Approaches to Risk-Informed and Performance-Based Requirements for Nuclear Power Reactors

AGENCY:

Nuclear Regulatory Commission.

ACTION:

Advance notice of proposed rulemaking (ANPR).

SUMMARY:

The Nuclear Regulatory Commission (NRC) is considering modifying its approach to develop risk-informed and performance-based requirements applicable to nuclear power reactors. The NRC is considering an approach that, in addition to the ongoing effort to revise some specific regulations to make them risk-informed and performance-based, would establish a comprehensive set of risk-informed and performance-based requirements applicable for all nuclear power reactor technologies as an alternative to current requirements. This new rule would take advantage of operating experience, lessons learned from the current rulemaking activities, advances in the use of risk-informed technology, and would focus NRC and industry resources on the most risk-significant aspects of plant operations to better ensure public health and safety. The set of new alternative requirements would be intended primarily for new power reactors although they would be available to existing reactor licensees.

At the conclusion of this ANPR phase and taking into consideration public comment, the NRC will determine how to proceed regarding making the requirements for nuclear power plants risk-informed and performance-based.

DATES:

The comment period expires December 29, 2006. This time period allows public comment on the proposals in this ANPR.

Comments on the general proposals in this ANPR would be most beneficial to the NRC if submitted within 90 days of issuance of the ANPR. Comments on any periodic updates will be most beneficial if submitted within 90 days of their respective issuance. Periodic updates that are issued will be placed on the NRC's interactive rulemaking Web site, Ruleforum, ( http://ruleforum.llnl.gov ), for information or comment. Supplements to this ANPR are anticipated to be issued and will request additional public comments.

Comments received after the above date will be considered if it is practical to do so, but the Commission is able to assure consideration only for comments received on or before the above date.

ADDRESSES:

You may submit comments by any one of the following methods. Please include the following number RIN 3150-AH81 in the subject line of your comments. Comments on this ANPR submitted in writing or in electronic form will be made available for public inspection. Because your comments will not be edited to remove any identifying or contact information, the NRC cautions you against including information such as social security numbers and birth dates in your submission.

Mail comments to: Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Rulemakings and Adjudications Staff.

E-mail comments to: SECY@nrc.gov. If you do not receive a reply e-mail confirming that we have received your comments, contact us directly at (301) 415-1966. You may also submit comments via the NRC's rulemaking Web site at http://ruleforum.llnl.gov. Address questions about our rulemaking Web site to Carol Gallagher (301) 415-5905; e-mail cag@nrc.gov. Comments can also be submitted via the Federal eRulemaking Portal http://www.regulations.gov.

Hand deliver comments to: 11555 Rockville Pike, Rockville, Maryland 20852, between 7:30 a.m. and 4:15 p.m. Federal workdays. (Telephone (301) 415-1966).

Fax comments to: Secretary, U.S. Nuclear Regulatory Commission at (301) 415-1101.

Publicly available documents related to this ANPR may be viewed electronically on the public computers located at the NRC's Public Document Room (PDR), O1 F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland. The PDR reproduction contractor will copy documents for a fee. Selected documents, including comments, may be viewed and downloaded electronically via the NRC rulemaking Web site at http://ruleforum.llnl.gov.

Publicly available documents created or received at the NRC after November 1, 1999, are available electronically at the NRC's Electronic Reading Room at http://www.nrc.gov/reading-rm/adams.html. From this site, the public can gain entry into the NRC's Agencywide Document Access and Management System (ADAMS), which provides text and image files of NRC's public documents. If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC Public Document Room (PDR) Reference staff at 1-800-397-4209, 301-415-4737 or by e-mail to pdr@nrc.gov.

FOR FURTHER INFORMATION CONTACT:

Joseph Birmingham, Office of Nuclear Reactor Regulation (NRR), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone (301) 415-2829, e-mail: jlb4@nrc.gov; or Mary Drouin, Office of Nuclear Regulatory Research (RES), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; telephone: (301) 415-6675, e-mail: mxd@nrc.gov.

SUPPLEMENTARY INFORMATION:

Background

The NRC is considering developing a comprehensive set of risk-informed, performance-based, and technology neutral requirements for licensing nuclear power reactors. These requirements would be included in NRC regulations as a new 10 CFR Part 53 and could be used as an alternative to the existing requirements in 10 CFR Part 50.

The Commission directed the NRC staff to develop an ANPR to facilitate early stakeholder participation in this effort. The Commission also directed the NRC staff to: (1) Incorporate in the ANPR a formal program plan for risk-informing 10 CFR Part 50, as well as other related risk-informed efforts, (2) integrate safety, security, and preparedness throughout the effort and (3) include the effort to develop risk-informed and performance-based alternatives to the single failure criterion (ADAMS Accession Numbers ML051290351, ML052570437, and ML052640492).

The NRC has conducted public meetings and workshops to engage interested stakeholders in dialogue on the merits of various approaches to risk-inform and performance-base the requirements for nuclear power reactors. In particular, the NRC conducted (1) a workshop on March 14-16, 2005, to discuss the staff's work in development of a technology-neutral framework in support of a regulatory structure for new plant licensing, and (2) a public meeting on August 25, 2005, to discuss plans for a risk-informed and performance-based revision to 10 CFR Part 50. Meeting minutes were taken and are available to the public (ADAMS Accession Numbers ML050900045 and ML052500385, respectively). At the above workshop and meeting, the NRC discussed the desirability of various approaches for risk-informing the requirements for nuclear power reactors and particularly for new reactors of diverse types. The NRC discussed approaches such as (1) developing an integrated set of risk-informed requirements using a technology-neutral framework as a basis for regulation, and (2) continuing to risk-inform 10 CFR Part 50 on an issue-by-issue basis.

The NRC also plans to continue the ongoing efforts to revise specific regulations in 10 CFR Part 50 as described in SECY-98-300, “Options for Risk-Informed Revisions to 10 CFR Part 50—Domestic Licensing of Productions and Utilization Facilities” (ML992870048). The Commission proposes to focus resources in the near-term on completion and subsequent implementation of the ongoing risk-informed rulemaking efforts for current operating reactors and not to initiate new efforts to risk-inform and performance-base other regulations at this time, unless specific regulations or guidance documents are identified that could enhance the efficiency and effectiveness of NRC reviews of near-term applications.

Although the NRC conducted the meetings discussed above to get a sense of stakeholder interest and to ascertain the desired path forward, the NRC is issuing this ANPR to obtain additional comment on the proposed approaches, to ensure that the Commission's intent is known to all stakeholders, and to allow the NRC to proceed to risk-inform the requirements for power reactors in an open, integrated, and transparent manner.

Proposed Plan

The NRC has developed a proposed plan to develop an integrated risk-informed and performance-based alternative to 10 CFR Part 50 that would cover power reactor applications including non-LWR reactor designs. Safety, security, and preparedness will be integrated into this effort to provide one cohesive structure. This structure will ensure that the reactor regulations, and staff processes and programs are built on a unified safety concept and are properly integrated so that they complement one another. Based on the above, the overall objectives of a risk-informed and performance-based alternative to 10 CFR Part 50 are to: (1) Enhance safety and security by focusing NRC and licensee resources in areas commensurate with their importance to public health and safety, (2) provide NRC with a framework that uses risk information in an integrated manner, (3) use risk information to provide flexibility in plant design and operation while maintaining or enhancing safety and security, (4) ensure that risk-informed activities are coherently and properly integrated such that they complement one another and continue to meet the 1995 Commission's PRA Policy Statement, and (5) allow for different reactor technologies in a manner that will promote stability and predictability in the long term.

The approach addresses risk-informed power reactor activities and the associated guidance documents. Risk-informed activities addressing non-power reactors, nuclear materials and waste are not addressed.

The NRC's proposed approach is to create an entire new Part in 10 CFR (referred to as “10 CFR Part 53”) that can be applied to any reactor technology and that is an alternative to 10 CFR Part 50. Two major tasks are proposed: (1) Develop the technical basis for rulemaking for 10 CFR Part 53, and (2) develop the regulations and associated guidance for 10 CFR Part 53.

Task 1: Development of Technical Basis

The objective of this task is to develop the technical basis for a risk-informed and performance-based 10 CFR Part 53. The technical basis provides the criteria and guidelines for development and implementation of the regulations to be included in Part 53. Current activities associated with developing the technical basis are described in SECY-05-0006 (ADAMS accession number ML043560093).

As the technical basis is being developed, it is anticipated that additional issues will be identified for which stakeholder input is desired. Therefore, it is envisioned that supplemental issues will be added to this ANPR over time.

At the end of the ANPR phase, the Commission will decide whether to proceed to formal rulemaking.

Task 2: Rule Development

The objective of this task is to develop and issue the regulations for 10 CFR Part 53. If upon completion of the technical basis the Commission directs the NRC staff to proceed to rulemaking, the NRC staff will follow its normal rule development process. The NRC staff will develop proposed rule text, interact with stakeholders in an appropriate forum (e.g., posting on web, public workshops), and provide a proposed rule package to the Commission for consideration.

In development of the rulemaking, the necessary guidance documents to meet the regulations in 10 CFR Part 53 will also be developed.

Specific Considerations

Before determining whether to develop a proposed rule, the NRC is seeking comments on this matter from all interested persons. Specific areas on which the Commission is requesting comments are discussed in the following sections. Comments, accompanied by supporting reasons, are particularly requested on the questions contained in each section.

A. Plan

The NRC is seeking comments on the proposed described above:

1. Is the proposed plan to make a risk-informed and performance-based alternative to 10 CFR Part 50 reasonable? Is there a better approach than to create an entire new 10 CFR Part 53 to achieve a risk-informed and performance-based regulatory framework for nuclear power reactors? If yes, please describe the better approach?

2. Are the objectives, as articulated above in the proposed plan section, understandable and achievable? If not, why not? Should there be additional objectives? If so, please describe the additional objectives and explain the reasons for including them.

3. Would the approach described above in the proposed plan section accomplish the objectives? If not, why not and what changes to the approach would allow for accomplishing the objectives?

4. Would existing licensees be interested in using risk-informed and performance-based alternative regulations to 10 CFR Part 50 as their licensing basis? If not, why not? If so, please discuss the main reasons for doing so.

5. Should the alternative regulations be technology-neutral (i.e., applicable to all reactor technologies, e.g., light water reactor or gas cooled reactor), or be technology-specific? Please discuss the reasons for your answer. If technology-specific, which technologies should receive priority for development of alternative regulations?

6. When would alternative regulations and supporting documents need to be in place to be of most benefit? Is it premature to initiate rulemaking for non-LWR technologies? If so, when should such an effort be undertaken? Could supporting guidance be developed later than the alternative regulations, e.g. phased in during plant licensing and construction?

7. The NRC encourages active stakeholder participation through development of proposed supporting documents, standards, and guidance. In such a process, the proposed documents, standards, and guidance would be submitted to and reviewed by NRC staff, and the NRC staff could endorse them, if appropriate. Is there any interest by stakeholders to develop proposed supporting documents, standards, or guidance? If so, please identify your organization and the specific documents, standards, or guidance you are interested in taking the lead to develop?

B. Integration of Safety, Security, and Emergency Preparedness

The Commission believes that safety, security, and emergency preparedness should be integrated in developing a risk-informed and performance-based set of requirements for nuclear power reactors (i.e., in this context, 10 CFR Part 53). The NRC has proposed to establish security performance standards for new reactors (see SECY-05-0120, ADAMS Accession Number ML051100233). Under the proposed approach, nuclear plant designers would analyze and establish, at an earlier stage of design, security design aspects such that there would be a more robust and effective (intrinsic) security posture and less reliance on operational (extrinsic) security programs (guns, guards and gates). This approach takes advantage of making plants more secure by design rather than security components being added on after design.

As part of this approach, the NRC is seeking comment on the following issues:

8. In developing the requirements for this alternative regulatory framework, how should safety, security, and emergency preparedness be integrated? Does the overall approach described in the technology-neutral framework clearly express the appropriate integration of safety, security, and preparedness? If not, how could it better do so?

9. What specific principles, concepts, features or performance standards for security would best achieve an integrated safety and security approach? How should they be expressed? How should they be measured?

10. The NRC is considering rulemaking to require that safety and security be integrated so as to allow an easier and more thorough understanding of the effects that changes in one area would have on the other and to ensure that changes with unacceptable impacts are not implemented. How can the safety-security interface be better integrated in design and operational requirements?

11. Should security requirements be risk-informed? Why or why not? If so, what specific security requirements or analysis types would most benefit from the use of Probabilistic Risk Assessment (PRA) and how?

12. Should emergency preparedness requirements be risk-informed? Why or why not? How should emergency preparedness requirements be modified to be better integrated with safety and security?

C. Level of Safety

The staff, in SECY-05-0130 (ADAMS Accession Number ML051670388), proposed options for establishing a regulatory standard that would be applied during licensing to enhance safety for new plants consistent with the Commission's policy statement for Regulation of Advanced Nuclear Power Plants. Four options were evaluated which included: (1) Perform a case-by-case review, (2) use the Quantitative Health Objectives (QHOs) in the Commission's policy statement on “Safety Goals for the Operation of Nuclear Power Plants” (ADAMS Accession Number ML051580401), (3) develop other risk objectives for the acceptable level of safety, and (4) develop new QHOs. The NRC is soliciting stakeholder views on these options.

Subsidiary risk objectives could also be developed to implement the Commission's expectation regarding enhanced safety for new plants. Such subsidiary risk objectives could be a useful way to:

• Focus more on plant design,
• Provide quantitative criteria for accident prevention and mitigation, and
• Provide high level goals to assist in establishing plant system and equipment reliability and availability targets.

Currently, subsidiary risk objectives of 10⁻⁵/plant year and 10⁻⁶/plant year that could be applicable to all reactor designs are being considered for accident prevention and accident mitigation, respectively, where:

• Accident prevention refers to preventing major fuel damage, and
• Accident mitigation refers to preventing releases of radioactive material offsite such that no early fatalities occur (i.e., from acute radiation doses).

Feedback is sought specifically on the following:

13. Which of the options in SECY-05-0130 with respect to level of safety should be pursued and why? Are there alternative options? If so, please discuss the alternative options and their benefits.

14. Should the staff pursue developing subsidiary risk objectives? Why or why not? Are there other uses of subsidiary risk objectives that are not specified above? If so, what are they?

15. Are the subsidiary risk objectives specified above reasonable surrogates for the QHOs for all reactor designs?

16. Should the latent fatality QHO be met by preventive measures alone without credit for mitigative measures, or is this too restrictive?

17. Are there other subsidiary risk objectives applicable to all reactor designs that should be considered? What are they and what would be their basis?

18. Should a mitigation goal be associated with the early fatality QHO or should it be set without credit for preventive measures (i.e., assuming major fuel damage has occurred)?

19. Should other factors be considered in accident mitigation besides early fatalities, such as latent fatalities, late containment failure, land contamination, and property damage? If so, what should be the acceptance criteria and why?

20. Would a level 3 PRA analysis (i.e., one that includes calculation of offsite health and economic effects) still be needed if subsidiary risk objectives can be developed? For a specific technology, can practical subsidiary risk objectives be developed without the insights provided by level 3 PRAs?

D. Integrated Risk

For new plant licensing, potential applicants have indicated interest in locating new plants at new and existing sites. In addition, potential applicants have indicated interest in locating multiple (or modular) reactor units at new and existing sites. The NRC is evaluating the issue of integrated risk. The staff, in SECY-05-0130, evaluated three options which included: (1) No consideration of integrated risk, (2) quantification of integrated risk at the site only from new reactors (i.e., the integrated risk would not consider existing reactors), and (3) quantification of integrated site risk for all reactors (new and existing) at that site. Another aspect of this issue is the level of safety associated with the integrated risk. The NRC is presently considering whether the integrated risk should be restricted to the same level that would be applied to a single reactor. If this approach were adopted, for an entity who proposed to add multiple reactors to an existing site, the integrated risk would not be allowed to exceed the level of safety expressed by the QHOs in the Commission's Safety Goal Policy Statement.

The NRC is soliciting stakeholder views on these or other options.

Feedback is sought specifically on the following:

21. Which of the options in SECY-05-0130 with respect to integrated risk should be pursued and why? Are there alternative options? If so, what are they?

22. Should the integrated risk from multiple reactors be considered? Why or why not?

23. If integrated risk should be considered, should the risk meet a minimum threshold specified in the regulations? Why or why not?

E. ACRS Views on Level of Safety and Integrated Risk

In a letter dated September 21, 2005, the Advisory Committee on Reactor Safeguards (ACRS) raised a number of questions related to new plant licensing. The ACRS discussed issues related to requiring enhanced safety and how the risk from multiple reactors at a single site should be accounted for. The details of the ACRS discussion are in the September 21, 2005 letter which is attached to this ANPR. The Commission, in a September 14, 2005 SRM, directed the staff to consider ACRS comments in developing a subsequent notation vote paper addressing these policy issues.

Feedback is sought specifically on the following:

24. Should the views raised in the ACRS letter and by various members of the Committee be factored into the resolution of the issues of level of safety and integrated risk? Why or why not?

F. Containment Functional Performance Standards

The Commission has directed the staff to develop options for containment functional performance requirements and criteria which take into account such features as core, fuel, and cooling system design. In developing these options, the NRC is seeking stakeholder views on the following aspects:

25. How should containment be defined and what are its safety functions? Are the safety functions different for different designs? If so, how?

26. Should the containment functional performance standards be design and technology specific? Why or why not?

27. What approach should be taken to develop technology-neutral containment performance standards that would be applicable to all reactor designs and technologies? Should containment performance be defined in terms of the integrated performance capability of all mechanistic barriers to radiological release or in terms of the performance capability of a means of limiting or controlling radiological releases separate from the fuel and reactor pressure boundary barriers?

28. What plant physical security functions should be associated with containment and what should be the related functional performance standards?

29. How should PRA information and insights be combined with traditional deterministic approaches and defense-in-depth in establishing the proposed containment functional performance requirements and criteria for controlling radiological releases?

30. How should the rare events in the range 10⁻⁴ to 10⁻⁷ per year be considered in developing the containment functional performance requirements and criteria? Should events less than 10⁻⁷ per year in frequency be considered in developing the containment functional performance requirements and criteria?

G. Technology-Neutral Framework

In support of determining the requirements for these alternative regulations, the NRC is developing a technology-neutral framework. This framework provides one approach in the form of criteria and guidelines that could serve as the technical basis for 10 CFR Part 53 that is technology-neutral, risk-informed, and performance-based. A working draft of this framework was issued for public review and comment in SECY-05-0006, dated January 7, 2005 (ML043560093). The latest working draft of the framework document is on the Ruleforum website. An updated version with additional information will be placed on the Ruleforum website in July 2006. The framework provides the criteria and guidelines for the following:

• Safety, security, and emergency preparedness expectations.
• Defense-in-depth and treatment of uncertainties.
• Licensing basis events (LBEs) identification and selection.
• Safety classification of structures, systems, and components.
• PRA technical acceptability.

The NRC is seeking stakeholder views of the following aspects:

31. Is the overall top-down organization of the framework, as illustrated in Figure 2-6 a suitable approach to organize the approach for licensing new reactors? Does it meet the objectives and principles of Chapter 1? Can you describe a better way to organize a new licensing process?

32. Do you agree that the framework should now be applied to a specific reactor design? If not, why not? Which reactor design concept would you recommend?

33. The unified safety concept used in the framework is meant to derive regulations from the Safety Goals and other safety principles (e.g., defense-in-depth). Does this approach result in the proper integration of reactor regulations and staff processes and programs such that regulatory coherence is achieved? If not, why not?

34. The framework is proposing an approach for the technical basis for an alternative risk-informed and performance-based 10 CFR Part 50. The scope of 10 CFR Part 50 includes sources of radioactive material from reactor and spent fuel pool operations. Similarly, the framework is intended to apply to this same scope. Is it clear that the framework is intended to apply to all of these sources? If not, how should the framework be revised to make this intention clear?

The Commission believes that safety, security, and emergency preparedness should be integrated. The approach in the framework to achieve this integration is to define the safety, security, and preparedness expectations that are needed and to define protective strategies and defense-in-depth principles for each area in an integrated manner.

35. What role should the following factors play in integrating emergency preparedness requirements (as contained in 10 CFR 50.47) in the overall framework for future plants:

• The range of accidents that should be considered?
• The extent of defense-in-depth?
• Operating experience?
• Federal, state, and local authority input and acceptance?
• Public acceptance?
• Security-related events?

36. What should the emergency preparedness requirements for future plants be? Should they be technology-specific or generic regardless of the reactor type?

The core of the NRC's safety philosophy has always been the concept of defense-in-depth, and defense-in-depth remains basic to the safety, security, and preparedness expectations of the technology-neutral framework. Defense-in-depth is the mechanism used to compensate for uncertainty. This includes uncertainty in the type and magnitude of challenges to safety, as well as in the measures taken to assure safety.

37. Is the approach used in the framework for how defense-in-depth treats uncertainties well described and reasonable? If not, how should it be improved?

38. Are the defense-in-depth principles discussed in the framework clearly stated? If not, how could they be better stated? Are additional principles needed? If so, what would they be? Are one or more of the stated principles unnecessary? If so, which principles are unnecessary and why are they unnecessary?

39. The framework emphasizes that sufficient margins are an essential part of defense-in-depth measures. The framework also provides some quantitative margin guidance with respect to LBEs in Chapter 6. Should the framework provide more quantitative guidance on margins in general in a technology-neutral way? What would be the nature of this guidance?

40. The framework stresses that all of the Protective Strategies must be included in the design of a new reactor but it does not discuss the relative emphasis placed on each strategy compared to the others. Are there any conditions under which any of these protective strategies would not be necessary? Should the framework contain guidelines as to the relative importance of each strategy to the whole defense-in-depth application?

41. Are the protective strategies well enough defined in terms of the challenges they defend against? If not, why not? Are there challenges not protected by these five protective strategies? If so, what would they be?

In the framework, risk information is used in two basic parts of the licensing process: (1) Identification and selection of those events that are used in the design to establish the licensing basis, and (2) the safety classification of selected systems, structures, and components.

42. Is the approach to and the basis for the selection LBEs reasonable? If not, why not? Is the cut-off for the rare event frequency at 1E-7 per year acceptable? If not, why not? Should the cut-off be extended to a lower frequency?

43. Is the approach used to select and to safety classify structures, systems, and components reasonable? If not, what would be a better approach?

44. Is the approach and basis to the construction of the proposed frequency-consequence (F-C) curve reasonable? If not, why not?

45. Are the deterministic criteria proposed for the LBEs in the various frequency categories reasonable from the standpoint of assuring an adequate safety margin? In particular, are the deterministic dose criteria for the LBEs in the infrequent and rare categories reasonable? If not, why not?

46. Is it reasonable to use a 95% confidence value for the mechanistic source term for both the PRA sequences and the sequences designated as LBEs to provide margin for uncertainty? If not, why not? Is it reasonable to use a conservative approach for dispersion to calculate doses? If not, why not?

The approach proposed in the framework requires a full-scope “living” PRA that would incorporate operating experience and performance-based requirements in the periodic re-examination of events designated as LBEs that were originally selected based on the design, and structures, systems, and components that were characterized as safety-significant.

47. The approach proposed in the framework does not predefine a set of LBEs to be addressed in the design. The LBEs are plant specific and identified and selected from the risk-significant events based on the plant-specific PRA. Because the plant design and operation may change over time, the risk-significant events may change over time. The licensee would be required to periodically reassess the risk of the plant and, as a result, the LBEs may change. This reassessment could be performed under a process similar to the process under 10 CFR 50.59. Is this approach reasonable? If not, why not?

48. The framework provides guidance for a technically acceptable full-scope PRA. Is the scope and level of detail reasonable? If not, why not? Should it be expanded and if so, in what way?

49. Because a PRA (including the supporting analyses) will be used in the licensing process, should it be subject to a 10 CFR Part 50 Appendix B approach to quality assurance? If not, why not?

Chapter 8 describes and applies a process to identify the topics which the requirements must address to ensure the success of the protective strategies and administrative controls. This process is based upon:

• Developing and applying a logic diagram for each protective strategy to identify the pathways that can lead to failure of the strategy and then, through a series of questions, identify what needs to be done to prevent the failure;
• Applying the defense-in-depth principles from Chapter 4 to each protective strategy;
• Developing and applying a logic diagram to identify the needed administrative controls; and
• Providing guidance on how to write the requirements.

50. Is this process clear, understandable, and adequate? If not, why not? What should be done differently?

51. Is the use of logic diagrams to identify the topics that need to be addressed in the requirements reasonable? If not, what should be used?

52. Is the list of topics identified for the requirements adequate? Is the list complete? If not, what should be changed (added, deleted, modified) and why?

53. A completeness check was made on the topics for which requirements need to be developed for the new 10 CFR Part 53 (identified in Chapter 8) by comparing them to 10 CFR Part 50, NEI 02-02, and the International Atomic Energy Agency (IAEA) safety standards for design and operation. Are there other completeness checks that should be made? If so, what should they be?

54. The results of the completeness check comparison are provided in Appendix G. The comparison identified a number of areas that are not addressed by the topics but that are covered in the IAEA standards. Should these areas be included in the framework? If so, why should they be included? If not, why not?

H. Defense-in-Depth

In SECY-03-0047 (ML030160002), the staff recommended that the Commission approve the development of a policy statement or description (e.g., white paper) on defense-in-depth for nuclear power plants to describe: The objectives of defense-in-depth (philosophy); the scope of defense-in-depth (design, operation, etc.); and the elements of defense-in-depth (high level principles and guidelines). The policy statement or description would be technology-neutral and risk-informed and would be useful in providing consistency in other regulatory programs (e.g., Regulatory Analysis Guidelines). In the SRM on SECY-03-0047, the Commission directed the staff to consider whether it can accomplish the same goals in a more efficient and effective manner by updating the Commission Policy Statement on Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities to include a more explicit discussion of defense-in-depth, risk-informed regulation, and performance-based regulation. The NRC is interested in stakeholder comment on a policy statement on defense-in-depth.

55. Would development of a better description of defense-in-depth be of any benefit to current operating plants, near-term designs, or future designs? Why or why not? If so, please discuss any specific benefits.

56. If the NRC undertakes developing a better description of defense-in-depth, would it be more effective and efficient to incorporate it into the Commission's Policy Statement on PRA or should it be provided in a separate policy statement? Why?

57. RG 1.174 assumes that adequate defense-in-depth exists and provides guidance for ensuring it is not significantly degraded by a change to the licensing basis. Should RG 1.174 be revised to include a better description of defense-in-depth? Why or why not? If so, would a change to RG 1.174 be sufficient instead of a policy statement? Why or why not?

58. How should defense-in-depth be addressed for new plants?

59. Should development of a better description of defense-in-depth (whether as a new policy statement, a revision to the PRA policy statement, or as an update to RG 1.174) be completed on the same schedule as 10 CFR Part 53? Why or why not?

I. Single Failure Criterion

In SECY-05-0138 (ML051950619), the staff forwarded to the Commission a draft report entitled “Technical Report to Support Evaluation of a Broader Change to the Single Failure Criterion” and recommended to the Commission that any followup activities to risk-inform the Single Failure Criterion (SFC) should be included in the activities to risk-inform the requirements of 10 CFR Part 50. The Commission directed the staff to seek additional stakeholder involvement. The report provides the following options: (1) Maintain the SFC as is, (2) risk-inform the SFC for design bases analyses, (3) risk-inform SFC based on safety significance, and (4) replace SFC with risk and safety function reliability guidelines. The NRC is soliciting stakeholder feedback with regard to the proposed alternatives.

60. Are the proposed options reasonable? If not, why not?

61. Are there other options for risk-informing the SFC? If so, please discuss these options.

62. Which option, if any, should be considered?

63. Should changes to the SFC in 10 CFR Part 50 be pursued separate from or as a part of the effort to create a new 10 CFR Part 53? Why or why not?

J. Continue Individual Rulemakings to Risk-Inform 10 CFR Part 50

The NRC has for some time been revising certain provisions of 10 CFR Part 50 to make them more risk-informed and performance-based. Examples are: (1) A revision to 10 CFR 50.65, “Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants;” (2) a revision of 10 CFR 50.48 to allow licensees to voluntarily adopt National Fire Protection Association (NFPA) Standard 805, “Performance-Based Standard for Fire Protection for Light Water Reactor Electric Generating Plants, 2001 Edition,” (NFPA 805); and (3) issuance of 10 CFR 50.69, “Risk-Informed Categorization and Treatment of Structures, Systems, and Components for Nuclear Power Reactors,” as a voluntary alternative set of requirements. These actions have been effective but required extensive NRC and industry efforts to develop and implement.

The NRC plans to continue the current risk-informed rulemaking actions, e.g., 10 CFR 50.61 on pressurized thermal shock and 10 CFR 50.46 on redefinition of the emergency core cooling system break size, that are ongoing, and would undertake new risk-informed rulemaking only on an as-needed basis.

The NRC is seeking comment on the following issues:

64. Should the NRC continue with the ongoing current rulemaking efforts and not undertake any effort to risk-inform other regulations in 10 CFR Part 50, or should the NRC undertake new risk-informed rulemaking on a case-by-case priority basis? Why?

65. If the NRC were to undertake new risk-informed rulemakings, which regulations would be the most beneficial to revise? What would be the anticipated safety benefits?

66. In addition to revising specific regulations, are there any particular regulations that do not need to be revised, but whose associated regulatory guidance documents, could be revised to be more risk-informed and performance-based? What are the safety benefits associated with revising these guides? Which ones in particular are stakeholders interested in having revised and why?

67. If additional regulations and/or associated regulatory guidance documents were to be revised, when should the NRC initiate these efforts, e.g., immediately or after having started implementation of current risk-informed 10 CFR Part 50 regulations?

At the end of the ANPR phase, the NRC will assess whether to adjust its approach to risk-inform the requirements for nuclear power reactors including existing and new plants.

List of Subjects in 10 CFR Part 50

• Classified information
• Criminal penalties
• Fire protection
• Intergovernmental relations
• Nuclear power plants and reactors
• Radiation protection
• Reactor siting criteria
• Reporting and recordkeeping requirements

The authority citation for this document is 42 U.S.C. 2201.

Attachment—Letter From G. B. Wallis, Chairman ACRS, dated September 21, 2005, “Report on Two Policy Issues Related to New Plant Licensing,” ADAMS Accession Number ML052640580

[ACRSR-2149]

The Honorable Nils J. Diaz, Chairman, U.S. Nuclear Regulatory Commission, Washington, DC.

Subject: Report on Two Policy Issues Related to New Plant Licensing

Dear Chairman Diaz: During the 523rd meeting of the Advisory Committee on Reactor Safeguards, June 1-3, 2005, we met with the NRC staff and discussed two policy issues related to new plant licensing. We also discussed this matter during our 524th, July 6-8, 2005, and 525th, September 8-10, 2005 meetings. We had the benefit of the documents referenced.

These policy issues were:

• What shall be the minimum level of safety that new plants need to meet to achieve enhanced safety?
• How shall the risk from multiple reactors at a single site be accounted for?

In SECY-05-0130, the staff recommends that the expectation for enhanced safety be met by requiring that new plants meet the Quantitative Health Objectives (QHOs), i.e., by applying the QHOs to individual plants. The staff maintains that this would represent an enhancement in safety over current plants, which are now required to meet adequate protection, but may not meet the QHOs. The staff argues that this position is consistent with the Commission's Policy Statement on Regulation of Advanced Nuclear Power Plants.

The staff proposes to address the risk of multiple reactors at a single site by requiring that the integrated risk associated with only new reactors (i.e., modular or multiple reactors) at a site not exceed the risk expressed by the QHOs. The risk from existing plants, which may already exceed the QHOs, is not considered.

We discussed these issues and concluded that use of the existing QHOs is not sufficient to resolve either of these issues. In considering the overall scope of the issues raised by the staff, we found it more apt and effective to reframe the two issues into the following questions:

1. What are the appropriate measures of safety to use in the consideration of the certification of a new reactor design?

2. Should quantitative criteria for these measures be imposed to define the minimum level of safety?

3. How should these measures be applied to modular designs?

4. How should risk from multiple reactors at a site be combined for evaluation by suitable criteria?

5. How should the combination of new and old reactors at a site be evaluated by these criteria?

6. What should these criteria be?

7. How should compliance with these criteria be demonstrated?

Discussion

Question 1. What are the appropriate measures of safety to use in the consideration of the certification of a new reactor design?

The QHOs are criteria for the risk at a site and thus involve not only the design and operation of the reactor(s), but also the site characteristics, the number and power level of plants on the site, meteorological conditions, population distribution, and emergency planning measures. By themselves, the QHOs do not express the defense-in-depth philosophy that the Commission seeks to limit not only the risk from accidents, but also the frequency of accidents.

Although core damage frequency (CDF) and large, early release frequency (LERF) have been viewed by the NRC as light water reactor (LWR)-specific surrogates for the QHOs, they have come to be accepted as metrics to gauge the acceptable level of safety of certified designs and the acceptability of proposed changes in the licensing basis. They are measures of reactor design safety that incorporate a defense-in-depth balance between prevention and mitigation. Currently used values of these metrics have been derived from the QHOs. If they were no longer to be viewed as surrogates, acceptance values for these metrics could be independently specified and need not be derived from the QHOs. Thus, they would be fundamental characteristics of reactor design independent of siting and emergency planning requirements.

If these measures are no longer viewed as surrogates for the QHOs, the appropriate measure of a large release need not be restricted to “early” but could be a “large release frequency” (LRF) which would apply to the summation of all large release frequencies regardless of the time of occurrence. The LRF would thus have broader applicability to designs in which the release is likely to occur over an extended period.

A majority of the Committee members favors the use of CDF and LRF as fundamental measures of the enhanced safety of new reactor designs and not simply as surrogates for the QHOs.

In SECY-05-0130, the staff argues that it will be difficult to derive such measures for different technologies, although the staff proposes to include them as subsidiary goals in their technology-neutral framework document. Although the processes and mechanisms for failure and release will differ greatly for different reactor technologies, technology-neutral definitions in terms of a release from the fuel (the accident prevention/CDF goal) and from the containment/confinement (the large release goal) seem feasible to us. For example, the CDF of a Pebble Bed Modular Reactor (PBMR), would be an indicator of the success criteria for the design measures intended to prevent release from the fuel of that module. It could be defined in terms of the frequency of exceeding a fuel temperature of 1600 °C.

Question 2. Should quantitative criteria for these measures be imposed to define the minimum level of safety?

In the current Policy Statement on the Regulation of Advanced Nuclear Power Plants, the Commission decided not to set numerical criteria for enhanced safety but rather focused on aspects which might make designs more robust. In addition, the Safety Goal Policy Statement was intended to provide a definition of “how safe is safe enough.” If a plant would meet the QHOs at a proposed site, then the additional risk it imposes is already very low compared to other risk in society. It now seems possible to build economically competitive reactors with risks at most sites that would be much lower than implied by the QHOs. The Electric Power Research Institute (EPRI) and European Utility Requirements Documents specify CDF and LERF values that would provide large margins to the QHOs for virtually all sites. An explicit commitment to lower values of CDF and LRF would be responsive to the Commission's desire for enhanced safety and may have significant impact on public perceptions and confidence.

We considered the following alternatives, identifying arguments in favor of each. Since such a decision has broad practical implementation and policy implications, we recommend that the staff further explore the consequences of these (and possibly other) choices as a basis for an eventual Commission decision.

a. Set maximum values for CDF and LRF at 10⁻⁵/yr and 10⁻⁶/yr for new reactor designs. This would make more explicit the Commission's stated expectation that future reactors provide enhanced safety. This could also provide a basis for establishing multinational design approval (as these would now be independent of U.S. QHOs). The suggested values are consistent with those in the EPRI and the European Utility Requirements Documents, the EPR Safety Document, and those used in the certification of advanced reactors (the ABWR, AP600 and CE-System 80+). These values are also consistent with the generic values for an accident prevention frequency and a LRF in the staff's draft technology-neutral framework document.

b. Leave the values unspecified. CDF and LRF would be considered along with other aspects of the design, such as defense-in-depth and passive safety features, in reaching a decision about design certification. This would give the staff more flexibility to respond to technology-specific features.

On a preliminary basis, the majority of the Committee members favor Alternative (a), but is not ready to make a recommendation until more is understood about the likely consequences and policy implications of the decision.

Question 3. How should these measures be applied to modular designs?

The staff's considerations of integrated risk do not distinguish between criteria for modular reactor designs and criteria for the risk due to multiple plants on a site. Thus, the staff treats CDF and LRF (or LERF) for modular designs and/or multiple plants on a site as still being QHO risk surrogates. In our view, the CDF and LRF metrics are design criteria that are to be “imposed” at the plant design certification stage independent of any site considerations.

New reactors could include PBMR, AP600, AP1000, Economic and Simplified Boiling Water Reactor (ESBWR), and EPR, and the number of new reactors at a site could vary by an order of magnitude.

Some Committee members believe that to get consistency in expectations of enhanced safety in all cases, the integrated risk from all new reactors on a site is the appropriate measure. This is true both for the risk metric LRF and the defense-in-depth accident prevention metric CDF. Thus, for the PBMR, which is proposed in terms of an eight-module package, the CDF and LRF goals (e.g., 10⁻⁵/ry and 10⁻⁶/ry) would be applied to the package. In effect each module would have to have a somewhat lower CDF and LRF. Because of the potential for interactions, analysis of individual modules may not be meaningful and the analysis should focus on the “eight pack.”

Other Committee members prefer CDF and LRF design specifications that are independent of the number of modules. These members believe the specified acceptable CDF for enhanced safety (e.g. 10⁻⁵/yr) should be applied to each module at the design stage and would be an indicator of the success criteria for the design measures provided for each module intended to prevent release from the fuel of that module. Similarly, LRF would be on a modular basis. As it may be possible to restrict the total power of a given module to a level that the quantity of fission products releasable cannot exceed the acceptance LRF value (e.g. 10⁻⁶/yr), a modular design implicitly represents a kind of defense-in-depth (given appropriate consideration of common-mode failures and module interactions).

Question 4. How should risk from multiple reactors at a site be combined for evaluation by suitable criteria?

The QHOs address the risk to individuals that live in the vicinity of a site. Logically, the risk to these individuals should be determined by integrating the risk from all the units at the site. The manner by which the risks of different units at a site are to be integrated must address the treatment of modular designs, units with differing power levels, and accidents involving multiple units.

Question 5. How should the combination of new and old reactors at a site be evaluated by these criteria?

Any new plant that meets the independent safety criteria discussed in Questions 1 through 3 would be expected to add substantially less risk to an existing site than that already provided by existing plants on the site. If a proposed site already exceeds the QHOs, it should not be approved for new plants. For existing sites not being proposed for the addition of new plants, there would be no need to assess their risk status because they provide adequate protection. These sites would, thus, be grandfathered in the new framework.

Question 6. What should these criteria be?

Use of the QHOs for evaluating the site suitability for new reactors is attractive because the QHOs represent a fundamental statement about risk independent of any particular technology. The current QHOs (prompt and latent fatalities), however, only address individual risk and do not directly address societal risks such as total deaths, injuries, non-fatal cancers, and land contamination. These societal impacts are addressed somewhat in the current regulations by the siting criteria on population.

Some ACRS members believe that measures of societal risk need to be an explicit part of any new technology-neutral framework. The staff argues in the technology-neutral framework document that the limits proposed there for CDF and LRF limit societal risks such as land contamination and dose to the total population. However, these members recognize that CDF and LRF are not equivalent to risk and disagree with the staff's position.

Other ACRS members believe that the current siting criteria have served to limit societal risks. In addition, societal risks are considered in the environmental impact assessments of license renewal. The estimates presented in NUREG-1437 Vol. 1 indicate that the risk of early and latent fatalities from current nuclear power plants is small. The predicted early and latent fatalities from all plants (that is, the risk to the population of the United States from all nuclear power plants) is approximately one additional early fatality per year and approximately 90 additional latent fatalities per year, which is a small fraction of the approximately 100,000 accidental and 500,000 cancer fatalities per year from other sources. The evaluation of Severe Accident Mitigation Alternatives (SAMAs) as part of the license renewal process also considers societal risk measures and monetizes them to perform cost benefit studies. Based on current NRC regulatory analysis guidance, very few of these SAMAs appear cost beneficial.

Environmental impact statements (EISs) also assess the societal costs of probabilistic accidents at the current sites. The results, although very approximate, indicate that the societal costs at many current reactor sites would likely exceed a reasonable societal cost risk acceptance criterion. For example, these would exceed the cost associated with 0.1% of the above noted 100,000 early fatalities due to all accidents.

Thus, the inclusion of a quantitative societal risk acceptance measure appears important and could add to greater public confidence and understanding of the risks of nuclear power. It may be worthwhile for the staff to consider supplementing the current QHOs with additional risk acceptance measures that relate directly to societal risks.

Question 7. How should compliance with these criteria be demonstrated?

The establishment of goals or criteria of various kinds cannot be divorced from the ability to demonstrate compliance. Considerable improvement in PRA practice will be needed to provide confidence that the goals on CDF and LRF for future plants will be met in a meaningful way. Operating experience has been crucial for the analysts to appreciate the significance of potential errors/faults. For example, before TMI, it was assumed that operators would not have problems diagnosing what is going on under certain conditions.

Some of the challenges that new plants will create for PRA analysts are:

i. Operating experience on component failure rate distributions and frequencies developed for light-water reactors has limited applicability to other reactor types.

ii. Some designs are considering components, e.g., microturbines and fuel cells, for which reliability data are nearly non-existent.

iii. Digital Instrumentation and Control systems are expected to be an integral part of future reactor designs. The risk consequences of such practice are difficult to quantify at this time.

Thus, in addition to the imposition of design goals for low CDF and LRF, it will be important to maintain sufficient defense-in-depth in the technology-neutral framework.

We look forward to additional discussion with the staff on these issues.

Sincerely,

Graham B. Wallis, Chairman.

Additional Comments From ACRS Members Dana A. Powers and John D. Sieber

We disagree with our colleagues on the matter of this letter. The Commission has indicated a laudable expectation that future reactors will be safer than current reactors. The question that our colleagues should have addressed first is whether a quantitative metric is needed to substantiate this expectation. It is by no means obvious that such a metric is essential. We can well imagine future plants designed in conjunction with far more comprehensive probabilistic safety analyses that realistically address all known accident hazards during all modes of operation to a depth far greater than is attempted now for elements of the fleet of operating reactors. Our experience has been that whenever improvements are made in quantitative risk analysis methods, unforeseen, hazardous, plant configurations, systems interactions and operations become apparent. Hidden, these configurations, interactions and operations may arise unexpectedly with undesirable consequences. Revealed, they can be avoided often with modest efforts. This is exploitation of the full potential of quantitative risk analysis to achieve greater safety in nuclear power plants. It contrasts with the more effete pursuit of the “bottomline” results of PRA to compare with arbitrarily proliferated safety metrics.

Our objective should be to foster the voluntary development of quantitative risk analysis methods both in scope and depth in order to improve the safety of nuclear power plants. Fostering voluntary development of methods by nuclear community is especially important now when methods developments have stagnated at NRC relative to the situation a decade ago.

Our colleagues seem to presume it essential that future reactors meet the Quantitative Health Objectives (QHOs). These QHOs define a very stringent safety level that has always been viewed as an “aiming point” or a benchmark and not as some minimum standard that cannot be exceeded. Indeed, the definition of the QHOs was undertaken to define “how safe is safe enough” so that no additional regulatory requirements for greater safety would be needed. Requiring such a stringent standard as the QHOs as a minimum level of safety for advanced reactors appears to go well beyond the authority granted by the Atomic Energy Act that requires adequate protection of the public health and safety. We are unaware that the Commission has made such a demand for advanced reactors. Were the Commission to make such a demand, we would question the wisdom of doing so. By demanding such a stringent level of safety, our colleagues appear to be willing to forego great strides in safety that can be achieved with advanced plants if these plants fail to live up to what can only be viewed as an extreme safety standard.

The demands our colleagues appear to make on the safety of advanced reactors lack a critical dimension of practicality since we do not believe the technology now exists to do the calculations needed to compare a plant's safety profile to the QHOs. By the very definitions of the QHOs, such calculations would entail analyses of modes of operation only very crudely addressed today by most (fire risk, shutdown risk and natural phenomena risk) and the conduct of uncertainty analyses dealing with both parameters and models that to our knowledge have been done by no one.

Because of the limitations of risk assessment technology available today for the evaluation of the current fleet of nuclear power plants, surrogate metrics such as core damage frequency (CDF) and large early release frequency (LERF) have been introduced and widely used. Our colleagues seem to believe that there are known critical values of these surrogate metrics that mark the point at which a plant meets the QHOs. We know of no defensible analysis that establishes such critical values of these surrogate metrics. We are, of course, quite aware of very limited analyses considering only risk during normal operations that purport to show existing reactors meet the QHOs. Such limited analyses are simply not pertinent. They do not meet the exacting standards required by the definitions of the QHOs. Should defensible analyses ever be done, we are sure that they will show the critical values of the surrogate metrics are technology dependent. Indeed, more defensible analyses will show in all likelihood that better surrogate measures can be defined for advanced reactor technologies.

Our colleagues are sufficiently enamored with the existing surrogate metrics that they recommend these surrogates be enshrined on a level equivalent to QHOs. More remarkable, our colleagues want to establish critical values of the metrics that are a factor of ten less than the values they assert mark a plant meeting the rather stringent level of safety defined by the QHOs. They do this, apparently, for no other reason than the fact that clever engineers can design plants meeting these smaller values at least for a limited number of operational states. While we are willing to congratulate the engineers on their designs, we can see no reason why such stringent safety requirements should be made regulatory requirements to be imposed on the designers' efforts. Again, we worry that doing so may create unnecessary burdens that cause our society to sacrifice for practical reasons great improvements in power reactor safety simply because these improvements fall short of our colleagues unreasonably high safety expectations.

Though surrogate metrics have been useful, it is important to remember that they are only expedients. The full promise of risk-informed safety assessment will not be realized until it is possible to do routinely risk assessments of sufficient scope and depth so it is possible to dispense with surrogate metrics. Enshrining these surrogates along with the QHOs will only delay efforts to reach this preferred status.

The potential of our colleagues recommendations have to stifle new technology and forego improved safety reaches a crisis when they speak to the location of modern, safer plants on sites with older but still adequately safe plants. Our colleagues have no tolerance for a single older plant if a newer, safer plant is to be collocated on the site. They are willing to tolerate any number of similarly old plants on a site if a new, safer plant is not added to this site. We find this remarkable. Our colleagues' recommendations give no credit for experience with a site. They fail to recognize the finite life of older plants even when licenses have been renewed. We fear that our colleagues have failed to assess the integral safety consequences of their stringent demands on this matter. A very great concern is that our colleagues pursuit of ideals in risk avoidance may well arrest the current, healthy quest for improved safety among those exploring advanced reactor designs.

References

1. U.S. Nuclear Regulatory Commission, SECY-05-130,” Policy Issues Related to New Plant Licensing and Status of the Technology Neutral Framework for New Plant Licensing,” dated July 21, 2005.

2. U.S. Nuclear Regulatory Commission, “Safety Goals for the Operations of Nuclear Power Plants, Policy Statement,” Federal Register, Vol. 51, (51 FR 30028), August 4, 1986.

3. U.S. Nuclear Regulatory Commission, “Commission's Policy Statement on the Regulation of Advanced Nuclear Power Plants,” 59 FR 35461, July 12, 1994.

4. U.S. Nuclear Regulatory Commission, NUREG-1437, Volume 1, “Generic Environmental Impact Statement for License Renewal of Nuclear Plants,” May 1996.