Text

October 23, 2020 SECY-20-0100 FOR: The Commissioners FROM: Margaret M. Doane Executive Director for Operations

SUBJECT:

ANNUAL UPDATE ON THE INTEGRATED STRATEGY TO MODERNIZE THE U.S. NUCLEAR REGULATORY COMMISSIONS DIGITAL INSTRUMENTATION AND CONTROL REGULATORY INFRASTRUCTURE PURPOSE:

This paper provides the annual update of the status of ongoing work and planned future activities to improve the U.S. Nuclear Regulatory Commissions (NRCs) digital instrumentation and control (digital I&C) regulatory infrastructure in response to Staff Requirements Memorandum (SRM)-SECY-16-0070, Staff RequirementsSECY-16-0070Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated October 25, 2016. The staff has made progress in several key activities that support improved clarity and predictability of the digital I&C regulatory framework.

BACKGROUND:

The staff presented the initial integrated action plan (IAP) for modernization of the digital I&C regulatory infrastructure to the Commission for approval in SECY-16-0070, dated May 31, 2016 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML16126A137). The IAP included four modernization plans (MPs): MP1, Protection Against Common Cause Failure; MP2, Considering Digital I&C in Accordance with 10 CFR 50.59; MP3, Commercial Grade Dedication of Digital Equipment; and MP4, Assessment for Modernization of the I&C Regulatory Infrastructure.

CONTACT: Sergiu Basturescu, NRR/DEX 301-415-1237

The Commissioners 2 In October 2016, the Commission approved the IAP through SRM-SECY-16-0070 and directed the staff to provide annual updates of the modernization plans. The NRC staff subsequently updated the IAP in March 2017, January 2018, and January 2019 (ADAMS Accession Nos.

ML17102B307, ML18016B023 and ML19025A312, respectively). In SECY-19-0112, Annual Update on the Integrated Strategy to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated November 4, 2019 (ADAMS Accession No. ML19261B815), the staff informed the Commission that the remaining activities included in the IAP would be managed through routine processes. This paper is an annual update to the Commission on the remaining items originally identified in the IAP and other key staff activities that support the modernization of the NRCs digital I&C regulatory infrastructure.

DISCUSSION:

I. Vision The NRCs vision for digital I&C is to continue to develop and implement a clear regulatory structure with reduced regulatory uncertainty that enables the expanded safe use of digital I&C in nuclear reactors while continuing to ensure safety and security. The staff developed and implemented the strategy described in the IAP to achieve that vision by addressing a broad range of tactical and strategic digital I&C regulatory challenges for operating reactors, new and advanced reactors, and digital I&C vendors. The strategy was based on NRC licensing and inspection experiences as well as extensive stakeholder engagement to reach a common understanding of the regulatory challenges and priorities associated with digital I&C and potential solutions to address them. The staff continues to make progress in implementing the key activities that support the agencys vision for digital I&C.

II. Significant Accomplishments In implementing the agencys strategy for modernizing the digital I&C regulatory infrastructure, the staff has engaged extensively with external stakeholders to complete significant improvements. These improvements have increased the confidence of licensees, applicants, and vendors as to the NRCs readiness to effectively license and inspect the use of digital I&C in nuclear reactors.

Digital I&C Modernization under 10 CFR 50.59 Licensees frequently install digital I&C systems and components under the change process described in Title 10 of the Code of Federal Regulations (10 CFR) 50.59, Changes, tests and experiments. In 2018, the staff clarified how licensees could apply 10 CFR 50.59 to digital I&C modifications with the issuance of Regulatory Information Summary (RIS) 2002-22, Supplement 1, Clarification on Endorsement of Nuclear Energy Institute Guidance in Designing Digital Upgrades in Instrumentation and Control Systems, on May 31, 2018 (ADAMS Accession No. ML18143B633). Industry is now using this RIS to plan and conduct digital modifications.

Industry feedback indicates that this guidance has been vital in supporting licensees in addressing real-time equipment obsolescence challenges and improving the performance of both safety-related and non-safety-related systems and components.

In November 2018, the Nuclear Energy Institute (NEI) submitted NEI 96-07, Appendix D, Supplemental Guidance for Application of 10 CFR 50.59 to Digital Modifications (Appendix D, ADAMS Accession No. ML18338A389) to the NRC staff, and requested staff endorsement of

The Commissioners 3 that guidance. NEI 96-07, Revision 1, Guidelines for 10 CFR 50.59 Evaluations, provides guidance for screenings and evaluations of changes to facilities performed under 10 CFR 50.59, but does not include guidance tailored to digital I&C modifications. Consistent with RIS-2002-22, Supplement 1, the guidance in NEI 96-07, Appendix D, allows for the use of qualitative assessment methods to evaluate the likelihood of common-cause failure in digital I&C systems in connection with licensee assessments of proposed facility changes in accordance with the criteria in 10 CFR 50.59.

In May 2019, the staff issued DG-1356 (draft Revision 2 to Regulatory Guide (RG) 1.187),

Guidance for Implementation of 10 CFR 50.59, Changes, Tests, and Experiments (ADAMS Accession No. ML19045A435), which proposed to endorse NEI 96-07, Appendix D, with exceptions, for public comment. In response to the exceptions to Appendix D identified in draft RG 1.187, Rev. 2, NEI significantly revised Appendix D and submitted a final version for NRC endorsement in May 2020 (ADAMS Accession No. ML20135H168). The NRC staff considered NEI 96-07, Appendix D, dated May 2020, external stakeholder feedback on draft RG 1.187, Rev. 2, and input from the Advisory Committee on Reactor Safeguards (ACRS) in revising RG 1.187, Rev. 2. In June 2020, the staff published RG 1.187, Rev. 2 (ADAMS Accession No. ML20125A730), in which the staff endorsed NEI 96-07, Appendix D (May 2020), with no exceptions but with five clarifications. Due to the extent of changes in both NEI 96-07, Appendix D, and RG 1.187, Rev. 2, since the staff published draft RG 1.187, Rev. 2 for public comment in May 2019, the staff offered a post-promulgation public comment period on RG 1.187, Rev. 2, in accordance with 10 CFR 2.804 (d)-(f). The staff determined that the post-promulgation comments did not warrant revision to the RG but will make an administrative change to the RG to include a footnote to the public comment resolution file.

NEI is currently developing industry workshops to provide training on Appendix D, with initial workshops tentatively scheduled to begin in November 2020. Similar to previous industry training workshops conducted with regard to RIS 2002-22, Supplement 1, the NRC staff is coordinating with NEI on potential staff attendance during some workshops. The staff will also conduct NRC inspector training on the new guidance, with the first training session during the Region IV Inspector Counterpart Meeting in October 2020, and the other regions having training at their respective counterpart meetings in December 2020.

Digital I&C Licensing Activities In 2018, the staff updated guidance in digital I&C interim staff guidance (ISG)-06, Licensing Process (ADAMS Accession No. ML18143B633), to incorporate lessons learned in digital I&C licensing experience and to include a new streamlined Alternate Review Process to improve the timeliness and predictability of licensing reviews. As described in ISG-06, under the Alternate Review Process, the NRC would receive the amendment application at a more mature point in the licensees design process. The staff would focus its review and approval on system architecture; design; system, hardware, software and human-system interface requirements; licensee plans for vendor oversight; and the development plans (life cycle development process) related to the detailed software and hardware designs and integration testing for the final system. If found acceptable, the staff would approve the amendment prior to development of final system design and testing. Under the Alternate Review Process, staff would employ enhanced vendor and regional inspections during the detailed development, testing, and site-installation phases to maintain an appropriate level of NRC oversight.

In August 2020, the staff accepted the first license amendment request submitted under the Alternate Review Process and completed the acceptance review well in advance of the normal

The Commissioners 4 metric. The request was submitted by Entergy Operations, Inc. This amendment proposed to replace the Core Protection Calculator System and Control Element Assembly Computer System at the Waterford Steam Electric Station, Unit 3 with a modern digital platform. The staff anticipates issuing a licensing decision on the Entergy application by the end of August 2021 and, if approved, Entergy intends to install the system in Spring 2022. In a public-private partnership with the Department of Energys (DOEs) Light Water Reactor Sustainability Program, Exelon Generation Corporation, LLC intends to develop and implement an extensive digital modernization of the Reactor Protection System, Nuclear Steam Supply Shutoff System, and Emergency Core Cooling System at Limerick Generating Station. Exelon and DOE have indicated that the planning, development, and implementation experiences with this effort will be shared with the operating reactor fleet to support broader plant modernization efforts. Exelon intends to submit the license amendment request to NRC in 2021, under the Alternate Review Process. Staff held the first preapplication meeting with Exelon in June 2020 and anticipates the next pre-application meeting before the end of 2020.

The staff also completed other digital l&C licensing and certification activities that support the expanded safe deployment of digital technologies since the November 2019 annual update to the Commission. In December 2019, the staff approved a license amendment to implement a new digital nuclear safety system at the Massachusetts Institute of Technologys (MIT) Nuclear Reactor Laboratory. In September 2020, MIT fully implemented the new system. The staff approved a topical report for Toshiba power range monitoring systems. In addition, staff approved updated topical reports to expand the types of digital components for the RadICS digital platform, and to revise a watchdog timer in the Common Qualified platform design to align with as-built components in power plants. With NRC approval of these topical reports, licensees may gain efficiencies by referencing the reports in subsequent licensing actions. The staff also successfully certified the NuScale small modular reactor, which has a highly integrated digital I&C system, using the NuScale design-specific review standard for digital I&C, which is based on adherence to fundamental safety principles and a focus on risk importance and safety significance.

III. Ongoing Key Activities The staff also continues to modernize the digital I&C regulatory infrastructure as described below:

Licensing Guidance Staff is finalizing Revision 8 to Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Diversity and Defense-In-Depth in Digital Computer Based Instrumentation and Control Systems, to address aspects of the current revision, issued in August 2016 (ADAMS Accession No. ML16019A344), that industry stakeholders have identified as important to reduce regulatory uncertainty. The revision incorporates the five guiding principles outlined in SECY 18-0090, Plan for Addressing Potential Common Cause Failure in Digital Instrumentation and Controls, (ADAMS Accession No. ML18179A067), dated September 12, 2018, and provides staff review guidance based on structure, system, and components safety significance. The staff actively engaged industry to obtain stakeholder feedback on potential areas of improvement and on the staffs proposed changes to the document. The revision was published for public comment on January 14, 2020 (ADAMS Accession No. ML19256B502), and a revised version was presented to the ACRS digital I&C Subcommittee on September 8, 2020 (ADAMS Accession No. ML20237F570). Feedback from the ACRS and NEI at that meeting was discussed by the staff at a subsequent public meeting on September 24, 2020. Staff will present draft BTP 7-19 to the

The Commissioners 5 ACRS Full Committee in November 2020. Staff plans to submit the final version of Revision 8 of BTP 7-19 for Office of Management and Budget clearance by December 2020.

Staff is also developing a Design Review Guide for digital I&C systems in non-light-water reactors (non-LWRs) (ADAMS Accession No. ML20045D302). This guidance supports the NRCs Vision and Strategy document entitled Safely Achieving Effective and Efficient Non-Light Water Reactor Mission Readiness, dated December 2, 2016 (ADAMS Accession No. ML16356A670), and the Non-LWR Vision and Strategy Near-Term Implementation Action Plans, dated July 12, 2017 (ADAMS Accession No. ML17165A069). Specifically, the guidance supports Non-LWR Implementation Action Plan Strategy 3 to develop: (1) guidance for flexible regulatory review processes for non-LWRs within the bounds of existing regulations; and (2) a new non-LWR regulatory framework that is risk-informed and performance-based, and that features the staffs review efforts commensurate with the demonstrated safety performance of non-LWR technologies. The staff presented the Design Review Guide to the ACRS digital I&C Subcommittee in June. This Design Review Guide will provide guidance to the staff for performing technology-neutral, risk-informed reviews of I&C systems. The staff currently plans to issue the final version in 2021.

In December 2019, staff completed a strategic assessment (ADAMS Accession No. ML19351D933) that integrates performance-based and technology neutral safety engineering concepts to identify additional activities intended to improve the regulatory infrastructure through such integration. As a result of this assessment, staff developed an overall framework for how it will streamline and integrate the existing set of regulatory guides on digital I&C that it discussed in a public meeting on April 28, 2020 (ADAMS Accession No. ML20100J219). The staff is now implementing RG updates in accordance with the framework. The staff is currently updating RG 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, RG 1.153 ,Criteria for Safety Systems, and RG 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.

NEI submitted a pre-endorsement draft B of NEI 20-07, "Guidance for Addressing Software

[Common Cause Failure] in High Safety-Significant Safety-Related digital I&C Systems," on August 31, 2020 (ADAMS Accession No. ML20245E561). NEI 20-07, draft B, states that its purpose is to establish a set of principles for the protection against software common cause failure in high safety-significant safety-related digital I&C systems in order to demonstrate that such a system does not have a latent software design defect that could lead to a software common cause failure. The staff anticipates providing preliminary observations to NEI in a public meeting by December 2020.

Commercial Grade Dedication NEI is developing NEI 17-06, Guidance on Using IEC 61508 SIL Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related Applications," to use digital equipment safety certificates provided by an independent third-party certifying body in licensee commercial grade dedication programs. A safety certificate confirms that a given commercial digital equipment meets the stated safety integrity level provisions in International Electrotechnical Commission Standard 61508-2010 (IEC 61508), Functional safety of electrical

/ electronic / programmable electronic safety-related systems. International Organization for Standardization/IEC 17065-2012 (ISO/IEC 17065), Conformity Assessment - Requirements for Bodies Certifying Products, Processes and Services contains requirements for the competence, consistent operation, and impartiality of product, process, and service certification

The Commissioners 6 bodies. In jurisdictions that have adopted the IEC and ISO standards, a third party that performs product certification must meet the requirements of this standard.

In the United States, the American National Standards Institute (ANSI) is responsible for accrediting the third-party certifying body in accordance with ISO/IEC 17065 and IEC 61508.

The third-party certifying body in the United States is a private company called exida.com, LLC.

Guidance in draft NEI 17-06 credits ANSIs accreditation of the certifying body, exida, to satisfy aspects of 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants. Through several public meetings on this subject in 2019 and 2020, the staff provided feedback to NEI representatives on draft NEI 17-06. In the Fall of 2020, the NRC staff and NEI representatives plan to virtually observe ANSIs periodic audit of exida for compliance with ISO/IEC 17065 and IEC 61508. After NEIs observation of ANSIs audit, NEI expects to finalize NEI 17-06 by the end of 2020, and to submit it to the NRC for endorsement.

Non-Nuclear Insights and International Collaboration The staff is evaluating lessons learned from the Boeing design process and Federal Aviation Administration certification process of the Boeing 737 MAX digital modification, which may have contributed to catastrophic failures of the aircraft in 2018 and 2019. The staff is systematically evaluating the findings and recommendations from authoritative investigation reports surrounding the crash events of the Boeing 737 MAX to identify: (1) any significant gaps in the NRCs digital I&C licensing and inspection program and processes; and (2) key elements of the NRCs digital I&C regulatory program and organizational capabilities that should be maintained or improved to ensure the continued safe use of digital I&C in U.S. nuclear plants. To date, the staff has not identified any significant gaps in the NRCs digital I&C regulatory program and will use its evaluation to inform future activities in improving the digital I&C regulatory infrastructure.

The NRC also continues to participate on international standards committees for digital I&C, such as the International Electrotechnical Commission, and collaborates with competent authorities on common digital I&C issues. For example, the NRC participates in an international working group on digital I&C under the Nuclear Energy Agency/Committee on Nuclear Regulatory Activities. The main objective of the working group is to promote harmonization and improvements in nuclear safety through the development of regulatory guidance to address digital I&C topics and technical issues of concern to its member countries, for both operating and new reactors. The NRC has participated in multiple bilateral exchanges with the United Kingdoms Office for Nuclear Regulation to share common regulatory and technical issues with digital implementation in the fleets of the respective countries.

CONCLUSION:

The staff continues to implement improvements to achieve its vision of having a clear regulatory structure with reduced regulatory uncertainty that enables the expanded safe use of digital I&C in nuclear reactors while continuing to ensure safety and security. The staff continues to extensively engage with external stakeholders on both the development and implementation of key activities to ensure that stakeholder needs are met. As a result, licensees are making digital I&C upgrades under 10 CFR 50.59 and are developing more extensive upgrades that might require license amendments. Specifically, the staff is currently reviewing the first license amendment request for a digital modification submitted to the NRC for approval using the Alternate Review Process described in digital I&C-ISG-06, Revision 2, and is conducting preapplication meetings for a second license amendment request for a more extensive

The Commissioners 7 modification. These licensee activities demonstrate the effectiveness of the staffs digital I&C regulatory infrastructure modernization activities.

COORDINATION:

The Office of the General Counsel has reviewed this paper and has no legal objections.

Digitally signed by Darrell J.

Darrell J. Roberts Roberts Date: 2020.10.23 15:58:34 -04'00' Margaret M. Doane (DRoberts Acting for)

Executive Director for Operations

ML20269A466 *Via E-mail SECY-012 OFFICE NRR/DEX Tech Ed* NRR/DEX/EICA* NRR/DEX/EICB/BC*

NAME SBasturescu QTE JJohnston MWaters DATE 9/28/2020 9/21/2020 9/23/2020 9/23/2020 OFFICE NRR/DDRO/IRGB* NRR/DDRO/IQVBB* RES/DE/ICEEB/BC* NRR/DRO/D*

NAME PMcKenna KKavanagh RJenkins CMiller (THipschman for)

DATE 9/23/2020 9/23/2020 9/23/2020 9/28/2020 OFFICE RES/DE/D* NRR/DEX/D* OGC* NRR/D*

NAME LLund EBenner SVrahoretis HNieh (AVeil for)

DATE 9/27/2020 9/28/2020 10/08/2020 10/14/2020 OFFICE EDO*

NAME MDoane (DRoberts for)

DATE 10/23/2020