Risk-informed design guidance for future reactor systems

Future reactor designs face an uncertain regulatory environment. It is anticipated that there will be some level of probabilistic insights in the regulations and supporting regulatory documents for Generation-IV nuclear reactors. Central to current regulations are design basis accidents (DBAs) and the general design criteria (GDC), which were established before probabilistic risk assessments (PRAs) were developed. These regulations implement a structuralist approach to safety through traditional defense in depth and large safety margins. In a rationalist approach to safety, accident frequencies are quantified and protective measures are introduced to make these frequencies acceptably low. Both approaches have advantages and disadvantages and future reactor design and licensing processes will have to implement a hybrid approach. This paper presents an iterative four-step risk-informed methodology to guide the design of future-reactor systems using a gas-cooled fast reactor emergency core cooling system as an example. This methodology helps designers to analyze alternative designs under potential risk-informed regulations and to anticipate design justifications the regulator may require during the licensing process. The analysis demonstrated the importance of common-cause failures and the need for guidance on how to change the quantitative impact of these potential failures on the frequency of accident sequences as the design changes. Deliberation is an important part of the four-step methodology because it supplements the quantitative results by allowing the inclusion in the design choice of elements such as best design practices and ease of online maintenance, which usually cannot be quantified. The case study showed that, in some instances, the structuralist and the rationalist approaches were inconsistent. In particular, GDC 35 treats the double-ended break of the largest pipe in the reactor coolant system with concurrent loss of offsite power and a single failure in the most critical place as the DBA for the emergency core cooling system. Seventeen out of the 45 variations that we considered violated this DBA, but passed the probabilistic screening criteria. Using PRA techniques, we found that the mean frequency of this accident was very low, thus indicating that deterministic criteria such as GDC 35 must be reassessed in the light of risk insights.