Text

October 25, 2021 SECY-21-0091 FOR: The Commissioners FROM: Daniel H. Dorman Executive Director for Operations

SUBJECT:

ANNUAL UPDATE ON ACTIVITIES TO MODERNIZE THE U.S. NUCLEAR REGULATORY COMMISSIONS DIGITAL INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE PURPOSE:

This paper provides the annual update on the status of ongoing work and planned activities to improve the U.S. Nuclear Regulatory Commissions (NRCs) digital instrumentation and controls (I&C) regulatory infrastructure. The staff has made significant progress to improve the clarity and reliability of the digital I&C regulatory infrastructure to enable the safe, expanded use of digital technologies in new reactor designs and operating plants. This paper summarizes the staffs significant accomplishments and ongoing activities in this area.

BACKGROUND:

The staff presented the initial integrated action plan (IAP) for modernization of the digital I&C regulatory infrastructure to the Commission for approval in SECY-16-0070, Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated May 31, 2016 (Agencywide Documents Access and Management System (ADAMS) Package Accession No. ML16126A137). In October 2016, the Commission approved the IAP through SRM-SECY-16-0070 (ADAMS Accession No. ML16299A157) and directed the staff to provide annual updates. In SECY-19-0112, Annual Update on the Integrated Strategy to Modernize the U.S. Nuclear Regulatory CONTACTS: Calvin Cheung, NRR/DEX 301-415-3813 Michael Marshall, NRR/DORL 301-415-2871

The Commissioners 2 Commissions Digital Instrumentation and Control Regulatory Infrastructure dated November 4, 2019 (ADAMS Accession No. ML19261B815), the staff informed the Commission that it would no longer update the IAP. Instead, the staff would manage the remaining activities included in the IAP through routine processes and continue to provide annual status updates on activities to modernize digital I&C regulatory infrastructure.

DISCUSSION:

For digital I&C, while some modernization activities continue, the staff is beginning to transition from infrastructure modernization to using the improved infrastructure to support the consistent regulation of digital modernization projects. The staff is continuing to look for opportunities to innovate, to be risk-informed, and to use the Be riskSMART approach as efforts to modernize the digital I&C infrastructure continue in parallel with completing requested licensing action reviews. The staff has made progress on several key activities that support improved clarity and reliability of the digital I&C regulatory infrastructure, and it continues to engage stakeholders as improvements are implemented.

Licensees frequently use the change process described in Title 10 of the Code of Federal Regulations (10 CFR) 50.59, Changes, tests and experiments, to make changes to their plants without prior NRC approval. To clarify how licensees can apply 10 CFR 50.59 to digital I&C modifications, the staff issued: (1) Regulatory Information Summary 2002-22, Supplement 1, Clarification on Endorsement of Nuclear Energy Institute Guidance in Designing Digital Upgrades in Instrumentation and Control Systems, on May 31, 2018 (ADAMS Accession No. ML18143B633), and (2) Regulatory Guide (RG) 1.187, Revision 3, Guidance for Implementation of 10 CFR 50.59, Changes, Tests, and Experiments, on June 30, 2021 (ADAMS Accession No. ML21109A002). Industry feedback continues to indicate that this guidance has been vital in supporting licensees in addressing real-time equipment obsolescence challenges and improving the performance of both safety-related and non-safety-related systems and components.

Significant AccomplishmentsLicensing One of the most transformative regulatory innovations was the issuance in December 2018 of updated interim staff guidance in DI&C-ISG-06, Revision 2, Licensing Process (ADAMS Accession No. ML18269A259). This updated guidance adopted a new streamlined alternate review process (ARP) to improve the timeliness and reliability of licensing reviews and incorporated lessons learned from digital I&C licensing experience. In February 2021, the staff sponsored a productive workshop with industry stakeholders to share insights and clarify expectations for implementing the ARP.

On August 24, 2021, the NRC issued the first digital I&C license amendment using the ARP for the Waterford Steam Electric Station, Unit 3 (Waterford) (ADAMS Accession No. ML21131A243). The licensee submitted the amendment request in July 2020 to implement a digital upgrade to its core protection calculator system. The staffs review confirmed that the amendment addressed potential common cause failures by verifying that backup trip functions demonstrate adequate defense in depth commensurate with the risk-significance of the digital upgrade. The staff also issued a revision to Inspection Procedure 52003, Digital Instrumentation and Control Modification Inspection, in July 2021 (ADAMS Accession No. ML21113A169), to support regional inspection of digital I&C modifications, including those performed under the ARP, and has successfully inspected both the system vendor and the

The Commissioners 3 licensees factory acceptance testing activities at Waterford. The licensee intends to install the system in spring 2022.

Significant AccomplishmentsGuidance In implementing the agencys strategy for modernizing digital I&C regulatory infrastructure, the staff has engaged extensively with external stakeholders to complete significant improvements to the guidance associated with digital I&C licensing reviews. These improvements have enhanced the clarity and reliability of the NRCs licensing process, and have thereby increased the confidence of licensees, applicants, and vendors in the NRCs readiness to effectively license and inspect the use of digital I&C in nuclear reactors.

On January 25, 2021, the staff published Revision 8 to Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Defense in Depth and Diversity to Address Common-Cause Failure due to Latent Design Defects in Digital Safety Systems (ADAMS Accession No. ML20339A647). The revision incorporated the five guiding principles outlined in SECY-18-0090, Plan for Addressing Potential Common Cause Failure in Digital Instrumentation and Controls, dated September 12, 2018 (ADAMS Accession No. ML18179A067), and provided guidance to tailor staff review based on safety significance.

The staff actively engaged industry, the public, and the Advisory Committee on Reactor Safeguards (ACRS) to obtain stakeholder feedback on potential areas of improvement and on the staffs proposed changes to the document. The staff will apply this guidance to the ongoing key licensing actions discussed below and intends to update the guidance to incorporate any lessons learned from those reviews. It will also implement the recommendation from a team assembled to address ACRS concerns regarding unidirectional communications issues, to clarify how the staff could reduce the scope of its review of the defense-in-depth and diversity assessment for designs that include unidirectional digital communications between systems of higher and lower safety significance (ADAMS Package Accession No. ML21187A291).

On February 26, 2021, the NRC published a new technology-inclusive design review guide (DRG), Instrumentation and Controls for Non-Light-Water Reactor (Non-LWR) Reviews (ADAMS Accession No. ML21011A140). The guidance supports the NRCs non-LWR IAP Strategy 3, which involves developing: (1) guidance for flexible regulatory review processes for non-LWRs within the bounds of existing regulations, and (2) a new non-LWR regulatory framework that is risk-informed and performance-based and that features the NRC staffs review efforts commensurate with the demonstrated safety performance of non-LWR technologies.

Because the DRG is technology inclusive, it may also be used in the evaluation of LWR plant designs and other reactor technologies.

Ongoing Key ActivitiesLicensing NextEra/Florida Power and Light plans to submit a digital I&C license amendment request for Turkey Point Nuclear Generating, Units 3 and 4, in November 2021. To date, the NRC staff and the licensee have conducted several pre-application meetings (ADAMS Accession No. ML21279A043). The proposed amendment would support a major digital I&C upgrade to the reactor protection system, engineered safety features actuation system, and nuclear instrumentation systems. Additionally, the licensee will ask to credit the self-diagnostic functions of the digital system and to reduce the required technical specification surveillances.

The licensee will ask that the staff review the request using the ARP.

The Commissioners 4 The staff is also holding a series of pre-application meetings (ADAMS Accession No. ML21123A136) with Exelon Generation Corporation, LLC (Exelon), to discuss the licensees plan to submit a digital I&C license amendment for Limerick Generating Station, Units 1 and 2 (Limerick). The planned amendment request would support a major digital I&C upgrade to the reactor protection system, nuclear steam supply shutoff system, and emergency core cooling system. The licensee intends to integrate the three systems into a single plant protection system. The licensee plans to submit the license amendment request in the third quarter of calendar year 2022 and to ask that the staff review the request using the ARP. The planned Limerick license amendment request is part of a public-private partnership between the licensee and the U.S. Department of Energy (DOE), under the DOEs Light Water Reactor Sustainability Program. Exelon and the DOE have indicated that they will share the planning, development, and implementation experiences from this effort with the operating reactor fleet to support broader plant modernization efforts.

Ongoing Key ActivitiesGuidance In December 2019, the NRC staff completed a strategic assessment (ADAMS Package Accession No. ML19351D933), that integrates performance-based and technology-neutral safety engineering concepts to identify additional activities intended to improve the regulatory infrastructure through such integration. As a result of this assessment, the staff developed an overall framework for how it will streamline and integrate the existing set of RGs on digital I&C, which the staff discussed with external stakeholders in a public meeting on April 28, 2020 (ADAMS Accession No. ML20125A344). The staff is now implementing RG updates in accordance with the framework. The staff is currently evaluating the scope of new revisions to RG 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants; RG 1.153, Criteria for Safety Systems; and RG 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants. In particular, the next revision of RG 1.152 will also include the recommended clarifications on unidirectional communication as a result of ACRS feedback from BTP 7-19, Revision 8. With regard to RG 1.153, the staff is re-evaluating whether to update this RG or proceed down a different regulatory path regarding how applicants can use later versions of Institute of Electrical and Electronics Engineers (IEEE) Standard 603, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, to meet the requirements of 10 CFR 50.55a(h), which incorporates by reference the 1991 edition of IEEE Standard 603. The staff will meet with external stakeholders to inform its re-evaluation.

On August 31, 2020, the Nuclear Energy Institute (NEI) submitted NEI 20-07, Draft B, Guidance for Addressing Software Common Cause Failure in High Safety-Significant Safety-Related Digital I&C Systems (ADAMS Accession No. ML20245E561), to support pre-application interactions. As a result of the staffs feedback, during a public meeting on July 1, 2021, the NEI discussed its intent to significantly revise its approach for NEI 20-07 (ADAMS Accession No. ML21229A160). The new approach, submitted on September 30, 2021 (ADAMS Accession No. ML21278A472) to support pre-application interactions, incorporates risk information and the use of probabilistic risk assessment models to form the technical basis to justify that common cause failure is adequately addressed. This approach may be inconsistent with the existing Commission policy in Item II.Q of SRM-SECY-93-087, SECY-93-087Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, dated July 21, 1993 (ADAMS Accession No. ML003708056), so the staff will continue to provide the Commission with information and recommendations, as appropriate, related to any emerging policy issues associated with NEIs proposal.

The Commissioners 5 On February 23, 2021, the NEI submitted NEI 17-06, Revision 0, Guidance on Using IEC 61508 SIL Certification to Support the Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Related Applications, to the NRC for review. NEI 17-06 clarifies how licensees can use safety integrity level (SIL) certification in their commercial-grade dedication programs, which would provide increased access for digital equipment from international vendors. SIL certification confirms that a given piece of commercial digital equipment meets the stated SIL provisions in International Electrotechnical Commission Standard 61508-2010, Functional safety of electrical/electronic/programmable electronic safety-related systems. The staff plans to complete its review of the document by the end of calendar year 2021. If it finds the guidance in NEI 17-06, Revision 0, to be acceptable, the NRC staff plans to endorse the document in a new RG. Presuming acceptability, the staff would complete the RG development process in calendar year 2022.

Nonnuclear Insights The staff is systematically evaluating lessons learned from the Boeing design process and Federal Aviation Administration certification process for the Boeing 737 MAX 8 stabilizer trim control digital modification, including the findings and recommendations from authoritative investigation reports surrounding the 2018 and 2019 crash events of the Boeing 737 MAX 8.

The staff is evaluating this information to identify (1) any significant gaps in the NRCs digital I&C licensing and inspection program and processes, and (2) key elements of the NRCs digital I&C regulatory program and organizational capabilities that should be maintained or improved to ensure the continued safe use of digital I&C in U.S. nuclear plants. To date, the staff has not identified any significant gaps in the NRCs digital I&C regulatory program and will use its evaluation to inform future activities in improving the digital I&C regulatory infrastructure. The staff has shared its preliminary results at the 12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies conference sponsored by the American Nuclear Society in June 2021 (ADAMS Accession No. ML21063A231). The staff also shared its preliminary results with its United Kingdom and Canadian nuclear regulator counterparts at a trilateral meeting on September 10, 2021.

CONCLUSION:

The staff continues to implement improvements to the clarity and reliability of the digital I&C regulatory infrastructure to facilitate the expanded safe use of digital I&C in nuclear reactors while continuing to ensure safety and security. However, while modernization efforts continue, the staff is beginning to transition from digital I&C infrastructure modernization to using the improved modernized infrastructure to review requested licensing and certification actions. The staff continues to extensively engage with external stakeholders on both the development and the implementation of key activities. Also, the staff is continuing to look for opportunities to innovate, to be risk-informed, and to use the Be riskSMART approach as efforts to modernize the digital I&C infrastructure continue in parallel with licensing action reviews.

The staff will continue to provide the Commission with information and recommendations, as appropriate, related to emerging policy issues and the status of the staffs digital l&C infrastructure, licensing, and certification activities.

Licensees are making digital I&C upgrades under 10 CFR 50.59 and are planning for more extensive upgrades that require license amendments using the improved infrastructure. These activities by licensees demonstrate stakeholder confidence in, and the effectiveness of, the staffs digital I&C regulatory infrastructure modernization activities.

The Commissioners 6 COORDINATION:

The Office of the General Counsel has reviewed this paper and has no legal objections.

Signed by Dorman, Dan on 10/25/21 Daniel H. Dorman Executive Director for Operations

ML21253A218 (Package)

ML21253A212 (Annual Update)

SECY-012 OFFICE NRR/DORL/LPL1/PM NRR/DORL/LPL2-1/LA NRR/DEX/EICA/BC NRR/DEX/EICB/BC NAME MMarshall KEntz JJohnston MWaters DATE 9/17/2021 9/21/2021 9/24/2021 9/23/2021 OFFICE NRR/DORL/D NRR/DEX/D QTE OGC NAME BPham EBenner BWeisman DATE 9/28/2021 9/28/2021 9/29/2021 10/7/2021 OFFICE NRR/D EDO NAME AVeil DDorman DATE 10/14/2021 10 / 25 /2021