This Guide is in force as of 1 January 2001 until further notice. It replaces GuideYVL 2.1 issued on 22 May 1992.

Fourth, revised editionHelsinki 2000Oy Edita AbISBN 951-712-423-6ISSN 0783-2346

Nuclear power plant systems,structures and componentsand their safety classification

S T U K • S Ä T E I L Y T U R V A K E S K U S • S T R Å L S Ä K E R H E T S C E N T R A L E NR A D I A T I O N A N D N U C L E A R S A F E T Y A U T H O R I T Y

YVL 2.1GUIDE26 June 2000

1 General 3

2 Safety classes 3

3 Classification criteria 3

4 Assigning systems to safety classes 4

5 Classification document 5

6 References 6

Appendix: An example of the systems safety classification ofa nuclear power plant equipped with a light water reactor 7

AuthorisationBy virtue of the below acts and regulations, the Radiation and Nuclear SafetyAuthority (STUK) issues detailed regulations that apply to the safe use ofnuclear energy and to physical protection, emergency preparedness and safe-guards:• Section 55, paragraph 2, point 3 of the Nuclear Energy Act (990/1987)• Section 29 of the Council of State Decision (395/1991) on the Safety of

Nuclear Power Plants• Section 13 of the Council of State Decision (396/1991) on the Physical

Protection of Nuclear Power Plants• Section 11 of the Council of State Decision (397/1991) on the Emergency

Preparedness of Nuclear Power Plants• Section 8 of the Council of State Decision (398/1991) on the Safety of a

Disposal Facility for Reactor Waste• Section 30 of the Council of State Decision (478/1999) on the Safety of

Disposal of Spent Nuclear Fuel.

Rules for applicationThe publication of a YVL guide does not, as such, alter any previous decisionsmade by STUK. After having heard those concerned, STUK makes a separatedecision on how a new or revised YVL guide applies to operating nuclear powerplants, or to those under construction, and to licensees’ operational activities.The guides apply as such to new nuclear facilities.

When considering how new safety requirements presented in YVL guides applyto operating nuclear power plants, or to those under construction, STUK takesinto account section 27 of the Council of State Decision (395/1991), whichprescribes that for further safety enhancement, action shall be taken which canbe regarded as justified considering operating experience and the results of safetyresearch as well as the advancement of science and technology.

If deviations are made from the requirements of the YVL guides, STUK shall bepresented with some other acceptable procedure or solution by which the safetylevel set forth in the YVL guides is achieved.

Translation. Original text in Finnish.

Guide YVL 2.1 S T U K

3

1 GeneralThe assurance of a nuclear power plant’s safetyis based on the reliable functioning of the plantas well as on its appropriate maintenance andoperation. To ensure the reliability of operation,special attention shall be paid to the design,manufacturing, commissioning and operation ofthe plant and its components. To control thesefunctions the nuclear power plant is dividedinto structural and functional entities, i.e. sys-tems.

A system’s safety class is determined by itssafety significance. Safety class specifies theprocedures to be employed in plant design,construction, monitoring and operation. Theclassification document contains all documenta-tion related to the classification of the nuclearpower plant.

The principles of safety classification and theprocedures pertaining to the classification docu-ment are presented in this guide. In the Appen-dix to this guide, examples of systems mosttypical of each safety class are given to clarifythe safety classification principles.

2 Safety classesIn accordance with the Council of State Decisionon the safety of nuclear power plants [1]:

The functions important to the safety of thesystems, structures and components of a nuclearpower plant shall be defined and the systems,structures and components classified accordingto their safety significance.

The systems, structures and components impor-tant to safety shall be designed, manufactured,installed and operated so that their quality leveland the inspections and tests required to verifytheir quality level are adequate considering anyitem’s safety significance.

To comply with the above principles, the sys-tems, structures and components of the nuclearpower plant are grouped into Safety Classes 1,2, 3, 4 and Class EYT (classified non-nuclear).

The items with the highest safety significancebelong to Safety Class 1.

Safety class determines what quality require-ments apply to the nuclear power plant’s sys-tems, structures and components and to theirquality assurance. The applicant for a construc-tion or operating licence shall define how safetyclass and quality requirements on the one handand safety class and quality assurance on theother hand are interrelated.

The scope of the regulatory control of systems,structures and components is determined bysafety class. The regulatory control of systemsbased on safety classification is described inGuide YVL 2.0, among others. The inspectionand control practices for structures and compo-nents in Safety Classes 1, 2, 3, 4 and Class EYTare described in the respective YVL guides.

Safety classified pressure equipment are nu-clear pressure equipment and those in ClassEYT are conventional pressure equipment.

When a system of safety classification is drawnup, in addition to the principles presented inthis guide, the construction and layout of thenuclear power plant and the functions assignedto its systems are considered. Plant-specific ap-plications always require a case-specific consid-eration of the classification details.

Systems, structures and components pertainingto physical protection are controlled according toGuide YVL 6.11; this guide thus does not applyto their classification.

Requirements for the seismic classification ofnuclear power plant components and structuresare given in Guide YVL 2.6.

3 Classification criteriaFor the purpose of classification, the nuclearpower plant shall be divided into structural oroperational units called systems. Every struc-ture and component shall belong to a system. Asystem is, for example, a part of the primarycircuit, an auxiliary process carrying out a spe-

S T U K Guide YVL 2.1

4

cific function, a control circuit, a building or partthereof, or a number of individual componentsserving the same purpose. Every system that isa structural or operational entity shall be as-signed to a safety class or to Class EYT.

Systems in Safety Classes 1, 2, 3 and 4 shall besubdivided, in sufficient detail, to structures andcomponents. An item that forms a clearly defin-able entity as regards manufacture, installationand quality control may be regarded as onestructure or component. Every structure andcomponent shall be assigned to a safety class orto Class EYT. When a structure or componentessentially affects a system’s safety significance,or when the structure or component is needed toaccomplish the system’s safety function, thestructure or component is assigned to the samesafety class as the system itself. Less importantsystem parts may be in a lower safety class or inClass EYT. On the other hand, individual com-ponents may be assigned to a safety class higherthan the system itself, for example at pointswhere the system connects to a system in ahigher safety class.

When safety classification is established atten-tion shall be paid, in the first place, to thefollowing points:• safety functions in the accomplishment of

which the item to be classified takes part orwhich it ensures

• immediate impact on the continuous main-taining of a safety function if an item failsduring normal operation

• immediate impact on the continuous main-taining of a safety function if an item failsduring a transient or an accident

• the possible emergence of an initiating eventthat could endanger nuclear or radiationsafety and prevention of the initiating event’sprogression.

In addition, the following points may be takeninto account:• available compensatory systems and their

classification• possibilities for fault detection if the fault

does not immediately affect normal plantoperation

• the time available for repair before the faultwould lead into a partial or complete loss of asafety function

• repair possibilities taking into account i.a.accessibility, how demanding the repair workis, availability of spare parts and materials,and isolation possibility during work

• necessary process actions such as cooling,pressure relief and decontamination beforerepair work

• increase in the reliability of the item con-cerned through requirements based on safetyclassification.

When safety classification is established andapplied attention shall be paid to the fact thatthe ensuring of safety functions sets differentrequirements on equipment of different types.The most important feature of pressure vesselsand pipes, for example, is their mechanical en-durance and structural integrity. Of pumps andvalves, also operational reliability is required. Infuel storage, the central issue is the preserva-tion within safe limits of the storage geometry.With the help of safety classification, require-ment levels are graded among equipment of thesame type. The requirements to be set for equip-ment of different types need not be mutuallyidentical even if the equipment belonged to thesame safety class.

4 Assigning systems tosafety classes

Systems, structures and components shall beassigned to Safety Class 1, if their• fault or failure would cause an accident im-

mediately threatening the shutdown or cool-ing of the reactor and would require promptstarting of the safety systems.

Systems, structures and components shall beassigned to Safety Class 2, if their• well-timed or continuous operation is neces-

sary in design basis accidents to ensure reac-tor subcriticality and cooling, or to confineinside the reactor containment radioactivesubstances released from the reactor in con-sequence of an accident

Guide YVL 2.1 S T U K

5

• fault or failure would prevent continued op-eration, and would, at the same time, preventcooling of reactor and removal of decay heatwith the systems by which cooling and decayheat removal are normally carried out

• failure to function would cause a consider-able risk of uncontrolled criticality, or

• fault or failure during an outage would pre-vent reactor decay heat removal with sys-tems by which decay heat is normally re-moved in that particular state.

Systems, structures and components having anessential effect on the reliability of the belowsafety functions shall be assigned to SafetyClass 3:• reactor shutdown and maintaining of

subcritical condition• reactor cooling and decay heat removal from

the reactor• decay heat removal from spent fuel which is

stored outside the reactor• prevention of the dispersal of radioactive

material, and• mitigation of the consequences of severe acci-

dents.

Systems by which the accomplishment of thesafety functions mentioned above are monitoredshall also be classified in Safety Class 3.

In addition, Safety Class 3 shall include systemswhose function is to reliably prevent the pro-gression of initiating events into situations dur-ing which a system maintaining or actuating asafety function is needed.

Safety Class 4 shall include systems that do notbelong to a higher safety class and whose failurecould• cause an initiating event that could signifi-

cantly endanger nuclear or radiation safety• due to the high level of kinetic, pressure or

thermal energy they contain, significantlyendanger the plant environment or cause theloss of essential safety functions

• hinder safe plant operation or its manage-ment in transient and accident situations, forexample computer systems.

Safety Class 4 shall include systems that• during internal or external initiating events

protect systems carrying out safety func-tions, for example the fire and flooding pro-tection systems.

Safety Class 4 shall include also such structuresand components of Class EYT systems whosefailure could• cause an initiating event that could signifi-

cantly endanger nuclear or radiation safety• due to the high level of kinetic, pressure or

thermal energy they contain, significantlyendanger the plant environment or cause theloss of essential safety functions.

An example of the systems safety classificationof a nuclear power plant equipped with a lightwater reactor is given in the Appendix to thisguide.

5 Classificationdocument

The classification of the nuclear power plant’ssystems, structures and components is describedin the classification document. Compilation ofthe classification document shall begin as earlyas possible during the plant design stage andthe document shall be supplemented along withthe progress of the plant design. The classifica-tion document shall be submitted to STUK forapproval in connection with the constructionlicence application in accordance with section 35of the Nuclear Energy Decree. The approval ofthe classification document is one of the precon-ditions for STUK’s endorsement of the construc-tion licence.

The classification document shall present• a marking system for nuclear power plant

systems and components• a list of systems• system-specific lists of structures and compo-

nents• main drawings of buildings, or other draw-

ings appropriate for the presentation of theclassification of buildings

S T U K Guide YVL 2.1

6

• flow diagrams for process systems and airconditioning

• main diagrams for electrical systems• conceptual design diagrams of I & C systems• software and their recording equipment• physical location of systems, structures and

components at the plant.

In the list of systems, the systems are consist-ently arranged into groups and provided withidentification markings and safety class desig-nations.

System-specific lists shall be presented of struc-tures or components in Safety Classes 1, 2, 3and 4. In Class EYT systems, lists shall bepresented of pressure equipment as well as ofsafety-classified components and structures. Thestructures and components are provided withdesignations beginning with system designa-tions. The safety classes of buildings, structuresand components shall be indicated in drawings.

The boundaries of safety classes shall be unam-biguously presented in the main diagrams ofelectrical systems and in the conceptual designdiagrams of I & C systems contained in theclassification document.

The flow diagrams of process systems shallshow system boundaries and the process- tech-nical location of classified components in thesystem. The classification of piping is presentedin the flow diagrams of the process systems.

Seismic classification in accordance with GuideYVL 2.6 is presented in the same classificationdocument.

As the design of the plant proceeds, and inconnection with modifications made during op-eration, the classification document shall besupplemented and updated accordingly. It istherefore recommended that the document becompiled in such a format that it can be easilyupdated. Any revisions of and supplements tothe document shall be approved by STUK.

6 References1 Decision of the Council of State (395/1991) on

the General Regulations for the Safety ofNuclear Power Plants, 14 February 1991.

Guide YVL 2.1 S T U K

7

An example of the systems safetyclassification of a nuclear power plantequipped with a light water reactor

1 Boundaries of systems containing liquid or gas

Primary circuit boundariesOther safety class boundaries

2 Systems classificationSafety Class 1Safety Class 2Safety Class 3Safety Class 4Class EYT

APPENDIX

1 Boundaries of systems containingliquid or gas

Primary circuit boundaries

The primary circuit means all pressure-retain-ing components included in the reactor coolingwater system of nuclear power plants equippedwith a pressurised or boiling water reactor, suchas pressure equipment, piping, pumps andvalves or components connected to the reactorcooling water system. The following are consid-ered a primary circuit boundary:• the outermost containment isolation valve in

a pipeline that penetrates the reactor con-tainment

• the outer of two valves which are kept closedduring normal reactor operation in a pipelinethat does not penetrate the reactor contain-ment, and

• a safety or relief valve in the reactor coolingsystem.

In a nuclear power plant equipped with a boilingwater reactor, the reactor cooling water systemand the primary circuit referred to in this guide

are considered to extend to the outer isolationvalves of the main steam and feed water pipe-lines.

The boundary valves of the primary circuit areincluded in the primary circuit.

Other safety class boundaries

In case a system in Safety Class 2 or 3 contain-ing liquid or gas is connected to a system in alower safety class, the safety class boundarymay be defined to be:• a passive device which reduces the flow so

much that the system will remain operableeven if a failure occurred in a lower safetyclass system; examples of flow limiters are asmall pipe fitting, a throttle or a shaft gasket

• a valve which is normally kept closed• the outer of two shut-off valves normally kept

open, either of which can be closed so quicklythat the system will remain operable even ifa failure occurred in a lower safety classsystem

• a shut-off valve normally kept open in asystem the safety function of which can be

S T U K Guide YVL 2.1

8

carried out with a redundant system parteven if attempts to close the boundary valvefailed

• a check valve with its flow direction towardsa higher safety class system

• a safety or relief valve.

All components defined as a safety class bound-ary are assigned to a higher safety class.

Heat exchangers with one side connected topiping classified to a higher safety class and theother side to piping classified to a lower safetyclass are, as an entity, classified to the highersafety class. The steam generators of a pressu-rised water reactor plant are an exception to thegeneral classification of heat exchangers; theprimary side is classified to Safety Class 1 andthe secondary side to Safety Class 2.

Small-diameter piping that belongs in a systemassigned to Safety Class 2 or 3 and is not part ofthe primary circuit may be classified to a lowersafety class or to Class EYT pursuant to Guide3.3. A system’s structures and components thatare irrelevant in view of the main function of thesystem may be assigned to a lower safety classor to Class EYT on the same grounds as small-diameter piping.

The above boundaries do not apply to primarycircuit components classified to Safety Class 2.Their boundaries have been defined in connec-tion with the primary circuit.

2 Systems classification

Safety Class 1

a) Reactor fuel.

b) Primary circuit components whose rupturewould result in a leakage of such magnitudethat it could not be compensated for by themake-up water systems of the nuclear powerplant. In conformity with this principle, thefollowing primary circuit components remainoutside Safety Class 1:

• small-diameter pipes (inner diameter notmore than 20 mm)

• components connected to the reactorcoolant system through a passive flow-limiting device and which, if ruptured, donot cause a leak larger than that causedby the rupture of a 20 mm pipe, as well as

• components which, in the event of theirfailure, can be isolated from the reactorcoolant system by two successive, auto-matically closing valves whose closingtime is short enough to allow for normalreactor shutdown and cooldown.

Safety Class 2

a) Primary circuit components not assigned toSafety Class 1.

b) Systems and components required for a reac-tor trip.

c) Emergency core cooling systems intended forloss-of-coolant accidents.

d) The boron supply system required to shutdown the reactor or to maintain it in a sub-critical condition during a postulated acci-dent.

e) A decay heat removal system for circulatingthe water of the reactor coolant system.

f) At a PWR plant, the part of the make-upwater system which is bounded by make-upwater pumps and the primary circuit.

g) The following parts of the steam and feedwater systems• at a PWR plant, the part inside the reactor

containment that is bounded by the outer-most isolation valves

• at a PWR plant, the part of the emergencyfeed water system of the steam generatorsthat is bounded by the emergency feedwater pumps and steam generators, and

• at a BWR plant, those parts of the steamsystem outside the reactor containment

Guide YVL 2.1 S T U K

9

that are bounded by the isolation valvesand the subsequent shut-off valves.

h) The reactor containment and related systemsrequired to ensure containment integrity in apostulated accident. Such systems may be forexample:• the containment spray system• other systems intended for the reduction

of pressure and temperature within thecontainment

• systems to prevent the formation of anexplosive mixture of gases

• personnel and material locks, penetrationsand other equivalent structures, and

• isolation valves of the reactor containmentother than those included in the primarycircuit, and parts of the piping penetratingthe containment that are bounded by thevalves.

i) Supporting structures of the primary circuit

j) Structures, such as emergency restraints andmissile barriers, which protect components inSafety Class 1.

k) Internals of the reactor pressure vessel thatsupport the reactor core and are importantfor its coolability.

l) Storage racks for fresh and spent fuel.

m) A protective instrumentation and automationsystem for starting a reactor trip, reactoremergency cooling, isolation of reactor con-tainment or other safety function necessaryin a postulated accident.

n) Electrical components and distribution sys-tems necessary for the accomplishment ofsafety functions of systems in Safety Class 1and 2.

o) Electrical power supply equipment ensuringelectricity supply to Safety Class 2 compo-nents upon loss of both offsite power andpower supplied by the main generators.

Safety Class 3

a) The boron supply system bounded by theborated water storage tank in so far as thesystem or parts thereof are not classified to ahigher safety class.

b) At a PWR plant, those parts of the reactorvolume control system that are not assignedto a higher safety class.

c) At a PWR plant, those parts of the emergen-cy feed water system that are not assigned toSafety Class 2.

d) Systems needed for the cooling and pressurerelief of the primary circuit, if they are notclassified to a higher safety class.

e) Cooling systems, including their cooling wa-ter channels and tunnels, essential for theremoval of• reactor decay heat• decay heat from spent fuel stored outside

the reactor• heat generated by Safety Class 2 compo-

nents• heat generated by the above-mentioned

systems themselvesinto the ultimate heat sink, and which do notbelong to a higher safety class.

f) Parts of the sealing water, pressurised air,lubricating, fuel, etc systems necessary forthe start-up or operation of systems in SafetyClasses 2 and 3.

g) Systems for treating liquids or gases contai-ning radioactive substances the failure ofwhich could, compared to normal conditions,result in a significant dose increase to a plantemployee or a member of the public.

Examples of such systems are:• reactor cooling water cleanup system• sampling systems of the primary circuit• treatment and storage systems for liquid

wastes, and• radioactive gas treatment systems.

S T U K Guide YVL 2.1

10

h) Ventilation systems that reduce the radiationexposure of employees or the releases ofradioactive materials into the environment.Below are examples of the functions of thesesystems:• maintaining of pressure differences in the

reactor building and filtering of its ex-haust air (including the containment withits surrounding spaces)

• ventilation of those rooms in the auxiliarybuilding where radioactive contaminationcould occur

• ventilation of the spent fuel storage• ventilation of quarters containing radioac-

tive waste• ventilation of laboratories where consider-

able amounts of radioactive materials arehandled, and

• securing of working conditions in thecontrol room and other rooms requiringcontinued stay during accidents, in casethe air on-site contains radioactive orother hazardous materials.

i) Air cooling and heating systems in roomscontaining components classified to SafetyClasses 1, 2 and 3; the systems are needed tomaintain the temperature required for ensu-ring reliable functioning of the equipment,taking into account extreme outdoor air tem-peratures and the waste heat released inthese rooms.

j) Those reactor pressure vessel internals notassigned to Safety Class 2.

k) Nuclear fuel handling and inspection sys-tems whose malfunction could endanger fuelintegrity.

l) The following hoisting and transfer equip-ment:• those parts of the control rod drives that

are not assigned to Safety Class 1 or 2• the reactor building main crane• equipment needed for the lifting and

transfer of nuclear fuel.

m) Storages of spent fuel and liquid wastes,including pools and tanks.

n) Buildings and structures designed to• protect or support equipment in Safety

Classes 2 or 3 and the failure of whichcould endanger the integrity of the equip-ment

• protect workers to assure their ability tomaintain functions important to safety inaccident conditions.

o) Concrete structures inside the reactor con-tainment other than those assigned to SafetyClass 2.

p) Instrumentation and automation systemsand components required for the followingfunctions and not classified to a higher safetyclass:• reactor power limitation systems• control of reactor main parameters (power,

pressure, coolant volume)• monitoring and control of safety functions

during accidents• monitoring and control of reactor power

peaking• monitoring and control of safe plant

shutdown from the main and standbycontrol rooms

• monitoring of reactor criticality duringfuel loading

• monitoring of primary circuit leaks• monitoring of hydrogen and oxygen con-

centrations inside the containment• monitoring of primary circuit water chem-

istry• on-site radiation monitoring during acci-

dents• monitoring of radioactive releases• monitoring for radiation in rooms.

q) Electrical components and electric powerdistribution systems required to accomplishthe safety functions of Safety Class 3 sys-tems.

r) Systems designed to ensure the integrity ofthe reactor containment or to limit releasesespecially in a severe accident. Examplesthereof are:• systems limiting the containment pressure

Guide YVL 2.1 S T U K

11

• systems intended for the control andfiltering of releases out of the containment

• air circulating and filtering systems thatclean the containment air space

• systems that prevent the formation of anexplosive gas mixture

• systems intended for the monitoring of thecondition of the reactor and the contain-ment, and

• systems and components required forcooling a molten core and for ensuring theintegrity of containment penetrations andother openings.

Safety Class 4

a) Fire protection systems:• fire alarm systems• fire extinguisher systems.

b) Of systems and components connected toturbine and generator, those that could signi-ficantly contribute to their failure, for examp-le:• bearings• rotor• turbine and generator protection systems• turbine trip valves• oil systems• generator hydrogen cooling system• vibration monitoring system• generator circuit-breaker and field

breaker.

c) The below I&C and computer systems:• PWR secondary side main controls• monitoring of secondary circuit water

chemistry• monitoring for radioactivity in laboratories

• I & C and computer systems contributingto safe plant control and operation

• safety-significant information manage-ment systems relating to plant operationand maintenance.

d) Systems safeguarding electrical and I&C sys-tems against external impacts:• protection against climatic overvoltages.

e) Plant communication systems to assure nor-mal operation and for use in accident mana-gement.

f) Environmental radiation monitoring and me-teorological measurements.

g) Systems for monitoring external threats, forexample:• a flood monitoring system• a system for monitoring the ultimate heat

sink (i.e. the sea)• a frazil ice monitoring system.

h) An alarm system for giving warning of immi-nent danger onsite.

i) The thermal insulation of piping and structu-res inside the containment.

j) The feed water system of a boiling waterreactor plant.

k) The main electrical power systems.

Class EYT

Includes all systems, structures and componentsnot assigned to Safety Classes 1, 2, 3 or 4.