SECY-22-0072, Enclosure 4 - Alternative Physical Security Requirements for Advanced Reactors Proposed Rule: Differing View

From kanterella
Revision as of 18:10, 18 November 2024 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
SECY-22-0072: Enclosure 4 - Alternative Physical Security Requirements for Advanced Reactors Proposed Rule: Differing View
ML22042A677
Person / Time
Issue date: 08/02/2022
From:
NRC/SECY
To:
Dennis Andrukat
Shared Package
ML21334A003 List:
References
NRC-2017-0227, RIN 3150-AK19 SECY-22-0072
Download: ML22042A677 (28)
v  d  e


Text

Alternative Physical Security Requirements for Advanced Reactors Proposed Rule: DIFFERING VIEW

An Office of Nuclear Security and Incident Response (NSIR) staf f member provided a differing view with four problem statements on the proposed rule. The sta ff members differing view arises from the proposed provisions within Title 10 of the Code of Federal Regulations (10 CFR) 73.55(s)(1)(ii), Eligibility, where [t]he applicant or licen see must demonstrate that the consequences of a postulated radiological release that results from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§ 50.34 and 52.79 of this chapter, and 10 CFR 73.55(s)(1)(iv), Analysis, where [ t]he applicant or licensee electing to meet one or more of the alternative security requirements in paragraph (s)(2) of this section must perform a technical analysis demonstrating how it meets th e criteria in paragraph (s)(1)(ii) of this section. The differing view is characterized in the fo llowing problem statements:

  • The proposed rule imposes unnecessary regulatory burden, which would be an avoidable impediment to a licensee or applicant that wants to apply alter native physical security requirement(s) in the design of a physical protection program t o meet the requirements of 10 CFR 73.55.
  • The proposed rule and its implementation set forth a radiation dose of 25 rem total effective dose equivalent (25 rem TEDE) (in any 2-hour period following t he onset of the postulated fission product release) as an acceptable dose limit for member s of the public and a consequence-based approach that uses this 25 rem TEDE as the ac ceptable criterion for determining offsite release that would not endanger public heal th and safety.
  • The proposed rule and implementation of 10 CFR 73.55(s)(1)(ii) and (s)(1)(iv) allows for relying on human actions in lieu of plant design features, stru ctures, systems, and components (SSCs) and barriers that would not meet the Commissi ons expectations in 2008 Policy Statement on Regulation of Advanced Reactors to red uce reliance on human actions.
  • The proposed rule, a more specific requirement in 10 CFR Part 73.55, provides a regulatory pathway for circumventing regulatory requirements established i n the current framework for safety and security.

The details of the bases for the differing view indicated above, along with the potential impact on mission and alternatives for resolutions are provided in this e nclosure as Problem Statements No.1, No.2, No.3.a, and No.3.b.

PROBLEM STATEMENT NO.1

The U.S. Nuclear Regulatory Commissions (NRCs) issuance of th e proposed rule could impose unnecessary regulatory burden, which would be an avoidab le impediment to a licensee or applicant that wants to apply alternative physical security requirements in the design of a physical protection system to meet the requirements of Title 10 of the Code of Federal Regulations (10 CFR) 73.55, Requirements for physical protection of licen sed activities in nuclear power reactors against radiological sabotage.

Enclosure 4 2

Regulatory and Technical Basis

  • The current regulatory framework in 10 CFR 73.55 does not require a licensee or applicant to perform a consequence analysis (e.g., to analyze the consequences of security-initiated events (those initiated by the design-basis threat (DBT))).

In the proposed rule, 10 CFR 73.55(s)(1) states the following:

(1) General requirements.

(i) Applicability. The requirements of this section apply to an applicant for or holder of a license for a small modular reactor, as defined in § 171.5 of this chapter, or a non-light-water reactor under part 50 of this cha pter or part 52 of this chapter.

(ii) Eligibility. The applicant or licensee must demonstrate that the consequen ces of a postulated radiological release that results from a postul ated security-initiated event do not exceed the offsite dose referen ce values defined in

§§ 50.34 and 52.79 of this chapter.

(iii) Identification and documentation. The applicant or licensee must identify the specific alternative physical security requirement(s) it intend s to implement as part of its physical protection program and demonstrate how the requirements set forth in this section are met when the selected alternative(s) is used.

(iv) Analysis. The applicant or licensee electing to meet one or more of the alternative security requirements in paragraph (s)(2) of this s ection must perform a technical analysis demonstrating how it meets the criteria in paragraph (s)(1)(ii) of this section. The licensee must maintain the analysis until the certifications required by § 50.82(a)(1) of this chapter or § 52.110(a) of thi s chapter have been docketed by the NRC.

The proposed provisions in paragraphs (ii) and (iv) above estab lish that a licensee (or applicant for an operating or combined license) must perform a site-speci fic analysis to evaluate potential offsite radiological consequences of security-initiated events. The proposed rule further states, as illustrated by the table below, that before implementing any of the alternatives in 10 CFR 73.55(s)(2), a licensee or applicant must satisfy the re quirements of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv). This include s providing an analysis of potential offsite radiological consequences from postulated sec urity-initiated (DBT-initiated) events, to show that such an event would result in an offsite r elease below the dose value of 25 rem TEDE (i.e., the radiation dose in any 2-hour period followi ng the onset of the postulated fission product release would not exceed 25 rem TEDE).

3

Comparison of Proposed Rule and Existing Rule Proposed 10 CFR 73.55(s) Existing 10 CFR 73.55(r), Alternative measures (1) General requirements. (1) The Commission may authorize an applicant or licensee to provide a measure for (i) Applicability. The requirements of this protection against radiological sabotage other section apply to an applicant for or holder of a than one required by this section if the license for a small modular reactor, as defined applicant or licensee demonstrates that:

in § 171.5 of this chapter, or a non-light-water reactor under part 50 of this chapter or part 52 of this chapter.

(ii) Eligibility. The applicant or licensee must demonstrate that the consequences of a postulated radiological release that results Not required.

from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§ 50.34 and 52.79 of this chapter.

(iii) Identification and documentation. The (1)(i) The measure meets the same applicant or licensee must identify the specific performance objectives and requirements alternative physical security requirement(s) it specified in paragraph (b) of this section.

intends to implement as part of its physical protection program and demonstrate how the (2) The licensee shall submit proposed requirements set forth in this section are met alternative measure(s) to the Commission for when the selected alternative(s) is used. review and approval in accordance with §§ 50.4 and 50.90 of this chapter before implementation.

(3) In addition to fully describing the desired changes, the licensee shall submit a technical basis for each proposed alternative measure.

The basis must include an analysis or assessment that demonstrates how the proposed alternative measure provides a level of protection that is at least equal to that which would otherwise be provided by the specific requirement of this section.

(iv) Analysis. The applicant or licensee electing to meet one or more of the alternative security requirements in paragraph (s)(2) of Not required.

this section must perform a technical analysis demonstrating how it meets the criteria in 4

paragraph (s)(1)(ii) of this section. The licensee must maintain the analysis until the certifications required by § 50.82(a)(1) of this chapter or § 52.110(a) of this chapter have been docketed by the NRC.

Contrary to the proposed rule, the Commissions current require ment in 10 CFR 73.55(r), which includes the necessary exemptions to prescribed requirements fo r implementing alternatives under 10 CFR 73.5, Specific exemptions, does not require a li censee or applicant to perform an analysis to demonstrate that the consequences of a postulate d radiological release resulting from a postulated security-initiated event do not exceed the of fsite dose reference values defined in 10 CFR 50.34, Contents of applications; technical i nformation, and 10 CFR 52.79, Contents of applications; technical information in final safet y analysis report. Such an analysis to justify a request to implement an alternative is not require d either under 10 CFR 73.55(r) or for the necessary exemption from prescribed security requiremen ts in 10 CFR 73.55. Under the regulatory framework in 10 CFR 73.55, the technical basis must demonstrate that the alternative measure provides a level of protection that is equal to that of the corresponding specific requirement in 10 CFR 73.55 (i.e., the alternative meets the pe rformance objective and requirements in 10 CFR 73.55(b)). This justifies the implementa tion of the proposed alternative.

The same technical basis justifies specific exemptions from pre scribed security requirements that may be necessary to implement the alternative. This technical basis is the same as that required in the proposed rule, as the acceptability of the alte rnative is based on how the applicant or licensee would design and implement the alternativ e physical security requirements to meet the requirements of 10 CFR 73.55. This is evident from the proposed rule in 10 CFR 73.55(s)(1)(iii), which requires the licensee or applica nt to demonstrate how it will meet the requirements in 10 CFR 73.55(b)(3) when using the selected alternatives.

Despite the similarities between the current and proposed rule, the proposed rule imposes the unnecessary burden that a licensee or applicant must perform co nsequence analyses. A consequence analysis for security-initiated events, based on th e DBT of radiological sabotage defined in 10 CFR 73.1 (i.e., intentional acts that target SSCs and barriers), is given as an acceptable way for an applicant or licensee to meet the conditi on for eligibility to implement alternative physical security requirements in the design of its physical protection program. This is an unnecessary impediment for advanced reactor licensees or applicants because they could request implementation of the same alternative physical securit y requirements through 10 CFR 73.55(r) without performing any consequence analyses. Th erefore, the differing view problem statement is that the proposed rule imposes an unnecess ary burden on advanced reactor designers, licensees, and applicants that are consideri ng and applying alternatives in their physical protection program designs. By issuing the propo sed rule, the NRC could impede the efficient industrywide adoption of alternative means and me thods, including innovative approaches, in the designs of physical protection programs for advanced reactors.

  • The safety of reactors (including operating li ght-water reactors, light-water and nonlight-water small modular reactors, and advanced reactors) is ensured by the comprehensive safety requirements and safety-related SSCs that are documented in the final safety analysis report.

The current safety regulatory framework, in 10 CFR Part 50, Do mestic Licensing of Production and Utilization Facilities, and 10 CFR Part 52, Licenses, Cer tifications, and Approvals for 5

Nuclear Power Plants, establishes necessary and sufficient saf ety requirements through safety and hazards analyses and assessments of the site and the facili ty, which identify design features (e.g., SSCs and barriers) to be incorporated to protec t a reactor, ensuring extremely low probability for accidents that could result in the release of significant quantities of radioactive fission products. Specifically, the provisions in 10 CFR 50.34( a)(1)(ii) and 10 CFR 50.34(a)(1)(ii)(D) for a 10 CFR Part 50 operating licens e, and similarly the provisions in 10 CFR 52.79(a)(1)(vi) and 10 CFR 52.79(a)(2)(iv) for a 10 CFR Part 52 combined license, along with hazards analyses and analyses of design-basis accide nts, ensure a comprehensive identification of safety-related SSCs and barriers, as well as risk-significant nonsafety-related SSCs, that must function as designed to ensure safe reactor ope ration. This identification establishes the basis for licensing.

A licensees final safety analysis report documents the safety basis established by meeting the regulatory requirements in the current safety regulatory framew ork. The analyses, assessments, and evaluations performed under the current safety regulatory f ramework do not include consequence analysis for intentional acts, either internal or e xternal, based on the characteristics, attributes, and capabilities of the DBT of rad iological sabotage specified in 10 CFR 73.1, Purpose and scope. The currently required design -basis accidents analyses and safety assessments, including ai rcraft impact assessments, do n ot consider failure of the design features, SSCs, and barriers due to security threats up to and including the DBT of radiological sabotage. The current regulations do not require a licensee or applicant to perform additional beyond-design-basis analyses, assessments, and evaluations of D BT-initiated accident scenarios; to determine progressions of accidents not previousl y analyzed; or to assess the potential offsite radiological consequences. (Such analysis wou ld include, for example, identifying DBT-initiated events; assessing DBT-caused fuel, sy stems, and facility damage ratios; evaluating DBT-caused release fractions; and analyzing the potential offsite consequences of DBT-caused accident sequences and DBT-caused di spersion of radiological source term.) Instead, the safety basis for licensing, as analy zed and documented for a safety envelope of operations that the Commission finds acceptable, re lies on the licensees meeting the security requirements in 10 CFR 73.55. When adequately desi gned and implemented, a physical protection program that satisfies the requirements in 10 CFR 73.55 is deemed to provide adequate protection against the DBT of radiological sab otage. This protection forms the technical and regulatory bases for the Commissions finding of assurance that the licensed activities do not constitute an unreasonable risk to the public health and safety.

Unlike the current safety and security regulatory framework, th e implementation of the proposed rule requires that an analysis be performed to evaluate potenti al offsite consequences based on a consequence threshold of 25 rem TEDE, including additional an alysis of DBT-initiated scenarios. This requirement, illustrated below, was presented i n public meetings on October 19, 2021 (Agencywide Documents Access and Management Sy stem (ADAMS)

Accession No. ML21291A238), and January 20, 2022 (ADAMS Accessi on No. ML22019A075).

6

Under the current regulations and regulatory framework, the lic ensee or applicant uses 25 rem TEDE as the reference value in its analyses, assessments, and e valuations to identify the necessary design features, SSCs, and barriers. For example, com pliance with 10 CFR 50.34(a)(1)(ii) and 10 CFR 50.34(a)(1)(ii)(D) or with 10 CFR 52.79(a)(1)(vi) and 10 CFR 52.79(a)(2) means that, crediting the safety functions o f plant features, SSCs, and barriers identified, the postulated fission product release (us ing the expected demonstrable containment leak rate and any fission product cleanup systems i ntended to mitigate accident consequences) would not lead to a radiation dose above 25 rem T EDE. The current requirements of 10 CFR 73.55, when met and acceptably implement ed, provide adequate protection to ensure maintenance of the safety basis as analyze d and documented in the final safety analysis report. The current regulations and regulatory framework for the safety/security interface make it unnecessary to require an analysis within the framework of 10 CFR 73.55; doing so would impose an arbitrary applicability requirement (o r eligibility condition) on licensees wishing to apply the alternatives in 10 CFR 73.55(s)( 2) in their designs. The differing view problem statement asks why the consequence analysis requir ement in the proposed rule is necessary.

Under the current regulations and regulatory framework, an addi tional analysis of potential offsite consequences, implemented as illustrated above, to incl ude analysis of DBT-initiated events, would intentionally not meet the requirement of 10 CFR 73.55 (i.e., would result in inadequate protection) and would be otherwise unnecessary, with out any regulatory or technical merit.

The following explains this in the context of licensing, to sho w the unnecessary burden resulting in part from the proposed requirement, which goes beyond the cu rrent security regulation and 7

regulatory framework. The logic is that, if the two points desc ribed below are true, then the proposed rule would be creating an unnecessary requirement. In other words, if a licensees or applicants design has already met the requirements, through th e analyses, assessments, and evaluations completed for either an NRC-certified design or an operating license or combined license, then the design already identifies plant design featur es, SSCs, and barriers based on the 25 rem TEDE reference. If the licensee or applicant has als o demonstrated that it has a physical protection program that satisfies the performance obje ctive and requirements in 10 CFR 73.55 using alternative physical security requirements, then, by the finding of the Commission, it has provided adequate security to maintain the s afety design features.

The question is why the consequence analysis requirement in the proposed rule is necessary if the following are true:

  • On the safety side, the NRC uses 25 rem TEDE as a reference va lue during the design certification process to ensure that a reactor design has the n ecessary design features, SSCs, and barriers to adequately protect against release of fis sion product that would endanger the public, design-basis internal random events, and e xternal events. That is, the design features, SSCs, and barriers will be sufficiently av ailable and reliable, through redundancy, diversity, and independence, to perform their inten ded safety functions.

These design features, SSCs, and barriers are the reason for th e low likelihood that postulated accidents as analyzed will cause unacceptable offsit e consequences.

  • On the security side, meeting the requirements of 10 CFR 73.55 provides reasonable assurance that a licensee can adequately defend against the DBT adversary (i.e.,

intentional, nonrandom internal and external hazards). The phys ical protection program minimizes the likelihood that intentional acts (i.e., DBT-initi ated events) will be able to compromise the design features, SSCs, and barriers and cause un acceptable offsite consequences. The physical protection program also protects aga inst accidents and consequences beyond those analyzed on the safety side (i.e., it eliminates the need to analyze consequences of intentional acts based on the DBT chara cteristics, attributes, and capabilities described in 10 CFR 73.1).

Therefore, the differing view problem statement is that the pro posed rule would impose an unnecessary regulatory requirement for applying alternative mea sures and an increased burden in demonstrating compliance with such a requirement in the secu rity basis for licensing. (At a minimum, it would increase the licensees or applicants burden in preparing and submitting analyses, as well as the NRC staffs burden in reviewing how th e analyses evaluate the potential offsite radiological consequences, in accordance with 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv), within the security plans.) By issuing the rule as proposed, the NRC will impede the use of alternatives in the physical protection desig ns of advanced reactor designers and applicants.

  • The security regulations are structured to ensure adequate protection for the minimum sets of safety-related SSCs, so that those SSCs will be available to perform the safety functions designed to protect public health and safety by preventing radiological sabotage by the DBT adversary.

The security regulatory framework of 10 CFR Part 73, Physical Protection of Plants and Materials, establishes graded standards of physical protection commensurate with the risks of 8

activities involving special nuclear material (i.e., in terms o f material attractiveness and radiological consequence). For power reactors, regardless of th e reactor design, 10 CFR 73.55(b)(1) states the following:

The licensee shall establish and maintain a physical protection program, to include a security organization, which will have as its objecti ve to provide high assurance that activities involving special nuclear material ar e not inimical to the common defense and security and do not constitute an unreasonab le risk to the public health and safety.

When the performance and prescriptive requirements in 10 CFR 73.55 are met and implemented, the Commission has found, and will find, that a li censee has provided, or an applicant for an operating license has demonstrated, adequate p rotection against the DBT for radiological sabotage. That is, the licensee or applicant has p rotected against the potential for the DBT to cause the failure of safety-related design features, SSCs, or barriers, and has thus maintained the safety and licensing basis as analyzed, providin g reasonable assurance that activities licensed do not constitute unreasonable risks to pub lic health and safety or to the protection of the environment.

Contrary to the Commissions curr ent regulatory framework and regulations, the proposed rule would require a licensee or applicant to perform a site-specifi c analysis to evaluate potential offsite radiological consequences, despite a finding of adequat e protection. The proposed rule would require unnecessary analysis and would establish a new re gulatory position that is contrary to the longstanding regulatory and technical basis for the Commission finding of adequate protection.

Furthermore, the analysis required by 10 CFR 73.55(s)(1)(ii) an d 10 CFR 73.55(s)(1)(iv), as shown in the figure above, will allow a licensee or applicant t o undermine the current safety and security regulatory framework. S pecifically, a licensee or appl icant could evaluate the potential offsite consequences of a loss of identified design features, S SCs, or barriers (e.g., those identified through safety analysis, assessments, and evaluation s using reference values, the DBA, etc.) due to a DBT-initiated event, based on availability of mitigation equipment and ability to move freely to perform mitigation to prevent release up to a n offsite dose of 25 rem TEDE. By establishing a provision in 10 CFR 73.55 that allows for relian ce on mitigation measures (human actions) to prevent release, t he NRC would enable licensees and applicants to intentionally erode current safety and security standards. Problem Statements No. 2 and No. 3 of this enclosure address this point in more detail.

The proposed guidance for implementation specifies that an acce ptable implementation of the required consequence analysis is one based on DBT-initiated eve nts with an acceptable offsite release of up to 25 rem TEDE to members of the public. The prop osed rule, as implemented, will impose an unnecessary burden and create a regulatory imped iment for licensees and applicants considering or applying alternative measures in thei r physical protection program designs.

  • Applicants or licensees must perform a site-specific analysis to evaluate potential offsite radiological consequences.

9

The first part of the proposed requirement, 10 CFR 73.55(s)(1)( ii), states, The applicant or licensee must demonstrate that the consequences of a postulated radiological release that results from a postulated security-initiated event do not excee d the offsite dose reference values defined in §§ 50.34 and 52.79 of this chapter. The second part, 10 CFR 73.55(s)(1)(iv), states, The applicant or licensee electing to meet one or more of the alternative security requirements in paragraph (s)(2) of this section must provide a technical an alysis demonstrating how it meets the criteria in paragraph (s)(1)(ii) of this section. The appl icant or licensee must also show that its physical protection program design, with the alternative(s), meets the design requirement of preventing a significant radiological release.

For an acceptable implementation of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv), a licensee or applicant wishing to demonstrate eligibility to use some or all of the alternative security measures in 10 CFR 73.55(s)(2) should develop scenario s testing its ability to uphold the sites physical security plan (e.g., to protect target set equipment or prevent an offsite release from exceeding reference doses) while employing the alt ernative measures. Possible scenarios to evaluate include, but are not limited to, the foll owing:

(1) A DBT-initiated event that compromises some or all target s ets and does not involve human actions to mitigate a potential radiological release. Suc h an event should not result in offsite doses above the reference values in 10 CFR 50.34(a)(1)(ii)(D)(1)-(2) and 10 CFR 52.79(a)(1)(vi)(A)-(B).

(2) A DBT-initiated event that compromises some or all target s ets and results in core damage or causes a release of radionuclides from any source bef ore offsite doses exceed the reference values in 10 CFR 50.34(a)(1)(ii)(D)( 1)-(2) and 10 CFR 52.79(a)(1)(vi)(A)-(B). The response to such an event ma y involve both onsite and offsite resources to interdict the adversary force and miti gate the release.

The consequence analysis required by the proposed rule, as desc ribed for implementation above, uses a threshold of 25 rem TEDE in a 2-hour period as an acceptable dose limit for members of the public.

Unlike the proposed rule and implementation, the current regula tory framework requires that a licensee or applicant identify all safety-related SSCs, includi ng barriers for safety of reactor operations protecting against risk of core damage and risk of r elease of radiological nuclides (i.e., 10 CFR 50.34 or 10 CFR 52.79 analysis, assessment, and e valuation). The proposed rule modifies the design performance objective from prevent signifi cant core damage to prevent significant release, to ensure the protection of those SSCs an d barriers whose failure would lead to offsite release endangering public health and safety.

According to the proposed implementation guidance, a licensee o r applicant would consider intentional acts of radiological sabotage based on the characte ristics, attributes, and capabilities of the DBT adversary. Whether the radiological consequences of DBT-initiated scenarios would be considered a danger to public health and safety would depend on whether the resulting radiation exposure was above 25 rem TEDE, the threshold defined for significant release. A dose of up to 25 rem TEDE would not be considered a significant release, but a dose greater than 25 rem TEDE would be considered a significant release and therefore a danger to public health and safety.

10

The differing view is that the technical analysis required by t he proposed rule in 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv) is an unneces sary burden. This is because the current safety and security regulatory framework, by requir ing safety and hazards analyses and assessments such as those of 10 CFR 50.34 and 10 CFR 52.79, establishes what safety-related SSCs and barriers must remain reliable and avail able to perform their intended safety functions (i.e., to prevent core damage or prevent relea se of radiation hazards to the environment). In the discussion below, this is referred to as S tep A.

The design of the physical protection program in accordance wit h 10 CFR 73.55, referred to as Step B, enables plant features, SSCs, and barriers to perform t heir required safety functions by protecting them from threats up to and including the DBT of rad iological sabotage. A licensee or applicant wishing to use alternative physical security requirem ents must demonstrate that the resulting physical protection program will meet all the perform ance and prescriptive requirements of 10 CFR 73.55. This ensures that the identified SSCs and barriers will perform the required safety functions and are adequately protected agai nst intentional acts based on the DBT of radiological sabotage. Under the current regulatory fram ework for security, this notion of adequate protection constitutes a necessary and sufficient stan dard, and a necessary and sufficient regulatory footprint, for the Commission to make its finding.

In the current safety and security regulatory framework, the Co mmission does not require a licensee or applicant to evaluate potential offsite radiologica l consequences when either considering or applying an alternative measure. Nor does it exp and its regulatory footprint to impose additional analysis of potential offsite radiological co nsequences (referred to as Step C),

after the licensee has satisfied the requirements that the Comm ission has deemed necessary and sufficient for adequate protection.

To reiterate, the key technical and regulatory concern is that the proposed rule and implementation would require licensees and applicants to perfor m Step C despite having completed Steps A and B. Under the current regulatory framework, Step C is not required; instead, the SSCs and barriers determined to be safety-related are considered adequately protected if the requirements of 10 CFR 73.55 are met (e.g., th e protective strategy will interdict and neutralize the DBT of radiological sabotage; the design of the physical protection program prevents significant releases that would endanger public health and safety or the environment).

(For licensees and applicants applying 10 CFR 50.69, Risk-info rmed categorization and treatment of structures, systems and components for nuclear pow er reactors, the SSCs and barriers in question may include RISC-2 SSCs (which are nonsafe ty-related but perform safety-significant functions), along with, from a security pers pective, any equipment or systems whose failure would lead to common-cause failure of RISC-1 and RISC-2 SSCs.)

The requirement of Step C in the proposed rule and implementati on is the additional burden that is otherwise not required based on adequate protection. Step C is the analysis of offsite consequences of intentional acts based on the DBT; it requires licensees and applicants to identify and evaluate accident scenarios not previously conside red, based on the intentional failure of plant features, SSCs, and barriers that safety analy sis has already shown to be reliable and available. This consequence analysis is not well-d efined, and the NRC staff has proposed only high-level guidance that does not sufficiently ex plain how to perform the analysis.

This means that the analysis will be complex and costly to comp lete, and costly for the staff to review, without adding any information needed for the Commissio n to make its findings of adequate safety and security.

11

The following example illustrates the burden imposed by Step C in the context of 10 CFR 50.150, Aircraft impact assessment. (Another example w ould be the design for mitigation of loss of offsite power for all reactor plants to p rotect against the risk of station blackout.)

In 10 CFR 50.150, the Commission has established the following regulatory basis for adequate protection from the potential impact of a large commercial airc raft. The requirements relevant to this discussion are the following:

  • The regulation at 10 CFR 50.150(a) states that each applicant must perform a design-specific assessment of the effects on the facility of th e impact of a large commercial aircraft. Using realistic analyses, the applicant mu st identify and incorporate design features and functional capabilities to show that, with reduced use of operator actions, (i) the reactor core remains cooled, or the containmen t remains intact, and (ii) spent fuel cooling or spent fuel pool integrity is maintained.
  • The regulation at 10 CFR 50.150(a)(2) states that the assessme nt must be based on the beyond-design-basis impact of a large commercial aircraft used for long-distance flights in the United States, with the aviation fuel loading typically used in such flights, and an impact speed and angle of impact considering the ability of bot h experienced and inexperienced pilots to control large commercial aircraft at th e low altitude representative of a nuclear power plants low profile.

The first provision above requires the licensee or applicant to perform an assessment and identify and incorporate design features to protect the reactor core, containment, and spent fuel from the potential impact of a commercial aircraft. The license e or applicant must show that these features protect the SSCs required to maintain core cooli ng or containment integrity, and to maintain spent fuel cooling or spent fuel pool integrity. Th e assessment required by this provision is Step A; this corresponds to the safety and hazards analyses and assessments of 10 CFR 50.34 and 10 CFR 52.79, which identify plant features th at must remain reliable and available to perform their intended safety functions of maintai ning core cooling or containment integrity and spent fuel cooling or spent fuel pool integrity.

In Step B, the licensee or applicant designs its protection str ategy (e.g., relying on interposing structures, the design of building outer structures, the reinfo rcement of inner building walls for structural integrity, the use of fire-separating barriers, the fireproofing of structures, reconfiguration of the automatic fire suppression system, etc.) so that the plant can withstand beyond-design-basis impacts of commercial aircraft with the cha racteristics of 10 CFR 50.150(a)(2). The protection strategy, if adequately des igned and incorporated, provides assurance that the required SSCs or barriers can perfo rm the safety functions described in 10 CFR 50.150(a) with reduced use of operator acti ons. When the requirements for aircraft impact assessment above have been met through Steps A and B, the Commission will find that the licensee or applicant has shown reasonable assura nce of adequate protection from the risk of the beyond-design-basis impact of a large commercia l aircraft.

For this example, Step C would be a site-specific analysis to e valuate the potential offsite radiological consequences of a failure of the design features i ntended to protect against the impact of a large commercial aircraft. Such an analysis is unne cessary in this case, as it is also for the requirement of 10 CFR 73.55, because the licensee or ap plicant has already met the 12

Commission standard for adequate protection of the design featu res required to maintain core and spent fuel cooling or containment and spent fuel pool integ rity against the beyond-design-basis impact of a large commercial aircraft.

As illustrated in the example, under the current security regul atory framework, the Commission makes a finding of adequate protection when a licensee or appli cant has met the requirements of 10 CFR 73.55 to protect against threats up to and including the DBT of radiological sabotage.

The proposed requirement of an additional consequence analysis has no regulatory or technical justification and is an unnecessary burden to licensees and app licants wishing to apply alternative physical security requirements in their physical pr otection program designs.

Potential Impact on Mission

The requirements of 10 CFR 73.55(s)(1), as proposed and impleme nted, will result in an unnecessarily large regulatory f ootprint and regulatory overreach and create an impediment to advanced reactor designers and applicants wishing to apply alte rnative methods or approaches to meet the requirements of 10 CFR 73.55.

This rule, if made final as proposed, will adversely affect the NRCs plan for efficiency, clarity, and reliability in accomplishing its mission, which is to licen se and regulate the Nation's civilian use of radioactive materials so as to provide reasonable assura nce of adequate protection of public health and safety, to promote the common defense and sec urity, and to protect the environment. Specifically, the adoption of the proposed rule an d its implementation will result in the following:

  • Inefficiency: The proposed regulations are not consistent with the degree of risk reduction they would achieve, as the requirements are unnecessa ry and would not minimize the use of resources or lead to regulatory decisions m ade without undue delay.
  • Lack of clarity: The proposed regulations are not coherent, log ical, and practical. There is no clear nexus between the proposed regulations and agency goals and objective s, whether explicitly or implicitly stated. The agencys longstand ing principle of adequate protection would no longer be readily understood and easily app lied.
  • Absence of reliability: The proposed re gulations would undermine the currently established regulations, which have been deemed reliable for ma intaining acceptably low levels of risk based on the best available knowledge from r esearch and operational experience, and considering safety and security interactions, t echnological uncertainties, and the diversity of licensee and regulatory activities. The pr oposed regulations would not be consistent with current regulations and would not contri bute to regulatory stability for advanced reactors.

Proposed Alternative

The following changes to the proposed rule in 10 CFR 73.55(s)(1 ) would eliminate the unnecessary burden and remove regulatory impediments for an app licant or a licensee wishing to implement alternative measures:

13

(1) General requirements.

(i) Applicability. The requirements of this section apply to A n applicant for or holder of a license for a small modular reactor, as defined in § 171.5 of this chapter, or a non-light-water reactor under part 50 of this cha pter or part 52 of this chapter. may elect to meet one or more of the alterative security requirements in § 73.55(s)(2).

(ii) Eligibility. The applicant or licensee must demonstrate that the consequen ces of a postulated radiological release that results from a postul ated security-initiated event do not exceed the offsite dose referen ce values defined in

§§ 50.34 and 52.79 of this chapter.

(iii) Identification and documentation. The applicant or licensee must identify the specific alternative physical security requirement(s) it intend s to implement as part of its physical protection program and demonstrate how the requirements set forth in this section are met when the selected alternative(s) is used.

(iv) Analysis. An applicant or licensee electing to meet one or more of the alternative security requirements in in paragraph (s)(2) of thi s section must perform a technical analysis dem onstrating how it meets the cri teria in paragraph (s)(1)(ii) of this section. The licensee must maintain the anal ysis until the certifications required by § 50.82(a)(1) of this chapter or § 5 2.110(a) of this chapter have been docketed by the NRC.

There are concerns about the use of preventing significant cor e damage as a performance objective for advanced reactor physical protection programs, si nce this objective would not encompass advanced reactors in which radiation hazards may resi de outside of the reactor core in a reactor vessel. To address these concerns, the NRC should consider the following modification of 10 CFR 73.55(b)(3):

(b)(3) For a licensee holding an operating license under the pr ovisions of part 50 of this chapter or a combined license under the provisions of p art 52 of this chapter for a non-light-water reactor, other than a small modul ar reactor, as defined in § 171.5 of this chapter, the physical protection pro gram must be designed to prevent significant core damage and spent fuel sabo tage. For a small modular reactor licensee or a non-light-water reactor lic ensee licensed under part 50 of this chapter or part 52 of this chapter, the p hysical protection program must be designed to protect against the loss of structures, systems, components, and barriers that prevent a significant release of radionuclides from any source.

14

PROBLEM STATEMENT NO. 2

The proposed rule and its implementation set forth a radiation dose of 25 rem total effective dose equivalent (25 rem TEDE) (in any 2-hour period following t he onset of the postulated fission product release) as an acceptable dose limit for member s of the public and a consequence-based approach that uses this 25 rem TEDE as the ac ceptable criterion for determining offsite release that would not endanger public heal th and safety.

Regulatory and Technical Basis

  • The proposed rule redefines a dose of up to 25 rem TEDE as acceptable level of exposure for members of the public. It applies this new standard as the threshold for the staff to determine whether a given release of radiation hazards is acceptable and will not endanger the public health and safety.

The implementation of the proposed rule requiring a site-specif ic analysis to evaluate offsite consequences uses the value of 25 rem TEDE over a 2-hour durati on as a consequence threshold, with doses up to 25 rem TEDE to members of the publi c being acceptable, and doses over 25 rem TEDE not being acceptable. For an acceptable implem entation of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv), a licensee o r applicant wishing to demonstrate eligibility to use s ome or all of the alternative s ecurity measures in 10 CFR 73.55(s)(2) should develop scenarios testing its ability to uphold the sites physical security plan (e.g., to protect target set equipment or prevent an offsite release from exceeding reference doses) while employing the alternative measures. Poss ible scenarios to evaluate include, but are not limited to, the following:

(1) A DBT-initiated event that compromises some or all target s ets and does not involve human actions to mitigate a potential radiological release. Suc h an event should not result in offsite doses above the reference values in 10 CFR 50.34(a)(1)(ii)(D)(1)-(2) and 10 CFR 52.79(a)(1)(vi)(A)-(B).

(2) A DBT-initiated event that compromises some or all target s ets and results in core damage or causes a release of radionuclides from any source bef ore offsite doses exceed the reference values in 10 CFR 50.34(a)(1)(ii)(D)( 1)-(2) and 10 CFR 52.79(a)(1)(vi)(A)-(B). The response to such an event ma y involve both onsite and offsite resources to interdict the adversary force and miti gate the release.

The consequence analysis required by the proposed rule, as desc ribed for implementation above, uses a threshold of 25 rem TEDE in a 2-hour period as an acceptable dose limit for members of the public. For comparison, 25 rem TEDE is the dose limit for workers performing emergency services to save lives or protect large populations ( without informed consent).

Contrary to the proposed rule, the differing view problem state ment is that the 25 rem TEDE consequence threshold used in the proposed rule far exceeds the Commissions established dose limits in 10 CFR 20.1301, Dose limits for individual memb ers of the public, which are 2 mrem per hour and 100 mrem per year for individual members of the public, excluding dose from background radiation and medical exposure.

15

  • Establishing the dose to emergency workers as acceptable for members of the public conflicts with Commission regulations.

Currently, the dose limits for workers performing emergency ser vices to save lives or protect large populations are (1) greater than 25 rem TEDE only on a vo luntary basis, for persons informed of the risk and selected healthy individuals, preferab ly over the age of 45, and (2) up to 25 rem TEDE (without informed consent) when a lower dose limit is not practicable. It should be emphasized that these limits apply to emergency conditions. In addition, the dose limit associated with the protection of valuable property is up to 10 rem when a lower dose is not practicable, or by planned special exposure if time permits. Fo r a worker recovering deceased victims, the dose limit is no more than 5 rem or by planned spe cial exposure.

The proposed rule and implementation set forth a dose limit for members of the public that equals the current limit for workers performing emergency servi ces. Unlike radiation workers, members of the public are not informed individuals who give con sent and willingly, knowingly, and voluntarily accept the risks of radiation exposure. The imp lementation of the proposed rule would suggest, through guidance, that a drastically higher dose limit (12,500 mrem per hour as opposed to 2 mrem per hour) is acceptable for members of the pu blic. This limit exceeds the 10-rem limit established for emergency workers protecting valua ble property. It also exceeds other public limits. For example, in 40 CFR Part 190, Environm ental Radiation Protection Standards for Nuclear Power Operations, the Environmental Prot ection Agency establishes a dose limit of 25 mrem per year as acceptable for any member of the public. This annual dose rate is thousands of times lower than the 25,000 mrem in 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> s that the proposed guidance considers acceptable.

The dose limit of 25 rem TEDE for members of the public is not supported by current NRC regulations or by regulations outside of the agency. The differ ing view problem statement is that, through guidance on implementing the proposed requirements of 1 0 CFR 73.55(s)(1)(ii) and 10 CFR 73.5(s)(1)(iv), the staff has set forth a new Commission standard on acceptable dose limit for members of the public that equals the limit for radia tion workers, namely 25 rem TEDE.

  • The use of 25 rem TEDE as a consequence-based criterion is outside of the current regulatory framework for safety analyses, assessments, or evaluations.

The regulations at 10 CFR 50.34(a)(1)(ii) and 10 CFR 50.34(a)(1 )(ii)(D) establish the regulatory basis for using 25 rem TEDE as a reference value in the evaluat ion of plant design features with respect to postulated reactor accidents, in order to ensure ext remely low risk of reactor accidents and low risk of public exposure to radiation. Specifi cally, 10 CFR 50.34(a)(1)(ii) states that the preliminary safety analysis report must include the fo llowing:

A description and safety assessment of the site and a safety as sessment of the facility. It is expected that reactors will reflect through the ir design, construction and operation an extremely low probability for accidents that c ould result in the release of significant quantities of radioactive fission produc ts.

The areas to be covered by the safety assessments include those described in 10 CFR 50.34(a)(1)(ii)(D):

16

The safety features that are to be engineered into the facility and those barriers that must be breached as a result of an accident before a relea se of radioactive material to the environment can occur. Special attention must b e directed to plant design features intended to mitigate the radiological consequen ces of accidents.

In performing this assessment, an applicant shall assume a fiss ion product release6 from the core into the containment assuming that the facility is operated at the ultimate power contemplated. The applicant shall perform an evaluation and analysis of the postulated fission product release, using t he expected demonstrable containment leak r ate and any fission product clea nup systems intended to mitigate the consequences of the accidents, togethe r with applicable site characteristics, including site meteorology, to evaluate t he offsite radiological consequences. Site characteristics must comply with part 100 of this chapter.

The evaluation must determine that:

(1) An individual located at any point on the boundary of the e xclusion area for any 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> period following the onset of the postulated fis sion product release, would not receive a radiation dose in excess of 25 rem 7 total effective dose equivalent (TEDE).

(2) An individual located at any point on the outer boundary of the low population zone, who is exposed to the radioactive cloud result ing from the postulated fission product release (during the entire perio d of its passage) would not receive a radiation dose in excess of 25 rem total effective dose equivalent (TEDE);

Footnote 6 to these regulations clarifies the following:

The fission product release assumed for this evaluation should be based upon a major accident, hypothesized for purposes of site analysis or p ostulated from considerations of possible accidental events. Such accidents ha ve generally been assumed to result in substantial meltdown of the core with subsequent release into the containment of appreciable quantities of fissi on products.

Footnote 7 states the following:

A whole body dose of 25 rem has been stated to correspond numer ically to the once in a lifetime accidental or emergency dose for radiation w orkers which, according to NCRP recommendations at the time could be disregar ded in the determination of their radiation exposure status (see NBS Handb ook 69 dated June 5, 1959). However, its use is not intended to imply that t his number constitutes an acceptable limit for an emergency dose to the pu blic under accident conditions. Rather, this dose value has been set forth in this section as a reference value, which can be used in the evaluation of plant design features with respect to postulated reactor accidents, in order to assur e that such designs provide assurance of low risk of public exposure to radiation, in the event of such accidents.

The implementation guidance for the analysis required by paragr aphs (ii) and (iv) of the proposed rule, 10 CFR 73.55(s)(1), confirms as acceptable a con sequence-based approach, 17

rather than a risk-based approach (i.e., one based on the produ ct of consequence and likelihood). Current NRC regulations promote a risk-based appro ach, in line with the NRCs goal of being a risk-informed and performance-based regulator. In th e risk-based approach, a physical protection program design could achieve high assurance of protection by ensuring that the DBT of radiological sabotage would have very low likelihood. Contrary to the established regulations and regulatory framework, the consequence-based app roach using 25 rem TEDE as an acceptable consequence for public health and safety conflict s with the Commissions risk-based approach. This consequence-based approach has not be en reviewed or approved by the Commission, especially not in the context of the limited-sc ope security rulemaking for advanced reactors.

Furthermore, under the consequence-based approach using the 25 rem TEDE threshold, since offsite release of radiation hazards up to 25 rem TEDE would co nstitute an acceptable dose to the public, the plant features and barriers preventing such a r elease would no longer be considered safety-related, and licensees would not be required to protect them accordingly.

Specifically, SSCs that would be treated as safety-related unde r the current regulations (for licensees and applicants applying 10 CFR 50.69, these include R ISC-2 SSCs, which are nonsafety-related but perform safety-significant functions, and any equipment or systems whose failure would lead to common-cause failure of RISC-1 or RISC-2 SSCs) could be reclassified as RISC-3 or RISC-4, corresponding respectively to safety-related or nonsafety-related SSCs that perform functions of low safety significance. Under the consequ ence-based approach of the proposed rule with a reference value of 25 rem TEDE, licensees would no longer have to protect SSCs and barriers as target set elements if their failu re would result in offsite release of no more than 25 rem TEDE. The approach would no longer be risk-based or risk-informed, and would allow licensees to reduce or eliminate SSCs and barriers that would otherwise be categorized and treated as being required for assurance of low risk of public exposure to radiation. Licensees would no longer be required to protect the se SSCs and barriers from the DBT of radiological sabotage.

Based on the regulatory and technical discussions above, the di ffering view problem statement is that the proposed rule and its implementation guidance shoul d not assert that 25 rem TEDE is an acceptable dose limit for m embers of the public. This limit was established for emergency workers, and the NRCs current regulations and regulatory frame work do not support its use for members of the public, nor has the Commission considered or app roved it.

In addition, the use of 25 rem TEDE as an acceptance criterion in a consequence-based approach is contrary to the current regulations and the risk-ba sed (i.e., risk-informed and performance-based) regulatory framework. It falls outside of th e Commissions directions and the scope of the limited-scope rule on security for advanced re actors using alternatives in designs of physical protection programs.

Potential Impact on Mission

The adoption of this proposed rule and its implementation, whic h set forth a consequence-based approach with 25 rem TEDE as the acceptance c riterion, will adversely affect the NRCs plan for efficiency, clarity, and reliability in accomplishing its mission, which is to license and regulate the Nations civilian use of radioactiv e materials so as to provide reasonable assurance of adequate protection of public health an d safety, and to promote the 18

common defense and security, and to protect the environment. Sp ecifically, the adoption of the proposed rule and its implementation will result in the followi ng:

  • Inefficiency: The proposed regulations are not consistent with the degree of risk reduction they would achieve, as the consequence-based approach using 25 rem TEDE as an acceptable dose limit for members of the public is contra ry to the current risk-based (risk-informed and performance-based) regulatory fra mework. The risk-based approach is a longstanding standard practice for reasonable ass urance of protection of public health and safety. The implementation of a consequence-b ased approach that conflicts with or undermines the current risk-based safety and security framework would cause undue delay in regulatory decisions and could compromise the safety bases for findings of reasonable assurance of adequate protection.
  • Lack of clarity: The proposed regulations are not coherent, lo gical, and practical. There is no clear nexus between the proposed regulations and agency g oals and objectives, whether explicitly or implicitly stated. The consequence-based approach in the proposed regulations would circumvent the agencys longstanding principl e of adequate protection through a risk-informed and performance-based approach, and the regulations and regulatory framework would no longer be readily understood and easily applied.
  • Absence of reliability: The proposed regulations would undermi ne the currently established regulations, which have been deemed reliable for maintaining acceptably low levels of risk based on the best available knowledge from research and operati onal experience, and considering safety and security interactions, t echnological uncertainties, and the diversity of licensee and regulatory activities. The co nsequence-based criteria (with the 25 rem TEDE threshold) in the proposed regulations wo uld not result in prompt, fair, and decisive administration and would not contribute to r egulatory stability for advanced reactors.

Proposed Alternative

The following changes to the proposed rule in 10 CFR 73.55(s)(1 ) would eliminate the use of the consequence-based approach and the 25 rem TEDE acceptance c riterion and would thus resolve the differing view problem statement:

(1) General requirements.

(i) Applicability. An applicant or licensee of a small modular reactor, as defin ed in

§ 171.5 of this chapter, or non-light-water reactor that is lic ensed under part 50 of this chapter or part 52 of this chapter may elect to meet one or more of the alterative security requirements in § 73.55(s)(2).

(ii) Eligibility. The applicant or licensee must demonstrate that the consequen ces of a postulated radiological release that results from a postul ated security-initiated event do not exceed the offsite dose referen ce values defined in

§§ 50.34 and 52.79 of this chapter.

(iii) Identification and documentation. The applicant or licensee must identify the specific alternative physical security requirement(s) it intend s to implement as 19

part of its physical protection program and demonstrate how the requirements set forth in this section are met when selected alternative(s) is u sed.

(iv) Analysis. An applicant or licensee electing to meet one or more of the alternative security requirements in in paragraph (s)(2) of thi s section must perform a technical analysis dem onstrating how it meets the cri teria in paragraph (s)(1)(ii) of this section. The licensee must maintain the anal ysis until the certifications required by § 50.82(a)(1) of this chapter or § 5 2.110(a) of this chapter have been docketed by the NRC.

There are concerns about the use of preventing significant cor e damage as a performance objective for advanced reactor physical protection programs, si nce this objective would not encompass advanced reactors in which radiation hazards may resi de outside of the reactor core in a reactor vessel. To address these concerns, the NRC should consider the following modification of 10 CFR 73.55(b)(3):

(b)(3) For a licensee holding an operating license under the pr ovisions of part 50 of this chapter or a combined license under the provisions of p art 52 of this chapter for a light light-water reactor, other than a small mod ular reactor, as defined in § 171.5 of this chapter, the physical protection pro gram must be designed to prevent significant core damage and spent fuel sabo tage. For a small modular reactor licensee or a non-light-water reactor lic ensee licensed under part 50 of this chapter or part 52 of this chapter, the p hysical protection program must be designed to protect against the loss of structures, systems, components, and barriers that prevent a significant release of radionuclides from any source.

20

PROBLEM STATEMENT NO. 3a

The implementation of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s )(1)(iv) is contrary to the Commissions expectation, established in the Policy Statement o n the Regulation of Advanced Reactors (Volume 73 of the Federal Register, page 60612; October 14, 2008), that advanced reactor designs should include reduced reliance on human action s.

Technical Basis

The acceptable implementation of the proposed rule requires tha t an analysis be performed to evaluate potential offsite consequences based on a consequence threshold of 25 rem TEDE, including additional analyses of security-initiated (i.e., DBT-initiated) scenarios, as illustrated below.

As stated earlier, this illustration was presented during publi c meetings on October 19, 2021, and January 20, 2022. It shows how the implementation of the pr oposed rule would allow for a licensee or applicant, through analysis performed under the pro posed rule, to substitute mitigation measures relying on human actions for plant features, SSCs, and barriers identified through safety analyses, assessments, and evaluations in the sa fety and design bases. For example, under the proposed rule, the SSCs and barriers maintai ning core cooling or containment integrity and spent fuel cooling or spent fuel pool integrity may be eliminated if analysis shows that mitigation m easures can prevent any release resulting in a dose above 25 rem TEDE.

21

In addition, the illustration shows how the proposed rule under mines the current safety and security regulatory framework by allowing a licensee or applica nt to downgrade the categorization, and the associated treatment, of SSCs and barri ers based on 10 CFR 50.69.

That is, under the proposed rule, a licensee or applicant may s how that with mitigation measures, the failure of certain SSCs and barriers that are cur rently classified as RISC-1 or RISC-2 (or whose failure would lead to common-cause failure of RISC-1 or RISC-2 SSCs) would result in offsite release of no more than 25 rem TEDE. Th e licensee could then reclassify these SSCs and barriers as RISC-3 or RISC-4 or eliminate them a ltogether, considering them unnecessary for ensuring low risk of offsite release, although they are considered necessary under current design requirements for safety.

In relation to the safety/security interface, the implementatio n of the proposed rule allows the licensee or applicant to use a consequence analysis, based on c onsequences mitigated by reliance on human actions, to justify reducing the plant securi ty posture, eliminating the protection of SSCs and barriers that otherwise would have been identified as target set equipment and protected by the design of the physical protectio n program. It should be noted that mitigation measures would be applied within a defense-in-d epth strategy, to provide sufficient margin in safety and security designs to account for the uncertainties in the risk of public exposure to radiation resulting from design-basis accide nts and beyond-design-basis events (e.g., aircraft impacts, Fukushima Dai-ichi event, and t he DBT of radiological sabotage).

The following discussion uses the previous example of aircraft impact assessment to illustrate how the proposed rule may be implemented. Mitigation measures f or potential consequences of an aircraft impact are required by 10 CFR 50.54(hh)(1), which s tates, in part, the following:

Each licensee shall develop, implement and maintain procedures that describe how the licensee will address the following areas if the licensee is notified of a potential aircraft threat:

(iii) Contacting all onsite personnel and applicable offsite re sponse organizations;

(iv) Onsite actions necessary to enhance the capability of the facility to mitigate the consequences of an aircraft impact;

(vi) Dispersal of equipment and personnel, as well as rapid entry into site protected areas for essential onsite personnel and offsite responders who are necessary to mitigate the event; and

(vii) Recall of site personnel.

If the licensee or applicant has procedures to address the onsite actions necessary to enhance the capability of the facility to mitigate the consequences, dispersal of equipment and personnel and the recall of site personnel, as specified in 10 CFR 50.54( hh)(1), then under the proposed rule, human actions may be substituted for protection against p otential offsite consequences, based on consequence analysis using the 25-rem TEDE criterion. With respect to security, the design of the physical protection program may be based on mitig ation measures established to satisfy 10 CFR 50.54(hh)(1), without the design features, SSCs, or barriers identified as necessary through safety analysis, assessments, and evaluations. The level of safety for advanced reactors licensed under this framework would not equal that of currently licensed 22

reactors, which rely on design features, engineered SSCs, and b arriers, together with planning and contingencies for mitigation measures, to reduce risk and e stablish defense in depth.

The Commissions 2008 Policy Statement on the Regulation of Adv anced Reactors states the following:

Regarding advanced reactors, the Commission expects, as a minim um, at least the same degree of protection of the environment and public health and safety and the common defense and security that is required for current genera tion light-water reactors (LWRs). Furthermore, the Commission expects that advanced react ors will provide enhanced margins of safety and/or use simplified, inherent, pas sive, or other innovative means to accomplish their safety and security functions.

Among the attributes that the Commission recommends for conside ration in advanced reactor designs are the following:

  • Designs that minimize the potential for severe accidents and t heir consequences by providing sufficient inherent safety, reliabili ty, redundancy, diversity, and independence in safety systems, with an emphasis on minimizing the potential for accidents over minimiz ing the consequences of such accidents.
  • Designs that incorporate the defense-in-depth philosophy by ma intaining multiple barriers against radiation release, and by reducing th e potential for, and consequences of, severe accidents.
  • Designs that include considerations for safety and security re quirements together in the design process such that security issues (e.g., newly identified threats of terrorist attacks) can be effectively res olved through facility design and engineered security features, and formulati on of mitigation measures, with reduced reliance on human actions.

The Commission also expects that the safety features of these advanced reactor designs will be complemented by the operational program for Emergency Planni ng.

It is recognized that neither the Commissions policy statement s nor staff-developed regulatory guides constitute regulatory requirements. Licensees and applic ants are not obligated to adhere, in full or in part, to Commission policy statements or NRC-issued regulatory guides.

They may choose to apply the staff guidance from a regulatory g uide in full or in part, as they see fit, or to modify it, or to use other methods than describe d.

In particular, licensees and applicants are not legally obligat ed to comply with the guidance in DG-5071, Target Set Identification and Development for Nuclear Power Reactors, or in DG-5072, Guidance for Alternativ e Physical Security Requirements for Non-Light-Water Reactors and Small Modular Reactors. Neither the language nor the regulatory history of 10 CFR 73.55(f), on target sets, compels the interpretation tha t a licensee or applicant must conform to the guidance in DG-5071 and DG-5072, or to apply the guidance in one before or in consideration of applying the other, to perform the analysis re quired by the proposed rule in 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv).

23

Contrary to the expectations in the Commissions policy stateme nt, the staff position on an acceptable method for the analysis required by the proposed rul e provides for reliance on human actions to perform mitigation measures that would allow l icensees and applicants to eliminate design features, SSCs, and barriers identified as nec essary in the safety analysis, or to downgrade their risk categorization and treatment. As discus sed above, this reduces both safety and security and compromises defense in depth. It also c ontravenes the Commissions expectation that safety features of advanced reactor designs wi ll be complemented by emergency preparedness planning and response; it allows for saf ety features and SSCs instead to be replaced by mitigation measures.

In summary, the proposed rule allows licensees and applicants t o rely on human actions in place of designed and engineered safety features. This is contr ary to the Commissions expectation that advanced reacto r designs should emphasize safety and security through design and engineering features, complemented by mitigation mea sures, with reduced reliance on human actions. The proposed rule allows licensees and applic ants to eliminate the physical protection of design features, SSCs, and barriers that would ot herwise be protected from the DBT of radiological sabotage. The differing view problem statem ent is that the proposed rule, through the analysis described in its implementation, should no t allow licensees and applicants to rely on mitigation measures (human actions) for safety, beca use this would conflict with the Commissions expectations in the Policy Statement on the Regula tion of Advanced Reactors.

Potential Impact on Mission

The proposed rule and its implementation, by allowing for relia nce on mitigation measures (human actions), will affect the effectiveness of the NRCs lic ensing and regulations in providing reasonable assurance of adequate protection of public health an d safety. Specifically, the adoption of the proposed rule and its implementation will resul t in the following:

  • Inefficiency: The proposed regulations are not consistent with the degree of risk reduction they would achieve, as their implementation would all ow for mitigation measures (human actions) to replace adequate physical protectio n of safety-related design features, SSCs, and barriers for preventing an offsite r adiological release. This is contrary to safety requirements and to the risk-based approach of the current regulatory framework. It would reduce the security measures protecting aga inst the DBT of radiological sabotage for advanced reactors, which would cause undue delay in regulatory decisions and potentially undo the current safety li censing basis for findings of reasonable assurance of protection.
  • Lack of clarity: The proposed regulations are not coherent, lo gical, and practical. There is no clear nexus between the proposed regulations and agency g oals and objectives, whether explicitly or implicitly stated. The consequence-based approach and reliance on mitigation measures in the proposed regulations undermine the a gencys longstanding position of using a risk-based approach to apply established re quirements for adequate protection. The regulations and regulatory framework would no l onger be readily understood and easily applied.
  • Absence of reliability: The proposed regulations would undermi ne the currently established regulations, which have been deemed reliable for maintaining acceptably 24

low levels of risk based on the best available knowledge from research and operati onal experience, and considering safety and security interactions, t echnological uncertainties, and the diversity of licensee and regulatory activities. The im plementation of mitigation measures relying on human actions, rather than on design featur es, SSCs, and barriers, would not be consistent with current regulations and would not lead to prompt, fair, and decisive administration contributing to regulatory stability fo r advanced reactors.

Proposed Alternative

Paragraphs (ii) and (iv) of the proposed rule in 10 CFR 73.55(s )(1) should be removed to eliminate the requirement to perform an analysis to evaluate po tential offsite consequences. In the current security framework of 10 CFR 73.55, the design of t he physical protection program is aimed at protecting the design features, SSCs, and barriers that have been determined, through a safety analysis, to be necessary for assurance of ade quate safety. The suggested change removes the proposed requirement that would allow licens ees and applicants to circumvent the current safety and security requirements. It als o removes the reliance on human actions implied by the implementation of the proposed rule, whi ch is contrary to the Commissions Policy Statement on the Regulation of Advanced Rea ctors. The suggested change is to remove paragraphs (ii) and (iv) from the proposed rule text of 10 CFR 73.55(s)(1):

(ii) Eligibility. The applicant or licensee must demonstrate th at the consequences of a postulated radiological release that results from a postulated security-initiated event do not exceed the offsite dose reference values defined in §§ 50.3 4 and 52.79 of this chapter.

(iv) Analysis. An applicant or licensee electing to meet one or more of the alternative security requirements in in paragraph (s)(2) of thi s section must perform a technical analysis dem onstrating how it meets the cri teria in paragraph (s)(1)(ii) of this section. The licensee must maintain the anal ysis until the certifications required by § 50.82(a)(1) of this chapter or § 5 2.110(a) of this chapter have been docketed by the NRC.

PROBLEM STATEMENT NO. 3b

The proposed rule, at 10 CFR 73.55(s)(1)(ii) and (iv), introduc es a more specific requirement for consequence analysis in 10 CFR 73.55 and provides a regulatory pathway for circumventing requirements established in the current safety and security fra mework for power reactors.

Regulatory Basis

The acceptable implementation of the proposed rule requires tha t an analysis be performed to evaluate potential offsite consequences based on a consequence threshold of 25 rem TEDE, including additional analyses of security-initiated (i.e., DBT-initiated) scenarios, as illustrated below.

25

As previously stated, the illustration above, presented during public meetings on October 19, 2021, and January 20, 2022, captures a method that the staff finds acceptable for performing the analysis required under the proposed provisions of paragraphs (ii) and (iv) of 10 CFR 73.55(s)(1). The implementation guidance for the propose d rule appears in DG-5071 and DG-5072.

The proposed rule, in 10 CFR 73.55( s)(1)(ii) and (iv), gives mo re specific requirements for analysis of potential offsite consequences. It provides a regul atory pathway for circumventing the regulatory requirements established in the current framewor k for the safety of nuclear power reactors, such as the provisions of 10 CFR 50.34(a)(1)(ii)(D) f or analysis, assessment, and evaluation of offsite consequences. The more specific provision s of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv) would control over the more general prov isions of 10 CFR 50.34(a)(1)(ii)(D) for analysis of potential offsite con sequences. The provisions of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv) on analysis o f offsite consequences are narrower in scope than the provisions in 10 CFR Parts 50, 52, a nd 100 (e.g., in 10 CFR 50.34, 10 CFR 50.69, 10 CFR 52.79, and 10 CFR 100.11, Determination o f exclusion area, low population zone, and population center distance).

The example below, on specific exemptions, illustrates how a mo re specific provision would control over a more general provision. The regulations in 10 CF R 50.12, Specific exemptions, state the following:

26

(a) The Commission may, upon application by any interested pers on or upon its own initiative, grant exemptions from the requirements of the r egulations of this part, which are

(1) Authorized by law, will not present an undue risk to the pu blic health and safety, and are consistent with the common defense and security.

(2) The Commission will not consider granting an exemption unle ss special circumstances are present. Special circumstances are present wh enever

(i) Application of the regulation in the particular circumstanc es conflicts with other rules or requirements of the Commission; or

(ii) Application of the regulation in the particular circumstan ces would not serve the underlying purpose of the rule or is not necessary to achie ve the underlying purpose of the rule; or

(iii) Compliance would result in undue hardship or other costs that are significantly in excess of those contemplated when the regulati on was adopted, or that are significantly in excess of those incurred by others similarly situated; or

(iv) The exemption would result in benefit to the public health and safety that compensates for any decrease in safety that may result from the grant of the exemption; or

(v) The exemption would provide only temporary relief from the applicable regulation and the licensee or applicant has made good faith ef forts to comply with the regulation; or

(vi) There is present any other material circumstance not consi dered when the regulation was adopted for which it would be in the public inte rest to grant an exemption. If such condition is r elied on exclusively for satisfying paragraph (a)(2) of this section, the exemption may not be gran ted until the Executive Director for Operations has consulted with the Commis sion.

The regulations in 10 CFR 52.7, Specific exemptions, state th e following:

The Commission may, upon application by any interested person o r upon its own initiative, grant exemptions from the requirements of the regul ations of this part.

The Commissions consideration will be governed by § 50.12 of this chapter, unless other criteria are provided for in this part, in which c ase the Commissions consideration will be governed by the criteria in this part. On ly if those criteria are not met will the Commissions considerations be governed by § 5 0.12 of this chapter. The Commissions consideration of requests for exempti ons from requirements of the regulations of other parts in this chapter, which are applicable by virtue of this par t, shall be governed by the exemption requirements of those parts.

27

The regulations in 10 CFR 73.5 state the following:

The Commission may, upon application of any interested person o r upon its own initiative, grant such exemptions from the requirements of the regulations in this part as it determines are authorized by law and will not endang er life or property or the common defense and security, and are otherwise in the pu blic interest.

The regulations in 10 CFR 73.5 address specific exemptions to t he requirements of 10 CFR Part 73. The regulations in 10 CFR 50.12 and 10 CFR 52.7 set forth the criteria by which the Commission may grant exemptions to the requirements o f 10 CFR Part 50 and 10 CFR Part 52, respectively.

The more specific provision in 10 CFR 73.5 is controlling over the more general provisions in 10 CFR 50.12 and 10 CFR 52.7. The criteria for approval of exem ptions under 10 CFR 73.5 are specific to security objectives and are narrower in scope than the general exemption criteria in 10 CFR 50.12 and 10 CFR 52.7. In the last quarter of 2020, the Commission granted the requests of currently operating power reactor licensees to foll ow the provisions of 10 CFR 73.5 over those of 10 CFR 50.12; this demonstrates that the more spe cific requirement, in this case that of 10 CFR 73.5, is controlling.

With respect to the proposed rule, this means that a licensee o r applicant would have to perform the analyses of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(i v) in lieu of the analyses, assessments, and evaluations of potential offsite consequences required under the general provisions. A licensee or applicant could no longer rely on the latter (e.g., on 10 CFR 50.34(a)(1)(ii)(D)) or on the results of analyses that d id not cover security-initiated (i.e.,

DBT-initiated) events beyond those required in the current regu latory framework for safety.

Licensees and applicants would no longer be obligated to meet b oth the general and the specific provisions for analysis of potential offsite consequen ces; through the specific provisions of 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv), they coul d consider and incorporate mitigation measures (human actions) to achieve protection of ad vanced reactors. The differing view problem statement is that the proposed rule would control over the more general provisions on analysis of potential offsite consequences (e.g., 10 CFR Parts 50, 52, and 100),

thus permitting a licensee or applicant to circumvent the regul atory requirements in the current framework for safety and security for power reactors.

Potential Impact on Mission

This proposed rule, incorporating specific provisions in 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv) that would be controlling over more gene ral provisions for analysis of potential offsite consequences, will affect the effectiveness o f the NRCs licensing and regulations in providing reasonable assurance of adequate prote ction of public health and safety. Specifically, adoption of the proposed rule will result in the following:

  • Inefficiency: The proposed regulations are inconsistent with t he degree of risk reduction they achieve, as their implementation would allow for mitigatio n measures (human actions) to replace adequate physical protection of safety-rela ted design features, SSCs and barriers for preventing an offsite radiological release. Th e method proposed as acceptable under 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)( iv) would circumvent the safety requirements and the risk-based approach of the curr ent regulatory 28

framework. It would also reduce security, causing undue delay i n regulatory decisions and potentially undoing the current safety licensing basis for findings of reasonable assurance of adequate protection.

  • Lack of clarity: The proposed regulations are not coherent, lo gical, and practical. There is no clear nexus between the proposed regulations and agency g oals and objectives, whether explicitly or implicitly stated. The proposed security requirements in 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s)(1)(iv), which are ba sed on a consequence analysis allowing reliance on human actions for mitigation, wou ld be controlling over the more general requirements elsewhere in the NRCs regulations, a nd would therefore undermine the agencys longstanding principle of adequate prote ction through a risk-based approach. The regulations and regulatory framework w ould no longer be readily understood and easily applied.
  • Absence of reliability: The proposed regulations would undermi ne the currently established regulations, which have been deemed reliable for maintaining acceptably low levels of risk based on the best available knowledge from research and operati onal experience, and considering safety and security interactions, t echnological uncertainties, and the diversity of licensee and regulatory activities. The im plementation of the proposed requirements would be inconsistent with current regula tions and would allow a licensee or applicant to circumvent current safety requirements. It would not lead to prompt, fair, and decisive adminis tration or contribute to regu latory stability for advanced reactors.

Proposed Alternative

The NRC should remove 10 CFR 73.55(s)(1)(ii) and 10 CFR 73.55(s )(1)(iv) in the proposed rule to eliminate the requirement to perform an analysis to evaluate potential offsite consequences.

This will ensure that there is no specific provision for such a nalysis that would be controlling over the general provisions elsewhere in the regulations for an alysis, assessments, and evaluations of potential offsite consequences. In the current s ecurity framework of 10 CFR 73.55, the design of the physical protection program is aimed at protecting the design features, SSCs, and barriers that have been determined to be ne cessary for assurance of adequate safety. The suggested change removes the provisions th at would allow licensees and applicants to circumvent the current requirements for analysis, assessments, and evaluations for safety and security. The suggested change is to remove the proposed requirements in 10 CFR 73.55(s)(1)(ii) and (iv):

(ii) Eligibility. The applicant or licensee must demonstrate th at the consequences of a postulated radiological release that results from a postul ated security-initiated event do not exceed the offsite dose referen ce values defined in

§§ 50.34 and 52.79 of this chapter.

(iv) Analysis. An applicant or licensee electing to meet one or more of the alternative security requirements in in paragraph (s)(2) of thi s section must perform a technical analysis dem onstrating how it meets the cri teria in paragraph (s)(1)(ii) of this section. The licensee must maintain the anal ysis until the certifications required by § 50.82(a)(1) of this chapter or § 5 2.110(a) of this chapter have been docketed by the NRC.

Retrieved from "https://kanterella.com/w/index.php?title=SECY-22-0072,_Enclosure_4_-_Alternative_Physical_Security_Requirements_for_Advanced_Reactors_Proposed_Rule:_Differing_View&oldid=3734629"