ML22146A041

From kanterella
Revision as of 11:15, 29 June 2022 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Rulemaking: Alternative Evaluation for Risk Insights (Aeri) Framework - Preliminary Draft Regulatory Guide DG-1414 (June 2022)
ML22146A041
Person / Time
Issue date: 06/10/2022
From: Robert Beall
NRC/NMSS/DREFS/RRPB
To:
Beall, Robert
Shared Package
ML20289A534 List:
References
10 CFR Part 53, NRC-2019-0062, RIN 3150-AK31
Download: ML22146A041 (26)
v  d  e


Text

U.S. NUCLEAR REGULATORY COMMISSION PRE-DECISIONAL DRAFT REGULATORY GUIDE DG-1414 Proposed new Regulatory Guide 1.XXX Issue Date: Month 20##

Technical Lead: Alissa Neuhausen This pre-decisional draft regulatory guide is currently in preparation and is being released to support ongoing public discussions. The purpose of releasing this pre-decisional draft regulatory guide at this early stage of new commercial nuclear plant guidance development is to engage stakeholders on the staffs initial high-level considerations on issues to potentially be considered and addressed in such guidance.

This pre-decisional draft regulatory guide language has not been subject to NRC management and legal reviews and approvals, and its contents are subject to change and should not be interpreted as official agency positions. The NRC staff is releasing this pre-decisional language to facilitate discussion at upcoming public meetings and to further public understanding of the related rulemaking. Should comments be submitted on the pre-decisional language, the NRC plans to consider them in further developing the pre-decisional draft regulatory guide to the extent practicable, but will not provide written responses to those comments. The NRC staff plans to prepare a DG for public comment based on this pre-decisional DG, at which time the staff will request written comments on the DG and provide written responses, accordingly.

ALTERNATIVE EVALUATION FOR RISK INSIGHTS (AERI)

FRAMEWORK A. INTRODUCTION Purpose This pre-decisional, draft Regulatory Guide (pre-decisional DG) provides the U.S. Nuclear Regulatory Commission (NRC) staffs initial preliminary approach to guidance on the use of an Alternative Evaluation for Risk Insights (AERI) framework to inform the content of applications and licensing basis for light-water reactors (LWRs) and non-LWRs. Although the conduct of a probabilistic risk assessment (PRA) is not required for applicants eligible to use the AERI framework, a PRA confers additional benefits such as providing a way to optimize the design and to take advantage of various risk-informed initiatives (e.g., risk-informed completion times, risk-informed categorization of structures, systems, and components (SSCs)) that require an acceptable PRA. The NRC staff plans to prepare a DG for public comment based on this pre-decisional DG, discussion of the pre-decisional DG at ACRS meetings, ACRS views on the pre-decisional DG, and stakeholder input from public meetings. If the staff should publish a final RG on the topics discussed in this pre-decisional DG, LWR and non-LWR applicants for permits, licenses, certifications, and approvals under regulations now in preparation and

which the staff plans to designate as proposed Title 10 of the Code of Federal Regulations (10 CFR) Part 53, Risk Informed, Technology-Inclusive Regulatory Framework for Commercial Nuclear Plants, Framework B (Ref. 1) may use the RG to inform the contents of their applications. The staff intends a RG resulting from this pre-decisional DG for use with a RG the staff plans to develop from a second pre-decisional DG entitled Technology-Inclusive Identification of Licensing Events for Commercial Nuclear Plants, DG-1413 (Ref. 2), which states preliminary staff views on potential guidance on the selection of licensing basis events. The preliminary staff views in this pre-decisional DG rely on pre-decisional DG-1413 for inputs to analyses for the AERI framework. This pre-decisional DG describes one preliminary approach that may prove acceptable to support an application that proposes to use the AERI framework, such that the Commissions Safety Goal Policy Statement and Severe Reactor Accident Policy Statement are met and that risk insights are adequate for use in regulatory decision-making.

Applicability A RG developed from this pre-decisional DG may be used to inform the content of applications for LWR and non-LWR commercial nuclear power plants submitted pursuant to any final rule issued for preliminary proposed 10 CFR Part 53, Risk-informed, technology-inclusive regulatory framework for commercial nuclear plants, Framework B, Subpart R, Licenses, Certifications, and Approvals when AERI entry conditions in preliminary proposed10 CFR 53.4730(a)(34) (still under development) are met.

Applicable Regulations

  • Preliminary Proposed 10 CFR Part 53, Framework B, Subpart R, 53.4730(a) o This pre-decisional DG language provides the associated guidance for a potential Part 53 applicant meeting the AERI requirements that may be promulgated in preliminary proposed 10 CFR 53.4730(a)(34)(ii).

o § 53.4730(a)(5) would require applicants for construction permits (CPs), operating licenses (OLs), early site permits (ESPs), combined licenses (COLs), standard design approvals (SDAs), design certifications (DCs), manufacturing licenses (MLs), who respectively use the provisions of §§ 53.4909, 53.4969, 53.4756, 53.5016, 53.4809, 53.4839, and 53.4879, to identify postulated initiating events for anticipated operational occurrences and design basis accidents using a risk-informed approach for systematically evaluating engineered systems. Specifically, applicants would need to provide an analysis and evaluation of the design and performance of SSCs with the objective of assessing the risk to public health and safety resulting from operation of the facility and including determination of the margins of safety during normal operations and transient conditions anticipated during the life of the facility, and the adequacy of SSCs provided for the prevention of accidents and the mitigation of the consequences of accidents. In addition, applicants could elect to perform a single or multiple bounding analyses and evaluations to demonstrate that the design appropriately mitigates the consequences of accidents. In taking this approach, applicants would need to demonstrate that the bounding analysis and evaluation adequately envelopes conditions for the full range of anticipated operational occurrences and design basis accidents with sufficient margin. Such an evaluation would not need to be realistic to demonstrate that operation of the facility could not exceed the conditions imposed for the bounding evaluation(s).

DG-1414, Page 2

Related Guidance

  • Pre-decisional, draft regulatory guide language (in preparation) in DG-1413, Technology-Inclusive Identification of Commercial Nuclear Plant Licensing Events, is a companion to this pre-decisional, draft DG language, and the two sets of pre-decisional, draft DG language are intended to be used together in implementing the AERI framework. Pre-decisional DG-1413 provides technology-inclusive guidance on searching for initiating events, delineating event sequences, and identifying licensing events used to inform the design basis, licensing basis, and content of applications for commercial nuclear plants including LWRs and non-LWRs such as, but not limited to, molten salt reactors, high-temperature gas-cooled reactors, and a variety of fast reactors at different thermal capacities.
  • Trial RG 1.247, Acceptability of Probabilistic Risk Assessment Results for Advanced Non-Light Water Reactor Risk-Informed Activities, (Ref. 3), describes an approach for determining whether a design-specific or plant-specific PRA used to support an application is sufficient to provide confidence in the results, such that the PRA can be used in regulatory decision-making for non-LWRs.
  • RG 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities (Ref. 4), provides an acceptable approach for determining whether a base PRA, in total or in the portions that are used to support an application, is sufficient to provide confidence in the results, such that the PRA can be used in regulatory decision-making for LWRs.
  • NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (Ref. 5), provides guidance to NRC staff in performing safety reviews of construction permit or operating license applications, including requests for amendments under 10 CFR Part 50 (Ref. 6), and applications for ESPs, design certifications (DCs), combined licenses (COLs), SDAs, or MLs under 10 CFR Part 52 (Ref. 7) (including requests for amendments).

o NUREG-0800, Section 19.0, Probabilistic Risk Assessment and Severe Accident Evaluation for New Reactors, pertains to the NRC staff review of the description and results of a design-specific PRA for a DC application or the plant-specific PRA for a COL application, and severe accident design features for a DC or COL application.

  • Policy Statement on the Regulation of Advanced Reactors, (Volume 73 of the Federal Register, page 60612, October 14, 2008) (Ref. 8), establishes the Commissions expectations related to advanced reactor designs to protect the environment and public health and safety and promote the common defense and security with respect to advanced reactors.
  • Policy Statement, Severe Reactor Accidents Regarding Future Designs and Existing Plants, 50 FR 32138, August 8, 1985 (Ref. 9).
  • Policy Statement, Safety Goals for the Operations of Nuclear Power Plants, 51 FR 28044, August 4, 1986 (Ref. 10).
  • RG 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition) (Ref. 12), provides detailed guidance to the writers of safety analysis reports to DG-1414, Page 3

allow for the standardization of information the NRC requires for granting construction permits and operating licenses.

  • RG 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition) (Ref. 14),

provides guidance on the format and content of applications for nuclear power plants submitted to the NRC under 10 CFR Part 52, which specifies the information to be included in an application.

  • RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light Water Reactors (Ref. 15), describe the NRCs guidance on how the general design criteria in 10 CFR Part 50, Appendix A, General Design Criteria for Nuclear Power Plants, may be adapted for non-LWR designs. This guidance may be used by non-LWR reactor designers, applicants, and licensees to develop principal design criteria for any non-LWR designs, as required by the applicable NRC regulations for nuclear power plants. The RG also describes the NRCs guidance for modifying and supplementing the general design criteria to develop principal design criteria that address two types of non-LWR technologies: sodium cooled fast reactors and modular high-temperature gas-cooled reactors (MHTGRs).
  • NRC Vision and Strategy: Safely Achieving Effective and Efficient Non-Light Water Reactor Mission Readiness, issued December 2016 (Ref. 16), describes the NRCs vision and strategy for preparing for non-LWR reviews.
  • SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, and PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements (Ref. 17).
  • Staff Requirements Memorandum (SRM)-SECY-93-092, dated July 30, 1993 (Ref. 18), provides the Commissions direction on topics discussed in SECY-93-092.
  • SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, dated March 28, 2003 (Ref. 19), provides, for Commission consideration, options and recommended positions for resolving the seven policy issues associated with the design and licensing of future non-LWR designs.

o How should the Commissions expectations for enhanced safety be implemented for future non-LWRs?

o Should specific defense-in-depth attributes be defined for non-LWRs?

o How should NRC requirements for future non-LWR plants relate to international codes and standards?

o To what extent should a probabilistic approach be used to establish the plant licensing basis?

o Under what conditions, if any, should scenario-specific accident source terms be used for licensing decisions regarding containment and site suitability?

o Under what conditions, if any, can a plant be licensed without a pressure-retaining containment building?

DG-1414, Page 4

o Under what conditions, if any, can emergency planning zones be reduced, including a reduction to the site exclusion area boundary?

  • SRM-SECY-03-0047, dated June 26, 2003 (Ref. 20), provides the Commissions direction on the topics discussed in SECY-03-0047.
  • SECY-90-016 (Ref. 21), SECY-93-087 (Ref. 22), SECY-96-128 (Ref. 23), and SECY-97-044 (Ref. 24) provide Commission-approved guidance for implementing features in new designs to prevent severe accidents and to mitigate their effects, should they occur.

Purpose of Regulatory Guides The NRC issues RGs to describe methods that are acceptable to the staff for implementing specific parts of the agencys regulations, to explain techniques that the staff uses in evaluating specific issues or postulated events, and to provide guidance to applicants. RGs are not substitutes for regulations and compliance with them is not required. Methods and solutions that differ from those set forth in RGs are acceptable if they provide a sufficient basis for the findings required for the issuance or continuance of a permit or license by the Commission.

Paperwork Reduction Act

[The Paperwork Reduction Act statement and public protection notice will be added to this location when this pre-decisional DG is finalized in a DG.]

Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection information unless the document requesting or requiring the collection displays a currently valid OMB control number.

DG-1414, Page 5

B. DISCUSSION Reason for Issuance This pre-decisional, draft DG language provides guidance on the use of an AERI framework to inform the content of applications and licensing basis for LWRs and non-LWRs that would be submitted under preliminary proposed10 CFR Part 53, Framework B, Subpart R, Licenses, Certifications, and Approvals. The regulations at 10 CFR 53.4909, 53.4969, 53.4756, 53.5016, 53.4809, 53.4839, and 53.4879, which correspond to the Part 50 and 52 requirements at 10 CFR 50.34(a)(4), 52.47(a)(4),

52.79(a)(5), 52.137(a)(4), and 52.157(f)(1), would require that applications for construction permits (CPs), operating licenses (OLs), early site permits (ESPs), combined licenses (COLs), standard design approvals (SDAs), design certifications (DCs), manufacturing licenses (MLs), respectively, include the level of information sufficient to enable the Commission to reach a conclusion on safety questions before issuing a license or certification. These regulations would require applicants to either submit a PRA or, upon meeting certain entrance conditions, use the AERI framework, described herein, to evaluate risk.

Background

The companion pre-decisional, draft DG language in DG-1413 outlines a technology-inclusive approach to identify licensing events. As defined in pre-decisional DG-1413, the term licensing events is used in a generic sense to refer to collections of designated accident categories such as anticipated operational occurrences, design basis accidents (DBAs), design basis events, beyond-design basis events, and postulated accidents. Some, but not all, severe accidents may be licensing events. However, as defined in pre-decisional DG-1413, licensing events do not include severe accidents as a separate identified category of licensing events; pre-decisional DG-1414 will specify herein when severe accidents, in addition to licensing events, should be considered in analyses supporting the use of the AERI framework.

This pre-decisional DG outlines an approach applicable to reactor designs that would meet the entry criteria in preliminary proposed 10 CFR 53.4730(a)(34)(ii). What distinguishes reactor designs for which an applicant may employ the option of seeking NRC approval under the AERI framework from other reactor designs is that they pose very low risk of radioactive releases from even the most severe potential accidents as compared to risks from currently operating reactors. An applicant that qualifies to use the AERI framework is required to meet all applicable regulations, which includes performing accident analysis for the appropriate licensing events and having a full understanding of the facility design and consequences. The purpose of the AERI framework is to allow an alternative method for gaining an understanding of the risk of the facility, which may entail describing a conservative or bounding understanding of the risk, for those facilities with very low consequences. The AERI framework is an alternative method that may be used in lieu of a PRA that conforms to industry consensus standards.

An applicant should confirm that the AERI entry conditions are met by estimating doses using a bounding event or events, considering risk insights, searching for severe accident vulnerabilities, and assessing the adequacy of the design in terms of layers of defense-in-depth. For an applicant that uses the AERI framework, a quantifiable very low risk may be established by comparing a demonstrably conservative risk estimate using the bounding event with the quantitative health objectives (QHOs).

The AERI process may be iterative depending upon the type of application and information available. For example, more iteration would be expected for a CP application than for a DC application, which includes an essentially complete design. The level of conservatism employed to demonstrate that DG-1414, Page 6

the preliminary proposed 10 CFR 53.4730(a)(34)(ii) requirements are met could similarly vary based on the details available at the time of application.

This pre-decisional DG provides guidance to demonstrate that the AERI conditions are met and provides guidance on using the AERI framework. The first two bullets below provide the steps necessary to demonstrate that the AERI conditions are met. The first bullet along with the final four bullets provide the steps of the AERI framework that would be needed to satisfy preliminary proposed 10 CFR 53.4730(a)(34). The 1st bullet supports both the demonstration that the AERI conditions are met and provides guidance on the AERI framework. In the AERI framework, the bounding event should be used to determine a dose estimate that can be used to demonstrate that the design meets the AERI entry conditions specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii); the bounding event is also used to determine a consequence estimate that is then used to determine a demonstrably conservative risk estimate that can be compared to the QHOs. The components of the AERI approach addressed in this pre-decisional DG include:

  • Identification and characterization of the bounding event or events (Regulatory Guidance Position C1)
  • Determination of a dose estimate for the bounding event to confirm that the reactor design meets the entry condition specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii). (Regulatory Guidance Position C2)
  • Determination of a demonstrably conservative risk estimate for the bounding event to demonstrate that the QHOs are met (Regulatory Guidance Position C3)
  • Search for severe accident vulnerabilities for the entire set of licensing events (Regulatory Guidance Position C4)
  • Identification of risk insights for the entire set of licensing events (Regulatory Guidance Position C5)
  • Assessment of defense-in-depth adequacy for the entire set of licensing events.

(Regulatory Guidance Position C6)

A PRAs capability to identify and eliminate severe accident vulnerabilities and identify risk insights has been established through many years of LWR operating experience, Commission studies (e.g., WASH-1400 (Ref. 25), NUREG-1150 (Ref. 26)), significant events (TMI-2, Browns Ferry fire, Fukushima), Commission policies (e.g., PRA Policy Statement, Severe Accident Policy, Safety Goal Policy), IPEs, and IPEEEs. However, for an applicant for a reactor with very low risk that does not wish to use PRA, this pre-decisional DG language describes an alternative approach for identifying risk insights that does not call for the development of a PRA. Such an application may use a demonstrably conservative analysis using a bounding event to address the NRC safety goals from which the QHOs are derived. The Safety Goal Policy Statement addresses all undesirable consequences of reactor accidents, including impacts to public safety. It states, Severe core damage accidents can lead to more serious accidents with the potential for life-threatening offsite release of radiation, for evacuation of members of public, and for contamination of public property. Apart from their health and safety consequence, severe core damage accidents can erode the public confidence in the safety of nuclear power and can lead to further instability for the industry. In order to avoid these adverse consequences, the Commission intends to continue to pursue a regulatory program that DG-1414, Page 7

has as its objective providing reasonable assurance, while giving appropriate consideration to the uncertainties involved, that a severe core damage accident will not occur.

An applicant may elect to use the AERI framework when the entry condition is met, indicating that the safety of the plant and acceptable risk to the public can be demonstrated without relying on the results of an acceptable PRA. An applicant without an essentially complete design may not have the details available to determine whether the AERI entry conditions are met. In this case, the applicant can elect to use one of the other regulatory frameworks under Part 50, 52, or 53 (preliminary proposed). An applicant that opts to use the AERI approach without certainty that the entry conditions are met should recognize that this option carries regulatory risk that a PRA may be required in the event that the NRC determines that it cannot be demonstrated that the design meets the AERI entry conditions.

The discussion that follows covers each of the steps in the AERI framework. Specifically, this pre-decisional DG language sets forth guidance concerning one acceptable approach for applicants proposing to use the AERI framework to support a license application. Because this pre-decisional DG language is applicable to a variety of non-LWR technologies that use different coolants, fuel forms, and safety system designs, this pre-decisional DG language does not provide prescriptive guidance. Rather, when practical, this pre-decisional DG provides methodologies acceptable to the NRC for any type of reactor technology. Using these methodologies allows the applicant to focus on those measures needed to address risks posed by the reactor design under consideration and to provide sufficient information on the proposed design and programmatic controls while avoiding an excessive level of detail on less important parts of a design.

Identification and characterization of the bounding event The selection of licensing events is covered in the companion pre-decisional DG-1413 and will be used as input to the analyses described in the pre-decisional DG language in this document. The identification of the bounding event is based on the results of the consequence analysis performed for the selected licensing events. The determination of the bounding event should consider both core and non-core radiological sources associated with the reactor unit or associated with multiple units if the bounding event involves more than one reactor unit on site. The bounding event should be defined by parameters that include source term, meteorology, atmospheric transport, protective actions, dosimetry, health effects, economic factors, and consequence quantification and may combine features of several individual licensing events to ensure that it can be appropriately treated as a bounding event. One acceptable method for how the bounding event can be identified and characterized is explained in Regulatory Guidance Position 1 in Section C of this pre-decisional DG.

For some reactor designs, it may not be feasible to identify a single bounding event because several bounding events may exist whose associated characteristics are different such that choosing only one event as the single bounding event does not realistically represent the risk posed by the plant. As an example, it is conceivable that a reactor design has two or three events with approximately similar annual likelihoods of occurrence and with similar overall radiological impacts, but with different radiological characteristics of the analyzed release (e.g., isotopic composition, chemistry, timing). In such cases, identifying more than one single bounding event is appropriate. The bounding event as discussed in this pre-decisional DG encompasses this situation where multiple events should be analyzed.

Determination of a dose estimate to confirm that the reactor design meets the entry condition specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii)

DG-1414, Page 8

Whether a reactor design qualifies to use the AERI framework is determined by whether the dose from a postulated bounding event to an individual located 100 meters (328 feet) away from the commercial nuclear plant does not exceed 1 rem total effective dose equivalent (TEDE) over the first four days following a release, an additional 2 rem TEDE in the first year, and 0.5 rem TEDE per year in the second and subsequent years. A dose estimate using the bounding event should be used to confirm that the entry condition is met.

One acceptable method for how the dose estimate can be calculated and used to confirm that the entry conditions are met is explained in Regulatory Guidance Position 2 in Section C of this pre-decisional DG.

Determination of a demonstrably conservative risk estimate for comparison with the QHOs The demonstrably conservative risk estimate is calculated based on the bounding event and allows for an evaluation of risks to offsite populations. The demonstrably conservative risk estimate should be compared with the QHOs for individual early fatality risk and individual latent cancer fatality risk. The use of a demonstrably conservative risk estimate demonstrates that there is high confidence in the analysis that the risk estimate for the bounding event exceeds the actual risk for the plant. One acceptable method for how the demonstrably conservative risk estimate can be calculated is explained in Regulatory Guidance Position 3 in Section C of this pre-decisional DG.

The demonstrably conservative risk estimate should use the same bounding event as the dose estimate. The differences between the demonstrably conservative risk estimate and the dose estimate are that:

  • For the demonstrably conservative risk estimate a frequency is developed by analysis or assumed; for the dose estimate no frequency is used as an input to the analysis
  • The demonstrably conservative risk estimate considers offsite individuals within a 10-mile radius; the dose estimate considers an individual located 100 meters away from the commercial nuclear power plant The demonstrably conservative risk estimate for the bounding event can be used to support a comparison with the QHOs to demonstrate that the proposed design does not produce risks greater than those described in the NRCs Safety Goal Policy Statement.

The NRCs Safety Goal Policy Statement states:

The Commission has adopted the use of mean estimates for purposes of implementing the quantitative objectives of this safety goal policy (i.e., the mortality risk objectives). Use of the mean estimates comports with the customary practices for cost-benefit analyses and it is the correct usage for purposes of the mortality risk comparisons. Use of mean estimates does not however resolve the need to quantify (to the extent reasonable) and understand those important uncertainties involved in the reactor accident risk predictions.

As described in NUREG-1855 (Ref. 27), a bounding analysis acceptably demonstrates that the outcome that has the greatest impact on the defined risk metric(s) has been considered. This demonstration involves assessing whether the bounding analysis is in fact bounding in terms of the potential outcome and the likelihood of that outcome.

In contrast, the use of a demonstrably conservative risk estimate is a simplified approach that does not produce a mean estimate. It is acceptable to use the demonstrably conservative estimate for DG-1414, Page 9

comparison with the QHOs, in part, because the AERI framework should only be used when the risk is low enough that cost-benefit analyses would not yield substantial improvements to safety; however, it remains important to understand uncertainties involved in the reactor accident analyses. The use of the demonstrably conservative risk estimate in risk-informed decision-making should address any distortions introduced as a result of conservatism in the estimate, and any such distortions and their potential impacts on the risk estimate should be identified.

Distortions, in a generic sense, mean inputs that may obscure an applicants ability to identify realistic results. As applicable to the AERI framework, an example of distortions might include conservatisms or assumptions that make it appear that there are multiple bounding events with similar consequences when this is not the case. Distortions might also include conservatisms or assumptions that could cause an applicant to overlook severe accident vulnerabilities or risk insights for an individual or multiple severe accidents or licensing events.

Search for severe accident vulnerabilities For plants that meet the entry condition to use the AERI framework, the staff expects the applicants search for severe accident vulnerabilities to identify no severe accident vulnerabilities. If any severe accident vulnerabilities are identified, the applicant should eliminate these severe accident vulnerabilities if the applicant can use reasonable preventive or mitigative measures to do so.

The Commissions Severe Accident Policy Statement of 1985 provides the basis for the search for severe accident vulnerabilities. The first major NRC program to search for severe accident vulnerabilities was the Individual Plant Evaluation (IPE) program initiated for all then-operating power reactors under NRC Generic Letter 88-20 (Ref. 28), which was expanded later to external events (the Individual Plant Evaluation for External Events (IPEEE)). The IPE and IPEEE guidance did not provide a definition for the term vulnerability; rather, each power-reactor licensee was left to define the term vulnerability and to specify the parameters for its search. Licensees, for the most part, were able to meet the objectives of the Severe Accident Policy Statement related to a search for severe accident vulnerabilities by using information from their PRA models such as dominant accident sequences.

Because the applicants who use the AERI framework will not have an acceptable PRA consistent with RG 1.200 or RG 1.247, these applicants will not have information from PRA models to provide insights on severe accident vulnerabilities. Regulatory Guidance Position 4 in Section C of this pre-decisional DG provides guidance on how applicants who use the AERI framework in what may be 10 CFR 53.4730(a)(34) should search for severe accident vulnerabilities and eliminate them if that can be accomplished using reasonable preventive or mitigative measures.

In the context of the AERI framework, a severe accident vulnerability includes either prevention or mitigation aspects that represent an overreliance on a single design feature that could lead to a severe accident after accounting for structure, system, and component reliability, human actions, and defense-in-depth. In essence, the goal of the identification of severe accident vulnerabilities is to highlight for potential remediation the existence of an unreasonable possibility, likelihood, or consequence, that a severe accident could occur. Examples of possible severe accident vulnerabilities are as follows: (a) a common-cause failure from a single initiator; (b) a single component failure, which by itself, results in a severe accident; (c) a single or combined set of operator errors of omission that results in a severe accident; (d) a single error of commission that by itself, results in a severe accident; and (e) a failure of a support system that by itself results in a severe accident.

DG-1414, Page 10

Additionally, the definition of the term severe accident for the AERI framework is provided in preliminary proposed 10 CFR 53.4730(a)(5)(v)(B).

When used by an applicant selecting the AERI framework for licensing, the scope of the vulnerability search should include:

1) the entire set of licensing events identified in pre-decisional DG-1413 and any severe accidents that are not identified as licensing events,
2) an evaluation of all modes of operation, and
3) consideration of all sources of radioactivity associated with the plant.

Early consideration of risk insights during the conceptual design phase should address severe accident vulnerabilities such that no severe accident vulnerabilities are identified during the search. The objective of the severe accident vulnerability search is to identify any severe accident vulnerabilities that would need to be addressed for the preliminary proposed 10 CFR 53.4730(a)(5)(v). The applicant should document how the search for severe accident vulnerabilities is conducted and justify that the approach used to conduct the search is adequate.

Identification of risk insights Risk insights should be derived in a systematic manner and should be based on the entire set of licensing events identified using the guidance in pre-decisional DG-1413 and severe accidents. Sufficient analysis should be performed for each licensing event and severe accident to understand the sequence of events, the timing, the physical, chemical, mechanical, nuclear, thermohydraulic and other phenomena, how operators or other staff (onsite or offsite) interact with and participate in the event sequence, and similar aspects. The objective of the search for risk insights is to understand issues such as important hazards and initiators, important event sequences and their associated SSC failures and human errors, system interactions, vulnerable plant areas, likely outcomes, sensitivities, and areas of uncertainty to identify those that are important to plant operation and safety (Ref. 29).

One category of insights emerges from the identification of vulnerabilities. Another category of insights emerges from an evaluation of a designs defense-in-depth adequacy. Other insights may include the extent to which operator actions or human errors contribute to or mitigate the licensing event sequence; how sensitive the design is to features intended to resist external hazards; whether important sources of common-cause failures exist; whether operation at less than full power or when shut down presents different safety concerns; whether the important safety insights are highly sensitive to the ability to analyze safety; the extent to which the design is amenable to accident precursor analysis - meaning whether it is feasible to detect design or operational parameters that could lead to an accident if such parameters are off-normal, so as to provide adequate warning to allow intervention. Risk insights may also include generic results (e.g., results that have been learned from PRAs and risk assessments performed in the past, and lessons from operational experience, and that are applicable to the design under consideration).

Defense-in-depth The use of the AERI framework complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy. The search for risk insights and the search for severe accident vulnerabilities should consider relevant defense-in-depth attributes, including success criteria and equipment functionality, reliability, and availability. The necessity of assuring that a new reactor design embeds sufficient defense-in-depth has been a long-standing NRC policy and its role is described DG-1414, Page 11

in a 1999 ACRS letter to the Commission (Ref. 30). The guidance for defense-in-depth described in RG 1.174 (Ref. 31) was adapted in this pre-decisional DG for the evaluation of defense-in-depth to support the AERI framework.

While written for the enhanced use of PRA, NEI 18-04 (Ref. 33) may also provide guidance for the AERI framework related to assessing defense-in-depth adequacy. NEI 18-04 includes guidance adapted from a process defined in International Atomic Energy Agency (IAEA) standards and guidance, specifically IAEA Specific Safety Requirements No. SSR-2/1, Safety of Nuclear Power Plants: Design (Ref. 34).

Guidance on Contents of Applications The development of applications for NRC licenses, permits, certifications, and approvals is a major undertaking, in that the applicant has to provide sufficient information to support the agencys safety findings. The entry criteria for AERI would be part of the information required in the content of application section. The needed information and level of detail for an applicant using AERI under what may be 10 CFR 53.4730(a)(34) will vary according to whether an application is for a construction permit, design approval, design certification, operating license, combined license, or other action. Efforts to standardize the format and content of applications for LWRs are reflected in RG 1.70, issued in the 1970s, and RG 1.206, issued in 2007 and revised in 2018. Other guidance documents address the suggested scope and level of detail for applications.

Intended Use of This Regulatory Guide This pre-decisional DG, along with companion pre-decisional DG-1413, contain the NRC staffs general guidance on the methodology and information to support applications for licenses, permits, certifications, and approvals for designs using the AERI framework. The design and licensing of nuclear reactors involves many technical and regulatory issues, reflected in the approximately 250 RGs and other documents issued to support the regulation and oversight of LWRs. Much of the guidance available for LWRs is prescriptive and not readily applicable to other reactor technologies. This pre-decisional DG is technology-inclusive and may be used for LWR and non-LWR commercial plant applications.

The design process and related development of licensing basis information is iterative, involving assessments and decisions on key SSCs, concept of operations, operating parameters, and programmatic controls to ensure that a reactor can be operated without posing undue risk to public health and safety. To begin the process of translating design information into a licensing application, a developer needs, at a minimum, a conceptual design that includes a reactor; a primary coolant; and a preliminary assessment of how the design will accomplish fundamental safety functions, such as reactivity and power control, heat removal, and radioactive material retention.

The approach described in this pre-decisional DG provides a general framework to identify and characterize a bounding event or event(s), demonstrate compliance with the AERI entry condition, develop a demonstrably conservative risk estimate, demonstrate that the proposed design meets the NRCs safety goals, support the identification and use of risk insights for licensing decisions, search for severe accident vulnerabilities, and evaluate defense-in-depth. Pre-decisional DG-1413 provides important inputs to the AERI approach described in this pre-decisional DG.

Consideration of International Standards DG-1414, Page 12

The IAEA has established a series of technical reports, safety guides, and standards constituting a high level of safety for protecting people and the environment. The IAEA documents listed below contain guidance relevant to the guidance provided herein.

  • IAEA, Specific Safety Requirements (SSR), No. SSR-2/1, Safety of Nuclear Power Plants:

Design, (Ref. 34).

  • IAEA, Specific Safety Guide (SSG), No. SSG-2, Deterministic Safety Analysis for Nuclear Power Plants, (Ref. 35).
  • IAEA, SSG, No. SSG-3, Development and Application of Level 1 Probabilistic Safety Assessment for Nuclear Power Plants, (Ref. 36).

DG-1414, Page 13

C. STAFF REGULATORY GUIDANCE The regulatory guidance positions in this section provide acceptable approaches to the NRC to implement preliminary proposed 10 CFR Part 53, Framework B, specifically, to (a) identify and characterize the bounding event, (b) demonstrate that the reactor design meets the entry condition specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii), (c) develop a demonstrably conservative risk for comparison with the QHOs, (d) search for severe accident vulnerabilities, and (e) develop risk insights.

C.1 Identification and characterization of the bounding event or events This regulatory guidance position describes methods acceptable to identify one or more bounding events for use in the AERI framework. The bounding event or events may be used to determine a dose estimate to demonstrate AERI conditions are met and a consequence for use in a demonstrably conservative risk estimate, depending on the purpose of the analysis. The process for identifying and characterizing the bounding event or events should envelope the full set of licensing events. The analysis of the bounding event should be capable of estimating the doses and consequences used in the demonstrably conservative risk estimate that result from evaluating the limiting initiating event for the design, considering credit only for inherent safety features. For the purposes of this analysis, inherent features are those which are characteristic of the system (e.g., material properties that may rely on geometry; configurations that are not subject to change as a result of the initiating event) and do not require any actuation or operator action to function.

Regulatory guidance positions C.1.1 through C.1.4 provide one acceptable approach to identify and characterize the bounding event.

C.1.1 The identification of the bounding event or events should be based on the radiological consequence analyses performed for the full set of licensing events identified in accordance with pre-decisional DG-1413. The full set of licensing events should include both core and non-core radiological sources associated with the reactor unit or associated with multiple units if the event sequence involves more than one reactor unit on site. The applicant may choose to combine features of more than one individual licensing event identified in pre-decisional DG-1413 to develop parameters representative of a single bounding event.

C.1.2 Applicants should systematically and categorically explore initiators that challenge plant safety functions (overcooling, undercooling, reactivity insertion, etc.) and evaluate system response assuming no positive change of state of the system. An example of such an initiator is the circumstance in which the reactor does not trip and heat removal can be accomplished using only means that are inherent to the system (e.g., radiation and conduction from the system as it existed when the initiating event occurred). Meeting the dose requirements for this set of entry conditions may call for design choices that result in lower efficiencies such as lower power or use of an always functional decay heat removal system.

C.1.3 Applicants should consider parameters provided in Sections 4.3.16, Mechanistic Source-Term and 4.3.17, Radiation Consequence Analysis, of ASME/ANS RA-S-1.4-2021 (Ref. 37) to develop a source term and consequence analysis. These parameters include meteorology, atmospheric transport, protective actions, dosimetry, health effects, economic factors, and consequence quantification. Trial RG 1.247, Acceptability of Probabilistic Risk Assessment Results for Non-Light-Water Reactor Risk-Informed Activities, endorses ASME/ANS RA-S-1.4-2021 with exceptions and clarifications. If an applicant modifies any of the parameters or DG-1414, Page 14

concludes that any of the parameters provided in Section 4.3.16 or 4.3.17 of ASME/ANS RA-S-1.4-2021 is not applicable to the design, then the application should include justification for that conclusion.

C.1.4 The sections of the ASME/ANS RA-S-1.4-2021 referenced in C.1.3 above identify parameters that should be considered in an acceptable consequence analysis. These sections do not provide guidance to the applicant on inputs or methods acceptable to the staff for those parameters.

Because the guidance in this pre-decisional DG is technology-inclusive, the staff does not plan to prescribe inputs and the methods an applicant should use. The applicant, therefore, should propose and justify that the methods and inputs chosen for the specific design support an analysis of the dose consequences.

Although the estimated dose should be realistic, conservatisms may be justified so long as they are understood and addressed. For instance, the inventory of fission products in the reactor core and available for release to the environment could be based on the maximum full power operation of the core with, and, as a minimum, proposed values for fuel enrichment, fuel burnup, and an assumed core power equal to the proposed rated thermal power. The period of irradiation could be of sufficient duration to allow the activity of dose-significant radionuclides to reach equilibrium or to reach maximum values. The core inventory could be determined using an appropriate isotope generation and depletion computer code.

An applicant for a non-LWR could consider using LWR guidance as a starting point and modifying it to reflect the specific design and to propose methods for the consequence analysis.

The development of a source term and radiation consequence analysis that does not follow ASME/ANS RA-S-1.4-2021 as endorsed by Trial RG 1.247 will be reviewed on a case-by-case basis.

C.2 Determination of a dose estimate to confirm that the reactor design meets the entry condition specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii)

The purpose of this Regulatory Guidance Position is to explain how a potential applicant may demonstrate that dose estimate satisfies the requirements in preliminary proposed 10 CFR 53.4730(a)(34)(ii). In order to use the AERI framework to support an application for a license (i.e., ESP, CP, DC, COL, OL, SDA, ML) under preliminary proposed 10 CFR Part 53, Framework B, a dose estimate would be used to demonstrate that the preliminary proposed 10 CFR 53.4730(a)(34)(ii) requirement is met. This analysis should determine whether a plant design is sufficient to ensure that there would be limited benefits conferred by the performance of a PRA for licensing decisions.

Although these requirements must be met for a plant to use the AERI framework, an applicant may choose the AERI approach before it is known whether the plant can meet the associated requirements. For this reason, the applicant should recognize that the process may be iterative depending upon the type of application and information available. For example, more iteration would be expected for a CP application than for a DC application, which includes an essentially complete design. The level of conservatism employed to demonstrate that the preliminary proposed 10 CFR 53.4730(a)(34)(ii) requirements are met could similarly vary based on the details available at the time of application.

The information submitted for the dose estimate should be sufficient to demonstrate that the preliminary proposed 10 CFR 53.4730(a)(34)(ii) will be satisfied such that the AERI framework is applicable for the design and application.

DG-1414, Page 15

C.2.1 The applicant should use the dose estimate associated with the bounding event identified earlier in the overall AERI framework.

C.2.2 The endpoints of the dose estimate for the bounding event should be the risks of acute and long term radiation exposures. The applicant should assume that an individual located on the EAB does not need to take early phase protective actions (evacuation) or intermediate phase actions (relocation).

C.2.3 One acceptable approach to developing a dose estimate is to provide the bounding event source term to MAACS or a comparable analytical model along with the rest of the inputs described in Regulatory Guidance Positions C.1.3 and C.1.4. Deviations should be justified.

C.2.4 A realistic dose estimate with a realistic description of the uncertainties is preferred; however, conservative assumptions may be used. Any conservatisms introduced into the dose estimate should be addressed to ensure that there are no important distortions introduced to the analysis as a result of the conservatisms.

C.2.5 One bounding event may not realistically represent the dose estimate. As discussed in Section B, there may be reactor designs for which selecting and analyzing a single bounding event is not an acceptable approach. When this is the case, the applicant should analyze enough bounding events to demonstrate that the AERI condition is met for each bounding event.

C.2.6 The application should describe the inputs to the analytical model and the results in sufficient detail to demonstrate that the entry conditions specified in preliminary proposed 53.4730(a)(34)(ii) are met.

C.3 Development of a demonstrably conservative risk estimate for comparison with the QHOs This regulatory guidance position describes one acceptable method for an analysis that addresses the use of a demonstrably conservative risk estimate based on a bounding event or events to demonstrate that a reactor design meets the QHOs. The use of a demonstrably conservative risk estimate for this purpose is predicated on meeting the entry conditions specified in preliminary proposed 10 CFR 53.4730(a)(34)(ii) as described in Regulatory Guidance Positions C.1 and C.2 in this pre-decisional DG.

As discussed in Section B, the word demonstrably conservative in the phrase demonstrably conservative risk estimate means that the estimate should demonstrate high confidence that the actual risk is very unlikely to exceed the estimated risk.

C.3.1 The risks being estimated are those associated with the bounding event or events identified consistent with Regulatory Guidance Position C.1.

C.3.2 One acceptable way to ensure that the analysis has the appropriate scope and level of detail is to follow the corresponding provisions of the ASME/ANS RA-S-1.4-2021 standard, which the NRC endorsed by Trial RG 1.247 with exceptions and clarifications. If another analysis method is used, justifications for its technical adequacy and for its effectiveness in developing the needed results should be documented and submitted to the NRC.

C.3.3 The endpoints of the demonstrably conservative risk estimate for the bounding event are the risks of both prompt radiation-caused fatalities and latent cancer fatalities to offsite populations that can be compared to the QHOs.

C.3.4 An annual frequency is needed to support a comparison with the QHOs, which are frequency-based. In the absence of using a PRA to develop a realistic estimate of that annual frequency, DG-1414, Page 16

another approach or method is needed. One acceptable approach is to assume a frequency which represents the sum of the event sequence frequencies and is equal to the sum of the initiating event frequencies; based on LWR statistics this frequency can be taken to be once per year (1/year). This frequency, while not realistic, can be used along with the bounding events consequences to compare to the QHOs.

For example, if the QHO comparison is favorable even when assuming that the bounding event were to occur once annually, then this would be a sufficient demonstration that the QHOs are met, if supported by an explanation that the once-annually assumption is clearly very conservative.

The use of a different frequency may be acceptable but will be reviewed on a case-by-case basis and justification for that frequency should be provided.

C.3.5 The selection of the bounding event and the frequency selected under C.3.4 for the bounding event are conservatisms in the analysis. For other parameters, although a realistic analysis is preferred for the bounding events consequences and risks, the introduction of slightly conservative assumptions or data is acceptable if important distortions are not introduced into interpretations of that estimate needed for decision-making. Therefore, a discussion should be provided concerning the extent and impacts of any such distortions.

C.3.6 One acceptable approach to developing a demonstrably conservative risk estimate is to provide the bounding event source term to MAACS or a comparable analytical model along with the rest of the inputs described in Regulatory Guidance Positions C.1.3 and C.1.4. Deviations should be justified.

C.3.7 For a submittal describing the analysis to be acceptable, the documentation should include a description and explanation of the uncertainties, assumptions, and conservatisms in each of the quantitative analysis steps and results relied on, and a discussion of their relative importance.

Although a qualitative description of the uncertainties, assumptions, and conservatisms is expected, applicants should, where feasible, develop and describe them quantitatively, or at least provide an understanding, if known, as to which uncertainties, assumptions, and conservatisms are more important than which others and why.

C.3.8 The applicant should identify the software codes used for the consequence analyses and provide information on how the development and maintenance of these software codes meets quality standards commensurate with the application.

C.3.9 Risks from multiple bounding events should be considered when using only one bounding event does not realistically represent the risks posed by the facility. The applicant should justify any annual frequency other than 1/year for each bounding event used to support a comparison with the QHOs.

C.4 Search for Severe Accident Vulnerabilities This regulatory guidance position describes methods acceptable to conduct the search for severe accident vulnerabilities. The search for severe accident vulnerabilities as described in this regulatory guidance position is necessary to meet the requirements in preliminary proposed 10 CFR 53.4730(a)(5)(v)(B), 10 CFR 53.4730(a)(5)(v)(C), and 10 CFR 53.4730(a)(5)(v)(D) in order to achieve the safety goals identified for applicants using the AERI framework.

DG-1414, Page 17

In the context of the AERI framework described herein, severe accident vulnerabilities are those aspects of a facility design that represent an overreliance on a single design feature, whether for accident prevention or mitigation, and that could lead to a severe accident after accounting for SSC reliability, human actions, and defense-in-depth. This definition supports the overarching goal of the identification of severe accident vulnerabilities, which is to prevent the existence of an unacceptable likelihood or consequence of a severe accident and is consistent with the Commissions Safety Goal Policy Statement.

Severe accident vulnerabilities may be eliminated through improvements to plant design, operations, or maintenance that prevent or reduce the possibility, likelihood, or consequence of the identified severe accident.

C.4.1 The scope of the search for severe accident vulnerabilities should encompass the entire set of licensing events identified in pre-decisional DG-1413 and severe accidents as defined, identified, and evaluated in preliminary proposed 10 CFR 53.4730(a)(5)(v)(B).

C.4.2 All sources and operating modes should be considered to identify severe accident vulnerabilities during the plant design.

C.4.3 The applicant should use a systematic process to search for severe accident vulnerabilities. An applicant should develop the systematic process consistent with the definitions and the regulatory background of the terms severe accident and severe accident vulnerabilities provided in this pre-decisional DG. The systematic process should be developed as discussed in Regulatory Guidance Positions C.4.4 - C.4.6 or justification should be provided for any deviations.

C.4.4 The systematic process used to search for severe accident vulnerabilities should, at a minimum, include the following:

  • Search for failure of a single component, system, structure, function, or a fission product barrier that could contribute to a severe accident.

o The applicant should provide special focus to support systems (e.g., systems that provide alternating current to multiple systems).

o The applicant should consider the reliability of components, systems, and functions in its search for failures. Failures of multiple components, systems, and functions should be considered based on their overall reliability as well as compared to the reliability of a single component, system, or function.

  • Search for a single or combined set of human error(s) of omission that could contribute to a severe accident.
  • Search for a single or combined set of human error(s) of commission that could contribute to a severe accident.
  • Search for a single event initiated by an external hazard for the site (e.g., earthquakes, external floods, high winds, tornadoes) or their plausible combined events (e.g., earthquake with dam failure flooding, storm surge and high wind) that could contribute to a severe accident.

C.4.5 The systematic process used to search for severe accident vulnerabilities should include the following attributes related to the spatial layout of SSCs:

DG-1414, Page 18

  • Search for pipe breaks, structural failures, or component failures whose failure results in loss of multiple systems or functions.
  • Search for fires in cables that provide motive or control power to multiple systems or functions or for other internal fire scenarios that could lead to a severe accident.
  • Search for SSCs that may fail due to earthquakes with low or moderate frequency resulting in failure of multiple barriers or functions.

C.4.6 The applicant should search for cliff-edge effects that could constitute severe accident vulnerabilities. One definition of a cliff-edge effect is an instance of severely abnormal conditions caused by an abrupt transition from one status of the facility to another following a small deviation in a parameter value or a small variation in an input value (Ref. 38). Applicants should use this definition when they search for severe accident vulnerabilities associated with cliff-edge effects of the facility or justify an alternate definition.

  • The search for cliff-edge effects should focus on the facility as opposed to a single system or function.
  • The applicant should consider all external hazards to identify cliff-edge effects that could constitute severe accident vulnerabilities.

C.4.7 If severe accident vulnerabilities are identified in the design phase, the expectation is that the reactor design will be altered to eliminate those severe accident vulnerabilities. The process used to eliminate severe accident vulnerabilities can be through modifications to the design, operations, or maintenance.

C.4.8 In the event that a severe accident vulnerability is identified and is not eliminated from the design, justification should be provided as to why the severe accident vulnerability is acceptable for the design, and sufficient detail should be provided to enable an understanding of what role is played by each specific technical contributing factor to the accident scenario, including not only failures of SSCs or human errors but configuration aspects and other design-choice issues.

C.4.9 The applicant may credit the systematic process used to identify severe accident vulnerabilities and any analyses performed in support of its defense-in-depth evaluation (See Regulatory Guidance Position C.6). The defense-in-depth evaluation should support and complement the applicants search for severe accident vulnerabilities.

C.4.10 The applicant should provide documentation relating to severe accident vulnerabilities. The documentation should (i) describe the process used for the severe accident vulnerability search, including scope and definition (if the applicant used a definition different from the definition proposed by the staff); (ii) describe each identified severe accident vulnerability, if any, and how it was dealt with, and (iii) provide justification for not eliminating the severe accident vulnerability from the design or state that none were identified.

C.5 Development of Risk Insights This regulatory guidance position describes methods acceptable to develop risk insights for an applicant using the AERI framework. The risk insights form the basis for the description of the risk evaluation required in the preliminary proposed 10 CFR 54.4730(a)(34).

DG-1414, Page 19

C.5.1 Risk insights should be identified based on the entire set of licensing events identified in pre-decisional DG-1413 for the AERI framework.

C.5.2 Where feasible, an applicant should develop estimates of the approximate annual frequencies of the various event sequences, or explanations of and rationales for the analysts understanding of the hierarchy of the event sequences ranked by frequency, such as Event Sequence X is understood to occur significantly more frequently than Event Sequence Y.

C.5.3 Many of the risk insights associated with any individual licensing event relate directly to, or are understood best by focusing on the various technical features of the accident scenario. To that end, a description should be provided of each of the features of the licensing event that contribute to the various risk end points, including features such as:

  • which failures are the initiating events that lead to the licensing event (equipment failures, human errors, configuration abnormalities, etc.)
  • which failures, after the initiating event, contribute to or participate in the rest of the sequence of events that characterize the accident scenario
  • what are the causes(s) of the enumerated failures, including various internally generated upset conditions; external loads from offsite hazards; operator and maintenance errors; loads from internal hazards such as internal fires, floods, electrical upsets etc.; configuration changes due to errors (failure to restore, etc.) etc.
  • which features mitigate what would otherwise be a more severe licensing event, and how those features do so, including:

o more effective passive features, o features leading to longer time evolutions, o features leading to lower loads, less psychological pressure on the operating staff, less complex combinations of events occurring contemporaneously, etc.

o features associated with smaller offsite impacts, such as population distributions vis-

-vis the site, protective-action features like sheltering and evacuation, site-related topographic or other characteristics, etc.

  • which features aggravate what would otherwise be a less severe licensing event, and how those features do so (typically these are features that are the opposite of those in the list just above) including:

o less effective passive features, o features leading to faster time evolutions, o features leading to larger loads, more pressure on the operating staff, more complex combinations of events, etc.

o features associated with larger offsite impacts, such as protective-action features like sheltering and evacuation.

C.5.4 Qualitative descriptions should be provided for the features described in C.5.3. When available, quantitative descriptions should be provided for the features to provide a complete understanding of the identified risk insights.

DG-1414, Page 20

C.5.5 Descriptions should be provided for the methodology and criteria used to distinguish those features that are judged to be important enough to be included from those that are judged not to be.

C.5.6 For any individual licensing event, an important type of risk insights could be features for which a design change or a change in operating approach could significantly lower the overall risk. An evaluation should be performed to support identification of any potential for improving the associated plant risk profile, including the extent of the improvement and the difficulties, if any, in implementing the change.

Alternatively, another type of risk insight could be that the risk profile is highly sensitive to one particular plant feature. An evaluation should be performed to understand the importance of this risk insight. Note that this type of risk insight is related to a separate part of the overall evaluation discussed in this pre-decisional DG, namely the vulnerability search in Section C.4.

The risk insights are diverse and can seem to be unrelated to each other if a list of them were presented without elaboration. This is acceptable, indeed expected, because some of the insights might seem important to one safety analyst but not to another. This is especially so, for example, if the insight is that the absence of something is seen as the major reason why the issue is a risk insight.1 C.6 Defense-in-Depth This regulatory guidance position describes methods acceptable to assure that a facility using the AERI framework includes adequate defense-in-depth for the design. Many documents exist that provide additional NRC guidance on defense-in-depth. The regulatory guidance positions described below are adapted from Section 2.1.1.3 of Revision 3 of RG 1.174 and provide guidance that the applicant should use for the analysis of defense-in-depth. Additional regulatory guidance positions from RG 1.174 should be used with care because its purpose is to support an evaluation of whether a change to a licensing basis (which could include changes to design features) would cause the licensing basis to no longer continue to meet defense-in-depth. The guidance in this regulatory position is intended to ensure that a new design using the AERI framework has adequate defense-in-depth and should additionally support the results of the search for severe accident vulnerabilities and the search risk insights described respectively in Regulatory Guidance Positions C.4 and C.5.

C.6.1. In the evaluation of defense-in-depth for the entire facility (in contrast to examining only a specific system or a safety function), the applicant should account for structures and systems of the entire facility to make determinations with respect to defense-in-depth.

C.6.2 The facility design should include a reasonable balance among the layers of defense. For example, the applicant should ensure that failure of a single barrier does not result in a severe accident.

C.6.3 The design should include adequate capability of design features without an overreliance on programmatic features. For example, if a design has overreliance on emergency preparedness to mitigate consequences of an event, then that design does not have sufficient defense-in-depth.

1 For example, suppose that there are no human actions required for the response to the bounding event once it has begun. This might be cited as a way of explaining why that accident is unlikely.

DG-1414, Page 21

C.6.4 The design should include system redundancy, independence, and diversity commensurate with the expected frequency and consequences of challenges to the system, including consideration of uncertainty. For example, the applicant should ensure that for events that are likely to occur during the lifetime of a plant, failure of a single function does not lead to a severe accident.

C.6.5 The design should include adequate defense against potential common cause failures (CCFs). The applicant should focus on CCFs that could affect the facility rather than CCFs of a system or a function.

C.6.6 The design should include multiple fission product barriers. The applicant should ensure that failure of a single fission product barrier does not to lead to unacceptable consequences from a severe accident.

C.6.7 The analysis of defense-in-depth should complement and support Regulatory Guidance Positions 4 and 5 of this pre-decisional DG. The analysis of defense-in-depth may be used to support the search for severe accident vulnerabilities as discussed in Regulatory Guidance Position C.4. Any risk insights identified from the consideration of defense-in-depth should be documented in accordance with Regulatory Guidance Position C.5.

C.7 Application-Specific Considerations for the Alternate Evaluation for Risk Insights C.7.1 For construction permit applications, an applicant may have a conceptual design that does not include sufficient information to demonstrate that AERI entry conditions are met at the time of application. In general, an applicant should follow relevant guidance to determine the minimum information necessary for a CP application. The applicant should describe the approach for demonstrating that the conditions for using the AERI framework are met.

At the CP application stage, use of AERI is also considered preliminary, because the inputs to the AERI framework are derived from a plant design and operational programs that are less mature than they are at subsequent licensing stages. Therefore, the applicant should provide justification that the AERI results are reasonable and should include any necessary commitments to update the AERI so that its completion status at subsequent licensing stages is consistent with the intended reactor design and operation.

A construction permit applicant may identify risk insights based on assumptions made at the CP application stage with the understanding that such assumptions will be updated at a subsequent licensing stage. In any subsequent licensing application, the applicant should update those assumptions and confirm that the AERI framework is appropriate for the reactor design.

C.8 Procedural and other Non-Technical Aspects C.8.1 Independent review: For analyses performed to support the AERI framework, an independent review should be performed and described in the application.

C.8.2 Expert opinion: Although formal guidance on using expert opinion or expert panels is not provided herein, the application should describe those steps and procedures that have been used to provide assurance that when expert opinion or expert panels are used to support analyses within the AERI framework, a procedure or methodology has been used that meets broad expectations to assure that the expert opinion or expert panels process has technical integrity.

DG-1414, Page 22

D. IMPLEMENTATION If the NRC staff should publish a DG on the topics discussed in this pre-decisional DG, then the NRC staff would explain in this section of the DG how the NRC would use the final RG in its regulatory processes. The NRC would also describe its use of the final RG in the context of the backfitting and issue finality provisions of preliminary proposed Part 53.

DG-1414, Page 23

REFERENCES2

1. U.S. Code of Federal Regulations (CFR) Risk-informed, technology-inclusive regulatory framework for commercial nuclear plants, Part 53, Title 10, Energy.
2. U.S. Nuclear Regulatory Commission (NRC), Pre-decisional Draft Regulatory Guide (DG)-1413, Technology-Inclusive Identification of Licensing Events for Commercial Nuclear Plants.
3. NRC, Trial Use Regulatory Guide (RG) 1.247, Acceptability of Probabilistic Risk Assessment Results for Advanced Non-Light Water Reactor Risk-Informed Activities, Washington, DC.
4. NRC, RG 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities, Washington, DC.
5. NRC, NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Washington, DC.
6. CFR Domestic Licensing of Production and Utilization Facilities, Part 50, Title 10, Energy.
7. CFR Licenses, Certifications, and Approvals for Nuclear Power Plants, Part 52, Title 10, Energy.
8. NRC, Policy Statement on the Regulation of Advanced Reactors, (Volume 73 of the Federal Register, page 60612, October 14, 2008).
9. NRC, Severe Reactor Accidents Regarding Future Designs and Existing Plants, (50 FR 32138, August 8, 1985).
10. NRC, Safety Goals for the Operations of Nuclear Power Plants, (51 FR 28044, August 4, 1986).
11. NRC, Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities, 60 FR 42622, August 16, 1995.
12. NRC, RG 1.70, Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (LWR Edition), Washington, DC.
13. NRC, RG 1.81, Content of the Updated Final Safety Analysis Report in Accordance with 10 CFR 50.71(e), Washington, DC.
14. NRC, RG 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition),

Washington, DC.

15. NRC, RG 1.232, Guidance for Developing Principal Design Criteria for Non-Light Water Reactors, Washington, DC.
16. NRC Vision and Strategy: Safely Achieving Effective and Efficient Non-Light Water Reactor Mission Readiness, issued December 2016.

2 Publicly available NRC published documents are available electronically through the NRC Library on the NRCs public Web site at http://www.nrc.gov/reading-rm/doc-collections/ and through the NRCs Agencywide Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-rm/adams.html The documents can also be viewed online or printed for a fee in the NRCs Public Document Room (PDR) at 11555 Rockville Pike, Rockville, MD. For problems with ADAMS, contact the PDR staff at 301-415-4737 or (800) 397-4209; fax (301) 415-3548; or e-mail pdr.resource@nrc.gov.

DG-1414, Page 24

17. NRC, SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, and PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements, Washington, DC, April 8, 1993 (ML040210725).
18. NRC, Staff Requirements Memorandum (SRM)-SECY-93-092, SECY-93-092 - Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, and PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements, Washington, DC, July 30, 1993.
19. NRC, SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, Washington, DC, March 28, 2003.
20. NRC, SRM-SECY-03-0047, Staff Requirements- SECY-03-0047 - Policy Issues Related to Licensing Non-Light-Water Reactor Designs, Washington, DC, June 26, 2003.
21. NRC, SECY-90-016, Evolutionary Light Water Reactor (LWR) Certification Issues and Their Relationship to Current Regulatory Requirements, Washington, DC.
22. NRC, SECY-93-087 Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advance Light-Water Reactor (ALWR) Designs, Washington, DC.
23. NRC, SECY-96-128, Policy and Key Technical Issues Pertaining to the Westinghouse AP600 Standardized Passive Reactor Design, Washington, DC.
24. NRC, SECY-97-044, Policy and Key Technical Issues Pertaining to the Westinghouse AP600 Standardized Passive Reactor Design, Washington, DC.
25. NRC, Reactor Safety Study: An Assessment of accident Risks in U.S. Commercial Nuclear Power Plants, WASH-1400 (NUREG-75/014), Washington, DC, October 1975.
26. NRC, NUREG-1150, Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, Washington, DC.
27. NRC, NUREG-1855, Revision 1, Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making, Washington, DC.
28. NRC Generic Letter 1988-020: Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities - 10 CFR 50.54(f), Washington, DC, June 28, 1991 (ML031150485).
29. NRC, NUREG-2122, Glossary of Risk-Related Terms In Support of Risk-Informed Decisionmaking, Washington, DC, November 2013.
30. Advisory Committee on Reactor Safeguards (ACRS) Letter, The Role of Defense in Depth in a Risk-Informed Regulatory System, Washington, DC, May 19, 1999.
31. NRC, RG 1.174, Revision 3, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decision on Plant-Specific Changes to the Licensing Basis, Washington, DC, January 2018.
32. NRC, NUREG/KM-0009, Historical Review and Observations of Defense-in-Depth, Washington, DC.

DG-1414, Page 25

33. Nuclear Energy Institute (NEI) 18-04, Revision 1, Risk-Informed, Performance-Based Technology Guidance for Non-Light Water Reactors, Washington, DC, August 2019 (ML19241A472).3
34. International Atomic Energy Agency (IAEA) Specific Safety Requirements No. SSR-2/1, Safety of Nuclear Power Plants: Design, Vienna, Austria.4
35. IAEA, Specific Safety Guide (SSG), No. SSG-2, Deterministic Safety Analysis for Nuclear Power Plants, Vienna, Austria.
36. IAEA, Specific Safety Guide (SSG), No. SSG-3, Development and Application of Level 1 Probabilistic Safety Assessment for Nuclear Power Plants, Vienna, Austria.
37. American Society of Mechanical Engineers (ASME)/American Nuclear Society (ANS), RA-S-1.4, Probabilistic Risk Assessment Standard for Advanced Non-Light Water Reactor Nuclear Power Plants, New York, NY.5
38. IAEA Safety Glossary: Terminology Used in Nuclear Safety and Radiation Protection, Vienna, Austria, 2018.

3 Publications from the Nuclear Energy Institute (NEI) are available at their Web site: http://www.nei.org/ or by contacting the headquarters at Nuclear Energy Institute, 1776 I Street NW, Washington DC 20006-3708, Phone: 202-739-800, Fax 202-785-4019.

4 Copies of International Atomic Energy Agency (IAEA) documents may be obtained through their Web site:

www.IAEA.org/ or by writing the International Atomic Energy Agency, P.O. Box 100 Wagramer Strasse 5, A-1400 Vienna, Austria.

5 Copies of American Society of Mechanical Engineers (ASME) standards may be purchased from ASME, Two Park Avenue, New York, New York 10016-5990; telephone (800) 843-2763. Purchase information is available through the ASME Web-based store at http://www.asme.org/Codes/Publications/.

DG-1414, Page 26

Retrieved from "https://kanterella.com/w/index.php?title=ML22146A041&oldid=3447742"