ML21187A001
ML21187A001 | |
Person / Time | |
---|---|
Site: | 99902046, 05200049 |
Issue date: | 07/31/2021 |
From: | Oklo Inc |
To: | Office of Nuclear Reactor Regulation |
Shared Package | |
ML21184A000 | List: |
References | |
Download: ML21187A001 (31) | |
Text
Performance-Based Licensing Methodology July 2021 Oklo Inc., Non-proprietary Revision 0
Performance-Based Licensing Methodology Executive summary Advanced fission technologies offer a range of beneficial attributes as well as fundamentally different characteristics that set them apart from most commercial plants that the U.S. Nuclear Regulatory Commission (NRC) and predecessor agencies have reviewed and licensed. It has been broadly recognized that regulations cannot remain prescriptive based on assumptions of historical plant types, fuels, coolants, energy spectra, and sizes, which have generally been those of large light water reactors. Instead, regulations should evolve toward specific performance goals related to safety, security, and the environment. It would then be the role of the NRC applicant to prove how their design meets these performance goals, instead of attempting to either comply with or exempt from specific and possibly outdated or inapplicable requirements.
As Oklo Inc. (Oklo) developed the Aurora at the Idaho National Laboratory Site (Aurora-INL) combined license application (COLA), it became clear that new methods for license application development and review would be necessary to demonstrate compliance with the regulations.
This is true both because of the fundamental differences between the Aurora powerhouse and historical designs, and because the safety-by-design - as well as the security-by-design- of the Aurora powerhouse relied primarily not on active component function, or even passive component function, but inherent characteristics (i.e., features). From design to construction to operation, the methods for analyzing, tracking, and ensuring the key functions and features of the design had to take on a novel approach, rather than the historically assumed binaries for active and even passive component function (e.g., failed or not and safety-related or not).
This topical report describes a performance-based licensing methodology created as a solution to these needs and challenges, and Congress has mandated through the Nuclear Energy Innovation and Modernization Act1 that the NRC consider such an approach. A performance-based licensing methodology is ultimately necessary for the commercial entities in the U.S. who are working to bring the promise of advanced fission technologies to the market, both because a performance-based methodology can be technology-inclusive, as mandated by Congress, and because it can make reviews of the range of technologies more effective and efficient than piecemeal translations of past prescriptive requirements. This approach can substantially reduce the regulatory risk that U.S. companies assume when designing new technologies and can streamline the effort of the regulator, by explicitly identifying the regulatory controls used to demonstrate the safety of as-built systems, from design to construction to operation of those facilities.
It is in the public interest for the NRC to license plants with improved safety characteristics, in particular passive functions and inherent features. Further, it is in the public interest to ensure that regulatory controls are more efficiently and effectively applied directly to these functions and features. A better regulatory framework both ensures designs that are safe and facilitates the commercialization of advanced nuclear power.
The NRC has indicated for many years that it is ready to receive and review applications for advanced fission technologies and, specifically, that it is ready to regulate in a performance-based manner. The NRC acceptance of the Aurora-INL COLA further showed this aptitude and 1 S.512 - Nuclear Energy Innovation and Modernization Act of 2019, 115th Congress (2017-2018),
https://www.congress.gov/bill/115th-congress/senate-bill/512/
Oklo-2021-R20-NP, Rev. 0 2
Performance-Based Licensing Methodology inclination. Such applications will necessarily deviate from existing guidance, but ultimately all applications must outline how the regulatory requirements are met. The shift to reviewing these advanced technologies therefore requires that applications be submitted using performance-based approaches and that they are reviewed against performance-based objectives.
This topical report describes a performance-based approach for assessing the functions and features of a design for their relevance to safety, and developing and tracking the appropriate regulatory controls to uphold those functions and features from design to construction to operation. These regulatory controls include design bases, design commitments, and programmatic controls (pre-operational testing, startup testing, license conditions, technical specifications, and quality assurance). Collectively, the regulatory controls are developed with defense-in-depth in mind, and assure the safety of the plant throughout the lifecycle of the facility. The methodology described in this report is an alternative approach to traditional structure, system, and component (SSC) classification, and it specifically describes how quality assurance is applied as one among a suite of programmatic controls. This topical report stands alone but may be used as a companion document with the Maximum Credible Accident topical report, which describes how to identify a bounding licensing basis event and how to incorporate defense-in-depth in the analysis of the bounding event.
The approach proposed by Oklo complies with the requirements in Title 10 of the Code of Federal Regulations, but it does not commit to existing voluntary regulatory guidance for light water reactors. The proposed performance-based licensing methodology is presented in this report and is an appropriate fit not just for the new designs proposed by Oklo, but in principle for all new technologies presented to the NRC for licensing.
Oklo-2021-R20-NP, Rev. 0 3
Performance-Based Licensing Methodology Table of contents Executive summary ................................................................................................................. 2 1 Purpose ................................................................................................................................... 5 2 Safety-by-design approach ................................................................................................. 6 3 Regulatory requirements for assurance of safety ........................................................ 8 3.1 Safety-related structures, systems and components definition in 10 CFR 50.2 ................................................................................................................................. 9 3.2 Performance-based safety-related functions and features ...................... 10 4 Methodology to develop regulatory controls ............................................................... 12 4.1 Overview .................................................................................................................. 12 4.2 Identifying licensing basis event(s) ................................................................... 12 4.3 Establishing evaluation criteria for functions and features ....................... 13 4.4 Classifying functions and features .................................................................... 14 4.4.1 Evaluation approach.......................................................................................... 14 4.4.2 Evaluation against supporting criteria ............................................................ 15 4.4.3 Evaluation against acceptance criteria ............................................................ 15 4.5 Assigning design bases and commitments ....................................................... 16 4.6 The role of quality assurance as a programmatic control: assigning quality assurance requirements .................................................................................... 17 4.6.1 Quality assurance approach.............................................................................. 17 4.6.2 Application of quality assurance....................................................................... 18 5 Conclusion and expectations for NRC review ............................................................. 20 Appendix A Performance-based structure ...................................................................... 22 A.1 Overall application structure ............................................................................. 22 A.2 Introduction to performance-based application elements .......................... 23 A.3 Components of the performance-based application...................................... 24 A.3.1 Regulatory controls ............................................................................................ 24 A.3.2 Design bases and design commitments ............................................................ 25 A.3.3 Performance-based programmatic controls ...................................................... 25 A.3.4 Operational bases .............................................................................................. 26 A.4 Organization of the performance-based application components ............. 27 A.4.1 Description and analysis of SSCs ..................................................................... 28 A.4.2 Transient analysis ............................................................................................. 28 A.4.3 Programmatic controls ...................................................................................... 29 A.4.4 Principal design criteria .................................................................................... 29 Oklo-2021-R20-NP, Rev. 0 4
Performance-Based Licensing Methodology 1 Purpose The purpose of this topical report is to describe the performance-based licensing methodology that Oklo Inc. (Oklo) uses for identifying the functions and features (i.e., inherent characteristics) of the design that impact safety, and for assuring these functions and features are upheld throughout the lifecycle of the plant, including: construction, pre-operational testing, startup testing, and operation. Oklo Power LLC is requesting U.S. Nuclear Regulatory Commission (NRC) review and approval of the methodology outlined in this report.
This topical report describes a performance-based approach for assessing the functions and features of a design for their relevance to safety, and developing and tracking the appropriate regulatory controls to uphold those functions and features from design to construction to operation. These regulatory controls include design bases, design commitments, and programmatic controls (pre-operational testing, startup testing, license conditions, technical specifications, and quality assurance). Collectively, the regulatory controls are developed with defense-in-depth in mind, and assure the safety of the plant throughout the lifecycle of the facility. The methodology described in this report is an alternative approach to traditional structure, system, and component (SSC) classification, and it specifically describes how quality assurance is applied as one among a suite of programmatic controls. This topical report stands alone but may be used as a companion document with the Maximum Credible Accident topical report, which describes how to identify a bounding licensing basis event and how to incorporate defense-in-depth in the analysis of the bounding event.
Oklo initially developed this topical report to support the review of the Aurora at the Idaho National Laboratory Site (Aurora-INL) combined license application (COLA). Some references are contained in this report that identify how this approach is specifically utilized for the Aurora-INL COLA. However, this topical report illustrates a methodology that may be used by any advanced fission applicant and would be expected to be extensible to any design type and any site.
Oklo-2021-R20-NP, Rev. 0 5
Performance-Based Licensing Methodology 2 Safety-by-design approach A philosophy at Oklo is to factor in safety as early as reasonable in the design process, which is made possible through an iterative design process. Figure 2-1 schematically shows a simplification of the iterative design process, which has the following components:
- Isolated component analyses demonstrate that components meet the relevant system requirements.
- Analyses of normal operations demonstrate the overall behavior of the system.
- Preliminary safety analyses demonstrate the full system response to a wide range of conditions.
- Probabilistic risk assessment provides risk insights for the system.
At each stage, insights gained during the iterative design process could prompt design changes and improvements, resulting in a process that continuously improves the design from both a performance perspective and a safety perspective. As the complexity of the design increases with each redesign, the analysis advances in parallel, becoming more complex and more mature.
Figure 2-1: Iterative design process Throughout this iterative design process, aspects of the system that may be relevant to safety are identified and characterized. Generally, safety characteristics that are rooted in passive functions or inherent features are favored over those rooted in active functions. The results of these analyses inform design changes and simplifications that are used to continuously improve the safety profile of the system. This iterative design process results in a safety-by-design approach that yields simpler designs with clear safety profiles.
Ultimately, the functions and features relevant to safety that are identified during this iterative design process become candidates for regulatory controls during the implementation of the performance-based licensing methodology, as described in Section 4. Further, during the implementation of the performance-based licensing methodology, design iteration may continue as additional insights into system behavior are obtained.
Oklo-2021-R20-NP, Rev. 0 6
Performance-Based Licensing Methodology This ability to continually iterate is a key component of the performance-based licensing methodology described in this report and stands in contrast to the application of a prescriptive licensing approach to an existing reactor design. When applying a prescriptive approach, blanket assumptions are made about which components or systems are relevant to safety.
Further, practical considerations limit the scope and flexibility of potential design changes or modifications for a system that is already designed. The performance-based licensing methodology instead provides a systematic framework that evaluates the safety relevance of functions and features and proposes the corresponding regulatory controls to the regulator. The result is the flexibility to design the system and the regulatory controls from the ground up with a focus on safety from the beginning.
Oklo-2021-R20-NP, Rev. 0 7
Performance-Based Licensing Methodology 3 Regulatory requirements for assurance of safety The regulations do not require a classification of components to be submitted with license applications, and the historically-applied method of safety classification is technology-dependent on reactors that are both large and water-cooled. Although there is no regulation requiring classification of components regarding safety, there are regulations requiring certain actions regarding the assurance of safety-related performance.2 For example, the quality assurance requirements in Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, are to be applied to all activities affecting the safety-related functions of those structures, systems, and components.
Component classification is a widely used term in the nuclear regulatory space and is generally interpreted as the significance of the components functionality to the safety of the plant. Often, the term safety classification is used in place of component classification, and there is confusion in the meaning of the terms. Further, safety classification is not used, not defined, and not required by 10 CFR and is therefore not a regulatory requirement for the filing of an NRC license application.3 The ultimate purpose of what is commonly referred to as component classification or safety classification is to provide a framework in which different programmatic controls, including quality assurance, can be applied to assure the relevant safety function. The scope of the regulator is to assure those functions that are required for the safe operation of the facility.
Safe operation of the facility is one during which dose does not exceed the regulatory limits of 10 CFR.
The quality assurance framework utilized by the nuclear industry today is from over 50 years ago and served its purpose in a period before widespread industrial quality assurance (e.g.,
broad industrial implementation of International Organization for Standardization (ISO) standards and six sigma) were available. Binary tagging of systems or components with safety-related or not both creates excessive burden on design, manufacturing, and operation and has the potential to lose sight of the specific functions for which the system or component was originally designed to be safety-related. As a result, it does not optimally fulfill the quality requirements of Appendix B to 10 CFR Part 50, which has to do with ensuring specific functions of SSCs.
Advanced fission technologies are generally much smaller and rely more on passive functions and inherent features than the currently operating large light water reactor fleet. The terms functions and features are used throughout this document intentionally to delineate between the safety characteristics of advanced fission technologies. Specifically, functions can be active or passive4 and are typically performed by mechanical or electrical systems or components (e.g.,
valve actuation, shutdown rod insertion). Features are aspects of the design that are usually 2 Safety-related is defined in 10 CFR 50.2, Definitions, as described further in Section 3.1.
3 Oklo conducted an exhaustive review of how terms relating to safety have been used, both historically and in recent industry regulatory interaction, which informed the methodology presented in this topical report.
4 Previous performance-based industry and regulator work has heavily focused on the enhanced safety characteristics of passive functions. This topical report builds on that framework and includes considerations for inherent features of advanced fission technologies.
Oklo-2021-R20-NP, Rev. 0 8
Performance-Based Licensing Methodology inherent (e.g., heat transfer properties, structural configurations) and are intrinsic to the physical specifications of the design. This delineation is important because it underlies the safety characteristics of many advanced fission technologies, and also because the engineering design and analysis is fundamentally different depending on whether it is applied to a function or a feature.
For example, when analyzing the resultant effects of the failure of a function or feature in an event, it is important to be clear what a failure of the function or feature would realistically entail. Analysis of a failed active function could include an increase or decrease in response time or actuation, and analysis of active components often assumes a binary of whether that active component fails or does not fail. On the other hand, the analysis of a failed inherent feature, such as a material property, could include applying a percentage of degradation or enhancement. As each function or feature is analyzed, the resultant effects of the failure on safe operation should be critically assessed. The assignment of safety-related should be deliberate and should focus on the specific functions and features that ensure safety is upheld, rather than being an automatic labelling of SSCs that appear similar to the safety-related SSCs of large light water reactors.
The performance-based licensing methodology described in this document presents one method for assuring the safety of the facility that explicitly identifies the safety-related functions and features based on a systematic analysis of the system and applies the appropriate regulatory controls to ensure that they are upheld. This is a more systematic methodology for identifying and assuring key functions and features, and a critical improvement over a possible mis-application of definitions and methodologies developed both in the past and for different technologies.
3.1 Safety-related structures, systems and components definition in 10 CFR 50.2 The definition of safety-related structures, systems, and components in 10 CFR 50.2 is replicated below:
Safety-related structures, systems and components means those structures, systems and components that are relied upon to remain functional during and following design basis events to assure:
(1) The integrity of the reactor coolant pressure boundary (2) The capability to shut down the reactor and maintain it in a safe shutdown condition; or (3) The capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures comparable to the applicable guideline exposures set forth in § 50.34(a)(1) or § 100.11 of this chapter, as applicable.
Of specific note is that this definition uses safety-related in the context of SSCs. This 10 CFR 50.2 definition is not applied in this performance-based methodology because it is in the context of a component-based analysis and in the context of the currently operating fleet of large light water reactors.
Oklo-2021-R20-NP, Rev. 0 9
Performance-Based Licensing Methodology The NRC included this definition in its regulations after the first large light water reactors had already been operating for several years.5 The concept of safety-related structures, systems, and components was first incorporated into NRC regulations in 10 CFR Part 100, Appendix A, Seismic and Geologic Siting Criteria for Nuclear Power Plants, in November 1973. The first regulation in 10 CFR Part 50 to include a definition of safety-related structures, systems, and components was 10 CFR 50.49, Environmental Qualification of Electric Equipment Important to Safety for Nuclear Power Plants, in January 1983. In December 1996, when the NRC amended its regulations to update the criteria used in decisions regarding power reactor siting, including geologic, seismic, and earthquake engineering considerations for future nuclear power plants, it added the definition of safety-related SSCs to 10 CFR 50.2. The NRC based the definition of safety-related on the technology that had been operating in the U.S.: large light water reactors.
Although advanced fission technologies might have systems that are like the systems in large light water reactors, the methodology proposed in this topical report describes safety-related in the context of functions and features, which supports 10 CFR 50 Appendix B, not in the context of a component-based approach. This is a key difference in the interpretation of the language and the main reason why the 10 CFR 50.2 definition is not applied in this methodology.
Further, the 10 CFR 50.2 definition presents a combination of systems that are needed to meet the safety-related SSCs definition to achieve the philosophy of defense-in-depth for large light water reactors.6 The definitions in 10 CFR are not regulatory requirements themselves, however, the NRC staff have drafted a position on compliance with NRC requirements that reference definitions from 10 CFR 50.2. The draft position states that an applicant may elect, for technology-specific purposes, to utilize an alternative definition to the definition in 10 CFR 50.27. While this position on non-applicabilities is still in draft form as of the submittal of this topical report, in such cases where an alternative definition to the term safety-related is chosen by an applicant, the applicant should consider the impacts on requirements that reference the 10 CFR 50.2 definition of safety-related structures, systems, and components. It should also be noted that as of the submittal of this topical report, there is neither a performance-based safety-related definition, nor a definition for safety-related functions or features.
3.2 Performance-based safety-related functions and features Oklo is proposing a more straightforward approach to classification than has been discussed in recent years. Functions and features are either considered to be safety-related or not, although a subset may have augmented regulatory controls. Following performance-based acceptance criteria ensures that this methodology is performance-based, as described in Section 4.3. And 5 See Definition of Safety-Related Structures, Systems, and Components; Technical Amendment, 62 Fed. Reg. 47268 (Sept. 8, 1997).
6 As stated in numerous NRC references, including NUREG-0578, TMI-2 Lessons Learned Task Force Status Report and Short-Term Recommendations, The underlying philosophy of nuclear reactor safety has provided multiple levels of protection against the release of radioactivity, i.e., the concept of defense in depth. It includes diversity and redundancy of various safety functions and systems and multiple physical barriers (the fuel, the cladding, the primary coolant boundary, and the containment)"
7 Appendix to NRC Staff Draft White Paper: Analysis of Applicability of NRC Regulations for Non-Light Water Reactors, February 2021 (ML20241A017).
Oklo-2021-R20-NP, Rev. 0 10
Performance-Based Licensing Methodology as described in Section 4.4, those functions and inherent features that are determined to be safety-related are assigned regulatory controls, including design bases, design commitments, and programmatic controls. Among those programmatic controls are the quality assurance requirements of 10 CFR Part 50, Appendix B. The application of quality assurance requirements is discussed further in Section 4.6. Safety-related features are then treated as critical characteristics which can be assured using standards for commercial grade dedication which focus on assuring critical characteristics for SSCs.
As described in Section 4.4, this performance-based licensing methodology evaluates functions and features based on whether they are required to meet the acceptance criteria of the licensing basis event analysis. Functions and features that are required to meet the acceptance criteria are deemed safety-related. This implicitly creates a performance-based definition of safety-related that depends both on this methodology and the methodology used for the licensing basis analysis. In the case of the Aurora-INL COLA, which uses the methodology prescribed in the MCA topical report, the resulting definition rests on a single acceptance criterion, the Dose Acceptance Criterion. As a note, this criterion is similar to part (3) of the 10 CFR 50.2 definition for safety-related SSCs.
The performance-based licensing methodology systematically determines whether each function or feature is required to meet the acceptance criteria (and when paired with the MCA methodology, the Dose Acceptance Criterion) and assigns safety-relation to each function accordingly. As an example, this allows for an inherently safe reactor design to reach a safe and stable end state, in which the accident cannot further progress, without requiring shutdown; therefore, that shutdown function may not need to be designated as safety-related.
Oklo-2021-R20-NP, Rev. 0 11
Performance-Based Licensing Methodology 4 Methodology to develop regulatory controls 4.1 Overview The safety-by-design approach employed by Oklo, and described in Section 2, involves analyses of normal operations and transients, as well as incorporation of risk insights. This process iteratively develops a deep understanding of system behavior and helps to identify aspects of the design that may be relevant to safety. The iterative design process generally results in a mature system model that can be used to evaluate the system response to a broad spectrum of transients. This system model is designed to capture the relevant physics of the reactor system with the ability to perturb inputs, models, and assumptions. The methodology described in this topical report uses the resulting system model to formally identify the functions and features with relevance to safety and applies the appropriate regulatory controls to assure those functions and features.
The implementation of the performance-based licensing methodology can begin as soon as the design is sufficiently stable and the system model is sufficiently representative of the design.
Both of these determinations are at the discretion of the designer. A key benefit of this methodology is that preliminary implementation can begin while the design is still fluid enough to be improved in response to insights gained over the course of its implementation. This means that, like the iterative design process described in Section 2, the assignment of regulatory controls is also iterative. Ultimately, once a final design has been reached, a final iteration of assigning regulatory controls is conducted prior to submitting a license application to the NRC.
The goal of the performance-based licensing methodology is to systematically determine the functions and features of the design that have relevance to safety, and to implement the appropriate regulatory controls to uphold those functions and features over the entire lifecycle.8 The primary method for determining relevance to safety is through the analysis of licensing basis event(s).
4.2 Identifying licensing basis event(s)
The process of implementing the performance-based licensing methodology begins with identifying the licensing basis event(s) for the system. The events are identified using a licensing basis event selection methodology that is independent of the methodology within this topical report.9 The licensing basis event selection methodology also specifies the acceptance criteria and other implementation details for the licensing basis event analysis. These details are outside of the scope of this document, as the performance-based licensing methodology does not prescribe a specific methodology for selecting the licensing basis event(s) and leaves optionality for how the NRC applicant chooses to perform the licensing basis event selection 8 For additional background describing the regulatory controls used, see Appendix A.
9 While this topical report refers to the potential for multiple licensing basis events, the requirement is for one or more, and the final number of licensing basis events will depend on the licensing basis event selection methodology employed. For example, for applications that utilize a maximum credible accident methodology, such as the Aurora-INL COLA, it is appropriate that a single licensing basis event is identified.
Oklo-2021-R20-NP, Rev. 0 12
Performance-Based Licensing Methodology process. One methodology Oklo has employed for licensing basis event selection is the methodology described in the MCA topical report.
While conducting the licensing basis event selection, the design is analyzed to ensure it meets the licensing basis event analysis acceptance criteria. In this way, the licensing basis event selection methodology is used to both identify the licensing basis event(s) and demonstrate that the design performs adequately (i.e., meets the acceptance criteria) in response to the identified events. If the design does not perform acceptably, the appropriate design changes are made, and the licensing basis event(s) are re-identified when a final design is reached. The performance-based licensing methodology then continues by systematically analyzing the licensing basis event(s) to determine which functions and features are relevant to safety and therefore require regulatory controls to ensure that they are upheld.
4.3 Establishing evaluation criteria for functions and features The regulatory relevance of functions and features to the licensing basis event analysis is determined using a set of evaluation criteria. The evaluation criteria consist, at a minimum, of the acceptance criteria for the licensing basis event analysis. In addition to these acceptance criteria, the performance-based licensing methodology allows for the optional establishment of supporting criteria. When implemented, these supporting criteria serve to ease the analysis burden. Supporting criteria can be used to simplify and reduce the required scope of the analysis, providing flexibility in how the design is evaluated. Collectively, the acceptance criteria and any optionally-defined supporting criteria make up the evaluation criteria used to classify functions and features.
Acceptance criteria must be performance-based for this methodology. Generally, acceptance criteria are envisioned to be a performance-based dose criterion ensuring public safety, but the specifics are not prescribed by this methodology. For more discussion on the acceptance criteria used in the Aurora-INL COLA, the companion topical report MCA Methodology may be referenced.
A supporting criterion (or a set of supporting criteria) must be chosen in such a way that they bound the acceptance criteria. In other words, if all supporting criteria are met, all acceptance criteria must also inherently be met. For example, acceptance criteria for licensing basis event analyses are typically based on dose, but supporting criteria may be created for other metrics that impact dose, such as fuel temperature. If it can be shown, for example, that a supporting criterion based on fuel temperature is bounding (i.e., that if an analysis that meets the fuel temperature criterion will inherently meet the dose criterion), analysis of an event that passes the supporting criterion would obviate the need to analyze the event against the acceptance criteria.
If supporting criteria are used, the licensing basis event analysis must also pass all supporting criteria. If the event analysis does not pass the supporting criteria, the event is also analyzed against the acceptance criteria. Failure to pass an evaluation criterion could prompt a change in design, or in some cases, the supporting criteria may be defined inappropriately and require reevaluation. However, the application of the performance-based regulatory controls should be finalized only once the design meets all evaluation criteria for every licensing basis event.
Oklo-2021-R20-NP, Rev. 0 13
Performance-Based Licensing Methodology 4.4 Classifying functions and features 4.4.1 Evaluation approach The methodology identifies the safety relevance of each function and feature of the design as it contributes to the licensing basis event analysis. To make this determination, each function and feature is evaluated individually to determine whether the function or feature is relied on to meet the acceptance criteria and supporting criteria (if defined). Figure 4-1 schematically shows the evaluation process for functions and features described in the following sections.
Figure 4-1: Classification of functions and features The evaluation against the criteria may consist of engineering judgement or additional analysis and should be documented accordingly. In a typical analysis of a function or feature, assumptions related to the functions or feature are perturbed in the context of the licensing basis event analysis to characterize their contribution to meeting the evaluation criteria.
The nature of the perturbation is specific to the function or feature and varies between active functions, passive functions, and inherent features. Depending on the function or feature, this perturbation may be a degradation in a material property, boundary condition, or component performance. For an active component, the perturbation may range from an increase in response time to a failure to actuate. While conducting the licensing basis event analysis, and the perturbations on the analysis, both the functions and features analyzed, and the perturbations of those functions and features, should be based on realistic (best estimate) analysis, as opposed to bounding (conservative) assumptions. However, the use of conservative assumptions may also be utilized, especially when bounding uncertainties.
This methodology considers a function or feature to be relied on to meet an evaluation criterion if the perturbation of that function or feature results in an analysis end state that either exceeds or comes within an unacceptable margin of exceeding the evaluation criterion.
Oklo-2021-R20-NP, Rev. 0 14
Performance-Based Licensing Methodology This methodology does not prescriptively require the magnitude of the margin, but the specific margin (or lack of margin) should be justified by the designer for each criterion.
4.4.2 Evaluation against supporting criteria Each function and feature is first evaluated against supporting criteria if they are defined. As described in Section 4.3, the supporting criteria bound the acceptance criteria, such that if a function or feature is not relied on to meet the supporting criteria, it follows that the function or feature is not relied on to meet the acceptance criteria. In the case that the function or feature is not relied on to meet the supporting criteria, the function or feature is not subject to any requirement to apply regulatory controls. As described in Section 4.5, such functions or features may nevertheless optionally be assigned regulatory controls at the discretion of the designer.
Functions and features that are relied on to meet supporting criteria are subject to a requirement to apply regulatory controls and are evaluated further to determine the appropriate controls.
4.4.3 Evaluation against acceptance criteria Functions and features that either (1) were not evaluated against supporting criteria (i.e., no supporting criteria were defined) or (2) are relied on to meet the supporting criteria are next evaluated against the acceptance criteria of the licensing basis event analysis. All functions and features that are relied on to meet the acceptance criteria are classified as safety-related.
All other functions and features are classified as nonsafety-related.
Safety-related classification A function or feature is classified as safety-related only if that function or feature is relied on to meet the acceptance criteria of the licensing basis event analysis. All other functions and features are classified as non-safety related.
For functions and features that are nonsafety-related (i.e., are not relied on to meet the licensing basis event analysis acceptance criteria), assignment of regulatory controls is dependent on whether supporting criteria were utilized. If no supporting criteria were defined and evaluated, nonsafety-related functions and features are not subject to any requirement to apply regulatory controls.
If supporting criteria were evaluated, and the functions and features are relied on to meet the supporting criteria but are not safety-related, those functions and features are designated for augmented regulatory controls and are subject to regulatory controls as described in Section 4.5.
By the definitions given here, it is possible for a function and feature to be needed in order to meet supporting criteria but not acceptance criteria. While if supporting criteria are met then acceptance criteria will be met, supporting criteria need not be met in order for acceptance criteria to be met. The purpose of the supporting criteria are to ease analytical burden, as described in 4.3, but supporting criteria are also expected to highlight key areas for focus or can be used for increased defense-in-depth. So, although a function or feature may not be safety-related in that it is not relied upon to meet acceptance criteria, its role in meeting supporting criteria is recognized by the application of augmented regulatory controls.
Oklo-2021-R20-NP, Rev. 0 15
Performance-Based Licensing Methodology Further, any other function or feature may be designated for augmented quality treatment at the discretion of the designer, and as a result would have the same requirements for the application of regulatory controls.
Augmented regulatory controls A nonsafety-related function or feature is designated for augmented regulatory controls if that function or feature is relied on to meet a supporting criterion (or a set of supporting criteria).
Any other function or feature may optionally be designated for augmented regulatory controls at the discretion of the designer.
4.5 Assigning design bases and commitments After the evaluation of functions and features, the next step of the performance-based licensing methodology is to assign design bases essential to upholding the appropriate functions and features. The design bases will then be upheld by specific design commitments, which will in turn be upheld by the appropriate programmatic controls in the as-built system. More description of the organization and designation of design bases, design commitments, and programmatic controls with the relevant systems is given in A.4.
The first requirement for the assignment of design bases is that each function and feature that is classified as safety-related must be assigned one or more design bases to ensure that function or feature is upheld. The design basis summary (see Section A.4) will specifically identify the function or feature as safety-related.
Design basis requirement: Functions and features classified as safety-related One or more design bases must be assigned to one or more system(s) to uphold each function or feature that has been classified as safety-related (i.e., a function or feature that is relied on to meet a licensing basis event analysis acceptance criteria).
The second requirement for the assignment of design bases is that each function and feature that is designated for augmented regulatory controls must also be assigned a design basis.
Design basis requirement: Functions and features designated for augmented regulatory controls One or more design bases must be assigned to one or more system(s) to uphold each function or feature of the design that is designated for augmented regulatory controls.
A key step in assigning design bases is to choose the appropriate system for the assignment, and this methodology allows for flexibility in making this choice. For example, the design may employ a shutdown function to respond to specific adverse conditions, and that function may be Oklo-2021-R20-NP, Rev. 0 16
Performance-Based Licensing Methodology identified as requiring the assignment of a design basis. The design may have multiple systems capable of performing that function (e.g., control rods, control drums, or inherent reactivity feedback). The methodology requires that for the purposes of applying regulatory controls, this function be assigned to at least one of these systems. That system is assigned one or more design bases that serve to ensure it maintains the ability to perform the required function.
When functions or features can be assigned to more than one system, there is also flexibility to assign design bases to multiple systems. Ultimately, design bases are used to trigger elevated programmatic controls, including quality assurance treatment (as described in Section 4.6), and there is flexibility to apply this elevated treatment beyond the minimum requirements.
Each design basis requires certain commitments be met (i.e., design commitments) to ensure the design basis is upheld. These design commitments could be related to a specific quantitative measure of performance (e.g., a time limit or a reactivity worth), or they could be related to the configuration of a system (e.g., the use of a specific type of component). Many of these design commitments correspond with specific modeling assumptions that are incorporated into the final system model. Design commitments are verified through programmatic controls that validate both the as-built system and the modeling assumptions used in the analysis.
Examples of what design commitments look like, and how they support design bases, are given in Section A.4. Programmatic controls include testing, technical specifications, and quality assurance. Ultimately, programmatic controls ensure the safety of the as-built design.
4.6 The role of quality assurance as a programmatic control:
assigning quality assurance requirements 4.6.1 Quality assurance approach A facility that operates well will also operate safely. Whether a component is treated under the regulatorily-required quality assurance described in this section or treated separately under owner-controlled quality assurance (e.g., when relied on only for functions and features not required to be upheld by design bases), it is of great importance to Oklo or any owner and operator to maintain a reliable and safe system.
Through this performance-based licensing methodology, Oklo is proposing a streamlined and clear method of classifying functions and features of the system as safety-related or nonsafety-related, and of applying the appropriate regulatory controls to ensure those functions and features are upheld. Quality assurance is a key component of the programmatic controls (described in more detail in Section A.3.3) that ensure the safety of as-built systems.
As described in Sections 4.4 and 4.5, the process of implementing the performance-based licensing methodology identifies specific functions and features that require design bases and the subsets of those functions and features that are classified as safety-related and that are designated for augmented quality. This section describes how this treatment of functions and features is translated to the specific systems, sub-systems, components or portions of components, that perform the relevant function or feature. It also describes how quality assurance is applied in accordance with Oklo, Inc. Quality Assurance Program Description (QAPD): Design and Construction OKLO-2019-14-NP, Rev.1, (referred to as the Oklo QAPD).
The two parts of the Oklo QAPD that are relevant to this methodology are the following:
- 1. Part II, "Quality Assurance Program Description Details" Oklo-2021-R20-NP, Rev. 0 17
Performance-Based Licensing Methodology
- 2. Part III, "Nonsafety-Related SSC Quality Control," Section 1 The relationship of Part II and Part III, Section 1 (referred to in short as Part III) of the QAPD to this methodology are described in the below sections.
4.6.2 Application of quality assurance Quality assurance requirements of the Oklo QAPD are applied to all functions and features that are assigned design bases. Safety-related functions and features must be treated under Part II of the QAPD and follow the quality assurance requirements of 10 CFR Part 50, Appendix B.
Nonsafety-related functions and features designated for augmented regulatory controls must be treated under Part III of the QAPD.10 Functions and features that are not assigned design bases are not subject to regulatory controls, and therefore are subject to Oklos owner-controlled quality assurance program. Part III refers only to the application of regulatorily-controlled, not owner-controlled, quality assurance.
Regardless of the level of regulatorily-required quality assurance (i.e., Part II or Part III), for practical application the quality assurance requirements on a function or feature must be assigned to specific system(s), sub-system(s), component(s) or portions of component(s) that perform the function or embody the feature. The quality assurance requirements are scoped specifically to ensure the required function or feature, as required by 10 CFR Part 50, Appendix B, which is to be applied to all activities affecting the safety-related functions
[emphasis added] of those structures, systems, and components.
For example, consider a design basis that is created to uphold a specific feature of fuel, with corresponding design commitments that provide specificity as to the aspects of the fuel that must be upheld. The design basis would be assigned to the system that contains the fuel (e.g.,
the reactor core system). For the purposes of organization and clarity, all design bases related to the reactor core system are presented together in the license application. For quality assurance purposes, a subset of the reactor core system must be identified to uphold this feature. In this case, the fuel is the component that would be identified for higher quality assurance treatment, and the inherent feature to be upheld would become the critical characteristic of that component which must have quality assurance. For instance, the design control would be applied to factors that affect that feature, the procurement would have specifications related to that feature, shipping would ensure that feature was protected, and so forth. In other words, the resulting quality assurance requirements would be focused specifically on activities related to the feature of the fuel that the design commitment specifies, not broadly applied to all activities affecting the fuel.
This approach also provides important benefits when implementing change controls. If an SSC is classified as safety-related without specification of the function or feature that triggered that classification, it may be unclear to various stakeholders (e.g., designers, design reviewers, manufacturers, shippers) what aspect(s) of the SSC are necessary to uphold the safety of the facility. As a result, when modifications are required, it will not be clear how the modifications might affect these important aspects. We expect this methodology, with clear ties to the 10 Non-safety related functions and features may optionally be treated under Part II of the QAPD at the discretion of the designer, as the requirements of Part II exceed the requirements of Part III.
Oklo-2021-R20-NP, Rev. 0 18
Performance-Based Licensing Methodology functions and features of importance, to pay dividends not just in safety but also in timeliness to respond to issues, and improved efficiency at multiple levels.
In summary, elevated quality assurance is based on the classification of functions and features, but ultimately applied to specific systems, sub-systems, components or portions of components that ensure those functions or embody those features. This result ensures that unlike with the rote application of safety-related definitions developed for different technologies, the proper functions and features are identified for the application of quality assurance, and the application of quality assurance is properly scoped to ensure those functions and features.
Oklo-2021-R20-NP, Rev. 0 19
Performance-Based Licensing Methodology 5 Conclusion and expectations for NRC review The performance-based licensing methodology described within this report is specifically geared towards developing a license application for a new design. The methodology is designed to clearly identify the functions and features of the system that are relevant to safety and to create the proper regulatory controls to uphold those functions and features. The resulting license application is scoped to contain the appropriate level of information to evaluate the sufficiency of these regulatory controls, while significantly reducing or excluding information about design aspects that do not have importance to safety.
For this approach to be successful, the applicant and the NRC staff must first agree on the methodology employed, then come to agreement on the particulars of the given application of the methodology. The purpose of this report is to achieve the former, an agreement on the methodology employed. The latter is achieved after a license application is submitted, accepted, and docketed. Once the license application review is underway, the first step should be to verify proper application of this performance-based licensing methodology. The next step should be to verify that the design bases and their relevant design commitments and programmatic controls are adequate. A successful regulatory review concludes that the presented license application follows this performance-based licensing methodology and supports it through the commitment to an adequate set of regulatory controls. The confirmation of the regulatory controls occurs during construction, pre-operational testing, and startup, and is likely carried out through regulatory audits and inspections. Ultimately, this performance-based licensing methodology proposes an approach that prohibits any new design from achieving key operational milestones without satisfying all of its regulatory controls.
As described throughout this document, this entire process is iterative. It is expected that additional iterations will take place during the review phase with the NRC staff, as technical or procedural questions are asked. The performance-based licensing methodology facilitates this iteration, and successful regulation of new designs will depend on the flexibility that this approach offers. However, that flexibility is only possible if the applicant and the NRC staff agree that the employed methodology is appropriate, and critically, is only constructive if the review of the license application is focused on ensuring that the methodology is appropriately applied.
Where the NRC staff sees design details that appear to be missing from the license application, these details should be clearly tied to a design commitment that would justify including those details. Where a design commitment appears to be missing, it should be clearly tied to a design basis (and by extension, to a function or feature requiring regulatory control) and a concern that the design basis will not be properly upheld without the additional commitment. Similarly, where a function or feature is not regulatorily controlled, but the NRC staff believes it should be, the potential deficiency in the design, the system model, or the licensing application that led to the exclusion of this function or feature should be identified. This will ensure that review resources are efficiently focused on the relevant functions and features of the proposed design.
When this method is diligently followed by both the applicant and NRC staff, the result is increased regulatory efficiency. Oklo has already seen the benefit of this approach over the course of reviewing the Aurora-INL COLA, where productive interactions with the NRC staff that have resulted in new design commitments, demonstrating the potential for the iterative review process.
The rigorous application of this performance-based licensing methodology and the resulting performance-based license structure have the potential to facilitate substantially more focused Oklo-2021-R20-NP, Rev. 0 20
Performance-Based Licensing Methodology license application reviews as well as targeted, right-sized, and efficient oversight long into the life of the plant. These benefits derive from the comprehensive and honed set of regulatory controls established during the application of this methodology, agreed upon during the review and put in motion with the granting of a license. This methodology is systematic, and the structure developed strives to clearly communicate the resulting regulatory controls. Oklo is confident that this methodology can be successful and is committed to its continued improvement as lessons are learned from its implementation.
Oklo-2021-R20-NP, Rev. 0 21
Performance-Based Licensing Methodology Appendix A Performance-based structure This appendix includes a description and discussion of how the performance-based licensing methodology can be put into a logical structure based on NRC regulations while maintaining a technology-independent structure. In particular, the Aurora-INL COLA is used as an example, although it is expected each major element of the Aurora-INL COLA could be accomplished in a similar way for COLAs for different designs. The performance-based licensing methodology does not require the use of the companion MCA methodology topical report, however in this appendix there are several areas where the discussion of the Aurora-INL COLA also assumes the use of this companion methodology.
A.1 Overall application structure Starting in preapplication discussions with the U.S. Nuclear Regulatory Commission (NRC) in 2016, it became apparent that the application structure prescribed for large light water reactors would not be appropriate for an advanced reactor with substantially different characteristics.
These characteristics include, but are not limited to: fuel type, coolant, thermal power, neutron spectrum, plant layout, and site footprint. This structure, like the structure assembled in the consortium that proposed the Technology Inclusive Contents of Application Project (TICAP), is based on requirements from 10 CFR Part 52 for a combined license application. This structure is directly applicable for combined license applications; however, it is expected that the key elements related to the performance-based methodology could be structured in a similar way regardless of the regulatory pathway for design and/or licensing.
In 2018, Oklo Inc. (Oklo) presented an alternate application structure built directly from the regulatory requirements, which are provided in Title 10 of the Code of Federal Regulations (10 CFR), specifically:
- 10 CFR 52.77, Contents of applications; general information
- 10 CFR 52.79, Contents of applications; technical information in the final safety analysis report
- 10 CFR 52.80, Contents of applications, additional technical information This structure piloted with the NRC in 2018 was then honed along with interactions with the NRC staff until the final structure utilized for the COLA. Following 10 CFR 52.77, 10 CFR 52.79, and 10 CFR 52.80 effectively gives four primary parts to the COLA, including the final safety analysis report (FSAR). These four primary parts are the following:
- Part I: Company information and financial requirements (10 CFR 50.33 requirements, from 10 CFR 52.77)
- Part II: FSAR (from 10 CFR 52.79)
- Part VI: Proposed license conditions, including the proposed inspection, tests, analysis, and acceptance criteria (ITAAC) (from 10 CFR 52.80(a))
- Part III: Environmental Report (from 10 CFR 52.80(b))
Oklo-2021-R20-NP, Rev. 0 22
Performance-Based Licensing Methodology Three other parts are added to this structure or separated out from the FSAR requirements section to mimic past application structures:
- Part IV: Technical Specifications (which is separated out into its own part of the application from a regulatory subsection for the FSAR, 10 CFR 52.79(a)(30))
- Part V: Non-applicabilities and requested exemptions
- Part VII: Enclosures (which include certain plans referenced in and required for the application, as well as other key supporting documents)
Using this format clearly and intentionally ties the licensing application to the regulations. In general, the order of the FSAR chapters follow the order of the regulations, with the exception of sections that are not applicable or have requested exemptions (these are addressed in Part V of the application but are not the focus of this document). Each major part of the application and each chapter of Part II begins with a section stating the purpose as given in the regulation, to make the tie to the regulation clear. This structure is also envisioned to aid the NRC staff in the writing of a safety evaluation for the approval of the license application since each section of the license application includes the clear regulatory requirement that it should be evaluated against.
Oklo had conversations with the NRC staff regarding the forthcoming application structure during pre-application, and in late 2018, Oklo completed a pilot of DG-1353 for a novel application structure, documented in, Oklo Inc., DG-1353 Pilot: Submittal to Support NRC Development and Implementation of DG-1353, September 2018. This draft guidance, DG-1353, is the basis and largely similar in content to NEI 18-04, Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, Revision 1, issued August 2019.
This structure was then used for the Aurora at Idaho National Laboratory (Aurora-INL) combined license application (COLA), with some revisions based on lessons learned from the DG-1353 pilot. In 2020, the NRC accepted the Aurora-INL COLA for review, showing NRC flexibility to work with a novel technology and a new application structure.
A.2 Introduction to performance-based application elements The performance-based licensing methodology and the resulting performance-based application structure employed by Oklo are designed to achieve multiple, related goals:
- Make clear, explicit commitments to uphold the safety characteristics of the system
- Scope licensing actions to include the information required to evaluate the sufficiency of these commitments, while including only a limited amount of information about system characteristics that do not affect safety
- Tie these commitments to specific programmatic controls, including quality assurance, which ensure the commitments are met at all key phases during the plant lifecycle This flexibility is central to the success of the performance-based licensing methodology. The ability to bring forth designs for regulatory review earlier in the design process is critical to enabling the successful licensing of advanced reactors, both for the regulator and the designer.
Oklo-2021-R20-NP, Rev. 0 23
Performance-Based Licensing Methodology Applying clear regulatory controls, with specific and actionable design commitments verified by programmatic controls, is one way of enabling this approach.
Oklo has designed a performance-based licensing methodology that is explicit about the commitments being made and the programmatic controls that are used to ensure those commitments. This explicit treatment allows for clear focus points for the NRC staffs review, which should seek to determine whether the commitments that have been made are sufficient (i.e., that the commitments comprehensively ensure the performance of the applicable functions and features), and to determine whether the programmatic controls that have been specified are sufficient to ensure that the commitments are met. The following sections describe the performance-based structure that Oklo employs to make these commitments clear and actionable.
A.3 Components of the performance-based application A.3.1 Regulatory controls The building blocks of the performance-based license application structure are referred to as regulatory controls. These controls can be thought of collectively as the levers at the disposal of the applicant and the regulator to ensure that the safety of the design is upheld. Figure A-1 graphically summarizes the regulatory controls employed by this methodology, and the following sections describe each of the controls in more detail.
Figure A-1: Summary of regulatory controls Oklo-2021-R20-NP, Rev. 0 24
Performance-Based Licensing Methodology A.3.2 Design bases and design commitments The most fundamental regulatory controls in the performance-based licensing methodology are design bases and design commitments. Design bases are the characteristics of a system that ensure the safe operation of the reactor. Most major systems in the reactor have at least one design basis, but some systems that are not relied on for safe operation may not have any design bases. Each design basis has one or more design commitments, which are the specific commitments made to ensure that the design basis is met. The design aspects that ultimately become design bases are first identified during the iterative design process (described in Section 2), and later codified as regulatory controls during the application of the performance-based structure (described in Section 4.5).
Oklo also uses a concept called key dimensions, which are treated as design bases. Key dimensions are the dimensions with first-order importance to determining the neutronic and thermal-hydraulic behavior of the system, and therefore the dimensions that have importance to safety. These dimensions are fundamental in the description and the analysis of systems and their design bases, and therefore treated as design bases themselves within the performance-based application structure.
A.3.3 Performance-based programmatic controls This methodology culminates in programmatic controls that are designed to verify adequate performance of the as-built system. These programmatic controls include preoperational tests (POTs), inspections, tests, and analysis acceptance criteria (ITAAC), startup tests (SUTs),
technical specifications (TS), and quality assurance (QA). Collectively, these programmatic controls ensure that the fabrication and erection and operation of the structures, systems, and components (SSCs) is done in a way that each of the associated design commitments are met.
The programmatic controls function to verify that the design commitments are met (i.e., that the as-built system is as described) and to provide assurance that the assumptions in the safety analysis are valid (i.e., that the modeled system is representative of the as-built system). This direct tie between the system model and the as-built system, with explicit tests designed to confirm the validity of each key assumption in the safety analysis, is a key enabler of the performance-based licensing methodology.
The performance-based nature of the programmatic controls also provides critical flexibility. Rather than provide specific fabrication or erection methods that will be used for each SSC, analyses are provided that show which functions or features of each SSC are important, specific practical and quantifiable commitments are made to ensure those characteristics will be met, and those characteristics are verified by a comprehensive testing program after the SSCs are fabricated and erected. This approach is particularly important for the construction of a first-of-a-kind facility, because it offers flexibility in how commitments are met and reduces the burden of conducting an expansive test program prior to the beginning of the licensing process, while still establishing a systematic method for demonstrating the safety of the as-built facility.
The Initial Test Program (ITP) consists of the tests conducted prior to normal operations (i.e.,
preoperational tests and startup tests), with completion of these tests required to meet an ITAAC. Because the completion of preoperational tests is required by an ITAAC, this approach offers assurance that a reactor that does not meet the design commitments cannot start up or operate. The Technical Specifications ensure that the design commitments that require Oklo-2021-R20-NP, Rev. 0 25
Performance-Based Licensing Methodology additional surveillance and testing over the course of normal operations continue to be adequately met. The use of TS ensures that an operating reactor that no longer meets the design commitments will be taken offline and restored to compliance before operating again. All design bases and design commitments are also subject to the requirements of Oklo, Inc. Quality Assurance Program Description (QAPD): Design and Construction OKLO-2019 NP, Rev.1, (referred to as the QAPD). Collectively, these programmatic controls guarantee a successful licensing outcome when properly implemented, because a reactor that is not in compliance cannot start up or continue operations, and cannot negatively impact the health and safety of the public.
Programmatic controls may in some cases reference a specific code or standard that must be used to meet the corresponding design commitment. Referencing a code or standard in this way would serve as an explicit commitment to meeting that code or standard as part of fulfilling the design commitment. However, this performance-based licensing methodology is intended to provide flexibility in how design bases are upheld, and an over-reliance on codes and standards codified as regulatory controls would be counter to this flexibility. As described, the performance-based licensing methodology relies on verifying functions and features via a suite of programmatic controls prior to and during operation. The programmatic controls will typically be agnostic to design aspects such as specific fabrication methods, and therefore will not commit to codes and standards that constrain the methods available. Instead, they are focused on ensuring performance regardless of the methods selected. In some cases, specific codes or standards may prove to be helpful for meeting a specific design commitment for which they are not explicitly required (i.e., are not specified as a regulatory control). In these cases, the code or standard may be treated as an owner control, as described in the following section.
A.3.4 Operational bases In addition to design bases, the NRC application may include a description of operational bases to provide additional information about the facility for the purpose of improving overall understanding and facilitating the regulatory review11. Operational bases are not relied on for safety, and as such, they do not require regulatory controls. As a result, analyses related to the operational bases are generally not included in the NRC application. Systems that have no functions or features that are relied on for safe operation of the reactor only have operational bases, and the level of detail in the NRC application for those systems is limited in scope to providing information for overall understanding of the operation of the facility.
Note that although operational bases do not result in regulatory controls, they are subject to analogous owner controls. These controls include operational commitments, and related controls used to ensure those commitments, such as operational testing and owner-controlled quality assurance, as illustrated in Figure A-2. Owner controls are not included in the license application, as they are outside of the scope of the regulator due to their lack of impact on safety.
11 Note that at the time of submission of the Aurora-INL COLA operational bases were referred to as performance bases. This terminology is being changed to avoid confusion between performance bases and the performance-based licensing approach, and the appropriate changes will be propagated to affected documents.
Oklo-2021-R20-NP, Rev. 0 26
Performance-Based Licensing Methodology Figure A-2: Summary of owner controls A.4 Organization of the performance-based application components The building blocks of Oklos performance-based structure are described in Section A.3. Each of these components has its specific place in the license application, and the connections between these components is clearly highlighted. Throughout the license application, Oklo includes design basis summaries that are depicted by gray boxes. These design basis summaries are included for ease of regulator review and are described in more detail below in an example gray box.
Oklo-2021-R20-NP, Rev. 0 27
Performance-Based Licensing Methodology Gray summary boxes are used throughout the license application to summarize design bases. These boxes contain the design basis and a listing of the design commitments and programmatic controls that ensure the design basis is met.
The following abbreviations are used in the summaries:
- Design basis (DB)
- Design commitment (DC)
- Preoperational test (POT) (described further in the Initial Test Program)
- Startup test (SUT) (described further in the Initial Test Program)
- Inspections, tests, and analysis acceptance criteria (ITAAC) (described further in the Proposed License Conditions)
- Technical specification (TS) (described further in the Technical Specifications)
For example: a design basis (DB) for an example reactor system (abbreviated with a three letter code, for example AAA), the resulting design commitment (DC), and the required programmatic controls would be listed as follows in the summary box, for example:
DB.AAA.01 The AAA system performs sufficiently.
DC.AAA.01.A The specific characteristic of the AAA system is as follows.
SUT.AAA.01.A1 and A2 (described further in the Initial Test Program)
A.4.1 Description and analysis of SSCs Chapter 2, Description and analysis of structures, systems, and components, of Part II (II.02) of the Aurora-INL COLA contains descriptions of SSCs and analysis of their steady-state behavior. It is organized by major system (e.g., control drum system), and it specifically lists the design bases and performance bases associated with each system. Gray summary boxes summarize the design bases for each major system at the end of the associated section.
A.4.2 Transient analysis Chapter 5, Transient analysis, of Part II (II.05) of the Aurora-INL COLA describes both the methodology and the results of the safety analysis of the system. It specifies the methodology used for identifying and evaluating the licensing basis event(s). For example, the Aurora-INL COLA utilized the maximum credible accident (MCA) methodology, described in the MCA Oklo-2021-R20-NP, Rev. 0 28
Performance-Based Licensing Methodology topical report.12 The methodology chosen for evaluating licensing basis event(s) also specifies the acceptance criteria13 for those events and are derived from the regulatory requirements.
In addition to the acceptance criterion from the MCA methodology, which is based on dose, additional conservatism can be specified for the design by supporting criteria, such as maximum fuel temperature as in the Aurora-INL COLA. In other words, applying supporting criteria to the safety analysis to consider fuel temperature inherently bounded the acceptance criterion of the MCA methodology. The result is documented in II.05 and shows that in the case of the maximum credible accident, the final design meets the supporting criteria with substantial margin, which itself is both bounding and conservative when compared to the acceptance criterion derived from regulatorily required dose limits.
Chapter 5 of Part II also contains a summary of the transient analysis conducted, including the details of the system model and the results of the analysis. Abbreviated versions of the gray summary boxes from II.02 are replicated in the section describing the assumptions made in the system model. These replicated gray boxes are used to clearly tie the design bases and design commitments directly to their associated assumptions in the transient analysis.
A.4.3 Programmatic controls Specific programmatic controls are referenced in both II.02 and II.05, and the programmatic controls are summarized in the gray boxes found in each section. The programmatic controls themselves are described in more detail elsewhere in the application.
The POTs are conducted as the first phase of the initial testing program (ITP), which can be found in Chapter 14, Preoperational testing and initial operations, of Part II (II.14). These tests must be completed, and a summary report created, to satisfy an ITAAC. The ITAAC are found in Part VI, Proposed license conditions. The SUTs are conducted during and after initial fuel loading. These are conducted as the second phase of the ITP and are also found in II.14. The TS provide the operating limits for the reactor. These are found in Part IV, Technical Specifications.
A.4.4 Principal design criteria Principal design criteria are required to be incorporated in an application for a combined license in accordance with 10 CFR 52.79(a)(4)(i). Rather than starting with prescriptive design criteria, which are not developed fundamentally from a performance-based mindset, and then defining design bases that satisfy each of those design criteria, the methodology applied to the Oklo designs is built from the safety analysis. After the design bases are developed based on a systematic analysis of the design (as described in Section 4), they are then grouped together under principal design criteria that encapsulate the overarching goal of each resulting group of design bases. The resulting structure is shown schematically in Figure A-3. The principal design criteria are described in Chapter 4, Principal design criteria, of Part II (II.04).
12 Oklo Inc., Maximum Credible Accident Methodology, Revision 2, July 2021.
13 In the case of the MCA topical report, the only acceptance criterion is known as the Dose Acceptance Criterion, and it specifies the dose limits that the system must meet in the event of the maximum credible accident.
Oklo-2021-R20-NP, Rev. 0 29
Performance-Based Licensing Methodology Figure A-3: Relationship of principal design criteria to the design bases The process of developing the principal design criteria provides an opportunity to double-check, from a top-down perspective, that the design bases are adequate and encompassing. As with the performance-based licensing methodology more broadly, the fact that this process is design-driven rather than prescriptive provides the ability to focus both the design work and ensuing NRC review on the aspects of the system that drive the safety of the system.
A.5 Conclusion This appendix includes a description and discussion of how the performance-based licensing methodology can be put into a logical structure based on NRC regulations while maintaining a technology-independent structure. Years of various discussions with NRC staff highlighted key needs and concerns, such as clearly indicating how the existing regulations are discussed and met, ensuring that the important information relating to safety is clear, and ensuring level of detail is appropriate for the different kinds of content. Key elements to this structure which are generally applicable for applicants using this methodology include:
- the structure, in terms of layout and content, Oklo-2021-R20-NP, Rev. 0 30
Performance-Based Licensing Methodology
- the numbering structure of design bases, design commitments, and programmatic controls, which have inherent to them a tie to the relevant system, and
- the organization of the design bases, design commitments, and programmatic controls into clearly communicated gray boxes which ensure that the functions and features that impact safety are clearly identified and found within the application structure.
In particular, the Aurora-INL COLA is used as an example, although it is expected each major element of the Aurora-INL COLA could be accomplished in a similar way for COLAs for different designs. The performance-based licensing methodology does not require the use of the companion MCA methodology topical report, however in this appendix there are several areas where the discussion of the Aurora-INL COLA also assumes the use of this companion methodology.
Oklo-2021-R20-NP, Rev. 0 31