The ACRS (Advisory Committee on Reactor Safeguards) was mandated by the Atomic Energy Act of 1954. It has had the statutory responsibility to review and report on safety studies and reactor facility license and license renewal applications; advise the Nuclear Regulatory Commission (NRC) on the hazards of proposed and existing production and utilization facilities and the adequacy of proposed safety standards; initiate reviews of specific generic matters or nuclear facility safety-related items; and provide advice in the areas of health physics and radiation protection since 1957.
After their involvement with the NuScale SMR design certification process, the ACRS conducted a self-assessment based on their observations and lessons learned from the design certification and standard design approval application reviews. This self-assessment led to several recommendations they offered to the NRC to improve future reviews of advanced reactor designs, focused on key safety-significant design issues which should streamline reviews and result in greater efficiency and shorter schedules.
Below are FOUR of the desired attributes:
- Completeness of the design: Design completeness has a profound impact on the efficiency of the review process. Proposed new reactor designs should be sufficiently complete to demonstrate that all structures, systems, and components important to safety are appropriately identified, designed, and tested to be commensurate with their functions and to provide adequate defense-in-depth. Without an “essentially complete design” and a completed detailed component and system analysis, it may be difficult for the NRC to make a technically sound finding on any requested deviation from historical regulatory requirements. Design changes during the review process may also adversely impact the efficiency of the review process.
- Comprehensiveness of knowledge base: All safety decisions, either explicitly or implicitly, are based on identifying radiological hazards and addressing the “risk triplet” questions: “What can go wrong?” “How likely is it?” and “What are the consequences?” The NRC addresses these three questions through the body of its regulations and guidance. The comprehensiveness of the knowledge base (experimental data, operational experience, relevant analyses, etc.) to support the safety decisions has significant impacts on the review process efficiency. Both traditional deterministic and probabilistic approaches to safety analyses are based on identification of hazards, initiating events that disturb normal operation, and scenarios (event sequences) that could evolve from the initiating events, as well as their associated consequences. Theoretical and experimental bases are needed to understand the associated phenomenology of possible scenarios. The design maturity and knowledge base of new non-LWRs are not likely to be as comprehensive as they were for evolutionary LWR-based designs; this limited knowledge base may impact the regulatory review. When there is a lack of operating experience or an inability to perform experiments with sufficient similitude to the planned full-scale design, one approach, as suggested by the ACRS, is limitations on power ascension and focused surveillance tests during initial operation.
- Proper consideration of uncertainties: Safety-licensing decisions are made in the face of uncertainty and within the boundaries of the state of knowledge of how the proposed reactor design would behave under both normal and accident conditions. Both deterministic and probabilistic safety evaluations must deal with uncertainties, proper consideration of which significantly helps the review process. Addressing uncertainties affects reviewer confidence regarding the results of safety evaluations and the resulting safety margins. Two major groups of uncertainty that have been recognized are aleatory (or stochastic) and epistemic (or state-of-knowledge). The key distinction between these two types is that aleatory uncertainty is irreducible, whereas epistemic uncertainty can be reduced by further study. There are two classes of epistemic uncertainty: parameter uncertainty and model uncertainty. Parameter uncertainties are associated with the values of the fundamental parameters of a model, such as equipment failure rates that are used in quantifying the accident sequence frequencies in PRAs. Model uncertainties reflect the limited ability to accurately model specific events and phenomena. Completeness, including possible “unknown unknowns,” can also be considered one aspect of model uncertainty. Completeness uncertainty arises because not all contributors to risk are addressed in PRA models, and not all phenomena and processes are addressed in deterministic safety evaluation models. The safety philosophy of defense-in-depth and safety margins has been the traditional means of dealing with uncertainties. The novel aspects of new technologies and first-of-a-kind reactor concepts can make the identification of hazards, initiating events, and scenarios more challenging. To address uncertainties caused by limited information, the ACRS has recommended critical examination of the design, its safety behavior, and all aspects of operations, starting from a “blank sheet of paper” to avoid bias. The committee has also suggested use of several analytical tools, which have been developed to improve the search process and apply equally to traditional and probabilistic safety analyses. Such tools can help formalize and add structure to the safety assessment and reduce completeness uncertainty.
- Appropriate submittal timing: When it comes to submitting supporting documents (e.g., licensing topical reports), proper timing may have a significant impact on the efficiency of the review process. Submittal of critical licensing topical reports too late in the review process, or in tandem with related chapters of the design certification application, can reduce efficiency. The proper timing follows the sequential hierarchical order of submittals, wherein licensing topical reports on methodology description, demonstration, and verification and validation precede the applications. Similarly, proper timing is also vital when submitting critical topical reports for the review of non-LWR concepts, which are likely to have more uncertainty associated with analytical methods and their application, underlying experimental bases, and validation of models. The licensing topical reports that support the design basis and safety analyses should be reviewed as early in the process as possible because new reactor designs, especially non-LWRs, will generally be more dependent on analytical methods for understanding the safety response of the system.