific applications.
NEI 18-04 and the associated RG 1.233 do not require applicants to follow the non-LWR PRA Standard. NEI 21-07 and the associated RG 1.253 document an acceptable SAR format and content for applicants using NEI 18-04. NEI 21-07 guidance for SAR Section 2.1.1 provides the expectation that the applicant either (i) certify conformance with the non-LWR PRA Standard or (ii) establish another means of demonstrating PRA technical adequacy. For the purpose of this white paper, it is assumed that applicants have elected to follow the non-LWR PRA Standard.
50 Kaplan, S. and B. John Garrick, On the Quantitative Definition of Risk, Risk Analysis, Vol. 1, pp. 11-27, 1981.
Commented [WR17]: While agreeing that the use of the PRA in the evaluation process is an application, you might consider mention of § 6.2.3 on PRA configuration control as the means to close the loop and keep the PRA consistent with the plant design and performance.
Technology Inclusive Management of Safety Case:
White Paper 46 PRA Uses in the LMP Methodology PRA plays an important role in the LMP methodology. During the Next Generation Nuclear Plant project and interactions with the NRC staff it was determined that a technology inclusive method for deterministically selecting LBEs did not exist. The LBEs developed for currently licensed LWRs were developed using a series of ad hoc judgments to develop the DBAs. These were supplemented over time with additional beyond design basis events to address issues that arose from service experience such as anticipated transients without scram and station blackout. This history of LBE development for LWRs did not produce a technology inclusive process that could be replicated for advanced non-LWRs. PRA was selected as tool to form a foundation of the LMP methodology because existing PRA methods are capable of systematically identifying initiating events and event sequences for any complex engineered system. The LMP methodology incorporates DID in the licensing basis, and one of the purposes of DID is to address limitations and uncertainties associated with PRA.
As shown in Figure 4, the LMP methodology is an iterative process that is expected to repeat at different design and licensing stages. In each successive iteration, the PRA model addresses the changes that were made in the previous iteration. This figure was developed in the context of the initial work to establish the LMP-based design and licensing basis. The TIMaSC Guidance Document should consider modifying this for evaluating changes in an operating plant.
When the LMP licensing basis is completed, information provided by the PRA has had a significant role in developing the following LMP products:
Incorporation of risk insights into design and operation Selection and evaluation of LBEs from PRA event sequence families o AOOs o DBEs o BDBEs Required Safety Functions and safety-related SSCs, identified through DBEs and high-consequence BDBEs Selection of DBAs, derived from DBEs but crediting only safety-related SSCs Selection of Non-Safety-Related with Special Treatment (NSRST) SSCs Identifies risk-significant LBEs and SSCs Evaluation of PRA limitations and uncertainties Capability and reliability targets and special treatment for safety-significant SSCs The LMP methodology is considered a risk-informed and performance-based approach. The term risk-informed is used to mean that decisions made in applying the methodology are based on a
Technology Inclusive Management of Safety Case:
White Paper 47 combination of risk insights and the application of deterministic principles. The risk insights come from information on the definition of event sequence families and estimates of their frequencies and consequences provided by a design and technology-specific PRA. The deterministic principles are incorporated into the decisions through an evaluation of DID adequacy. The LMP does not prescribe the degree to which each decision is supported by risk insights and deterministic principles and offers flexibility on how these considerations are balanced in specific applications.
The performance-based aspects of the approach are reflected in the use of a FrequencyConsequence Target and Cumulative Risk Targets to evaluate the risk significance of LBEs and SSCs, the use of reliability and capability targets to inform the selection of special treatments, monitoring programs to track the performance and safety-significant SSCs, and corrective action programs to address deviations in performance against the targets.
The extent to which risk insights are available is of course dependent on the scope and level of detail of the PRA that is available when decisions are made. While not required, it is encouraged that PRAs be introduced at an early stage of the design to maximize the efficiency of incorporating key risk insights into the design. Risk-informing the design is much more costeffective up front than towards the end of the design process, or after the design is complete.
In the following sections, a brief discussion of the evolution of the PRA throughout the design and licensing process and how PRA changes may influence the application of LMP methodology is provided. This provides some initial insights to understand the LMP change control process during the plant operation life cycle.
Inial Applicaons of the PRA in LMP The basic steps in the LMP methodology are designed to be anchored to a set of event sequence families from an internal event, at-power PRA that includes mechanistic source terms and consequences resolved as site boundary doses at the plume centerline with conservative meteorology assumptions.
From this stage of the PRA the following steps of the LMP methodology can be formed:
Event sequence families are classified as AOOs, DBEs, and BDBEs.
RSFs are selected as those necessary to keep the DBE and high-consequence BDBE doses within the Frequency-Consequence (F-C) target (Figure 3-1 of NEI 18-04).
Safety-related SSCs are selected from those available on all the DBEs to perform the RSFs.
DBAs are developed by modifying each DBE to assume that only safety-related SSCs are performing the RSFs.
Commented [WR18]: This provides a succinct description of one element of TIMaSC as a key part of the performance monitoring of a RIPB approach. Consider using something similar in the early sections of a guidance document.
Technology Inclusive Management of Safety Case:
White Paper 48 Consequences of DBAs are evaluated using conservative assumptions against the 10 CFR 50.34 dose criteria.
The LBEs in the AOOs, DBEs, and BDBEs are evaluated against the F-C Target and any risk-significant LBEs are identified.
Risk-significant SSCs are identified by applying the NEI 18-04 risk significance criteria.
If the PRA is limited to internal events at this stage, a set of Design Basis Hazard Levels (DBHLs) is defined using existing deterministic regulatory guidance to establish design requirements to ensure that safety-related SSCs are capable of performing their RSFs in the event of a DBHL.
An initial evaluation of DID adequacy is performed using the criteria in NEI 18-04 via an IDP. Non-safety-related SSCs that perform safety functions judged to be necessary for adequate DID are identified. All plant SSCs are now classified as safety-related, NSRST, or NST. Principal Design Criteria and Complementary Design criteria are established.
Recognizing the iterative nature of the steps in the LMP methodology, the PRA may have been revised several times as the design matures until each of the above bullets is accomplished. The process may differ depending on the licensing strategy, e.g. whether the first licensing step is an application for a CP, Design Certification, or Combined Operating License (COL). The regulatory expectations for scope and level of detail of a PRA supporting a CP application are lower than the expectations for a PRA supporting an application for which more plant design information should be available.
PRAs at the Operang License Stage The scope and level of detail of the PRA at the time of the operating license would likely be much more than the initial PRA, depending on when the PRA was introduced in the design and licensing process. In the development of NEI 18-04, the goal was to produce a stable set of safety-related SSCs and DBAs based on an internal events, at-power PRA. When internal and external hazards are introduced into the PRA there may be new AOOs, DBEs, and BDBEs, and the previously identified LBEs may have different frequencies, consequences, and/or uncertainties. In addition, the PRA will be less reliant on assumptions that had been made previously due to lack of as-built and as-operated details. If the initial licensing step were a Design Certification Application, there would be differences in the PRA inputs associated with the site.
The revisions to the AOOs, DBEs, and BDBEs in this stage of the PRA would result in changes to the risk significance evaluation of LBEs and SSCs. Because the evaluation of DID adequacy begins with the risk significance evaluations, the original DID baseline would likely be different
Technology Inclusive Management of Safety Case:
White Paper 49 than what was done in the early application of LMP. These changes would impact the safety classification of SSCs. It is more likely that this could change the classification of NSRST SSCs and less likely that safety-related SSCs would be impacted. If the DBHLs had been initially selected deterministically, to the extent that such hazards are now part of the PRA, there would be an opportunity to revise the selection of DBHLs and the associated design and special treatment requirements for protecting the safety-related SSCs against the hazards.
The PRA team develops and maintains the PRA and contributes to the IDP responsible for all the RIPB decisions that contribute to the LMP design and licensing basis. All IDP participants are engaged in understanding risk inputs to decisions. Evaluation of DID adequacy focuses on uncertainties and limitations of the PRA.
Managing Changes to the PRA Changes to PRA Scope The technical adequacy of the PRA is established by meeting the technical requirements in the non-LWR PRA Standard, which would support a full-scope PRA that covers all radionuclide sources, operating states, and hazards. However, the standard itself does not require that a PRA cover the full scope reflected in the requirements. Section 3.1 and the text supporting the PRA Application Flow Chart in Figure 3-1 in Reference 59 clearly states that the user selects scope, the set of applicable requirements, and the capability category within the requirements based solely on intended applications. A given application may only require that certain hazard groups, initiating events, SSCs, event sequences, and extent of resolving consequences may be needed.
The user then selects which technical requirements and capability categories are used to define the scope of the PRA. The PRA Standard does not specify that all the technical elements and requirements be addressed in a given PRA. The PRA scope, level of detail, selection of technical requirements, and capability categories from the PRA Standard are completely determined by the PRA applications.
The PRA Standard recognizes two types of PRA updates, the PRA upgrade update and the PRA maintenance update. PRA upgrade is defined as a change in the PRA that:
results in the applicability of one or more SRs or Capability Categories (e.g., the addition of a new hazard model) that were not previously assessed in a peer review of the PRA, an implementation of a PRA method in a different context, or the incorporation of a method not previously used.
Any PRA update that does not meet the criteria for PRA upgrade are classified as PRA maintenance updates.
PRA upgrades require an updated PRA Peer Review that focuses on the items considered upgrades. PRA maintenance updates do not require an updated Peer Review.
Technology Inclusive Management of Safety Case:
White Paper 50 Changes to PRA Models and Inputs During plant operation there are several means of managing changes to PRA inputs and the state of knowledge that forms the technical basis for the PRA models and supporting data. The PRA Standard has requirements for PRA configuration control which are comprehensive and are expected to cover any conceivable change to the LMP licensing basis that could change the definition, frequency, or consequence of any LBEs or challenge the technical basis for any events that had been screened out of the PRA. The principle of the configuration control requirements is to ensure that PRA applications use a PRA that reflects the as-built and asoperated plant at the time of the application. The term applications can be applied to riskinformed decisions made in the LMP process as well as other applications of the PRA.
The scope of items addressed in the configuration control requirements include:
Operating procedures and practices (e.g., operations orders)
Emergency and abnormal operating procedures Design configuration Initiating event frequencies System or subsystem unavailability Component failure rates Maintenance policies Operator training Tech Specs Engineering calculations Emergency plan Event management programs Relevant industry performance Changes to external facilities, sources of external hazards, or internal or external features that impact how external hazards may affect the plant Changes in industry experience that could impact: o Estimation of initiating event frequencies o Generic system or subsystem unavailability o Generic component failure rates; and o Initiating events and their frequencies.
Changes to the PRA technology that could change the results of the PRA model.
Commented [WR19]: A way to look at TIMaSC is that it is the framework to ensure these matters get evaluated and are integrated into the PRA (and vice versa) and other supporting analyses to maintain or reconcile the licensing basis with actual configuration of plant, personnel, and programs. If constructed in a certain way, TIMaSC would itself have no specific output but would be used to integrate activities and communications. For example, an SSC fails to meet a performance target and that triggers an action under a program (IST, ISI, maintenance rule, etc.). TIMaSC as a program could perhaps only ensure that procedures call out the connections between performance targets and PRA and the need to communicate and either revise the targets, revise the program, or revise/replace the SSC (this is hopefully understood but TIMaSC as a framework would provide structure). Per the previous comment, TIMaSC is the vehicle to ensure licensees do not become fragmented and isolated into various silos and we want to avoid simply adding another silo.
Technology Inclusive Management of Safety Case:
White Paper 51 The objectives of the Configuration Control Program used to develop the technical requirements in the PRA Standard assume the program will include: (paraphrased from Section 5 in Reference 59):
A process for monitoring changes which covers changes to the plant design, operation, PRA technology, and industry experience A process to update and upgrade the PRA in a manner that reflects the as-built, asoperated plant (or as-designed, as intended-to-operate plant for PRAs done in preoperational phases), as needed to support PRA applications A process that addresses the cumulative impact of pending changes in the performance of risk applications A process that maintains configuration control of computer codes and associated files used in PRA models Documentation to provide traceability of the work Based on a preliminary review of the technical requirements in the standard for configuration control, these requirements are sufficiently comprehensive for the purpose of developing TIMaSC guidance. The specific items listed in the technical requirements cover changes in design, operations, procedures, training, analytical tools, and emergency planning, as well as new information that would impact PRA models and supporting data.
RG 1.247 has additional guidance on PRA configuration control in Regulatory Position C.1.4 which aligns with the considerations in the non-LWR PRA Standard. In addition, Regulatory Position C.2.2 provides guidance on PRA Upgrades and newly developed methods. Regulatory position C.3.2 focuses on Development and Use of an Acceptable Probabilistic Risk Assessment and relies on the non-LWR standard and PRA Peer Review Process as described in NEI 20-09. TIMaSC licensees are assumed to be following this guidance which would require a configuration control process in line with the non-LWR PRA Standard, a Peer Review carried out in line with NEI 20-09, including closure reviews as needed to justify PRA acceptability for the Operating License or COL application.
Most pertinent to TIMaSC is the non-LWR PRA Standard requirement to update and upgrade the PRA in a manner that reflects the as-built, as-operated plant (or as-designed, as intended-tooperate plant for PRAs done in pre-operational phases), as needed to support PRA applications. This is consistent with RG 1.247 position C.1.4: The applicant or licensee will consider the cumulative impact of any changes to the plant and PRA model, as needed, on the Commented [WR20]: Would it be worth stating that most changes and performance feedback are expected to be addressed via routine maintenance/updates and would not trigger the need for an upgrade.
Technology Inclusive Management of Safety Case:
White Paper 52 results of the PRA and on any applications thereof being performed or considered between any periodic update of the PRA. RG 1.20051 for LWRs has similar language, with a bit more detail:
The licensee or applicant will consider the cumulative impact of those plant changes or PRA model improvements, as needed, on the results of the PRA and applications being performed between any periodic update of the PRA; changes that would impact risk-informed decisions are addressed in the context of the application or implemented prior to the application.
NRC raised a valid concern in its pre-decisional Draft Guide52 for NEI 22-05 (TIRICE):
The staff expects that additional guidance will be prepared for maintaining PRAs, monitoring plant performance, evaluating changes in SSCs and procedures, and related impacts on the capabilities and availabilities of SSCs that are designated as non-safety-related with special treatment.
Such guidance should be considered for incorporation into the TIMaSC Guidance Document.
RG 1.174 provides an approach for using PRA in risk-informed decisions on changes to the licensing basis of LWRs, and the guidance document includes guidelines for ensuring the acceptability of a PRA. By addressing the configuration control requirements in the non-LWR PRA Standard and RG 1.247 and applying the monitoring requirements for safety-significant SSCs called for in NEI 18-04, the implementation requirements for changes in RG 1.174 would also be satisfied. In Section 3 of RG 1.174, the following statement is provided on expectations for implementing a change after approval of a License Amendment Request (LAR) following RG 1.174:
Therefore, an implementation and monitoring plan should be developed to ensure that the engineering evaluation conducted to examine the impact of the proposed changes continues to reflect the actual reliability and availability of the SSCs evaluated. This ensures that the conclusions drawn from the evaluation remain valid.
TIMaSC Process for Managing PRA Updates The TIMaSC Guidance Document should include guidance for managing PRA updates and upgrades and uses of the PRA between updates to evaluate changes to the licensing basis. This guidance needs to consider the following points:
51 U.S. Nuclear Regulatory Commission, RG 1.200, Rev 3, Acceptability of Probabilistic Risk Assessment Results for Riskinformed Activities, December 2020.
52 U.S. Nuclear Regulatory Commission, Pre-Decisional Draft Regulatory Guide, Guidance for Technology-Inclusive Riskinformed Change Evaluation (TIRICE), December 2024.
Technology Inclusive Management of Safety Case:
White Paper 53 Full PRA updates that involve PRA models, significant levels of documentation, possibility of new peer reviews, etc., require a significant investment of resources.
An important reason for updating a PRA is to incorporate plant and SSC performance data that may impact the estimation of component failure rates and initiating event frequencies. Successive updates must be spaced apart adequately based on the properties of the Bayes updating process. A too short interval would yield statistically insignificant quantities of plant-specific data. Typical LWR PRAs perform major PRA updates (with documentation and possible updates to peer reviews) approximately once every two refueling cycles, or three to five years.
PRA models and risk insights from the previous PRA updates can be rather quickly applied to evaluate the risk significance of changes. Just as with the case for LWR risk monitors that evaluate change in core damage frequency (CDF) and large early release frequency (LERF) due to changes in equipment out of service, this is a PRA application and should not be confused with a PRA update or upgrade.
In the TIMaSC Guidance Document, the concept of a PRA Working Model should be considered that would include the following elements:
o The starting point are the PRA models used to define and quantify the frequencies and site boundary doses of the AOOs, DBEs, and BDBEs from the last PRA update.
o The Working Model would then be used to evaluate each change either by modifying the PRA models, changing PRA inputs, or using risk insights from the previous PRA update. The evaluation would be documented in a brief report that would identify how the PRA models were modified or used and the resulting impacts on risk-significant LBEs, SSCs, and DID evaluation. These evaluations would be made via the IDP.
o As each successive change is evaluated the Working Model would account for the cumulative impact of this and previous changes and the documentation would address both the incremental and cumulative impacts.
o The Working Model and the documentation for each change would be retained in the plant records, available for NRC audit, and provide a valuable resource for supporting the next PRA update.
o The above descriptions and uses of the Working Model should be considered PRA applications rather than a PRA update.
Technology Inclusive Management of Safety Case:
White Paper 54 o This approach is consistent with LWR PRA practice that manage major PRA updates as models of record and then clone these for day-to-day applications such as configuration risk management or risk-informed Tech Specs (RITS).
10 CFR 52.71(h)(2) requires an update every four years for plants with a COL. 10 CFR Part 53 proposed a five-year update requirement. There is no PRA requirement for a 10 CFR Part 50 licensee, but the ongoing rulemaking to harmonize Parts 50 and 52 (see Section 6.3.2) intends to align Parts 50 and 52 such that both require a PRA and impose the same requirements. For the current fleet, licensees using risk-informed programs like Risk Informed Completion Time (RICT) require an update every two refueling cycles. Some plants currently have refueling cycles as long as two years. Given the introduction of the TIMaSC proposed PRA Working Model concept, it is expected that more complete and resource intensive PRA updates and upgrades will need to be done no more frequently than every five years.
Updates to the SAR with respect to the PRA and the results of the PRA identified in Section 2.2.1 should be based on the frequency of PRA updates, not the frequency of evaluating changes.
A key principle in selecting the time frames for PRA updates is that they need to be performed deliberately and carefully and not rushed to meet arbitrary schedules. Also, analysing information from reliability and capability monitoring programs in LMP will take time to develop statistically meaningful results. This evaluation needs to address how the combination of evidence from monitoring programs and corrective actions taken to address deviations in performance impact the reliability and capability models used in the PRA.
Risk Metrics for Evaluang Changes The risk metrics used initially to develop the LMP design and licensing basis should be the focus of evaluating the risk significance of changes. These metrics include the risk significance criteria in NEI 18-04 for LBEs based on (i) comparing the frequencies and site boundary doses of AOOs, DBEs, and BDBEs individually against the F-C Target and cumulatively against the Cumulative Risk Targets and (ii) the SSC risk significance criteria based on keeping AOOs, DBEs, and BDBEs inside the F-C Target and making significant contributions to the Cumulative Risk Targets. This is necessary for preserving the design and licensing basis and for consistency with the TIRICE methodology for determining whether facility changes require a license amendment.
There are efforts underway to identify additional risk metrics for certain PRA applications such as RITS and an NRC Reactor Oversight Process for advanced reactors. It is important that such changes are used to supplement rather than replace the metrics employed in NEI 18-04. It is also
Technology Inclusive Management of Safety Case:
White Paper 55 important to avoid the use of relative risk metrics such as those used in LWR risk-informed applications, e.g. changes to CDF and LERF. It would be a poor use of resources to measure changes in risk levels that are insignificant when measured against the absolute risk targets adopted by LMP. It is noted that the non-LWR PRA Standard includes a comprehensive set of risk metrics (e.g., exceedance frequencies and expected number of early fatalities, latent health effects, person-rem, and quantities of radionuclides released, and plots of frequencies and consequences of event sequence families). Users may choose an appropriate risk metric to support a specific application.
Need for Criteria for Evaluang Impact of Changes It is intended that the TIMaSC Guidance Document that is derived from NRC engagement with this white paper will develop evaluation criteria similar to, and consistent with, those used in NEI 22-0553 that would be incorporated into the change management process for the plant.
However, the results of the evaluation for TIMaSC will be different from that of TIRICE, which was limited to the determination of whether a LAR was needed to meet the requirements of 10 CFR 50.59. For TIMaSC, the objective is to identify changes to the licensing basis documented in the TICAP part of the UFSAR.
The scope of items to consider might include:
Identification of any new hazards, changes to existing hazards, initiating events, or LBEs not identified in previous PRA updates Changes to the frequency or consequence of any LBE Changes to operating or maintenance procedures New results or insights on the plant response to events New results or insights related to mechanistic source terms Note that changes to initiating event frequencies, SSC reliabilities, or LBE frequencies might result from changes to supporting generic data as well as industry or plant-specific operating experience.
The outcomes of such criteria might include the following:
No risk-significant impacts on LBEs or safety-significant SSCs 53 Nuclear Energy Institute, NEI 22-05, Rev 0, Technology Inclusive Risk Informed Change Evaluation (TIRICE) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07, January 2024.
Commented [WR21]: Suggest that, as much as possible, TIMaSC provide guidance on entry into possible corrective actions where the related processes would define interactions with the NRC. For plant design changes related to UFSAR content, that guidance would be TIRICE. For SSC performance, the corrective actions might be addressed by programs such as maintenance rule for monitoring and IST/ISI for corrective actions and these have thresholds and vehicles for NRC interaction. The PRA updates could likewise use the TIRICE criteria related to frequency &
consequence of LBEs and cumulative risk targets for NRC interactions (the LBEs are summarized in the UFSAR and could thereby trigger the change provisions of 50.59 related to facility/procedures affecting design functions). TIMaSC would then provide the roadmap but perhaps avoid the need for new criteria by using the other processes to trigger NRC interactions. Those matters not triggering an NRC interaction would nevertheless be captured in plant documents (design, procedures, PRA).
Technology Inclusive Management of Safety Case:
White Paper 56 Need to submit a LAR List of items to include in next SAR update Role of Integrated Decision Process In the LMP methodology, RIPB decisions are implemented via an IDP. By the same token, when a PRA update is made, it is the role of the IDP to determine what changes to the licensing basis may result from new information from the PRA.
The IDP is introduced in NEI 18-04 with the following statement:
For advanced non-LWRs that are currently in various stages of design development, the IDP may be implemented by a cross-functional design team responsible for the process tasks shown in Figure 5-4. This cross-functional team includes those responsible for the design, operations, and maintenance program development and for performing the necessary deterministic and probabilistic evaluations identified in the figure.
NEI 18-04 offered the flexibility to introduce the application of the LMP methodology at any stage of design development, while encouraging early introduction to maximize the potential benefits to optimize the design. Given that it was expected that the mix of participants in the IDP would vary depending on the design stage when each RIPB decision to frame the safety and licensing basis is made. As an option, a standing panel referred to as an IDP Panel (IDPP) could be formed to make the decisions and establish and maintain the DID baseline.
In this methodology, an integrated decision-making process, IDP, is utilized for evaluating the adequacy of DID. How the process is implemented may vary depending on the state of design development, construction, or operations. It may be done integral to the design control process, like many other technical decisions or as part of a standing panel, referred to as the integrated decision-making process panel (IDPP), as is done with operational phase reviews. The decisions of the IDP should be documented and retained as a quality record; this function is critical to future decision-making regarding plant changes which have the potential to affect DID.
For an operating plant it is reasonable to expect that the standing panel or IDPP model would be appropriate. In some operating LWR plants such as the South Texas Project Generating Station that have implemented many risk-informed applications such as Risk-Informed Inservice Inspection, RIST, RITS, 10 CFR 50.69, etc. a single expert panel was formed to facilitate an integrated treatment of risk-informed decision-making (RIDM) against all applications. The TIMaSC Guidance Document should include a discussion on how PRA updates and other types
Technology Inclusive Management of Safety Case:
White Paper 57 of changes that may impact the LMP design and licensing basis are evaluated via the IDPP to maintain the DID baseline and the LMP design and licensing basis.
6.3 Key Documents Impacng PRA in LMP Regulatory Guide 1.247 RG 1.24754 is out for trial use and endorses the non-LWR PRA Standard with exceptions and the NEI Peer Review guideline NEI 20-09 without exceptions.
Section C.1.1 of RG 1.247 states that the PRA should be full scope as defined in the scope of requirements in the standard (all modes, hazards, sources, muti-reactor, source event sequences, etc.). This is covered in the following statement:
For most applications, an applicant or holder of a license, certification, or permit should address all radiological sources, all hazards, all POSs [plant operating states],
and all levels of analysis, as discussed in Regulatory Position C.1.1 of this RG.
With that being said, RG 1.247 also states:
However, in keeping with the philosophy of risk-informed decision-making, the staff recognizes that applicants may want to tailor the PRAs scope and level of detail commensurate with the role that the PRA results play in establishing the licensing basis and regulatory decision-making.
RG 1.247 largely aligns with the non-LWR standard in its definition of an upgrade while providing more guidance on Newly Developed Methods in Regulatory Position 2.2. Over the years, guidance has been developed to better align industry and NRC on what constitutes a PRA upgrade vs maintenance. In RG 1.200, NRC staff endorses Section 3 of PWROG-19027-NP, Revision 2, Newly Developed Method Requirements and Peer Review, issued July 2020,55 as one acceptable approach for determining whether a change to a PRA model is classified as PRA maintenance or a PRA upgrade. While developed for LWRs and the LWR PRA Standard, many of the same concepts apply to non-LWRs. The Pressurized Water Reactor Owners Group (PWROG) recently developed PWROG-20037-NP with examples of upgrades vs maintenance and NEI is working on development of a similar example document for non-LWRs.
54 U.S. Nuclear Regulatory Commission, RG 1.247 (Trial Use), Acceptability of Probabilistic Risk Assessment Results for NonLight Water Reactor Risk-Informed Activities, March 2023.
55 PWR Owners Group, PWROG-19027-NP, Rev 2, Newly Developed Method Requirements and Peer Review, July 2020.
Technology Inclusive Management of Safety Case:
White Paper 58 Note that the PRA Standard and RG 1.247 are not applicable to mobile reactors even though the vast majority of the Standards requirements should be applicable. However, mobile reactor plants may use the standard and gain NRC review and approval of how the standard has been used and what was done to assure technical adequacy of hazards and boundary conditions unique to a mobile reactor configuration.
PRA Requirements in 10 CFR Part 50 and Part 52 Currently, nuclear power reactors can be licensed under 10 CFR Part 50 (two-step licensing, with a CP followed by an operating license) or 10 CFR Part 52 (COL authorizing both construction and operation). NRC regulations in 10 CFR Part 52 require the use of PRAs. PRAs are not required in the regulations for plants with a 10 CFR Part 50 operating license. Most if not all advanced reactor developers using LMP appear to be starting their licensing engagement with a CP application under 10 CFR Part 50. Presumably, if plants starting with Part 50 later seek a Design Certification, they would then be subject to the Part 52 PRA requirement.
SECY-22-0052, Proposed Rule: Alignment of Licensing Processes and Lessons Learned from New Reactor Licensing56 describes the ongoing rulemaking in response to NRC Commissioners direction to resolve inconsistencies between the requirements in Part 50 and Part 52 and to incorporate lessons learned from initial licensing engagements with advanced reactor developers.
The part of this proposed rule that is relevant to PRA includes the following statement:
The proposed rule would extend the current probabilistic risk assessment requirements in 10 CFR Part 52 to apply to 10 CFR Part 50 applicants. The proposed rule also would expand the applicability of 10 CFR 50.69, Risk-informed categorization and treatment of structures, systems and components for nuclear power reactors, to allow design certification applicants, construction permit holders, and combined license holders to risk-inform the categorization of structures, systems, and components. The proposed rule would require future 10 CFR Part 50 power reactor applicants to address risk associated with all operating modes and initiating events for which NRC-endorsed consensus standards exist at the time of the application for the construction permit or combined license. Finally, the proposed rule would simplify the schedule for upgrading the probabilistic risk assessment.
56 U.S. Nuclear Regulatory Commission, SECY 22-0052, Proposed Rule: Alignment of Licensing Processes and Lessons Learned from New Reactor Licensing (RIN 3150-Al66), June 2022.
Technology Inclusive Management of Safety Case:
White Paper 59 The direction this appears to be heading is to modify Part 50 to require advanced reactor PRAs following NEI 18-04 to have full-scope PRAs as defined in the PRA Standard and RG 1.247.
The schedule for completing the rulemaking is uncertain.
The Part 52 rule and the proposed Part 50/52 harmonization rulemaking were both developed prior to the ADVANCE Act.57 In Staff Requirements Memorandum (SRM) SRM-SECY24-0008,58 the Commission directed the NRC staff as follows:
The staff should apply Congress regulatory direction in Section 208 of the Accelerating Deployment of Versatile, Advance Nuclear for Clean Energy Act of 2024, Public Law 118-67 (ADVANCE Act), which states that the Commission shalldevelop risk-informed and performance-based strategies and guidance to license and regulate micro-reactors including strategies and guidance for. risk analysis methods, including alternatives to probabilistic risk assessments. to more than just microreactors.
In light of this change in policy, to reflect the change in statute from the ADVANCE Act, alternatives to PRA may be considered. However, application of the LMP methodology in NEI 18-04, requires application of PRA.
LMP Documents Impacng the PRA NEI 21-07 TICAP NEI 21-0759 addresses the scope and content of portions of a SAR for applicants using the NEI 18-04 methodology. Section 2.1 of the SAR is to include an overview of the PRA. The PRA documentation, which can be extensive, is expected to be available as part of plant records for possible audit by the NRC staff. Section 2.1 also includes pointers to other sections in the SAR where PRA results are provided in the following forms as described in the following excerpts.
Chapter 3 presents LBEs that are supported by the results and risk insights for the event sequences modeled in the PRA. It includes a description of the events and a plot of the frequencies, consequences, and uncertainties of these LBEs with a comparison against the Frequency-Consequence Target in NEI 18-04 Figure 3-1. In addition, there is information derived from the PRA provided for LBEs including the description of the plant response, human actions, relevant phenomena, and 57 Nuclear legislation passed as part of the Fire Grants and Safety Act (Public Law No: 118-67) and signed into law on July 9, 2024.
58 U.S. Nuclear Regulatory Commission, SECY-24-0008, Micro-Reactor Licensing and Deployment Considerations: Fuel Loading and Operational Testing at a Factory, January 24, 2024.
59 Nuclear Energy Institute, NEI 21-07, Rev 1, Technology Inclusive Guidance for Non-Light Water Reactors Safety Analysis Report Content for Applicants Using the NEI 18-04 Methodology, February 2022.
Technology Inclusive Management of Safety Case:
White Paper 60 radiological consequences. The PRA results essential to the definition and evaluation of LBEs are included in Chapter 3.
Chapter 4 presents the PRA results for the integrated risks across all of the LBEs and compares them to the NEI 18-04 cumulative risk metrics. It also describes the DID evaluation, which is informed by an evaluation of uncertainties, assumptions, and limitations in the PRA to ensure that DID protective measures have been incorporated to address them, where warranted.
Chapter 5 presents the PRA safety functions addressed by safety-related SSCs and NSRST SSCs. It includes identification of risk-significant and other safety-significant SSCs, including any associated human actions.
Chapters 6 and 7 address reliability and capability targets for safety-related SSCs and NSRST SSCs. These targets account for any human actions that may be necessary to perform the safety functions, or to provide a backup to functions achieved via automatic means for safety-significant SSCs. These targets and the resulting special treatments defined in Chapters 6 and 7 and associated programs defined in Chapter 8 are informed by inputs from the PRA including results and insights.
Regulatory Guide 1.253 Endorsing TICAP60 NRC approved of the approach to documenting the PRA in Section 2 of NEI 21-07 with clarifications as noted in the following statements:
Section C.2 of NEI 21-07, Revision 1, describes an acceptable method for developing baseline information related to the PRA (i.e., an overview of the PRA), source term analysis, DBA analytical methods, and other methodologies and analyses pertinent to the LMP-based safety analysis.
Addition: Section C.2.1.1 of NEI 21-07, Revision 1, Overview of PRA, includes a subsection titled, Two-Step Licensing (CP Content). This section notes that as part of a CP application the applicant should address the last five items in the Section 2.1.1 list, consistent with the state of the plant design and the PRA at the time of the CP application. In addition to these five items, the application should include the 60 U.S. Nuclear Regulatory Commission, RG 1.253, Guidance for a Technology-Inclusive Content of Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors, March 2024.
Technology Inclusive Management of Safety Case:
White Paper 61 item in the Section C.2.1.1 list labeled Identification of the sources of radionuclides addressed and the sources of radionuclides that were screened out.
- d. Clarification: As noted in Section C.2.1.1 of NEI 21-07, a CP applicant should describe the attributes of the PRA in the application. In addition to these attributes, as amended by position C.3.c above, the CP application should also discuss topics such as the PRAs conformance to RG 1.247 for trial use, and NEI 20-09, if a Peer Review is performed at the CP stage. Appendix A of this RG 1.253, Revision 0, provides additional guidance on demonstrating the acceptability of the PRA supporting the CP application.
Whenever the SAR for an operating advanced reactor is updated, the PRA content should remain compliant with the NEI 21-07 guidance.
NEI 22-05 (TIRICE)
NEI 22-0561 includes evaluation criteria for deciding whether a proposed change in the scope of the guidance needs NRC approval via LAR. TIRICE did not address how changes would impact the LMP licensing basis whether or not a LAR was required. For those that exceed criteria involving risk TIRICE does not provide guidance for how risks will be managed to help justify the LAR.
When evaluating changes against the TIRICE evaluation criteria there are many changes that may impact the frequency or consequences of LBEs or the reliability or capability of SSCs that do not exceed the evaluation criteria for submitting a LAR. However, tabletop exercises performed during the development of TIRICE showed that such changes may impact the LMP licensing basis (see Figure 5-4 of NEI 18-04) necessitating changes to special treatments or compensating measures to offset the risk impacts of a given change or combinations of changes.
For applying the evaluation criteria, TIRICE assumes that the plant PRA scope is sufficient to determine whether or not TIRICE risk-informed evaluation criteria are met. However, LMP allows for the use of deterministic elements within the design basis. For example, DBHLs (including external hazards such as vibratory ground motion) may be treated in a deterministic manner, as discussed in NEI 22-05, Section 6.1.1. If a facility change is linked to a deterministic element, it may not be appropriate to solely rely on TIRICE evaluation criteria in determining the need to amend the licensing basis prior to implementing the change. This appears to be a gap in the current guidance, and that gap will be addressed as a part of TIMaSC.
61 Nuclear Energy Institute, NEI 22-05, Rev 0, Technology Inclusive Risk Informed Change Evaluation (TIRICE) Guidance for the Evaluation of Changes to Facilities Utilizing NEI 18-04 and NEI 21-07, January 2024.
Commented [WR22]: Does this warrant a discussion and possible revision to RG 1.261 (endorsing NEI 22-05) while it is still awaiting final reviews and publication? Another option would be to make a note that a DBHL be considered a Safety-Related Design Criterion in Criterion (e ) which would trigger a license amendment if a SR SSC could not function when faced with a DBHL or for a proposed change to a DBHL.
Technology Inclusive Management of Safety Case:
White Paper 62 In industry and NRC meetings to support the review of TIRICE, comments were raised in which the resolution was deferred to subsequent guidance. In addition, potential considerations for TIMaSC guidance arise from the final form of the TIRICE guidance. These considerations are summarized below.
TIRICE evaluation criteria focus on whether an LAR is needed to justify a proposed change within the scope of 10 CFR 50.59. TIMaSC will need to consider how changes already made as well as changes outside the scope of 10 CFR 50.59 may alter the LMP licensing basis and how those changes will be processed in terms of license amendment requests, UFSAR updates, and changes to specific elements of the LMP licensing basis.
TIRICE evaluates the risk impact of specific individual changes, but it does not address cumulative risk impacts of many changes.
TIRICE does not address PRA configuration control.
Some plant changes are outside the scope of TIRICE (see Section 3.2).
Ripple effects of changes on the licensing basis should be addressed, whether or not they trip any of the NEI 22-05 evaluation criteria. Such ripple effects propagating through multiple elements of the safety case may include changes in SSC safety classification, selection of reliability and capability targets, special treatments, monitoring programs, and DID evaluation baseline.
When the TIMaSC guidance for PRA configuration control is developed, it should be clarified as to what elements of the PRA are updated when. It should not be difficult to maintain working versions of the PRA computer models that can be updated rather efficiently and keep a running account for accumulated changes since the last major PRA update. It is a different matter to accomplish a complete update with all the PRA documentation, additional peer reviews, the Peer Review documentation of findings and closure of findings.
As noted earlier, there is a possible gap identified in TIRICE. If a change needs to be addressed using the TIRICE evaluation criterion and the change relates to a hazard, protections against the hazard, or other possible contribution to risk that was outside the scope of the PRA, it is not clear how criteria associated with changes in LBE or SSC risk significance are to be applied. This will be addressed as a part of TIMaSC.
NEI 24-05 RIPB Emergency Planning NEI 24-0562 provides guidance on the development of emergency plan parameters for plants following the LMP methodology. There are regulatory requirements to maintain configuration 62 Nuclear Energy Institute, NEI 24-05, Rev 0, An Approach for Risk-Informed Performance-Based Emergency Planning, June 2024.
Commented [WR23]: See above - however, need to differentiate between the DBHL for SR SSCs and the broader consideration of hazards within the PRA (or supplementary analyses that would largely be for addressing selected BDBEs (low frequency high consequence external hazards). As noted elsewhere, TIMaSC will likely need to provide some guidance or pointers to other guidance for how to maintain the coordination between design/programs/analyses related to alternate approaches (e.g., a seismic margins approach)
Technology Inclusive Management of Safety Case:
White Paper 63 control of the EP and associated documents. Changes to the EP could possibly impact the calculation of LBE consequences. The configuration control requirements in the PRA Standard specifically call out the need to consider such changes in the PRA configuration control. This should be addressed in the TIMaSC Guidance Document.
PWROG-20037-NP Revision 063 In the PRA Standard, PRA updates are classified as maintenance updates or upgrades. The former are considered routine and do not require any updates to previously completed peer reviews. Upgrades are defined when the updates involve the incorporation of new methods that were beyond the scope of previous peer reviews and thus require additional peer reviews. It is anticipated there will be major PRA updates every four or five years. The TIMaSC Guidance Document should address how the major periodic updates and the working models derived from those updates will be managed to evaluate (i) individual changes and (ii) the cumulative impact of successive changes between major updates.
6.4 Takeaways for the Role of PRAs in TIMaSC Based on the information developed in this section, the following insights should be considered when defining the role of the PRA in the TIMaSC Guidance Document:
In meeting the configuration control requirements in the PRA Standard, it will be necessary to have a configuration control program that addresses the risk impacts of any changes to the design, operations, emergency planning, and other PRA inputs reflecting the state of knowledge regarding the capabilities and reliabilities of all PRA modeled systems. Thus, the PRA configuration control program should play an important role in TIMaSC.
NEI 18-04 includes a brief section with criteria to evaluate changes to the LMP safety case that should be considered in developing the TIMaSC guidance. The iterative nature in making RIPB decisions in maintaining DID adequacy is reflected in the snake chart (Figure 5-4 of NEI 18-04) which should be incorporated into the TIMaSC Guidance Document.
TIRICE was focused on deciding whether a LAR needs to be submitted prior to implementing facility changes as defined in 10 CFR 50.59. TIRICE did not fully address the impacts of changes on the LMP-based licensing basis as discussed in Section 6.3.
63 PWR Owners Group, PWROG-20037-NP, Rev 0, PRA Upgrade/Maintenance and Newly Developed Methods Examples, May 2023.
Commented [WR24]: See above for agreement with this statement and possibility to take this statement a little further to have TIMaSC be an approach or framework that ensures various activities are coordinated but may not need to introduce a separate round of evaluations beyond those in the initiating activity (e.g., performance monitoring) and the affected activity (e.g., program, design, analysis). However, understand that this would require appropriate confirmations and, if needed, additions to a variety of program documents (e.g., maintenance program to ensure coordination with PRA, corrective actions, etc.). While suggesting to embed this in appropriate documents vs introduce a separate process, acknowledge that other approaches can be used and ultimately will depend on what is thought to be more effective and efficient.
Technology Inclusive Management of Safety Case:
White Paper 64 The TIMaSC guidance should define how TIRICE and TIMaSC work together to address changes to the LMP-based licensing basis both within and outside the scope of TIRICE.
The capability to evaluate the risk significance of changes including changes to the definition and risk significance of LBEs and SSCs is in part based on the scope of the PRA. TIRICE presumed a full-scope PRA and did not specifically address changes to a plant capability or hazard that is outside the scope of the PRA.
The risk metrics used to support RIPB decisions that comprise the LMP licensing basis, including the comparison of LBE frequencies and consequences against the F-C Target, Cumulative Risk Targets, and SSC risk significance criteria linked to the F-C and Cumulative Risk Targets, should be used to evaluate changes under TIMaSC as they were in TIRICE. These evaluations can leverage the opportunity afforded in the PRA Standard to perform bounding calculations to demonstrate that Quantitative Health Objectives (QHOs) have been met for plant with small source terms.
The TIMaSC Guidance Document should achieve the following:
o Consider providing additional guidance on the role of the IDP in the evaluation of changes, considering that the IDPP in place during the operational phase may have a different mix of participants than those responsible for the IDP decisions made in formulating the original licensing basis.
o Provide guidance on the frequency and scope of different types of PRA updates and upgrades. This guidance should distinguish between updates of PRA models which can be efficiently maintained in real time vs. complete PRA updates that include the PRA documentation and any needed Peer Review updates and associated Peer Review finding closure reviews and their associated documents. It should also provide clear criteria by which a change in the Working Model would require an emergent model of record update and update to the licensing basis.
This guidance should address how often the PRA results presented in the UFSAR need to be incorporated into UFSAR updates.
o Provide guidance on the scope and use of a PRA Working Model for evaluating specific changes and the cumulative impacts of multiple changes between successive PRA updates.
o Address how information from monitoring programs such as reliability assurance programs, ASME Section XI Division 2 RIM, and Maintenance Rule programs is used to evaluate impacts on SSC reliability and capability against the reliability and capability targets and how any revisions to the targets should be handled.
Such guidance should address how the corrective action program addresses
Technology Inclusive Management of Safety Case:
White Paper 65 deviations in performance and how deviations impact the reliability and capability of the SSCs reflected in the PRA.
7.0 OTHER TOPICS The focus of this section is specific topic areas that are potentially related to an LMP-based safety case but for which no decision has been made to include in the TIMaSC report. LMP has implications beyond the initial licensing of a design and beyond the core of the safety case laid out in NEI 18-04. NRC began to identify additional interfaces in the ARCAP guidance, and this document continues to describe the full scope of impacts with the goal of identifying future projects and considerations for management of the licensing basis.
This section provides focused discussion on 11 topic areas and their role in the LMP-based safety case and licensing basis. In some cases, additional guidance is needed and efforts outside of TIMaSC are underway or in the planning stages to provide it. Section 8 includes tables summarizing the disposition of issues discussed in this white paper with respect to development of further guidance in TIMaSC. All 11 issues in this section are listed in Table 4, Issues Not to Be Addressed in TIMaSC Guidance. With that being said, guidance developed as part of TIMaSC should include consideration of the issues, and TIMaSC guidance will address areas in which additional work is needed and anticipated.
7.1 Risk Metrics
Background
NEI 18-04 relies on three risk metrics:
The total frequency of exceeding a site boundary dose of 100 mrem from all LBEs should not exceed 1/plant-year. This metric is introduced to ensure that the consequences from the entire range of LBEs from higher frequency, lower consequences to lower frequency, higher consequences are considered. The value of 100 mrem is selected from the annual exposure limits in 10 CFR 20.
The average individual risk of early fatality within 1 mile of the exclusion area boundary shall not exceed 5x10-7/plant-year (early fatality QHO) to ensure that the NRC safety goal for early fatality risk is met.
The average individual risk of latent cancer fatalities within 10 miles of the exclusion area boundary shall not exceed 2x10-6/plant-year (latent cancer QHO) to ensure that the NRC safety goal for latent cancer fatality risk is met.
These risk metrics are valuable for establishing baseline risk and safety for a plant but are problematic from the perspective of online risk monitoring.
Technology Inclusive Management of Safety Case:
White Paper 66 NRC has long utilized the risk metrics of CDF and LERF for RIDM with acceptance guidelines provided in RG 1.174. However, CDF is not well defined for some advanced reactors. TRISO fuel does not have a cliff-edge effect where the fuel has begun to melt or it has not, instead radionuclide retention performance degrades as a function of time and temperature for the many individual fuel particles within a reactor. The story is even more complicated for liquid-fueled reactors, for which core melt has no meaning. In addition, the performance objectives are calculated from consequences of large light water reactors and may not be appropriate for small light water reactors, non-LWRs, or microreactors.
EPRI has explored alternative risk metrics for advanced reactors64 and published a proprietary report on the subject. The QHOs play an important role in the NEI 18-04 methodology, but EPRI noted potential concerns associated with direct application of QHOs for operational decisionmaking. At the same time, the current LWR risk metrics (CDF and LERF) are unsuitable for application to advanced reactors. EPRI has proposed a technology-inclusive alternative risk metric for advanced reactors.
NEI intends to build on the EPRI work and utilize the guidance in SRM-SECY-10-012165 to propose a technology-inclusive risk metric with performance objectives that meet the QHOs and acceptance guidelines equivalent to those in RG 1.174.
Risk Metric Impact on Management of the Safety Case Depending on the success of the NEI project, it may be possible to incorporate the resulting risk metric into aspects of an LMP licensing basis. At this point in time, however, there is insufficient information and too much uncertainty to address a new risk metric as part of TIMaSC.
7.2 Risk-Informed Technical Speci"caons
Background
NRC published DANU-ISG-2022-08, Risk-Informed Technical Specifications66 as part of ARCAP to supplement the guidance in NEI 21-07 which NRC endorsed in RG 1.253. The TIMaSC team generally aligns with the guidance in the ISG but notes that the guidance references RG 1.174 and RG 1.177 which are reliant on the risk metrics of CDF and LERF. As discussed in the Risk Metrics section above, these metrics are not technology-inclusive and therefore additional guidance may be necessary for RIDM in the context of RITS. This RIDM guidance is not in the scope of this project, but NEI intends to propose RIDM guidance for 64 Electric Power Research Institute, Risk Metrics for Advanced Reactors, Eric Thornsbury, presentation to the NRC Workshop on Advanced Reactor Risk Metrics, July 18, 2024.
65 U.S. Nuclear Regulatory Commission, Staff Requirements Memorandum for SECY-10-1021, Modifying the Risk-Informed Regulatory Guidance for New Reactors, March 2, 2011.
66 U.S. Nuclear Regulatory Commission, Interim Staff Guidance DANU-ISG-2022-08, Risk-Informed Technical Specifications, March 2024.
Technology Inclusive Management of Safety Case:
White Paper 67 advanced reactors in a 2025 submittal to NRC. The ISG describes six critical aspects of Tech Specs:
- 1. Safety Limits
- 2. Limiting Safety System Settings (LSSSs)
- 3. Limiting Conditions of Operation (LCOs)
- 4. Surveillance Requirements
- 5. Design Features
- 6. Administrative Controls Evaluaon As discussed in the ISG, Safety Limits and LSSSs are aligned with the process laid out in NEI 18-04. For Safety Limits, The NEI 18-04 process provides insights on identification of barriers that guard against the release of radioactivity. Specifically, NEI 18-04 calls for the identification of reactor design-specific functional criteria that are necessary and sufficient to meet RSFs that maintain the consequences of one or more DBEs or the frequency of one or more high-consequence BDBEs inside the Frequency-Consequence (F-C) Target.
For LSSSs, In the definition of LSSSs in 10 CFR 50.36(c)(1)(ii)(A), the phrase settings for automatic protective devices related to those variables having significant safety functions can be correlated to NEI 18-04 outputs related to reactor design-specific functional criteria that are necessary and sufficient to meet RSFs.
Licensees will have flexibility in setting the Safety Limits and LSSS, taking into account design margins and margin to the targets established under LMP.
Limiting Conditions of Operation (LCOs) may be impacted by new information in two ways: 1) the set of equipment in scope, which is limited to the risk-significant SSCs or 2) the completion times for various LCOs. If new information results in a PRA update which results in regulatory thresholds being exceeded, one option for the IDP is to reclassify SSCs as safety-related or risksignificant. This process is covered in the PRA section of the report but could require increasing the scope of the Tech Spec LCOs. This would require a LAR, and consideration should be given to the addition of LCOs in the Tech Specs. Similarly new information could
Technology Inclusive Management of Safety Case:
White Paper 68 result in reducing the scope of safety-related or risk-significant SSCs which would allow a LAR that could remove Tech Spec LCOs.
For Item 2, most LMP Tech Specs are expected to utilize guidance similar to NEI 06-09 which would leverage the PRA to identify RICTs based on the risk of plant configurations when safetyrelated SSCs are taken out of service. In such a case, the Tech Specs read, In accordance with the Risk Informed Completion Time Program, and that should remain true regardless of new information. However, the time calculated would change based on new information and new information should propagate through the PRA (with an emergent PRA update if necessary) similar to the operating fleet plants utilizing the RICT program.
Surveillance Requirements may be impacted by new information in two ways: 1) The set of equipment in scope, which is limited to the risk-significant SSCs or 2) the surveillance frequencies for various SSCs. If new information results in a PRA update which results in regulatory thresholds being exceeded, one option for the IDP is to reclassify SSCs as safetyrelated or risk-significant. This process is covered in the PRA section of the report but could require increasing the scope of the Tech Spec Surveillance Requirements. This would require a LAR, and consideration should be given to the addition of surveillance requirements in the Tech Specs. Similarly new information could result in reducing the scope of safety-related or risksignificant SSCs which would allow a LAR that could remove Tech Spec Surveillance Requirements.
For Item 2, most LMP Tech Specs are expected to utilize guidance similar to NEI 04-10 which would leverage the PRA to identify surveillance frequencies based on the risk associated with degradation reliability of the safety-related SSCs. In such a case, the Tech Specs read In accordance with the Surveillance Frequency Control Program and that should remain true regardless of new information. However, the frequency calculated would change based on new information and new information should propagate through the PRA (with an emergent PRA update if necessary) similar to the operating fleet plants utilizing the SFCP program. As currently envisioned, the IDPP would serve the role of the SFCP Integrated Decision-Making Panel.
Design features in Tech Specs can be correlated to the design features that provide the RSFs determined via the NEI 18-04 process. These should generally be set in a way that should not be dependent on new information. Design features should only be changed via engineering changes that would be assessed under the guidance of NEI 22-05.
Administrative Controls are the provisions relating to organization and management, procedures, record keeping, review and audit, and reporting necessary to assure operation of the facility in a safe manner. Administrative Controls can be derived, in part, from the development of special treatment and the Application of Programmatic DID Guidelines described in the NEI 18-04 process. Most Administrative Controls will be applied following traditional guidance with little
Technology Inclusive Management of Safety Case:
White Paper 69 opportunity for new information to result in changes to the Administrative Controls section of the Tech Specs.
RITS Impact on Management of the Safety Case It is assumed that Safety Limits and LSSSs will be chosen with sufficient margin that changes will be rare. However, if new information were to necessitate a change in the functional criteria linked to Safety Limits or LSSSs a LAR would be required.
LCOs and Surveillance Requirements should remain mostly unchanged with new information.
However, if the scope of risk-significant SSCs increases, a LAR may be required which would increase the scope of SSCs with LCOs and surveillance requirements in the Tech Specs.
Changes impacting the design features portion of the Tech Specs should be assessed under NEI 22-05 and are unlikely to change via new information.
Administrative Controls are unlikely to change due to new information.
7.3 Reliability Assurance Program
Background
The need for a safety-oriented reliability effort for the nuclear industry was identified by the U.S.
NRC in the Three Mile Island Action Plan (NUREG-0660) Item II.C.4. In SECY-89-013, Requirements Related to the Evolutionary ALWR, the staff stated that the RAP would be required for Design Certification to ensure that the design reliability of safety-significant SSCs is maintained over the life of a plant. In November 1988, the staff informed the advanced LWR vendors and EPRI that it was considering this matter. Since that time, the staff has had numerous interactions with the industry regarding RAP. These included discussions and subsequent safety evaluation reports on the EPRI utility requirements document and for both evolutionary designs.
Relevant discussion on the RAP is also included in SECY-94-084, Policy and Technical Issues Associated with the Regulatory Treatment of Non-Safety Systems in Passive Plant Designs and SECY-95-132.
SECY-89-013 states:
Certification of a design will be based in part upon a PRA of that design. In that the validity of a PRA is highly dependent on the reliability of systems, structures, and components, the staff requires assurance that programs will be implemented that will ensure that the reliability of those systems, structures, and components (assumed in analyses) will be maintained throughout plant life. Therefore, a program to ensure design reliability must be provided as part of the FDA application. This program, which will be certified as part of the design, should address items such as (1) the
Technology Inclusive Management of Safety Case:
White Paper 70 technical specifications and ISI/IST, (2) the maintenance program, (3) plant procedures, and (4) security.
SECY-95-132 includes a revised section of SECY-94-089 and states:
On Item E (Reliability Assurance Program), the SRM approved a Design Reliability Assurance Program (D-RAP) subject to the resolution of the recommendation by the Office of the General Counsel to implement the D-RAP using the inspections, tests, analyses, and acceptance criteria (ITAAC) process. The SRM disapproved the staff's proposal that an Operational Reliability Assurance Program (O-RAP) be continued for the life of the COL. In response to the instructions of the SRM, the staff modified SECY-94-084 to: 1) revise the statement of purpose of the Reliability Assurance Program; 2) require the use of the Maintenance Rule methodology for performance monitoring so that industry design reliability assumptions are not translated into new regulatory requirements; 3) require the D-RAP to be verified using the ITAAC process; 4) remove the requirement that a separate O-RAP exist for the life of the plant; and 5) incorporate the objective of the D-RAP into existing programs. These clarifications are reflected in the revised text of SECY-94-084 in Attachment 2.
In accordance with the SRM, the staff has determined that most of the objectives of the Operational Reliability Assurance Program can be encompassed by programs established in order to implement existing requirements, such as the Maintenance Rule (10 CFR Part 50.65) or the Commission's quality assurance criteria (10 CFR Part 50, Appendix B). Failures caused by design errors or operational errors that degrade non-safety, risk-significant SSCs, however, are outside the scope of existing requirements. Design and operational reliability assurance activities for such SSCs is a relatively small part of the operations phase reliability assurance activities and does not warrant expanding the existing regulatory framework.
Standard Review Plan The recommendations from SECY-95-132 were implemented into Standard Review Plan (SRP)
SRP 17.4, which states:
The RAP should be implemented according to the recommendations of SECY-95-132, Policy and Technical Issues Associated with the Regulatory Treatment of Non-safety Systems (RTNSS) in Passive Plant Designs, Item E, Reliability Assurance Program (May 22, 1995), approved by the Commission in the SRM to SECY-95-132 (June 28, 1995). The RAP applies to those SSCs, both safetyrelated and non-safety-related, identified as risk-significant (or significant contributors to plant safety). The SSCs within the scope of the RAP (referred to
Technology Inclusive Management of Safety Case:
White Paper 71 hereafter as RAP SSCs) are identified by using a combination of probabilistic, deterministic, and other methods of analysis to identify and quantify risk, including PRA, severe accident evaluation, assessment of industry operating experience, and expert panel deliberation.
Per SRP 17.4, the purpose of the RAP is to provide reasonable assurance of the following:
A plant is designed, constructed, and operated in a manner that is consistent with the risk insights and key assumptions (e.g., SSC design, reliability, and availability) from the probabilistic, deterministic, and other methods of analysis used to identify and quantify risk.
The RAP SSCs do not degrade to an unacceptable level of reliability, availability, or condition during plant operations.
The frequency of transients that challenge these SSCs is minimized.
These SSCs will function reliably when challenged.
SRP 17.4 defines the steps of the RAP as follows:
During the Design Certification (DC) phase, the DC applicant is responsible for developing and implementing those portions of the D-RAP that apply to the DC. This effort consists of:
(1) Developing the details of the D-RAP (e.g., scope, purpose, objectives, framework, and phases of the D-RAP) that will be implemented during the DC and COL phases, (2) Establishing and applying the programmatic controls of D-RAP during DC design activities, (3) Developing a comprehensive list of RAP SSCs (within the scope of the DC application) using a combination of probabilistic, deterministic, and other methods of analysis used to identify and quantify risk, (4) Implementing the appropriate QA controls for DC design activities for the non-safety-related RAP SSCs in accordance with Part V of SRP Section 17.5, and (5) Proposing a Tier 1 ITAAC for the COL D-RAP.
Prior to initial fuel load, the COL licensee is responsible for implementing the DRAP, which consists of:
Technology Inclusive Management of Safety Case:
White Paper 72 (1) Applying the programmatic controls of D-RAP during COL design and construction activities (which includes updating or maintaining the list of RAP SSCs as changes are made to the plant-specific design and PRA),
(2) Implementing the appropriate QA controls for COL design and construction activities for the non-safety-related RAP SSCs in accordance with Part V of SRP Section 17.5, and (3) Completing the ITAAC for the D-RAP.
The objective of the RAP during the operations phase of the plants license is to ensure that the reliability and availability of RAP SSCs are maintained commensurate with their risk significance. The RAP during the operations phase is implemented through regulatory requirements for SSCs, including the areas of: (1) the Maintenance Rule program established through 10 CFR 50.65, Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, (2) the QA program for safety-related SSCs established through Appendix B to 10 CFR Part 50, (3) QA controls for non-safety-related RAP SSCs established in accordance with Part V of SRP Section 17.5, and (4) the inservice inspection, inservice testing, surveillance testing, and maintenance programs. Prior to initial fuel load, the COL licensee identifies dominant failure modes and integrates RAP into operational programs.
During the operations phase of the plant, performance and condition monitoring is implemented to provide reasonable assurance that these RAP SSCs do not degrade to an unacceptable level of reliability, availability, or condition.
Most of the acceptance criteria in SRP 17.4 can be straightforwardly mapped to guidance in NEI 18-04 or the supporting guidance in ARCAP. Table 2 provides context of how the RAP acceptance criteria can be translated for LMP users.
Table 2. Standard Review Plan Criteria for a Reliability Assurance Program SRP Criterion SRP Requirement LMP Interpretaon A.1 Scope of RAP includes risk-signi"cant SSCs N/A - Opening secon for Design Control Document and covered in greater detail in later criterion.
A.2 RAP addresses reliability through QA and design QA Program (Appendix B) and other QA controls such as design control, con"guraon control, CAP, document controls, tesng protocols, etc.
covered and documented in the Quality Assurance Program Descripon.
Technology Inclusive Management of Safety Case:
White Paper 73 SRP Criterion SRP Requirement LMP Interpretaon A.3 Operaonal RAP addresses long-term monitoring NEI 18-04 risk-informed classi"caon process (Due to the 18-04 process being applied to all safety-signi"cant (SS) SSCs, the methodology can be expanded to scope in all SS SSCs. This also alleviates some of the NRC inspecon burden as much is based on risk signi"cance determinaon methodology and outputs.)
A.4 Risk-signi"cant SSCs iden"ed and jus"ed Speci"c to the use of expert panels in reviewing informaon associated with risk-signi"cance determinaon to compensate for PRA limitaons.
IDP expert panels are used per NEI 18-04. This requirement is N/A if RAP scope is expanded to include all SS SSCs.
A.5 PRA and expert judgment support SSC selecon SSCs iden"ed via NEI 18-04 risk-informed classi"caon. NEI 18-04 classi"caon process must document the basis for the classi"caon and the boundary (e.g. electrical, mechanical, and I&C) of the classi"caon and therefore inclusion in the program.
A.6 Program documentaon in FSAR and QA Manual NEI 18-04 process for determining failure modes.
A.7 Correcve acon process for degraded SSCs Design QA controls covered and documented in the Quality Assurance Program Descripon.
A.8 Reliability assurance extends from design to operaons ITAAC for Part 52. Veri"caon method for Part 50 would be informed by the DANU-ISG-2022-06 ARCAP guidance.
A.9 ITAAC or equivalent veri"caon mechanism N/A - Updates to the Design Control Document to include COL informaon. Covered in addional detail above and below.
B.1 QA consistent with Appendix B for safetyrelated SSCs This step updated Design Control Document RAP informaon to include site-speci"c informaon.
B.2 QA requirements de"ned for non-safety SSCs NSRST SSCs addressed via graded QA per NEI 18-04/QA Manual as covered and documented in the Quality Assurance Program Documents.
Technology Inclusive Management of Safety Case:
White Paper 74 B.3 Organizaonal responsibilies clearly assigned Operaonal Special Treatments such as: Maintenance Rule (10 CFR 50.65), Inservice Tesng/Inservice Inspecon programs, etc. See later secons for more detail. While only wrien with Part 52 in mind, this applies to Part 50 applicants.
B.4 Design, procurement, and tesng procedures governed Update to include COL informaon. See A.8.
The expert panel role required for a Reliability Assurance Program could be met via an LMP IDPP.
Reliability Assurance Program Impact on Management of the Safety Case Ensuring reliability and capability of safety-significant SSCs is clearly a fundamental component of the NEI 18-04 licensing basis. One means of accomplishing the reliability component is through a RAP. The RAP description in the SAR should be written generically for safety-related and NSRST SSCs so that changes in the scope of SSCs included in the program do not require change in the licensing basis. The program would increase monitoring and corrective action scope as necessary if the scope of safety-related and NSRST SSCs changes.
While not an explicit regulatory requirement, it is fair to say that a RAP is an NRC expectation for plants with an NEI 18-04 licensing basis. To better align industry and NRC expectations for RAP, NEI is contemplating providing a short document with guidance on the information required in Chapter 8 of the SAR on how LMP, QA, RIM, Post-Construction Inspection, Testing, and Analysis Program (PITAP), and Maintenance Rule guidance can meet NRC expectations for a RAP. Ultimately, a licensee may choose to forego a formal RAP if the other programs address sufficiently the reliability of safety-significant SSCs.
7.4 Maintenance Rule
Background
Compliance with the Maintenance Rule (10 CFR 50.65) is a key element of a Reliability Assurance Program. The Maintenance Rule requires monitoring of equipment reliability and availability, assessment of configuration risk prior to entering maintenance configuration, and a corrective action program for resolving issues with equipment reliability or availability. TIMaSC expects advanced reactor license applicants using LMP to generally follow 10 CFR 50.65, albeit with an exemption required for the definition of safety-related and NSRST SSCs within the scope of the Maintenance Rule.
Technology Inclusive Management of Safety Case:
White Paper 75 Existing guidance for Maintenance Rule implementation exists in NUMARC 93-0167 and NEI 18-10.68 This guidance relies on the traditional Maintenance Rule scope, and it which will need to be updated for LMP users. In addition, NEI 18-10 relies on risk metrics that may not be appropriate for an advanced reactor. NEI intends to provide Maintenance Rule guidance for advanced reactors leveraging the existing guidance in NUMARC 93-01 and NEI 18-10 along with the technology-inclusive advanced reactor risk metric discussed in Section 7.1. As currently envisioned, an IDPP could serve the role of the Maintenance Rule Expert Panel.
Maintenance Rule Impact on Management of the Safety Case The Maintenance Rule programmatic guidance should be written generically for safety-related and NSRST SSCs so that changes in the scope of SSCs included in the program do not require change in the licensing basis. The program would increase monitoring and corrective action scope as necessary if the scope of safety-related and NSRST SSCs changes.
7.5 Quality Assurance NEI 18-04 prescribes Appendix B QA for safety-related SSCs and owner-controlled QA for NSRST SSCs. A common choice is following NQA-1 for SSCs classified as safety-related under NEI 18-04 and ISO-9001 for NSRST SSCs. Several LMP applicants have received Safety Evaluations on Quality Assurance Program Documents, so guidance in this area is deemed sufficient. New information may change the scope of SSCs covered by the Quality Assurance Program Documents, but the licensing basis information for the QA program should remain the same. A LAR would have to address SSCs that become safety-related due to new information from a QA perspective as they likely lack design information expected for safety-related SSCs.
7.6 Reactor Oversight Process
Background
The Reactor Oversight Process is NRCs program to inspect, measure, and assess the safety and security performance of operating commercial nuclear power plants, and to respond to any decline in their performance. The NRC regulatory framework for reactor oversight is a riskinformed, tiered approach to ensuring plant safety. There are three key strategic performance 67 Nuclear Energy Institute, NUMARC 93-01, Rev 4, Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, December 2010.
68 Nuclear Energy Institute, NEI 18-10, Monitoring the Effectiveness of Nuclear Power Plant Maintenance, July 2019.
Technology Inclusive Management of Safety Case:
White Paper 76 areas: reactor safety, radiation safety, and safeguards. Within each strategic performance area are cornerstones that reflect the essential safety aspects of facility operation.
The LMP-based safety case will directly impact reactor safety with radiation safety primarily handled through radiation protection program guidance and safeguards under the security program. The current guidance around reactor safety will need to be updated to facilitate technologies other than LWRs. NRC understands this and is working, under the ADVANCE Act to write a white paper on a potential Advanced Reactor Oversight Process (AROP), with a target date of January 2026 for completion. There is little information publicly available on the NRC considerations, but NRC did hold a series of workshops in 2024 on an Advanced Reactor Construction Oversight Process (ARCOP). This paper focuses on the management of the licensing basis once an LMP plant is in operation, so ARCOP is not in the scope of this document. However, some aspects of ARCOP could inform NRCs thinking on AROP. For example, ARCOP limits the scope of oversight to risk-significant SSCs which seems appropriate for the eventually development of AROP.
Several aspects of the Reactor Oversight Process (ROP) will necessarily be updated for AROP.
To start, the Significance Determination Process for the ROP relies on delta risk values for CDF and LERF that are not technology-inclusive and therefore not appropriate for AROP. As discussed in the Risk Metrics section of this report, AROP should rely on a technology-inclusive risk metric endorsed in an AR version of RG 1.174. This is true for Significance Determination Processes, Notices of Enforcement Discretion and Management Directive (MD 8.3) Incident Evaluations. The ROP also relies on mitigating system performance indicators (MSPI) which are defined for Boiling Water Reactors and Pressurized Water Reactors. If the MSPI concept is carried forward, it would need to provide technology-inclusive indicators. The barrier integrity performance indicators also will require revision as the reactor coolant boundary may not be safety-related and may play a very different role in a reactors safety case. It may be appropriate to rethink some of the broad ROP structure for AROP given the difference in safety profile. As an example, two resident inspectors may not be justified for some smaller, safer reactors, particular a situation like a fleet deployment of geographically dispersed microreactors for similar purposes.
Development of AROP is important, and significant changes will be necessary for LMP users and smaller reactors broadly. However, development might benefit from approval of an advanced reactor risk metric (see Section 7.1). AROP would also benefit from RITS guidance being further developed and insights from LMP-based operating license application reviews. Thus, the timing of AROP development should be informed by other advanced reactor developments.
Oversight Process Impact on Management of the Safety Case The ROP scope will depend on the LMP safety case but is downstream of any changes to the license. Changes to the scope of safety-significant SSCs may eventually change the scope of
Technology Inclusive Management of Safety Case:
White Paper 77 reactor oversight, but only after the licensing basis is updated (for changes to safety-related or safety-significant SSCs) as described elsewhere in this report.
7.7 Risk-Informed Inservice Inspecon and Inservice Tesng This section considers NRCs expectations for risk-informed Inservice Inspection (ISI) and Inservice Testing (IST) as applied to advanced non-LWRs and discusses related guidance.
Regulations do not specifically address requirements for ISI and IST for non-LWRs the way that they do for LWRs in 10 CFR 50.55a, Codes and Standards. However, requirements for inspection and testing are generally derived from Principal Design Criteria and plans for such inspection and testing are required to be described in the Final Safety Analysis Report in accordance with 10 CFR 50.34(b)(6)(iv) or 10 CFR 52.79(a)(29)(i).
DANU-ISG-2022-0769 is NRCs Advanced Reactor Content of Application Risk-Informed Inservice Inspection/Inservice Testing Programs for Non-LWRs. It describes acceptable methods of developing risk-informed ISI and IST programs.
ASME BPV Code Section XI, Division 2, Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Power Plants,70 as accepted in RG 1.246, Acceptability of ASME Code,Section XI, Division 2, Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Power Plants, for Non-Light Water Reactors describes an acceptable method for risk-informed ISI.
No ASME Code has been endorsed yet for risk-informed IST; however, NRC staff is reviewing ASME OM-2, Component Testing Requirements at Nuclear Facilities,71 applicable to both LWRs and advanced reactors, for possible endorsement.
Both risk-informed ISI and risk-informed IST rely on PRA in order to inform the scope of SSCs that need to be included in the program, SSC reliability targets, how intervals for inspection/testing are selected, and how the reliability will be demonstrated through periodic monitoring and tracking of degradation. The licensees ISI/IST program plan describes how these are derived from the PRA results such that updates to the PRA and results of inspection/testing can flow into updates to the ISI/IST program through the Monitoring and NonDestructive Examination Expert Panel or equivalent. In this way, ISI/IST should be viewed as one part of the overall Reliability Assurance Program discussion in Section 7.3. A possible area of uncertainty is 69 U.S. Nuclear Regulatory Commission, DANU-ISG-2022-07, Risk-Informed Inservice Inspection/Inservice Testing Programs for Non-LWRs, Interim Staff Guidance, March 2024.
70 American Society of Mechanical Engineers, Boiler and Pressure Vessel Code,Section XI, Rules for Inservice Inspection of Nuclear Power Plant Components, Division 2, Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Power Plants, 2019 Edition, New York, NY, July 1, 2019.
71 American Society of Mechanical Engineers, ASME OM-2, Component Testing Requirements at Nuclear Facilities, 2024.
Commented [WR25]: Consider adding for context the importance of ISI for those SSCs with assumed low failure rates and therefore not subject to statistical treatments -
performance goals related to absence of changes related to flaws.
Technology Inclusive Management of Safety Case:
White Paper 78 the availability of preservice inspection/test information should new SSCs be scoped into the program based on updates to the program, changes to the plant, or new information.
However, because 10 CFR 50.55a generally does not apply to non-LWRs, requests for alternatives and relief do not apply to departures from commitments made in the licensing basis related to the risk-informed ISI/IST program plan. RG 1.246 Regulatory Position C.1 addresses this for ISI by providing the expectation that the license applicant propose, in its application, a license condition requiring any departure from the RG be submitted to NRC for review and approval in accordance with 10 CFR 50.90 (a License Amendment Request). It is reasonable to assume that NRC would suggest a similar license condition for the IST program.
The content of the technical justification of such a License Amendment Request would likely resemble a request for relief or alternative. No additional guidance is recommended at this time due to the state of endorsement, but guidance may become necessary later.
7.8 Fire Protecon This section considers NRCs fire protection requirements as applied to advanced non-LWRs, related guidance, and examples of fire protection licensing options available to advanced nonLWR developers.
Fire Protection requirements for nuclear power reactors licensed under 10 CFR Part 50 are delineated in 10 CFR 50.48, Fire Protection. Its purpose is to ensure that nuclear power plants are designed and operated in a way that protects safe shutdown capabilities in the event of a fire, thereby protecting public health and safety. It requires that nuclear facilities implement a fire protection program ensuring the capability to achieve and maintain safe shutdown in the event of a fire. In addition, as an option, Section 50.48(c) provides an alternative which allows LWR plants to adopt a RIPB fire protection program based on National Fire Protection Association (NFPA) standard NFPA 80572 which requires the use of a living fire PRA to evaluate changes and ensure safety margins.
Adherence to Advanced Reactor Design Criterion 3, Fire Protecon NRC developed the Advanced Reactor Design Criteria (ARDC)73 to provide a technologyinclusive set of safety requirements for non-LWRs. ARDC 3 establishes NRCs requirements for fire protection for non-LWRs. It is modeled after General Design Criterion 3 72 National Fire Protection Association, NFPA 805, Performance-Based Standard for Fire Protection for Light Water Reactor Electric Generating Plants, 2025 edition, December 2024.
73 U.S. Nuclear Regulatory Commission, RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light-WaterReactors, April 2018.
Commented [WR26]: Specific discussion of fire protection may be useful during table top exercises and early during guidance development. As discussed above, how to address the topic may differ depending on how it is addressed within the design and licensing process (i.e.,
treated as an area hazard within LBEs versus traditional approach).
Technology Inclusive Management of Safety Case:
White Paper 79 Fire Protection, from Appendix A to 10 CFR Part 50. Specifically, ARDC 3 addresses fire protection by mandating that structures, systems, and components important to safety be designed and located to minimize the probability and effects of fires.
ARDC 3 interfaces with 10 CFR 50.48 by establishing design-specific fire protection requirements for advanced non-LWRs that are consistent with, and tailored from, the regulatory intent of 10 CFR 50.48.
ARDC 3 requires that safety-significant74 SSCs:
Are designed and located to minimize fire risk, Use non-combustible, heat-resistant materials, Include fire detection and suppression systems, and Ensure that firefighting systems do not impair safety functions.
These requirements allow advanced non-LWR developers to use either:
A deterministic approach (traditional fire barriers, suppression systems, physical separation), or A risk-informed approach (using fire PRA to assess risk and justify alternative strategies).
A fire PRA is not required for compliance with ARDC 3 but can be used to support riskinformed design decisions or as part of a risk-informed licensing basis (e.g., for reactors adopting NEI 18-04 and RG 1.233), to justify alternatives to traditional deterministic fire protection requirements.
NRC and Industry Guidance Related to Fire Protecon Available to Advanced Non-LWR Developers Advanced non-LWR developers are able to utilize and reference a variety of guidance documents and standards to address fire protection requirements in their license applications. By utilizing these guidance documents and standards, advanced non-LWR developers can adopt various strategies to establish comprehensive fire protection programs that comply with the fire protection requirements, outlined in 10 CFR 50.48, while accommodating the unique features of their reactor technologies. Given that many of the existing guidance and standard documents, such as NFPA 805, are tailored for LWRs, advanced non-LWR developers that choose to utilize 74 The ARDC actually refers to important to safety SSCs, which corresponds roughly to the LMP safety significant term.
Technology Inclusive Management of Safety Case:
White Paper 80 these will need to adapt or supplement the guidance, where necessary, and provide justification of their applicability to their specific design. The guidance documents and standards are summarized below.
RG 1.189, Fire Protection for Nuclear Power Plants, Revision 5, October 2023:75 This guide outlines fire protection programs for nuclear power plants, emphasizing fire prevention, detection, suppression, and safe shutdown capabilities. While primarily developed for LWRs, its principles can be adapted by advanced non-LWR developers to suit their specific reactor technologies.
RG 1.205, Risk-Informed, Performance-Based Fire Protection for Existing LightWater Nuclear Power Plants, Revision 2, May 2021:76 This guide provides a riskinformed, performance-based approach to fire protection. Since this RG is applicable to existing LWRs and not formally endorsed for non-LWRs, advanced non-LWR developers seeking to implement similar principles may need to adapt the methodology and justify its applicability to their design. This RG endorses the use of NFPA 805.
RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light-Water Reactors, Revision 0, April 2018: This RG provides structured guidance for nonLWR designers to derive Principal Design Criteria (PDC) that are tailored to their technology, while satisfying applicable regulatory requirements. While ARDC 3 has a deterministic foundation, RG 1.232 allows incorporation of risk-informed approaches, such as: o Use of fire PRA to identify risk-significant fire scenarios.
o Justification of performance-based mitigation strategies rather than prescriptive fire barriers or separation.
o Consideration of DID consistent with NFPA 805 principles (if desired), even if not directly applicable.
An advanced non-LWR designer can use RG 1.232 to establish PDCs that meet ARDC 3 and 10 CFR 50.48(a) requirements by; developing PDC specific to their design using RIPB approaches and supporting these adaptations with reactor-specific justifications and/or fire PRA insights.
DANU-ISG-2022-09, Advanced Reactor Content of Application Project Risk-Informed, Performance-Based Fire Protection Program (for Operations):77 This ISG 75 U.S. Nuclear Regulatory Commission, RG 1.189, Rev 5, Fire Protection for Nuclear Power Plants, October 2023.
76 U.S. Nuclear Regulatory Commission, RG 1.205, Rev 2, Risk-Informed, Performance-Based Fire Protection for Existing Light-Water Nuclear Power Plants, May 2021.
77 U.S. Nuclear Regulatory Commission, Interim Staff Guidance, DANU-ISG-2022-09, Risk-Informed, Performance-Based Fire Protection Program (for Operations), March 2024.
Technology Inclusive Management of Safety Case:
White Paper 81 outlines a technology-inclusive, RIPB review approach for non-LWR technologies, specifically addressing fire protection for operations. Fire protection is expected to be addressed in Section 9.5 of the FSAR, where applicants include descriptions of:
o Fire detection and suppression systems o Fire hazards analysis methodology o Fire protection features relevant to the protection of safety-related SSCs The ISG supports the use of RIPB methodologies consistent with NEI 18-04 and RG 1.233. It allows for fire protection strategies be justified using:
o Fire PRA or other risk assessments, o Consideration of DID, and o Design-specific fire protection evaluations.
The ISG recognizes that NFPA-based methodologies may be used in a technologyinclusive, performance-based manner if adequately justified.
NEI 18-04, RiskInformed PerformanceBased Guidance for NonLightWater Reactor Licensing Basis Development, Revision 1, August 2019: This guidance, endorsed by NRC in RG 1.233, provides a framework for advanced reactor developers to establish a licensing basis using RIPB principles. Fire protection is addressed within this framework as one of the plant performance areas evaluated for safety and regulatory compliance. NEI 18-04 Section 4 and Appendix A identify fire protection as a design and programmatic area that must be addressed to meet licensing basis functional requirements, including:
o Protection of safety functions from hazards including fire o Establishment of a fire protection program as part of DID o Evaluation of fire risk-significance through PRA or hazard analysis ASME/ANS RA-S-1.4, Probabilistic Risk Assessment Standard for Advanced NonLight Water Reactor Nuclear Power Plants, February2021: This standard, endorsed by NRC in RG 1.247, provides guidance on probabilistic risk assessments for advanced non-LWRs, which can inform fire protection strategies. Fire hazards are explicitly identified as a potential initiating event and common-cause failure mechanism that must be considered in advanced non-LWR PRAs. The standard provides graded, technology-inclusive, and performance-based requirements for
Technology Inclusive Management of Safety Case:
White Paper 82 evaluating fire as a hazard. It also allows for the scope and depth to be graded based on design features and relative risk.
NEI 24-11, Fire Brigade Staffing Analysis for Advanced Reactor Technologies, is a draft NEI technical report still under development and not yet submitted to NRC for endorsement. It is intended to provide a risk-informed methodology to determine appropriate fire brigade staffing specific to advanced nonLWR reactor designs.
NFPA 801, Standard for Fire Protection for Facilities Handling Radioactive Materials, 2025 Edition:78 NFPA 801 is a standard developed by the NFPA that is not specific to power reactors but applies broadly to any facility dealing with radioactive materials. It supports:
o Control of fire risks that could cause releases of radioactive material, o Maintenance of radiological safety during and after a fire event, and o Design and maintenance of fire protection systems appropriate for the radiological hazards present.
While NFPA 801 is not explicitly endorsed by NRC for power reactor licensing or referred to in DANU-ISG-2022-09 it has been:
o Referenced in licensing for fuel cycle and radioactive waste facilities, and o Used as a guidance basis for fire protection evaluations in a non-LWR application.
NFPA 801 could potentially be utilized for developing performancebased justifications for fire suppression, material segregation, and fire response plans for portions of facilities that involve radioactive material handling, processing, or storage in radiologically significant areas.
NRC GL 86-10, Fire Protection Program for Operating Nuclear Power Plants, April 198679 provides guidance on:
o Maintaining and modifying fire protection programs without prior NRC approval, o Acceptable methods for performing evaluations to show that changes do not reduce safety, and o Use of deterministic fire protection methods per Appendix R to 10 CFR Part 50.
This guidance was written for operating LWRs licensed before 1979 under the deterministic fire protection framework. An advanced non-LWR can reference 78 National Fire Protection Association, NFPA 801, Standard for Fire Protection for Facilities Handling Radioactive Materials, 2025 Edition.
79 U.S. Nuclear Regulatory Commission, Generic Letter No. 86-10, Implementation of Fire Protection Requirements, D. G.
Eisenhut, April 24, 1986.
Technology Inclusive Management of Safety Case:
White Paper 83 compliance with GL 86-10 during initial licensing under 10 CFR Part 50 or 52, with appropriate justification.
While GL 86-10 is not specifically applicable to advanced non-LWRs, it provides usable guidance on how licensees can implement, maintain, and make changes to their fire protection programs. Its fundamental administrative principles remain relevant to an advanced non-LWR design. For example, an advanced non-LWR applicant can cite GL 86-10 as a regulatory precedent that illustrates:
o How NRC has historically allowed licensees to manage fire protection programs, o The use of engineering judgment and documentation to justify program changes, and o A precedent for flexibility in implementing fire protection-related changes without prior NRC approval, provided adequate fire protection is maintained.
This supports a risk-informed, performance-based approach consistent with the NRCs current regulatory policy for advanced reactors.
NFPA 805, Performance-Based Standard for Fire Protection for Light Water Reactor Electric Generating Plants, 2025 edition: NFPA 805 is a standard developed by the NFPA that provides a risk-informed, performance-based alternative to the traditional prescriptive fire protection requirements. While NFPA 805 cannot be directly applied under the current regulation to an advanced non-LWR, the NRC does allow the use of its methodologies and structure as a framework for RIPB fire protection as long as the applicant provides justification of its applicability to their design. Even though not legally binding for advanced non-LWRs, an advanced non-LWR can use NFPA 805 principles to structure their fire protection program, including:
o DID strategies o Fire area delineation based on safe shutdown paths o Risk-informed analysis using fire PRA By adopting NFPA 805 approaches NFPA 806, Performance-Based Standard for Fire Protection for Advanced Nuclear Reactor Electric Generating Plants Change Process, 2025 edition:80 NFPA 806 is an NFPA standard specifically developed to address the unique fire protection needs of 80 National Fire Protection Association, NFPA 806, Performance-Based Standard for Fire Protection for Advanced Nuclear Reactor Electric Generating Plants Change Process, 2025 edition.
Technology Inclusive Management of Safety Case:
White Paper 84 non-LWR reactors. Unlike NFPA 805, which is focused on LWRs, NFPA 806 was designed to create a technology-inclusive RIPB framework tailored for non-LWR technologies, including molten salt reactors, sodium-cooled fast reactors, hightemperature gas-cooled reactors, and microreactors. NFPA 806 is designed to minimize the impact of fires on public safety, plant personnel, and the integrity of plant components. NFPA 806, when adopted, applies throughout all phases of plant operation, including construction, shutdown, degraded conditions, and decommissioning. It provides a risk-informed, performance-based framework for managing fire protection programs in advanced nuclear reactors, encompassing all phases from construction to decommissioning.
NRC has acknowledged NFPA 806 as a potential framework for developing riskinformed, performance-based fire protection programs in advanced nuclear reactors. However, as of now, the NRC has not endorsed its use. Additionally, at the time of developing this paper, there is no publicly available information indicating that advanced non-LWR developers have formally adopted NFPA 806 in their fire protection programs.
In summary, while NFPA 806 provides a framework for fire protection in advanced nuclear reactors, there is no indication of its adoption by advanced non-LWR developers and there is no known timeframe for NRC endorsement.
Examples of Potenal Licensing Approaches Available to Advanced Reactor Developers to Sasfy Fire Protecon Requirements Recent applications to the NRC for advanced non-LWR designs have utilized different approaches for satisfying ARDC 3, including:
Using a mix of deterministic design and risk insights but not submitting a full fire PRA with the CP application. Acknowledging fire risk and safety in the design basis, but not committing to development of fire PRA and leaving the option for developing later in the licensing process when submitting a COL application; or Using an approach to satisfying ARDC 3 from RG 1.232 that involves:
o Developing PDC aligned with ARDC 3 requirements, o Employing a risk-informed, performance-based licensing framework guided by NEI 18-04 and RG 1.232 and integrating PRA into the design process to assess and mitigate fire risks, and
Technology Inclusive Management of Safety Case:
White Paper 85 o Selecting appropriate materials and designing fire protection systems to safeguard safety-related SSCs.
The following examples are not intended to provide a comprehensive discussion of potential options and are intended to show that there are options available using existing guidance for addressing fire protection requirements in advanced non-LWR licensing applications.
Example 1: Advanced non-LWR developers can tailor "re protecon programs to their designs by adhering to ARDC, NRC Regulatory Guides, and available standards.
This approach is consistent with the NRC's endorsement of performance-based fire protection programs under 10 CFR 50.48(c), allowing licensees to adopt specific parts of NFPA 805 standards and use performance-based acceptance criteria (e.g., maintaining functional integrity rather than prescriptive fire suppression rules).
Instead of applying NFPA 805 directly, an advanced non-LWR designer can choose to comply with the following:
RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light-Water Reactors ARDC 3, Fire Protection. ARDC 3 requires: Structures, systems, and components important to safety shall be designed and located to minimize the probability and effect of fires and explosions... It provides flexibility to implement an RIPB fire protection program that is similar to NFPA 805 but tailored to the specific reactor type (sodium-cooled, high-temperature gas, etc.)
This approach allows the designer to:
Determine if there is any benefit in referencing applicable portions of NFPA 805s risk-informed decision-making process; Demonstrate how its fire protection program achieves the same safety goals; and Use fire PRA and DID analysis to support safety claims.
This approach also enables the NRC to review the fire protection program utilizing a riskinformed approach.
Example 2: Employ a risk-informed, performance-based approach to "re protecon and sasfying 10 CFR 50.48, aligning with the principles outlined in NEI 18-04 as endorsed by RG 1.233, NEI 21-07 as endorsed by RG 1.253, and DANU-ISG-2022-09.
This methodology allows for the tailoring of fire protection measures based on the specific risks and safety functions of the reactor, rather than relying solely on prescriptive requirements.
Technology Inclusive Management of Safety Case:
White Paper 86 Key aspects of this type of fire protection plan include:
Use of Passive Safety Features: The reactor's design incorporates passive safety systems that do not rely on active controls or operator intervention, enhancing its resilience to fire-related events.
Use of PRA: PRA is utilized to evaluate potential fire scenarios and their impact on reactor safety, informing the development of targeted fire protection strategies.
Use of Fire Detection and Suppression Systems: Fire detection and suppression systems are designed for the reactor's specific configurations and potential fire hazards.
Use of Administrative Controls: Comprehensive procedures and training programs are established to ensure personnel are prepared to prevent and respond to fire incidents effectively.
Management of Changes to the PRA for Advanced non-LWRs that Ulize a Risk-Informed, Performance-Based Fire Protecon Program For advanced non-LWRs that choose to adopt an RIPB Fire Protection program, changes to the PRA must be managed rigorously, as the PRA is central to the RIPB fire protection program.
Licensees must document the basis for PRA changes and their impact on the fire protection program and licensing basis.
For LWRs that adopt an RIPB approach, NRCs guidance for how to treat PRA changes to fire protection is found in the following:
NFPA 805 RG 1.205 and NEI 04-02, Guidance for Implementing a RiskInformed, PerformanceBased Fire Protection Program Under 10CFR50.48(c) (Rev. 3)
NFPA 805 requires that the fire PRA used to support a licensees transition to NFPA805 be updated over time to reflect plant design changes, operating experience, and new data, ensuring it remains an accurate representation of plant risk. In addition to NFPA805s requirement for ongoing monitoring, and NRC imposed license conditions for implementing NFPA 805 have required that the fire PRA be updated to reflect actual plant configuration, operating experience, design changes, and new data. Thus, fire PRAs must be updated to remain accurate and reliable tools for managing plant fire risk. As part of 10 CFR 50.48(c) NFPA 805 transitions, the NRC imposed a license condition that:
Technology Inclusive Management of Safety Case:
White Paper 87 Requires the licensee to continuously update the PRA for: o Plant configuration changes, o Operating experience, o Incorporation of new data or methods, and Requires the use of the updated PRA in future self-approved fire protection changes.
These fire PRA updates can be reviewed during NRC inspections or audits. It follows that advanced non-LWRs that implement a RIPB fire protection program would need to follow a similar approach for maintaining the fire PRA. It should be updated over time to reflect plant design changes, operating experience, and new data, ensuring it remains an accurate representation of plant risk.
It should be noted that the non-LWR PRA Standard provides screening criteria that enables the user to screen out the entire fire hazard. In such cases, the technical basis for screening out the fire hazard, which is part of the PRA documentation, would need to be reviewed to ensure that changes do not challenge the basis for screening.
For an advanced non-LWR that satisfies ARDC-3 by implementing a combination of design features combined with a Fire Protection program that includes a safety-equivalent evaluation process for program changes (as provided by GL 86-10), a license amendment would be required if a proposed change to the fire protection program:
Reduces the effectiveness of the program to meet ARDC-3 requirements; Impacts safety-related functions without justifiable compensatory measures; or Requires a change to the licensing basis, including the FSAR or fire protection plan.
Impact of Fire Protecon Acvies on the Management of the Risk-Informed, Performance-Based Licensing Basis There are a wide variety of potential impacts, depending on the approach chosen by the license applicant to address fire protection, and more specifically the extent to which that approach relies on probabilistic approaches. If a fire PRA is used, processes to address PRA updates and configuration control will need to consider fire protection as well as other areas.
Summary There are numerous potential pathway options for addressing fire protection requirements for advanced non-LWRs, including some beyond what are addressed in this section of the white paper. Although the specific NFPA standard applicable to non-LWRs (NFPA 806) has yet to be
Technology Inclusive Management of Safety Case:
White Paper 88 endorsed by the NRC, there appears to be sufficient flexibility in the application of regulatory requirements of ARDC 3 in adapting to the specific circumstances of non-LWR developers using RG 1.232, or following the principles outlined in NEI 18-04 as endorsed by RG 1.233, NEI 2107 as endorsed by RG 1.253, and DANU-ISG-2022-09, to tailor fire protection measures based on the specific risks and safety functions of the reactor. The NRC has also indicated in DANUISG-2022-09 that it will allow the use NFPA 805 methodologies and structure as a framework for RIPB fire protection as long as the applicant provides justification of its applicability to their design.
Depending on the nature of the reactor design, some applicants may choose to follow a more traditional deterministic approach. The available options for licensing do not appear to be overly burdensome or prescriptive and provide viable RIPB and deterministic approaches for design and implementation of fire protection programs for advanced non-LWR developers.
Therefore, absent any overriding concerns identified by advanced non-LWR developers that utilize the LMP RIPB licensing framework, there appears to be no pressing need for additional guidance on RIPB fire protection licensing options for advanced non-LWRs as a part of the TIMaSC project.
7.9 Risk-Informed Performance-Based NRC Inspecon Program This section addresses inspections pertaining to the pre-operational and operational period. The discussion complements information on RAP (Section 7.3), ROP (Section 7.6) and risk-informed ISI and IST (Section 7.7). The following considerations represent important aspects that may affect key differences in the availability, priority, and/or implementation of guidance related to specific approaches for oversight and/or inspection:
Inspection approaches and programs fall on a spectrum from relying almost exclusively upon owner-/operator-controlled activities (e.g., ISI) to relying more extensively upon activities conducted by the regulator (e.g., Construction Inspection).
When considering the incorporation and implementation of risk-informed principles, there can be a distinction between the initial scoping of an inspection program/approach (e.g., inclusion or exclusion of certain characteristics of a specific SSC) and the evaluation of changes to the scoping (e.g., determining the significance of non-compliant inspection results for certain characteristics of a specific SSC).
Background
Inspections are an important part of nuclear regulatory oversight, serving numerous functions such as ensuring public health and safety and protecting the environment by verifying
Technology Inclusive Management of Safety Case:
White Paper 89 compliance with regulatory requirements and licensing conditions throughout the lifecycle of nuclear facilities.
Risk-informed inspections are an important part of regulatory oversight for designs and reactors with LMP-based safety cases because they focus resources on areas of highest risk and safety significance. One of the first areas where the NRC has focused on effectively determining the inspection scope is risk-informed Construction Inspection. As mentioned in Section 7.7, the NRC is developing ARCOP, which will leverage RIPB approaches to scale inspection efforts based on insights into facility risk from the licensing basis combined with engineering judgment.
The following subsections provide considerations for an approach that a licensee may utilize to design an inspection program that is RIPB and technology inclusive and that will inform NRC oversight. In this case, a licensee may implement several types of evaluations to determine the scope of inspection actions in accordance with a graded approach. A graded approach ensures that inspection requirements and recommendations are proportional to the potential hazards of the facilities and activities, taking into account the magnitude of the radiological hazards, the nature of the nuclear reactor, and its stage in the life cycle. The overarching purpose of such a method is to optimize inspection resources while maintaining reasonable assurance of safety.
Iden"caon and Classi"caon of SSCs The identification and classification of safety-significant SSCs for inspection purposes is primarily based on a graded approach in which the rigor and allocation of regulatory oversight are proportional to risk significance. The scope of the SSCs can be determined from the safety case by licensees who use the LMP approach to systematically identify SSCs and apply riskinformed special treatments. The insights from the approach can also be utilized to identify risksignificant equipment and conditions that should be tested and inspected.
The categorization influences the scope and priority of inspections, and it is critical to the development and execution of PITAPs for nuclear facilities. The NRC provides guidance on PITAP for advanced reactors in DANU-ISG-2022-06, Post-manufacturing and Construction Inspection, Testing, and Analysis Program.81 PITAP comprises verification of basic configuration and key design features for the SSCs under scope. The insights gained from the PRA and safety analysis are used to establish test objectives, conditions, and parameters. PITAP also addresses the implementation of quality assurance programs, such as ITAAC management for 10 CFR Part 52 plants and QA activities affecting SSCs, including during construction.
81 U.S. Nuclear Regulatory Commission, Interim Staff Guidance, DANU-ISG-2022-06, Post-manufacturing and Construction Inspection, Testing, and Analysis Program, March 2024.
Technology Inclusive Management of Safety Case:
White Paper 90 For certain designs and licensees, the scope may include SSCs for vendor inspections and offsite manufacturing oversight. Inspections and oversight for safety-significant SSCs would be informed by special treatments developed through the NEI 18-04 process.
Acceptance Criteria Identification and classification of SSCs lead directly to the development of inspection acceptance criteria. The acceptance criteria produced by a licensee and agreed upon with the NRC must be objective, unambiguous, and, where possible, include measurable numeric performance values for SSC performance. The acceptance criteria should be informed by the NEI 18-04 licensing basis. Similarly, deviations between test results and acceptance criteria should be evaluated based on the implications with respect to the licensing basis.
The risk significance-based change control evaluation criteria in TIRICE define specific criteria for changes that could result in exceeding F-C Targets or Cumulative Risk Targets for AOOs, DBEs, or BDBEs, or that would reclassify LBEs from non-risk to risk-significant. Similarly, changes that reclassify SSCs based on risk importance are subject to NRC approval. These types of considerations should be used as part of the evaluation of deviations from test acceptance criteria.
Signi"cance of Inspecon Findings As discussed in Section 7.6, the NRC uses the Significance Determination Process to characterize and assess the importance of the inspection findings by characterizing how much an inspection finding raises the risk of nuclear operations.
In early discussions about potential Significance Determination Process frameworks for ARCOP, the NRC considered multiple options along a spectrum of qualitative to quantitative measures.82 More recently, the staff has proposed Significance Determination Process characterization based on DID for Fundamental Safety Functions.83 For licensees using the NEI 18-04 methodology, there are tradeoffs associated with either a fully quantitative or a more qualitative (or semiquantitative) approach. While a qualitative approach has benefits in simplicity, the potential for unintended negative consequences to permit holders and licensees for low risk-significance noncompliances may need further consideration. On the other hand, a significance measure that uses a quantitative and holistic approach for evaluating significance may reduce potential 82 For additional detail, see slides 39-44 of the presentation from ARCOP Public Workshop #1 (ADAMS: ML24046A154).
83 For additional detail, see Summary of July 17, 2024 - ARCOP Public Workshop #4 (ADAMS: ML24227B033) and Draft for Public Meeting NRC Inspection Manual Chapter 2571: Dispositioning Advanced Power Reactor Construction Noncompliances (ADAMS: ML25210A579).
Technology Inclusive Management of Safety Case:
White Paper 91 challenges associated with low risk-significance non-compliances. However, the quantitative approach may introduce additional complexities through the necessity of implementing the use of PRA for significance determination - especially when considering the relative maturity and potential uncertainty associated with a reactor design that is currently under construction. It is possible that incorporation of an advanced reactor risk metric (see Section 7.1), when available, could benefit this type of quantitative approach.
7.10 Operang Experience Operating experience (or operational experience) is one of the five key elements of how the NRC regulates commercial nuclear power, as indicated on Figure 1. The Three Mile Island accident in 1979 highlighted the importance of sharing and evaluating operating experience, because a similar precursor event had occurred at a sister plant to Three Mile Island, but lessons learned from that event were not factored into Three Mile Island training and operating procedures. Both industry and the NRC took measures to ensure that operating experience is properly addressed.
Essentially, operating experience is a source of new information that may impact the licensing basis. New information is addressed in Chapter 5 of this white paper, and in Chapter 6 in the context of the PRA. For advanced reactors with a RIPB licensing basis and using LMP, the plant PRA is expected to be the primary means of incorporating operating experience and updating the licensing basis, if needed. As concluded in Section 5.10, existing processes appear to adequately address the treatment of new information, including operating experience, so no additional guidance is planned as part of TIMaSC.
7.11 Aging Management Aging management refers to the activities required to ensure that a nuclear power reactor complies with its licensing basis while operating with a renewed license in accordance with 10 CFR Part 54 Requirements for Renewal of Operating Licenses for Nuclear Power Plants. In order to issue a renewed license, the NRC must make a finding of reasonable assurance that the licensee will manage the effects of aging during the period of extended operation. (see 10 CFR 54.19).
It may seem (and probably is) premature to discuss aging management for advanced reactors using LMP when no such reactors have yet been constructed or licensed in the United States.
Nevertheless, license renewal and the associated aging management programs have become an integral part of the current operating fleet. As of the end of 2024, 46 of the 94 operating nuclear power reactors were in a period of extended operation, i.e., it had been more than 40 years since their operating licenses were initially issued. Also, as of the end of 2024, 78 reactors had been
Technology Inclusive Management of Safety Case:
White Paper 92 granted renewed operating licenses, and seven had been issued subsequent license renewals for a second period of extended operation.84 The regulations governing license renewal (10 CFR Part 54) are relatively short and primarily address high-level requirements and regulatory processes. While 10 CFR 54.4 Scope and 10 CFR 54.21 Contents of applications - technical information are focused on structures and components in a typical LWR, it should be relatively simple to (i) modify the regulation to be technology-inclusive or (ii) apply it to an advanced reactor with appropriate exemptions.
Identifying SSCs for which aging management is required should be aided by the risk-informed SSC categorization process of NEI 18-04. The NRC has published numerous guidance documents associated with aging management and license renewal, and those documents are also focused on large LWR technology. Nevertheless, depending on the specific design, much of the information may be transferable to advanced reactors.
It is expected that each type of advanced reactor design will bring its own set of unique technical considerations for aging management. Some of these considerations will be addressed by ISI and IST programs during the initial licensed operating period. (see Section 7.7). ASME Section XI, Division 285 as endorsed in RG 1.24686 provides a Standard for a RIM program which must account for all degradation mechanisms. A RIM program, executed in line with the ASME Standard and endorsing regulatory guidance provides one means of addressing aging management, because aging is a subset of degradation mechanisms to be considered under RIM.
TIMaSC plans no specific guidance related to aging management and license renewal for advanced reactors following LMP. The general expectations are well understood, and there is 84 U.S. Nuclear Regulatory Commission, NUREG-1350, Volume 35, 2024-2025 Information Digest, February 2025.
85 American Society of Mechanical Engineers, Boiler and Pressure Vessel Code,Section XI, Division 2 (ASME BPVC.XI.2),
Rules for Inservice Inspection of Nuclear Reactor Facility Components - Requirements for Reliability and Integrity Management (RIM) Programs for Nuclear Reactor Facilities, 2025.
86 Regulatory Guide 1.246, Rev 0, Acceptability of ASME Code,Section XI, Division 2, Requirements for Reliability and Integrity Management (Rim) Programs for Nuclear Power Plants, For Non-Light Water Reactors, October 2022.
Technology Inclusive Management of Safety Case:
White Paper 93 ample time to address the current technology-specific nature of parts of the regulations and guidance before license renewal is needed.
8.0
SUMMARY
This white paper describes the licensing basis for advanced reactors that choose to use the NEI 18-04, NEI 21-07, and NEI 22-05 guidance. Existing guidance for such reactors is discussed, and gaps are identified where additional guidance will be developed as part of the TIMaSC project and submitted to NRC as an NEI guidance document for endorsement. The white paper
Technology Inclusive Management of Safety Case:
White Paper 94 should form the basis for development of an NEI guidance document for submittal to NRC for endorsement. The white paper does not resolve all outstanding advanced reactor licensing basis issues, but it should facilitate discussions with advanced reactor stakeholders and with NRC and thereby inform the ultimate TIMaSC guidance.
Section 2 addresses key interfaces between different facets of the licensing basis and provides a Licensing Framework Relationship Diagram to illustrate the relationship among different processes.
Section 3 addresses facility changes to which the change control guidance in NEI 22-05 can be used to determine whether a License Amendment Request is needed prior to the change. Once that determination is made, Section 3 discusses measures to be taken to address changes to the licensing basis.
Section 4 addresses certain facility changes outside the applicability of NEI 22-05. These include emergency planning, physical security, and cyber security.
Section 5 addresses how new information is addressed and factored into the licensing basis. In general, existing regulatory processes appear adequate to address new information.
Section 6 addresses the PRA, one of the key elements of the NEI 18-04 methodology, with respect to establishing and maintaining the plant licensing basis. The discussion identifies specific areas to be addressed in the TIMaSC Guidance Document.
Section 7 discusses other topics which are important to the advanced reactor licensing basis, but which may not be addressed further by TIMaSC. Where additional guidance is needed but not forthcoming through TIMaSC or another planned program, that area is identified as a gap.
With respect to plans for TIMaSC guidance development, the information in the white paper has been distilled into the following three tables. Table 3 list those issues that will be addressed in the guidance, Table 4 list those that are not planned for inclusion, and Table 5 lists those issues that are on the bubble but may be addressed, if only in the context of recommendations for future work.
Table 3. Issues to Be Addressed in TIMaSC Guidance No.
Issue White Paper Reference 1
Licensing basis impacts of facility changes.
TIMaSC guidance will address assurance that changes are properly propagated through the RIPB NEI 18-04 licensing basis. This includes maintenance of the DID baseline.
Secon 2.3 Secon 3.4 Secon 6.2.6 Secon 6.3.3 Secon 6.4 Commented [WR27]: See above on degree that TIMaSC provides framework for coordination (e.g., points to program such as configuration control for PRA) versus being the governing procedure for specific activities.
Technology Inclusive Management of Safety Case:
White Paper 95 2
Emergency planning.
Expand upon the guidance in NEI 24-05 by proposing criteria for determining whether changes to a facility emergency plan require prior NRC approval.
TIMaSC guidance will address the process for addressing impacts of PRA changes on the facility emergency plan and EPZ determinaon.
Also, the TIMaSC guidance will address how changes to the EP that impact the PRA calculaon of LBE consequences will be addressed.
Secon 4.1 Secon 6.3.3 3
Physical security and cyber security.
It is assumed that regulatory changes provide for the use of advanced reactor PRA consequence analyses in developing and implemenng security plans.
TIMaSC guidance will address the process for addressing impacts of PRA consequence calculaon changes on security plans.
Secon 4.2 4
PRA updates and upgrades and con"guraon control.
The TIMaSC Guidance Document should include guidance for managing PRA updates and upgrades and uses of the PRA between updates to evaluate changes to the licensing basis.
Secon 6.2.3 Secon 6.3.3 Secon 6.4 5
Use of TIRICE criteria for determinisc elements of the licensing basis outside the scope of the PRA.
It may be problemac to solely apply TIRICE evaluaon criteria to a proposed facility change that is linked to a determinisc element of the licensing basis outside the scope of the PRA. TIMaSC guidance will address how to evaluate the need for a prior license amendment in such an instance.
Secon 6.3.3 Secon 6.4 6
Revisions to SSC reliability and capability targets.
New informaon (e.g., from monitoring programs) may impact SSC reliability and capability. TIMaSC guidance will address how this informaon will be propagated through the licensing basis, including revisions to reliability and capability targets.
Secon 6.4 7
New Informaon.
While exisng regulatory processes appear to be adequate for dealing with new informaon, those processes will be applied in new ways for reactors with an LMP-based safety case. TIMaSC guidance will explore the area of new informaon through examples and consider it during the development of guidance in other areas.
Secon 5.10 Table 4. Issues Not to Be Addressed in TIMaSC Guidance No.
Issue Alternave Approaches White Paper Reference 1
Risk Metrics.
The LMP risk metrics based on the QHOs are perceived as challenging to apply to operaonal decision-making, and alternaves are being pursued.
A technology-inclusive risk metric developed by EPRI, subject to regulatory approval. NEI intends to pursue such approval.
Secon 7.1 Commented [WR28]: See above in terms of relationships between programs such as RAP, maintenance rule, ISI/IST and TIMaSC.
Technology Inclusive Management of Safety Case:
White Paper 96 2
Risk-informed Technical Speci"caon.
Guidance and experience on RITS are LWR-centric.
ARCAP document DANU-ISG-2022-08, Risk-Informed Technical Speci"caons provides guidance for advanced reactor use of RITS. The guidance appears to be workable except for the incorporaon by reference of LWR risk metrics.
NEI intends to pursue more detailed guidance for advanced reactor SFCP and RICT implementaon.
Secon 7.2 3
Reliability Assurance Program.
While not an explicit regulatory requirement, it is fair to say that a RAP is an NRC expectaon for plants with an NEI 18-04 licensing basis.
Use aributes of LMP and other programs to address the objecves of a RAP.
Ulmately, a licensee may choose to forego a formal RAP if the other programs address suciently the reliability of safetysigni"cant SSCs.
Secon 7.3 4
Maintenance rule.
Guidance for compliance with the Maintenance Rule needs to be updated for licensees using LMP.
NEI intends to provide Maintenance Rule guidance for advanced reactors leveraging the exisng guidance in NUMARC 93-01 and NEI 18-10.
Secon 7.4 5
Quality assurance.
NEI 18-04 prescribes Appendix B QA for safety-related SSCs and owner-controlled QA for NSRST SSCs.
No alternave is required.
Secon 7.5 6
Reactor Oversight Process.
The ROP is crical to the NRCs mission of oversight of reactors. The ROP will require signi"cant changes to address LWRspeci"c aspects and to take advantage of the RIPB NEI 18-04 licensing basis.
The NRC recognizes the need to address the ROP and is working on a white paper on this subject.
Secon 7.6 7
These programs are expected to be important for the ecient operaon of advanced reactors.
The NRC addresses these programs in DANU-ISG-2022-07 Risk-Informed Inservice Inspecon/Inservice Tesng Programs for Non-LWRs.
Secon 7.7 8
Fire protecon.
Many operang LWRs take advantage of risk-informed "re protecon, and this opon should be available for advanced reactors as well.
The NRC addresses the topic in ARCAP through DANU-ISG-2022-09, RiskInformed Performance-Based Fire Protecon Program (for Operaons).
NFPA standards and other guidance are also available.
Determinisc approaches may be used.
Secon 7.8
Technology Inclusive Management of Safety Case:
White Paper 97 No.
Issue Alternave Approaches White Paper Reference 9
NRC Inspecons.
Inspecons are an important part of NRCs oversight role. The RIPB NEI 18-04 licensing basis provides opportunies for improving the eciency and safety focus of inspecons.
DANU-ISG-2022-06, Post-manufacturing and Construcon Inspecon, Tesng, and Analysis Program.
Advanced Reactor Construcon Oversight Program (under development by NRC).
Secon 7.9 10 Operang Experience.
Operang experience is one of the "ve key elements of NRC regulaon. For advanced reactors with a RIPB licensing basis and using LMP, the plant PRA is expected to be the primary means of incorporang operang experience and updang the licensing basis, if needed.
Exisng processes appear to adequately address the treatment of new informaon, including operang experience, so no addional guidance is planned as part of TIMaSC.
Secon 7.10 11 Aging Management.
Aging management refers to the acvies required to ensure that a nuclear power reactor complies with its licensing basis while operang with a renewed license in accordance with 10 CFR Part 54 Requirements for Renewal of Operang Licenses for Nuclear Power Plants.
The regulaons governing license renewal (10 CFR Part 54) are relavely short and primarily address high-level requirements and regulatory processes. They should be applicable to advanced reactors using LMP.
Parts of 10 CFR 54 have an LWR focus, and guidance documents for license renewal are based on large LWR technology. Addressing these issues should be fairly straighorward, and there is ample me available to do so.
Secon 7.11 Table 5. Issues Under Evaluaon for Inclusion in TIMaSC Guidance No.
Issue Discussion White Paper Reference
Technology Inclusive Management of Safety Case:
White Paper 98 The IDP and the IDPP.
For reactors using LMP, the Independent Decision-Making Process is a key aspect of maintaining the licensing basis. It is expected (but not absolutely required by NEI 18-04) that applicants/licensees will use an IDPP to carry out the IDP. The composion of an IDPP will evolve over me, both due to personnel changes and the operang phase of the plant (design vs.
construcon vs. operaon). The IDPP may be quite similar to other panels used in conjuncon with an RIPB licensing basis.
The TIMaSC guidance could provide guidance related to the evoluon of the IDPP and potenal impacts on the licensing basis.
The guidance could also address interacons between the IDPP and expert panels for the RAP, ASME Secon XI Division 2 RIM Expert Panel, the MANDEEP, the Maintenance Rule, and the SFCP, including the extent to which an IDPP might also carry out some of those funcons.
While on the one hand, up front guidance for IDPPs may be seen as useful, it is important to provide applicants/licensees with "exibility to carry out the IDP funcon in the opmal manner for their technology and organizaon. It might be beer to gain experience with actual IDPPs before establishing guidance.
Secon 6.4 Chapter 7 Operability.
Guidance in NEI 18-03 is based on compliance with Tech Specs.
It might be bene"cial to recast the guidance in terms of performance criteria, not simply Tech Spec compliance. Secon 5.2 Reporng.
Regulatory language and guidance are LWR-speci"c in places, both with respect to defects (Part 21) and event reporng (50.72 and 50.73).
These can be addressed on an applicant-and licensee-speci"c basis through mechanisms outlined in the ARCAP Roadmap ISG. However, the NEI 18-04 licensing basis provides an opportunity to address the issue on a more holisc basis.
Secon 5.5 10 CFR Part 21 Evaluaons and Reporng.
The de"nion of Basic Component in NEI 14-09 guidance is not consistent with NEI 18-04 SSC classi"caon.
A revision or addendum to NEI 14-09 would be a straighorward means of addressing the problem.
Secon 5.8.1
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-1
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-2 Term De"nion Reference Notes commitments for ensuring compliance with, and operaon within, applicable NRC requirements and the plant - speci"c design basis, including all modi"caons and addions to such commitments over the life of the facility operang license.
- NRC r e gulaons in 10 CFR Parts 2, 19, 20, 21, 26, 30, 40, 50, 51, 54,
, 70, 72, 73, and 100 and appendices thereto; 55
- Commission orders;
- License condions;
- Exempons;
- Technical speci"caons;
- Plant - speci"c design basis informaon de"ned in 10 CFR 50.2 and documented in the most recent Updated Final Safety Analysis Report (as required by 10 CFR 50.71);
- Licensee commitments remaining in eect that were made in docketed licensing correspondence (such as licensee responses to NRC bullens, Licensee Event Reports, generic leers, and enforcement acons); and
- Licen see commit ments documented in NRC safety evaluaons.
Licensing B asis N/A - see notes.
RG 1.233, Rev. 0 Footnote 6 states (in part):
RG 1.206 describes various licensing basis documents and a typical organizaon of those documents within applicaons for a combined license, early site permit, or design cer"caon. The overall organizaon of applicaons described in RG 1.206, incl uding chapter -
level organizaon of a F inal S afety A nalysis report, is generally applicable to non - LWR applicaons.
Table 1 of RG 1.206, Rev. 1 § lists the following parts for an applicaon for a combined license under 10 CFR Part 52:
- Part 1: Ge n eral and Financial Informaon
- Part 2: Safety Analysis Report
- Part 3: Environmental Report
- Part 4: Technical Speci"caons
- Part 5: Emergency Plans
- Part 6: Security Plans
- Part 7: Exem pons, Departures, and Variances
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-3 Term De"nion Reference Notes U.S. Nuclear Regulatory Commission, RG 1.233, Rev 0, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Application for Licenses, Certifications, and Approvals for Non-Light-Water Reactors, June 2020, ADAMS: ML20091L698. § U.S. Nuclear Regulatory Commission, RG 1.206, Rev 1, Applications for Nuclear Power Plants, October 2018, ADAMS: ML18131A181.
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-4 Term De"nion Reference Notes
- Part 8: Licen se Condions, Inspecons, Tests, Analyses, and Acceptance Criteria
- Part 9: Withheld Informaon
- Part 10: Quality Assurance Program Descripon
- Part 11: Supplemental Informaon (e.g., Limited Work Authorizat ion)
Licensing B asis N/A - see notes.
NRC Licensing Basis and Back"ng Workshop presentaon **
Slide 10 indicates the following as Licensing/Design Bases Documents:
- Amendm e nt (Operang License, Appendix A - Technical Speci"caons, Appendix B - Environmental Protecon Plan, Orders)
- License Condion (Fire Protecon Plan)
CFR 50.54 (Quality Assurance Plan, Security Plan, Emergency 10 Preparedness Plan)
- 10 CFR 50.69 (Updated Final [Safety] Analysis Report, Technical Speci"caon Bases, Technical Requirements Manual, Pressure Temperature Limits Report, Osite Dose Calculaon Manual, Core Opera ng Limits Report)
Addionally, according to Slide 18:
Licensee communicaons do not, in and of themselves, establish or revise the licensing bases for regulated facilies. However, the relaonship between commitments and the licensing basis is not enrely clear. For example, according to a 2011 OIG Audit Report NRC sta explained that commitments are not a part of the license and are therefore not legally enforceable. However, other agency sta said that NRC could enforce commitments. For example, one branch chief said that a commitment is part of the licens ing basis and is therefore enforceable.
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-5 Term De"nion Reference Notes
- U.S. Nuclear Regulatory Commission, Licensing Basis and Backfitting Workshop - Module 1: Licensing and Design Bases, Summer 2018, ADAMS: ML18191B024.
U.S. Nuclear Regulatory Commission, OIG-A-17, Audit of NRCs Management of Licensee Commitments, Sept 2011, ADAMS: ML112620529.
Licensing RG 1.174, N/A - see notes.
Basis Rev. 3 Guidance in RG 1.174 relevant to the scope and content of the licensing basis includes the following discussion: First, the licensee should idenfy those aspects of the plants licensing basis that may be aected by the proposed change, including but not limited to rules and regulaons, FSAR, technical speci"caons, licensing condions, and licensing commitments.
That informaon which iden"es the speci"c funcons to be performed by a structure, system, or component of a facility, and the speci"c values or ranges of values chosen for controlling parameters as reference bounds for design. These values may be (1)
Design Per Table 1 of DANU-ISG-2022-01, Appendix B, § 50.2 is applicable to restraints derived from generally accepted state of 10 CFR 50.2 Bases non-LWRs.
the art pracces for achieving funconal goals, or (2) requirements derived from analysis (based on calculaon and/or experiments) of the eects of a postulated accident for which a structure, system, or component must meet its funconal goals.
Clari"caon C.2.a of RG 1.253, Rev. 0 states (in part):
NEI 21-07, Revision 1, includes use of the terms armave safety Licensing N/A - see case, safety case, and licensing case.
N/A - see notes.
Case notes Although some instances of the term licensing case can be found in Aachment 2 of NEI 21-07, Rev. 1 (ML22060A190), the guidance in the body of the report does not use the term licensing case.
As noted above, Clari"caon C.2.a of RG 1.253, Rev. 0 states:
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-6 Term De"nion Reference Notes An armave safety case is a collecon of technical NEI 21-07, Revision 1, includes use of the terms armave safety and programmac evidence which documents the case, safety case, and licensing case. To avoid confusion and basis that the performance objecves of the potenal unforeseen consequences, applicants using NEI 21-07, technology inclusive Fundamental Safety Funcons Armave are met by a design during design-speci"c NEI 21-07, Revision 1, should instead connue to use the established Safety Case Ancipated Operaonal Occurrences (AOOs), Design Rev 1 terminology in the RG 1.253, current regulatory framework, including use of safety analysis and licensing basis.
Basis Events (DBEs), Beyond Design Basis Events Addionally, with respect to the terms safety analysis and licensing (BDBEs), and Design Basis Accidents (DBAs). This is basis, Footnote 8 of RG 1.253 states: The NRC sta notes that accomplished by the following: neither the LMP methodology in NEI 18-04 nor the sta endorsement U.S. Nuclear Regulatory Commission, RG 1.174, Rev 3, An Approach for using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, January 2018, ADAMS: ML17317A256.
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-7 Term De"nion Reference Notes
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-8 Term De"nion Reference Notes
§§ International Atomic Energy Agency, IAEA-TECDOC-1814, Contents and Sample Argument of a Safety Case for Near Surface Disposal of Radioactive Waste, June 2017.
- United Kingdom Office for Nuclear Regulation, NS-TAST-GD-051, Issue 7.1, The Purpose, Scope, and Content of Safety Cases, December 2024.
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-9 Term De"nion Reference Notes Safety A nalysis N/A - see notes.
N/A - see notes The individual term safety analysis does not appear to be explicitly de"ned in NRC regulaons and/or guidance; however, the following references provide insights regarding the use of the term in the context of the scope and content of a safety analysis report :
- R G 1.70
- NUREG - 0800
- DANU - ISG - 2022 - 01
- NEI 96 - 07, Rev. 1, Secon 3.12
Technology Inclusive Management of Safety Case: White Paper Appendix A: De"nions of Some Terms Associated with TIMaSC A-10 Term De"nion Reference Notes Nuclear Energy Institute, NEI 96-07, Rev 1, Guidelines for 10 CFR 50.59 Implementation, November 2000.
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-1 Glossary of LMP-Related Terms The glossary provided in Table B-1 is taken from Appendix A of NEI 22-05. Terms from that document that are not used in this white paper are excluded.
Table B-1. Glossary of LMP-Related Terms Term Acronym De"nion Source Ancipated event sequences expected to occur one or more mes during the life of a nuclear Ancipated power plant, which may include one or more reactors. Event sequences with mean* frequencies NEI 18-04 Operaonal AOO
-2/plant-year and greater are classi"ed as AOOs. AOOs take into account the expected Modi"ed for TICAP of 1x10 Occurrence response of all SSCs within the plant, regardless of safety classi"caon.
Rare event sequences that are not expected to occur in the life of a nuclear power plant, which Beyond Design may include one or more reactors, but are less likely than a DBE. Event sequences with mean*
NEI 18-04 BDBE Basis Event frequencies of 5x10-7/plant-year to 1x10-4/plant -year are classi"ed as BDBEs. BDBEs take into Modi"ed for TICAP account the expected response of all SSCs within the plant regardless of safety classi"caon.
An approach to designing and operang nuclear facilies that prevents and migates accidents that release radiaon or hazardous materials. The key is creang mulple independent and Defense-in-redundant layers of defense to compensate for potenal human and mechanical failures so that DID NRC Glossary Depth no single layer, no maer how robust, is exclusively relied upon. Defense-in-depth includes the use of access controls, physical barriers, redundant and diverse key safety funcons, and emergency response measures.
Postulated accidents that are used to set design criteria and performance objecves for the design of SR SSCs. DBAs are derived from DBEs based on the capabilies and reliabilies of SR Design Basis DBA SSCs needed to migate and prevent accidents, respecvely. DBAs are derived from the DBEs by NEI 18-04 Accident prescripvely assuming that only SR SSCs classi"ed are available to migate postulated accident consequences to within the 10 CFR 50.34 dose limits.
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-2 Term Acronym De"nion Source
- The classification of AOOs, DBEs, and BDBEs is based on the mean frequencies of the underlying uncertainty distributions. When the uncertainty band on the frequency defined by the 95th and 5th percentiles of the distribution straddle one of the frequency boundaries, the LBEs are evaluated on each side of the boundary, per NEI 18-04. For example, if a BDBE has a 95th percentile estimate above 1x10-4 per plant year, it is treated as a DBE for the purposes of defining the RSFs and defining the DBAs.
Infrequent event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactors, but are less likely than AOOs. Event sequences with Design Basis
-4/plant-year to 1x10-2/plant-year are classi"ed as DBEs. DBEs take NEI 18-04 DBE mean* frequencies of 1x10 Event Modi"ed for TICAP into account the expected response of all SSCs within the plant regardless of safety classi"caon. The objecve and scope of DBEs form the safety design basis of the plant.
Eecvely synonymous with the DBEHL term from TICAP. However, the word external is Design Basis DBHL removed to clarify that the intent is to include internal plant hazards as well as tradional NEI 21-07 Hazard Level external events.
Frequency-F-C A target line on a frequency-consequence chart that is used to evaluate the risk signi"cance of Consequence NEI 18-04 Target LBEs and to evaluate risk margins that contribute to evidence of adequate Defense-in-Depth.
Target A perturbaon to the plant during a plant operang state that challenges plant control and safety systems whose failure could potenally lead to an undesirable end state and/or radioacve material release. An iniang event is de"ned in terms of the change in plant status that results Iniang Event IE in a condion requiring a response to migate the vent or to limit the extent of plant damage ASME/ANS-RA-S-1.4-2021 caused by the iniang event. An iniang event may result from human causes, equipment failure from causes internal to the plant (e.g., hardware faults, "ood, or "res) or external to the plant (e.g., earthquakes or high winds), or combinaons thereof.
Integrated Risk-informed and performance-based integrated decision-making (RIPB-DM) process used for NEI 21-07 (based on Decision-Making IDP establishing special treatments and evaluang the adequacy of DID. NEI 18-04)
Process
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-3 Term Acronym De"nion Source Layers of defense are those plant capabilies and programmac elements that provide, Layers of collecvely, independent means for the prevenon and migaon of adverse events. The actual NEI 18-04 Defense layers and number are dependent on the actual source and hazard posing the threat. See Defense-in-Depth.
Licensing Basis The enre collecon of event sequences considered in the design and licensing basis of the plant, NEI 18-04 LBE Event which may include one or more reactors. LBEs include AOOs, DBEs, BDBEs, and DBAs.
Modi"ed for TICAP The characteriscs of a radionuclide release at a parcular locaon, including the physical and chemical properes of released material, release magnitude, heat content (or energy) of the carrier "uid, and locaon relave to local obstacles that would aect transport away from the Mechanisc MST release point and the temporal variaons in these parameters (e.g., me of release duraon) that ASME/ANS-RA-S-1.4-2021 Source Term are calculated using models and supporng scien"c data that simulate the physical and chemical processes that describe the radionuclide inventories and the me-dependent radionuclide transport mechanisms that are necessary and sucient to predict the source term.
Non-Safety-Related with NSRST Non-safety-related SSCs that perform risk-signi"cant funcons or perform funcons that are NEI 18-04 Special SSCs necessary for Defense-in-Depth adequacy.
Treatment SSCs Non-Safety-Related with No All SSCs within a plant that are neither SR SSCs nor Non-Safety-Related with Special Treatment NST SSCs NEI 18-04 Special SSCs.
Treatment SSCs An approach to decision-making that focuses on desired objecve, calculable or measurable, Adapted from NRC Glossary observable outcomes, rather than prescripve processes, techniques, or procedures.
de"nion of performance-Performance-based decisions lead to de"ned results without speci"c direcon regarding how based regulaon (page Performance-PB those results are to be obtained. At NRC, performance-based regulatory acons focus on updated March 9, 2021) in Based idenfying performance measures that ensure an adequate safety margin and oer incenves order to apply to both design and "exibility for licensees to improve safety without formal regulatory intervenon by the decisions and regulatory
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-4 Term Acronym De"nion Source agency.
decision-making The collecon of the site, buildings, radionuclide sources, and SSCs seeking a single design NEI 18-04 Plant
-- cer"caon or one or more OLs under the LMP framework. The plant may include a single reactor unit or mulple reactor units as well as non-reactor radionuclide sources.
Modi"ed for TICAP Reactor design-speci"c SSC funcons modeled in a PRA that serve to prevent and/or migate a PRA Safety release of radioacve material or to protect one or more barriers to release. In ASME/ANS-Ra-S-NEI 18-04, PSF Funcon 1.4-2013 these are referred to as safety funcons. The modi"er PRA is used in NEI 18-04 to ASME/ANS-RA-S-1.4-2021 avoid confusion with safety funcons performed by SR SSCs.
Required Funconal RFDC Reactor design-speci"c funconal criteria that are necessary and sucient to meet the RSFs.
NEI 18-04 Design Criteria Required Safety A PRA Safety Funcon that is required to be ful"lled to maintain the consequence of one or more RSF NEI 18-04 Funcon DBEs or the frequency of one or more high-consequence BDBEs inside the F-C Target.
Adapted from NRC Glossary de"nion of risk-informed regulaon (page updated An approach to decision-making in which insights from probabilisc risk assessments are Risk-Informed RI March 9, 2021) in order to considered with other sources of insights.
apply to both design decisions and regulatory decision-making An LBE whose frequency and consequence meet a speci"ed risk signi"cance criterion. In the LMP Risk-Signi"cant framework, an AOO, DBE, or BDBE is regarded as risk-signi"cant if the combinaon of the upper NEI 18-04 LBE bound (95th percenle) esmates of the frequency and consequence of the LBE are within 1% of the F-C Target AND the upper bound 30-day TEDE dose at the EAB exceeds 2.5 mrem.
An SSC that meets de"ned risk signi"cance criteria. In the LMP framework, an SSC is regarded as risk-signi"cant if its PRA Safety Funcon is: a) required to keep one or more LBEs inside the F-C
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-5 Term Acronym De"nion Source Target based on mean frequencies and consequences; or b) if the total frequency LBEs that Risk-Signi"cant involve failure of the SSC PRA Safety Funcon contributes at least 1% to any of the LMP NEI 18-04 SSC Cumulave Risk Targets. The LMP Cumulave Risk Targets include: (i) maintaining the frequency of exceeding 100 mrem to less than 1/plant-year; (ii) meeng the NRC safety goal QHO for individual risk of early fatality; and (iii) meeng the NRC safety goal QHO for individual risk of latent cancer fatality.
Safety-Related Design criteria for SR SSCs that are necessary and sucient to ful"ll the RFDC for those SSCs SRDC NEI 18-04 Design Criteria selected to perform the RSFs.
Safety-Related SSCs that are credited in the ful"llment of RSFs and are capable to perform their RSFs in response NEI 18-04 SR SSCs SSCs to any Design Basis Hazard Level.
Modi"ed for NEI 21-07 Safety-An SSC that performs a funcon whose performance is necessary to achieve adequate Defense-NEI 18-04 Signi"cant SSC in-Depth or is classi"ed as risk-signi"cant (see Risk-Signi"cant SSC).
Technology Inclusive Management of Safety Case: White Paper Appendix B: Glossary of LMP-Related Terms B-6 Term Acronym De"nion Source S pecial T reatment R efer s to th e treatments beyond those typically provided for commercial grade equipment necessary to achieve the reliability and capability targets for SSCs in the performance of safety -
signi"cant funcons. In Regulatory Guide 1.201, the following de"nion of special treatment is provided: special treatment refers to those requirements that provide increased assurance beyond normal industrial pracces that structures, systems, and components (SSCs) perf orm their design - basis funcons.
NEI 18 - 04 and Regulatory Guide 1.201
Technology Inclusive Management of Safety Case: White Paper Appendix C: Preliminary Dra Detailed TIMaSC Network Diagram A preliminary version of the TIMaSC Network Diagram of an RIPB licensing basis is depicted in Figure C-1. This Network Diagram was prepared to support the framing and drafting of this report and will be revised, augmented, and/or improved as appropriate over the course of the TIMaSC project as the associated guidance (and understanding of the underlying concepts) evolves. See Section 2.2 of the main body of this report for additional information.
P reliminary Dra Detailed TIMaSC Network Diagram As the TIMaSC project progresses and the fidelity of information associated with licensing basis elements and the associated relationship increases, it may be sensible to develop a series of companion figures reflecting a smaller scope (i.e., a select set of elements) but a greater level of detail. These zoomed in diagrams may be developed for (and/or included in) the TIMaSC guidance to improve legibility of the important details and make easier the maintenance of the content and/or changes associated wit h each element. Consistent with the affirmative approach to discussing the results of an RIPB methodology that was key to the TICAP effort, a comprehensive documentation of elements/information that are determined to be beyond or outside the scope of an RIPB licensing basis will not be a focus of the guidance; however, it may be possible to document intentional exclusions from project and/or guidance scope in another manner, for example, in a final project report.
C-1
Technology Inclusive Management of Safety Case: White Paper Appendix C: Preliminary Dra Detailed TIMaSC Network Diagram
Figure C-1. Preliminary Dra Detailed Network Diagram of an RIPB Licensing Basis for Advanced Reactors C-2