nuclear safety regulation · strength in depth (a proposal from insag) 2. ... • defence in depth...
TRANSCRIPT
Nuclear Safety Regulation:
Before and after Fukushima*
Shridhar Chande, India
International Conference on Effective Nuclear Regulatory Systems:
Sustaining Improvements Globally, Vienna 11-15 April 2016
*Accident at the Fukushima Daiichi NPP
• The main lesson from the Accident at Fukushima Daiichi
NPP
• Changes in Defence in Depth and other requirements
for Nuclear Safety
• Impact of the revised requirements on the safety of new
plants
• Can good regulations alone ensure safety?
• Robust National Nuclear Safety System - Institutional
Strength in Depth (A proposal from INSAG)
2
The main lesson from the Accident at
Fukushima Daiichi NPP
3
• More than 160 000 people were evacuated from their homes.
• Consequently, nobody received any significant amount of
radiation
• Many of them, still continue to stay in provisional housing, away
from home. They may not be able to return for several more years
• Many are suffering from health issues emanating from uncertainty,
anxiety, depression and discrimination
• It is reported that about 1600 have died during this period due to
non-radiological health effects
• The accident has caused enormous economical, societal and
psychological impact on Japanese people
Though nobody has received any significant radiation
dose, the displacement of large number of people for prolonged
period is not acceptable to the society
4
• Protecting people from radiation alone is not the only focus
of safety of NPPs
• It is essential to ensure that under any circumstances there
is no need to relocate the public for prolonged periods
• Hence the focus of safety must shift from
5
Protect people and the environment from the
harmful effects of radiation
The necessity for off-site protective actions to mitigate radiological
consequences should be limited or even eliminated&
As a consequence, the safety objectives of the nuclear power
plant can be restated as
In order of priority
• A nuclear accident should be prevented
• If an accident takes place it should be prevented from
progressing to a Severe Accident (SA)
• In case it develops in to a SA, its consequences should be
mitigated so as to
– Prevent/minimise and delay the radioactive releases, and
– Ensure that no urgent or long term protective actions are needed
in the public domain
• An accident involving early or large releases should be
practically eliminated
6
1. New nuclear power plants are to be designed, sited, and
constructed, consistent with the objective of preventing
accidents in the commissioning and operation and, should an
accident occur, mitigating possible releases of radionuclides
causing long-term off site contamination and avoiding early
radioactive releases or radioactive releases large enough to
require long-term protective measures and actions.
2. Comprehensive and systematic safety assessments are to be
carried out periodically and regularly for existing installations
throughout their lifetime in order to identify safety
improvements that are oriented to meet the above objective.
Reasonably practicable or achievable safety improvements
are to be implemented in a timely manner.
7
• The most important safety principle used in design and operation of
NPPs is the Defence in Depth philosophy to guard against human
and equipment failure.
• Defence in Depth involves building of multiple levels of safety, such
that if one level fails the subsequent level prevents progression of
the event, limiting consequences.
• Each level has redundant and diverse safety systems to make it
robust and reliable. The levels are made independent to the extent
possible, to avoid common cause failures
With proper defence in depth in place, an accident with such
consequences as in Fukushima shouldn’t have happened
8
9
10
All offsite and onsite power supplies were lost due to tsunami flooding. This disabled all normal and back up systems needed for cooling the reactor.
A common cause failure of all the three levels of
defence in depth for prevention due to
flooding
Accident management guidelines could not be implemented as no instruments were working and there was no power supply. Total darkness and debris in the plant areas made access difficult.
A failure of the fourth level of defence again due to flooding and its consequences
The essential lesson here is to strengthen the defence in depth,
both at Level 3, for the prevention of accident; and
at Level 4, controlling the progression and mitigating the
consequences of the accident
Change in Defence in Depth and other
requirements for Nuclear safety
11
• This level deals with the postulated set of design basis accidents
(DBA) for which the plant is designed
• The essential means to deal with the DBA are inherent or
conservatively designed engineered safety features
• Improve the robustness of preventive measures and avoid their
common cause failures by use of redundancy, diversity, physical
separation and functional independence
• Change in the radiological acceptance criteria to be consistent with
the revised safety objectives
12
Earlier Criteria
Prevent significant off-site releases to keep public dose within the specified limit (100-250 mSv, allowing due credit for protective measures)
Revised Criteria
Only minor radiological impact in the public domain that does not necessitate any off-site protective measures. (dose limited to only a few mSv, without any credit for off site protective measures)
• Level 4 (earlier called BDBA conditions)addresses the accident
conditions that exceed the design basis either due to multiple
failures or severity of the PIE and are called Design Extension
Conditions (DEC), implying that they are to be considered in the
design process
• This level requires provision of additional safety systems/features,
which are different from those used for more frequent accidents and
capable of functioning under the expected severe accident
conditions
• DECs are categorised as follows
– DEC without core melt
– DEC with core melt
• Accident conditions leading to early or large radioactive releases are
to be practically eliminated
13
Defence in
depth level
Objective Radiological Criteria
Level 4A
DEC without core
melt
Arrest
progression of
accident
(Same as Level 3, except use
of best estimate methods
permitted)
Level 4B
DEC with core melt
Mitigate the
consequences
of severe
accident
Protective measures limited in time and area to be sufficient, with adequate time being available to implement. No significant offsite contamination
SA involving early
or large releasesTo be practically eliminated
• Level 4 earlier called BDBA had the objective to limit
off-site releases as low as reasonable achievable
14
• Strengthening the different levels of defence in depth and their independence
• Conservative consideration of external hazards and sufficient margins
• Strengthening the reliability of heat sink
• Strengthening the emergency power supply
• Ensuring the safety of spent fuel storage under accident conditions
• Enabling the use of non-permanent equipment
• Provision of emergency response facilities
15
• Rigorous implementation of Periodic Safety
Reviews*
• Improving the Emergency preparedness
• Strengthening the Accident Management
provisions and plans
*Vienna Declaration on Nuclear Safety
16
Impact of Revised Requirements
on the safety of new plants
17
Dose Criteria for Public (Indian example)Pre-Fukushima Post-Fukushima*
Plant State Dose Limits at
EZ boundary
Normal operation 1 mSv/year
Anticipated
Operational
occurrences
1 mSv/year
Design Basis
Accidents
100mSv
Beyond design
basis accidents
No limit
Plant State Dose targets at exclusion zone
boundary
Normal operation 1 mSv/year
Anticipated
Operational
occurrences
1 mSv/year
Design Basis
Accidents
20 mSv/year following the event , no
need for offsite protective measures
Design Extension
Conditions
without Core melt
No need for offsite protective
measures except control on food or
agriculture limited to small area &
time. Dose Target same as for DBA
Design Extension
Conditions with
Core melt
No permanent relocation of
population. The offsite Interventions
to be limited in area and time
Conditions giving rise to large or early releases
have to be practically eliminated 18
*AERB safety code on
Siting of Nuclear Facilities
AERB/NF/SC/S (2014)
Pre Fukushima Post Fukushima*
CDF For new NPPs
< 10E-5/RY
For new NPPs
• <10E-6/RY for internal events,
power and shut down states
• <10E-5/RY for internal events and
external hazards together
LERF For new NPPs
< 10E-6/RY
For new NPPs LER to be practically
eliminated (LERF <10E-7)
*As per new AERB safety code on
Design of NPPs based on LWR technology
AERB/NPP-LWR/SC/D (2015)
19
Design CDF LERF
EPR 7.1x10E-07/RY 7.7x10E-08/RY
AP1000 5x10E-07/RY 6x10E-08/RY
VVER ~10 E-07/RY ~10E-08/RY
20
• These CDF values are typically two orders of magnitude
better than most currently operating NPPs
• Even if severe accident stage is reached, the radiological
consequences will be limited in area and time (No
urgent need for protective actions in the public
domain and no long-term impact on the society)
• With LERF values well below 10E-7/RY, large or early
releases can be considered as practically eliminated
21
Can good regulations alone ensure
safety?
22
• External hazards, in particular Tsunami, had not been reassessed in a systematic and comprehensive manner
• Operating experience (in plant as well as around the world) indicated vulnerability of safety systems to flooding. This did not lead to any significant safety upgrades
• Periodic Safety Reviews also did not lead to any safety upgrades based on current safety requirements
• Accident management guidelines were neither comprehensive nor up to date. Operators were not trained and hence were not prepared for implementing the guidelines
• Regulatory inspections were not adequately structured to verify safety or identify new safety issues
23
The IAEA Fukushima report concludes
• All stake holders, namely, the NPP people, Regulators
and the concerned Government Agencies believed (and
even mutually reinforced the belief) that the nuclear
plants in Japan are adequately safe and a severe
accident is unlikely. Consequently, essential safety
upgrades were not implemented
• None of the organisations or their staff challenged the
level of safety. There was an air of complacency all
round which was detrimental to safety culture
24
• The regulations need to be implemented with rigour and
sincerity by the Industry
• The Regulatory Body has the responsibility to verify and
ensure proper implementation of all safety regulations by
the Industry
• Individuals and organisations need to continuously
challenge and re-examine the prevailing assumptions
about nuclear safety and the implications of their
decisions and actions that could affect nuclear safety
• It is essential to promote and continuously strengthen
safety culture.
25
Robust National Nuclear Safety System:
Institutional Strength in Depth
(A proposal from INSAG)
26
• The National Nuclear Safety System (NNSS) comprises
of all those players who can/should influence nuclear
safety. These include the nuclear industry, the regulators,
the national/international nuclear safety bodies, the
national Governments and other stake holders such as
public and media
• Its main function is to develop, assess, review and
continuously improve nuclear safety, which is also an
important element of nuclear safety culture
27
• The main principle of the NNSS proposed by INSAG is
the Strength in Depth approach, a concept derived from
Defence in Depth for nuclear safety itself.
• The main features of this approach are
� Multiple layered approach
� Independence of layers
� Diversity, redundancy and separation of functions
• These features should prevent failure of the entire
system either due to single failure or common mode
multiple failures
28
• Level 1 : A strong nuclear industry, who has the
primary responsibility for safety
• Level 2 : A strong nuclear regulator, with a
responsibility to oversee and ensure that the nuclear
industry maintains the desired level of safety
• Level 3 : Strong set of stakeholders, includes those
who can get affected and also those who can influence
the safety at policy level
Transparency and Effective Communication are the primary
requirements for these levels to function effectively
29
Sub Levels Essential elements/Mechanisms
1.1 Licensee/Operator Maintain and improve
• Knowledge, Competency and
Resources
• Internal review and audit
• Worker involvement
• Vibrant Safety Culture
1.2 National/Regional
Nuclear Industry
Peer pressure and guidance
1.3 International Industry Peer reviews / guidance
( such as WANO, Owners Groups e.g.
CANDU, BWR etc.)
1.4 International
Organisations
Peer reviews
(such as IAEA OSART)
30
Sub Levels Essential elements/mechanisms
2.1 Regulatory
Authority
Maintain/improve
• Technical and Regulatory competence
• Independence and legal authority
• Organisation, structure and procedures
• Accountability to the Governing Body
2.2 External Technical
Experts/Expert
Groups/standing
panels
Consultation and advice
• Policy issues, high level principles
• Special topics (e.g. Seismic hazards, PSA,
Digital C&I)
2.3 International
standards
Guidance and bench marking
• IAEA safety standards
• WENRA reference levels etc.
2.4 International
Organisations/
Conventions
Peer Reviews
• Convention on Nuclear Safety
• IAEA IRRS
31
Stakeholders Means of
communication
(by Industry and
Regulator)
Essential Elements
• Local Government
• National
Government/Parliament
• Public and Media
• NGOs and Special
Interest Groups
• Neighbouring countries
(if likely to be affected)
• World community
• Routine information
and reports
• Special issues and
events reports
• Response to request
for information
• Routine/Special
meetings
• Openness and
transparency
• Effective
communication
• Industry/ Regulator
Leadership and
initiative
• Safety Culture
32
• Openness and transparency
• Effective communication
Across all layers
• Competence and resources
• Leadership and initiative
• Vibrant Safety Culture• Questioning Attitude
• Willingness to listen, explain, adopt/change where necessary
• Desire to learn, improve and excel
• Safety : topmost priority under all circumstances
For Industry and the
Regulator
33
• In the post Fukushima era, with the revised
regulations, the nuclear plants are expected to
be significantly safer
• However, rigorous implementation of the
regulations, continuous vigilance together with
high level of safety culture can alone ensure
accident free operation of nuclear installations
34