Index of /rozprawy2/11746

Pełen tekst

(1)AGH UNIVERSITY OF SCIENCE AND TECHNOLOGY Faculty of Energy and Fuels Department of Nuclear Energy. Doctoral dissertation. Thermal-hydraulic analysis of severe accident progress in pressurized light water reactor according to its scale. Analiza termo-hydrauliczna przebiegu poważnej awarii w reaktorze jądrowym lekkowodnym ciśnieniowym w zależności od jego skali. Katarzyna Skolik. Supervisor: prof. Ludwik Pieńkowski. Cracow, 2021.

(2) 2.

(3) I would like to express my deepest gratitude to my supervisor, Prof. Ludwik Pieńkowski for all his support, help and patience during my doctoral studies. Without his guidance and involvement, I would never be able to succeed. I would also like to acknowledge Dr. Chris Allison, Dr. Anuj Trivedi and all the members of Innovative Systems Software for giving me the opportunity to learn RELAP/SCDAPSIM from the best. They have shared with me their knowledge, experience and provided me with huge support. I want to thank Paweł Domitr and other colleagues from Polish National Atomic Energy Agency for their help and assistance with the modelling. I am very grateful to my friend and colleague, Dr. Mateusz Malicki who was my neverending source of motivation, self-confidence, and positive attitude.. Chciałabym również z całego serca podziękować Rodzicom za nigdy niesłabnącą wiarę we mnie, pomoc i wsparcie w każdej sytuacji. Dzięki Wam wszystko jest możliwe.. 3.

(4) Oświadczam, świadoma odpowiedzialności karnej za poświadczenie nieprawdy, że niniejszą rozprawę doktorską wykonałam osobiście i samodzielnie i nie korzystałam ze źródeł innych niż wymienione w pracy.. ……………………… podpis autorki pracy. 4.

(5) Thermal-hydraulic analysis of severe accident progress in pressurized light water reactor according to its scale. Safety analysis of nuclear reactors are crucial for the development of this industry. The aim of this work is to present and analyze the safety characteristics of two nuclear reactors with some innovative solutions and unique features in terms of safety. Both use light water as coolant and moderator, basing on the well-known technology with many years of experience in commercial operation. One of the chosen designs is NuScale – a concept of modular nuclear power plant consisting of 12 small reactors and the second one is AP600, generation III pressurized water reactor. The electrical output of both systems is comparable. For the purpose of this study, the models of both reactors were developed, using publicly available data published by the designers and the U.S. Nuclear Regulatory Commission. The thermal-hydraulic code, RELAP/SCDAPSIM/MOD3.4. was used for the analyses. First, the simulations of some design basis accidents were conducted, and the results were compared with those presented in public reports regarding the reactors. These analyses enabled to validate the models. Then, one particular scenario was chosen (station blackout with safety systems failure) to analyze the behavior of NuScale and AP600 reactors in similar conditions. The results showed that in the case of integral low-power reactor (NuScale) even such extreme scenario did not thread the core integrity and the unique features of the design allowed for reaching safe and stable conditions. In case of AP600 reactor this severe accident resulted in core melting, starting after ~2.28 h of the transient. Then, the extremely severe event was analyzed and discussed for the NuScale project. It is an inside containment Loss of Coolant Accident with the failure of both main safety systems. The simulation was run for 86400 s (24 h) and the beginning of core damage was observed after ~4.8 h. The results are comparable to those for similar scenarios presented in the references. However, such extremely severe events have very low, almost negligible probability. In less severe design basis accidents, the safety systems operation enabled reaching safe and stable conditions in both reactors.. 5.

(6) 6.

(7) Analiza termo-hydrauliczna przebiegu poważnej awarii w reaktorze jądrowym lekkowodnym ciśnieniowym w zależności od jego skali. Analizy bezpieczeństwa reaktorów jądrowych są niezwykle istotnym elementem dla rozwoju tej branży. Celem obecnej pracy jest przedstawienie projektów i przeprowadzenie symulacji awarii dla dwóch reaktorów o innowacyjnych cechach z punktu widzenia bezpieczeństwa. Obydwa wykorzystują lekką wodę jako chłodziwo i moderator, bazując na najlepiej poznanej i opracowanej dotychczas technologii. Jeden z wybranych projektów to NuScale – elektrownia zbudowana z 12 modułowych reaktorów małej mocy generująca w sumie ~600 MWel. Drugi wybrany reaktor to AP600, reaktor lekkowodny ciśnieniowy III generacji. Sumaryczna moc obydwu systemów jest porównywalna. Na potrzeby analizy zbudowano modele obydwu reaktorów korzystając z publicznie dostępnych danych, opublikowanych przez firmy rozwijające te projekty i amerykańską Nuclear Regulatory Commission. Do symulacji wykorzystano kod termo-hydrauliczny RELAP/SCDAPSIM/MOD3.4. Na początku przeprowadzono symulacje awarii projektowych pozwalające zwalidować modele, poprzez porównanie otrzymanych wyników z danymi z raportów dotyczących obydwu projektów. Następnie wybrano scenariusz porównawczy (station blackout z wyłączeniem systemów bezpieczeństwa) i sprawdzono przebieg podobnej awarii w reaktorzach NuScale i AP600. Otrzymane wyniki pokazały, że w przypadku reaktora małej mocy o zintegrowanej konstrukcji (NuScale) nawet tak ekstremalne warunki nie powodują uszkodzenia rdzenia, a unikalne cechy projektu pozwalają na osiągnięcie stabilnego i bezpiecznego stanu bez interwencji operatora. W reaktorze AP600 tego typu awaria powoduje stopienie rdzenia, którego początek zaobserwowano po ~2.28 h. Następnie przeprowadzono symulację i analizę poważnej awarii w reaktorze NuScale. Wybrano scenariusz utraty chłodziwa wewnątrz zbiornika reaktora (containment), z założeniem niedostępności obydwu głównych systemów bezpieczeństwa. Symulacja była prowadzona przez 86400 s (24 h) i początek uszkodzenia rdzenia reaktora zaobserwowano po ~4.8 h. Otrzymane wyniki są porównywalne do rezultatów podobnych awarii prezentowanych w referencjach. Należy pamiętać, że opisana awaria ma bardzo niskie, niemal pomijalne prawdopodobieństwo. W obydwu przypadkach mniej poważne awarie projektowe zakończyły się osiągnięciem stabililnych i bezpiecznych warunków dzięki zadziałaniu systemów bezpieczeństwa.. 7.

(8) 8.

(9) Table of contents. Abbreviations ................................................................................................................................... 13 1.. Motivation and scope of the work ............................................................................................ 17. 2.. Small modular reactors ............................................................................................................. 19. 2.1.. 2.2. 3. 3.1.. 3.2. 4.. Current status of Small Modular Reactors............................................................................ 20 2.1.1.. Integral Pressurized Water Reactors ......................................................................... 21. 2.1.2.. High-Temperature Gas-Cooled Reactors ................................................................. 21. 2.1.3.. Fast Neutron Reactors .............................................................................................. 22. NuScale – SMR .................................................................................................................... 23 Generation III reactors .............................................................................................................. 28 Current status of generation III reactors ............................................................................... 29 3.1.1.. Pressurized Water Reactors ...................................................................................... 29. 3.1.2.. Boiling Water Reactors ............................................................................................ 31. AP600 and AP1000 reactors................................................................................................. 31 Nuclear safety ........................................................................................................................... 36. 4.1.. Approach to safety in nuclear power plants ......................................................................... 36. 4.2.. Operational states of an NPP ................................................................................................ 39. 4.3.. NPP safety analyses .............................................................................................................. 41. 4.4.. Acceptance criteria ............................................................................................................... 44. 4.5.. Computer codes used for NPP safety analyses ..................................................................... 48. 5.. RELAP/SCDAPSIM code ........................................................................................................ 50. 5.1.. RELAP modelling ................................................................................................................ 51. 5.2.. Building input model in RELAP code .................................................................................. 57 5.2.1.. Hydrodynamic components ...................................................................................... 57. 5.2.2.. Heat structures .......................................................................................................... 59. 5.2.3.. Trips.......................................................................................................................... 60. 5.2.4.. Control components.................................................................................................. 61 9.

(10) 5.3. 6. 6.1.. SCDAP modelling ................................................................................................................ 62 NuScale reactor model in RELAP/SCDAPSIM .......................................................................65 Core model ............................................................................................................................ 67 6.1.1.. Fuel rods as RELAP heat structures..........................................................................69. 6.1.2.. Core components in SCDAP.....................................................................................70. 6.2.. Reactor pressure vessel model .............................................................................................. 72. 6.3.. Steam generator .................................................................................................................... 74. 6.4.. Containment vessel and reactor pool .................................................................................... 75. 6.5.. Main safety systems .............................................................................................................. 76. 7. 7.1.. 6.5.1.. Emergency Core Cooling System .............................................................................76. 6.5.2.. Decay Heat Removal System ....................................................................................76. 6.5.3.. Reactor Safety Valves ...............................................................................................77. AP600 reactor model in RELAP/SCDAPSIM ..........................................................................78 Core model ............................................................................................................................ 80 7.1.1.. Fuel rods as RELAP heat structures..........................................................................82. 7.1.2.. Core components in SCDAP.....................................................................................83. 7.2.. Steam generator .................................................................................................................... 84. 7.3.. Safety systems ....................................................................................................................... 85. 8.. 7.3.1.. Core Makeup Tanks ..................................................................................................86. 7.3.2.. Automatic Depressurization System .........................................................................87. 7.3.3.. Accumulators ............................................................................................................88. 7.3.4.. Passive Residual Heat Removal Heat Exchanger .....................................................88. 7.3.5.. In-containment refueling water storage tank.............................................................89. Simulations for NuScale reactor ...............................................................................................90. 8.1.. Turbine trip transient in NuScale reactor .............................................................................. 92. 8.2.. LOCA analysis in NuScale reactor ....................................................................................... 99. 8.3.. Station blackout with safety systems failure in NuScale reactor ........................................ 108. 8.4.. LOCA with ECCS and DHRS failure in NuScale reactor .................................................. 116. 10.

(11) 9.. Simulations for AP600 reactor ............................................................................................... 134. 9.1.. SB-LOCA analysis in AP600 reactor ................................................................................. 135. 9.2.. SBO event with safety systems failure in AP600 reactor ................................................... 143. 10.. Comparison of safety analysis results for small and large Pressurized Water Reactor ...... 152. 11.. Conclusions ........................................................................................................................ 154. References ...................................................................................................................................... 159 List of figures ................................................................................................................................. 166 List of tables ................................................................................................................................... 169. 11.

(12) 12.

(13) Abbreviations ABWR – Advanced Boiling Water Reactor ACC – Accumulator ADS – Automatic Depressurization System ALARA – As Low As Practically Achievable AOO – Anticipated Operational Occurrence BDBA – Beyond Design Basis Accident BWR – Boiling Water Reactor CDF – Core Damage Frequency CFD – Computational Fluid Dynamics CHFR – Critical Heat Flux Ratio CMT – Core Make-up Tank CNV – Containment Vessel CVCS – Chemical and Volume Control System DBA – Design Basis Accident DCA – Design Certification Application DCD – Design Control Document DEC – Design Extension Conditions DHRS – Decay Heat Removal System DiD – Defense in Depth DSA – Deterministic Safety Analysis DVI – Direct Vessel Injection ECC – Emergency Core Cooling ECCS – Emergency Core Cooling System EPZ – Emergency Planning Zone ESBWR - Economic Simplified Boiling Water Reactor ET – Event Tree FA – Fuel Assembly 13.

(14) FBR – Fast Breeder Reactor FNR – Fast Neutron Reactor FT – Fault Tree FSAR – Final Safety Analysis Report FWIV – Feedwater Isolation Valve FW – feedwater HS – Heat Structure HTGR – High Temperature Gas-cooled Reactor HTR – High Temperature Reactor HX – Heat Exchanger IAEA – International Atomic Energy Agency ICRP – International Commission on Radiological Protection INES – International Nuclear and Radiological Event Scale INL – Idaho National Laboratory iPWR – integral Pressurized Water Reactor IRWST – In-containment Refueling Water Storage Tank ISS – Innovative Systems Software LB-LOCA – Large Break – Loss of Coolant Accident LERF – Large Early Release Frequency LNT – Linear No-Threshold LOCA – Loss of Coolant Accident LTOP – Low Temperature Overpressure Protection LWGR – Light Water-cooled Graphite-moderated Reactor LWR – Light Water Reactor MCS – Module Control System MPS – Module Protection System MSIV – Main Steam Isolation Valves NEA – Nuclear Energy Agency 14.

(15) NPM – NuScale Power Module NPP – Nuclear Power Plant OECD – Organization for Economic Co-operation and Development OSU – Oregon State University PAZ – Precautionary Action Zone PCS - Passive Containment Cooling System PHWR – Pressurized Heavy Water Reactor PIE – Postulated Initiating Event PRHR – Passive Residual Heat Removal PRZ – Pressurizer PSA – Probabilistic Safety Analysis PWR – Pressurized Water Reactor PXS – Passive Core Cooling System RCPB - Reactor Coolant Pressure Boundary RCS – Reactor Coolant System RELAP - Reactor Excursion and Leak Analysis Program RPV – Reactor Pressure Vessel RRV – Reactor Recirculation Valve RSV – Reactor Safety Valve RVV – Reactor Vent Valve SA – Severe Accident SB-LOCA – Small Break – Loss of Coolant Accident SBO – Station Blackout SCDAP - Severe Core Damage Analysis Package SDTP – SCDAP Development and Training Program SG – steam generator SMR – Small Modular Reactor SS – Steady State 15.

(16) TRISO - TRistructural ISOtropic TTT – Turbine Trip Transient TVA – Tennessee Valley Authority UPZ – Urgent Protective Action Planning Zone U.S.DOE – United States Department of Energy U.S.NRC – United Stated Nuclear Regulatory Commission UHS – ultimate heat sink VTR – Versatile Test Reactor. 16.

(17) 1.. Motivation and scope of the work. The aim of this work is to compare safety features and potential accident consequences of two Light Water Reactors (LWRs): the small modular integral Pressurized Water Reactor (iPWR) and standard Generation III Pressurized Water Reactor (PWR). The first one is based on 600 MWel NuScale nuclear power plant (NPP) concept that consists of 12 modules. Small Modular Reactor (SMR), turbine and generator are the three main components of each 50 MWel module. At the end of 2020, the nominal power of the NuScale module design was increased to 77 MWel [1]. However, all the documentation regarding this design mentions 50 MWel [2] and all the further descriptions and analysis regarding NuScale SMR in this dissertation relate to the original nominal power of one module (50 MWel; 160 MWt). The second one is based on AP600 reactor concept. The total power of both systems is at the level of few hundred megawatts and it is interesting to compare their safety characteristics and potential accident consequences. The scale effect promotes the AP600 reactor, but some analyzes show that modular nuclear power plant concept has many unique features, and it can be competitive [3]. As a result, the concept of a modular nuclear power plant is very promising, and the coming years will show what will be the future of SMRs. This dissertation focuses on the deterministic safety analyzes. Both reactors are modeled in RELAP/SCDAPSIM code basing on publicly available data provided by U.S. Nuclear Regulatory Commission (U.S.NRC). Limited data access means that the presented models cannot accurately describe neither the AP600 reactor nor the NuScale reactor. However, the society requires reliable reactors, and therefore their safety must be based on the concept of their construction, not on the minor details of the systems. The general analyses, such as those presented in this thesis are important in the process of assessing the safety of nuclear power plants. Nuclear reactor’s safety is a very important and demanding field of study, especially after the Fukushima accident in 2011. The society is again more concerned about the risk related to the use of nuclear power, the regulations become even more strict and the designers are working on new reactor designs that will be inherently safe and not dependent on external power availability, operator action or additional water supply. Both chosen reactors have passive safety systems which means that their operation is based on natural phenomena like 17.

(18) gravity or pressure differences. Such systems will actuate under certain transient conditions and mitigate the accident even if no electrical power is available and no action is taken by the operator. However, there are certain differences between NuScale and AP600 reactors. While AP600 is basing on known solutions and its design is similar to the traditional pressurized water reactor, NuScale SMR has numerous additional safety features encouraging its designers to talk about reactor’s “inherent” safety. Integral design and natural circulation of coolant eliminate the need for coolant pumps and the major pipes of hot and cold legs present in traditional PWRs. All the main components, including the steam generator (SG) tubes and the pressurizer (PRZ) are placed inside the Reactor Pressure Vessel (RPV). The design is compact, simplified and the risk of loss of coolant accident (LOCA) is significantly decreased. The reactor pressure vessel is surrounded by the containment vessel (CNV) which in turn is placed in the reactor pool filled with water. The pool is located underground, and it can be shared by up to 12 NuScale modules. Each module has its own CNV and is located in a common water pool divided into individual parts. Two main safety systems are actuated in case of transient, namely the Emergency Core Cooling System (ECCS) and the Decay Heat Removal System (DHRS). Their simple design allows to depressurize the reactor vessel and remove the decay heat by the DHRS heat exchanger. The heat is transferred to the reactor water pool that provides the ultimate heat sink (UHS). According to the designers, the reactor will stay in safe shutdown conditions indefinitely with no AC or DC power available, no operator action and no additional water supply in case of any Design Basis Accident (DBA) [4]. In present work, several thermal hydraulic analyses of different transients in both AP600 and NuScale reactors are presented. Similar event types were chosen to compare these two reactors behavior and possibly prove the unique NuScale’s safety features. The NuScale modules are designed in such way to minimize the negative influence of potential failure of one reactor to the other modules at the site. The probabilistic and deterministic approach to the reactor’s safety is further discussed in following chapters.. 18.

(19) 2.. Small modular reactors. Small modular reactors are units up to 300 MWel using different technologies. Often this abbreviation can be interpreted as “Small and Medium-sized Reactors” and cover reactors with power up to 700 MWel. In the light of this dissertation, the term “modular” should be understood as a modular power plant consisting of several independent modules, the main elements of each module being the small modular reactor, turbine and generator. The first energetic low power nuclear reactors were used in 1950s as the energy source for submarine propulsion systems. Their main feature and reason for such use was the possibility of long operation without refueling. Civil power engineering started to use similar technologies and in 1960s and ‘70s mostly medium-sized reactors were constructed. Then, the economy of scale won, and the power of individual unit was constantly increased. The average power of currently operating reactors is 1000 MWel and the biggest units have capacity up to 1600 MWel. However, the potential of SMRs was also reconsidered and such units seem to be perspective solution for developing countries with smaller investment possibilities, for remote localizations with low energy demands or for the heating purposes. The global trend nowadays is so-called smart grid, which includes the energy production in smaller units but closer to the customer, in order to minimize the transmission losses. Many countries, like the USA, China, Russia, Japan, South Korea, France, are working on their own projects of Small Modular Reactors, using different technologies – from the most popular Light Water Reactors, through Gas-cooled Reactors and ending with the innovative Liquid Metal and Molten Salt Reactors. The small modular reactors have numerous features comparing to traditional large units, e.g.: -. Modular design allowing factory production of the unit and minimizing the works to be done at the site,. -. Concept of NPP with several power modules sharing some of the non-safety equipment (e.g., refueling machinery),. -. Long fuel cycle, allowing for rarer refueling (even once every 10-15 years),. -. Simpler, often integrated design,. -. Passive safety systems,. -. Lower construction costs and investment risk, 19.

(20) -. Lower exploitation costs,. -. The potential for power generation in remote locations, often without the infrastructure needed to transport the big amounts of fossil fuels.. However, there are also some drawbacks and challenges for SMR concept, mainly: -. The need for economic demonstration to prove the profitability of the new designs,. -. Bigger dispersion of the spent fuel, which must be transported to the place of recycling or storage (however, modular nuclear power plants like NuScale NPP with total power over 600 MWel do not exhibit this negative feature),. -. Public concerns regarding nuclear power plant safety; need for further educations and consultations,. -. Long time needed for licensing process and approvals for the prototypical reactors what is particularly challenging for all non-LWR reactors [5] [6] [7].. 2.1.. Current status of Small Modular Reactors. There are several small modular reactors in operation, e.g., in China, India, Siberia and Pakistan. However, these are mostly well-known technologies (like PHWR in India or LWGR in Russia) and very low power test reactors. Worth mentioning is Russian floating NPP Akademik Lomonosov. It contains two KLT-40S reactors (PWRs), each generating 150 MWt. It operates since December 2019 in Chukotka region. Another interesting design is a PWR reactor developed by Rolls Royce in the UK (UK-SMR). The design bases on well-known PWR technology and the company plans to construct its First of a Kind reactor in early 2030s. With the power output ~440 MWel it can be considered as a mid-sized reactor. There is also one simplified and innovative Boiling Water Reactor (BWR) in the licensing process in the USA, namely the BWRX-300. It is a 300 MWel boiling water reactor basing on natural circulation and passive safety systems, developed by GE Hitachi. Currently there are more than 70 SMRs under development, of different types and for various applications [8]. There are numerous studies available devoted to the economics and potential future of the SMR market in the world [3] [8] [9] [10]. However, there are still so many unknowns and the spectrum of SMR designs is so wide that it is impossible to predict 20.

(21) how this industry will develop some of the most interesting designs of small modular reactors (iPWRs, HTGRs and FNRs) are described below.. 2.1.1. Integral Pressurized Water Reactors iPWR is one of the most important and promising concepts for a small modular reactor. The design is based on well-known pressurized water reactor but in compact, integral form. All the main primary components (reactor core, riser, downcomer, pressurizer) and helical coil steam generator tubes are located in the reactor pressure vessel and the coolant flow relies on natural circulation. Thanks to this solution, the major piping is eliminated and there is no thread of Large Break-Loss of Coolant Accident (LB-LOCA). Reactor safety is based on passive safety systems. Currently developed iPWRs have electric power from 30 MW to 125 MW. The main iPWR designs are: -. CAREM (under construction, 30 MWel, developed by CNEA, Argentina),. -. NuScale (under regulatory review, 12x50 MWel, developed by NuScale Power, USA),. -. ACP100 (detailed design, 100 MWel, developed by CNNC, China),. -. SMART (certified design, 107 MWel, developed by KAERI, South Korea).. NuScale is the only iPWR reactor that has a double steel pressure barrier. The standard RPV tank is placed inside the CNV tank. In the ongoing licensing process NRC has accepted that the CNV tank is a safety barrier and allowed to place up to 12 reactors inside one reactor building, in a common water pool. Additionally, among PWR and BWR reactors, NuScale is the only one that eliminates the emergency water injection systems into the reactor RPV. This fact can significantly reduce the cost of building NuScale modular power plant.. 2.1.2. High-Temperature Gas-Cooled Reactors High Temperature Reactors (HTRs), also known as High-temperature Gas-cooled Reactors (HTGRs) are generation IV graphite-moderated helium-cooled reactors. The outlet temperature (up to 1000˚C) in HTR can be used for electricity and heat production as well as for water desalination, in refineries and for hydrogen production. The concept of 21.

(22) gas-cooled, graphite moderated reactors was first presented in 1940s. Later, some demonstration energetic reactors of this type were successfully operated in the USA, the UK, Germany, Japan and China. HTRs use spherical fuel particles (with small diameters <1 mm), called TRISO, arranged in either pebble bed or prismatic way. In the first one the reactor core is composed of about 100 000 graphite spheres which are in constant motion inside the vessel. Prismatic core is more comparable to the traditional concept as it consists of a graphite prismatic block with numerous channels for coolant and control rods. Each TRISO particle has a fuel kernel usually made of uranium dioxide and further layers of porous carbon buffer, silicon carbide and pyrolytic carbon. HTR’s safety features base on two main characteristics: low power density and passive safety systems. TRISO particles are the first barrier preventing the radioactive isotopes from releases what is also very important for reactor’s safety. The most mature HTR design is HTR-PM, 210 MWel gas-cooled reactor developed by Institute of Nuclear and New Energy Technology in China. A demonstration twin-unit plant has been constructed at Shidaowan and the hot functional testing has started in January 2021. The beginning of the operation is expected later this year [11].. 2.1.3. Fast Neutron Reactors Fast Neutron Reactors (FNRs) in past were designed to produce fissile plutonium from the uranium and plutonium fuel which they consume. They can generate more fissile material than they use (therefore, they are also known as Fast Breeder Reactors – FBRs) so in nuclear energy sector they could be used to close the fuel cycle. Also, FNRs can burn long-lived actinides recovered from the waste nuclear fuel from conventional reactors. The idea is very promising as FNRs could significantly extend the world’s uranium resources and reduce the longevity of high-level nuclear waste. However, they also face some challenges. FNRs use no moderator and their operation relies on fast neutrons that cause fissions, mostly in plutonium elements. Controlling of such reaction is more difficult and demanding. Also, this type of reactors uses molten salts as coolant. They must be kept in very high temperature to stay liquid; they are opaque and require much more driving force to circulate.. 22.

(23) Around 20 fast neutron reactors have already been in operation in different countries, serving for commercial and experimental purposes. The counties leading in this field are Russia and China where the FNRs are currently in operation. Others, like the USA and Canada are planning to construct this type of reactors. France has cancelled the project of its sodiumcooled reactor, ASTRID [12] [13].. 2.2.. NuScale – SMR. NuScale small modular reactor has been developed in Oregon State University (OSU) since year 2000. Its design bases on well-known light water technology and it is currently one of the most advanced SMR projects in the world. In August 2020, the NRC has issued the final safety evaluation report for NuScale reactor, concluding that the safety features of the design enable safe shut down and remaining stable state under emergency conditions [14]. NuScale safety relies mostly on passive safety systems and it has several features in terms of accidents’ mitigation and management comparing to traditional big LWRs, e.g., lower power density and fuel inventory, integrated design limiting the need for coolant piping, underground water pool (ultimate heat sink). All these advantages encourage designers to define NuScale as inherently safe, which means that the safe shutdown and cooldown of the reactor should occur, and no radioactive release is expected in case of any design basis accident. In NuScale SMR concept, the term “modular” means that 600 MWel power plant is designed as a system of 12 modules set in a common reactor building. Each module has three main components, namely: compact reactor pressure vessel (with steam generator tubes inside), turbine and electricity generator.. 23.

(24) Figure 1. NuScale reactor [15]. NuScale is an integral pressurized water reactor generating 160 MW thermal power with all the main components placed in one reactor pressure vessel. The coolant is heated when flowing through the reactor core, then it is driven up in the riser and turns to the downcomer. In the downcomer volume the steam generator tubes are placed, where the feedwater (FW) is heated, turns into vapor and then drives the turbine. At the same time the coolant temperature decreases, the coolant reaches the lower plenum and flows back to the core. The NuScale project has no circulation pumps. The pressurizer is situated at the top of the RPV and it is separated from the system with the thick baffle plate with 8 holes of ~10 cm diameter each. It enables the pressure maintenance and pressurizer water level control. The RPV is placed in the vacuum containment which in turn is surrounded by the underground water pool. The pool works as the reactor heat sink in case of an accident. The RPV is around 20 m high and 2.74 m in diameter and weighs 700 t, while the containment vessel is 23.16 m high and 4.57 m in diameter. The operating pressure is 12.76 MPa, the average 24.

(25) Reactor Coolant System (RCS) temperature is 558 K, and the best estimate coolant flowrate equals 587 kg/s [2]. The reactor core consists of 37 fuel assemblies which are very similar to typical currently used 17x17 light water reactor assemblies. The main difference is the length of the assemblies; in NuScale reactor the active fuel length is 2 m (in comparison to ~4 m in standard large PWRs). The fuel is UO2 enriched to 4.95%. NuScale reactor has some features in comparison to the traditional big light water reactor, few of them are as following: -. integral compact design, which limits the needed coolant piping, makes the reactor smaller and enables its production in the factory and transportation to the site,. -. natural circulation of the coolant, eliminating the need for coolant pumps,. -. individual containment vessel for each NPM (NuScale Power Module),. -. passive safety systems, lower power density and underground heat sink which enhance the reactor’s safety.. The Containment Vessel (CNV), surrounding each Reactor Pressure Vessel (RPV), provides a unique protection for the reactor in case of an accident. Even if a break in the RPV occurs (LOCA-type accident), the coolant is kept inside the CNV, preventing the primary system from voiding. The water can circulate between the RPV and CNV, effectively removing the decay heat. There is no need for pumping additional water into the RPV. During the normal work, the void in the containment isolates the RPV from the reactor pool. Passive safety systems are designed to operate without operator action or electronic feedback. Based on the laws and forces of nature (such as negative reactivity coefficients, gravity and convection) they are much more reliable and less vulnerable to external impact than traditional active safety systems. There are different levels of passivity as classified by the International Atomic Energy Agency (IAEA), depending on how much (if any) action or external power is required for the system to work [16]. Two main passive safety systems in NuScale reactor are: decay heat removal system and emergency core cooling system. The DHRS is an additional heat exchanger designed to remove heat from the primary coolant during any non-LOCA event when the normal feedwater is not available. Each NMP contains its own two DHRS trains. One train of DHRS is associated with one of two NPM’s 25.

(26) steam generators. Steam generator’s main steamline is connected to the DHRS steam inlet piping. In case of an accident, after the reactor SCRAM occurs, the DHRS is automatically actuated by the Module Protection System (MPS). It means that the DHRS actuation valves open and the Main Steam Isolation Valves (MSIVs) and Feedwater Isolation Valves (FWIVs) close (figure 1). The steam leaving the SG tubes is then turned into the DHRS passive condensers and the condensed water again goes into the associated feedwater line. The DHRS heat exchangers are situated in the water pool which plays the role of the ultimate heat sink. The flow in this loop continues, driven by natural circulation and provides enough cooling to safely remove the decay heat. The DHRS design ensures that the average RCS temperature is below 489 K (420°F) within 36 hours from the initiating event. No uncovery of the fuel or challenges to the Reactor Coolant Pressure Boundary (RCPB) should occur. In the event of one DHRS train failure, the second one can remove the decay heat from the primary side and fully perform its safety function. No passive or active components of the DHRS necessary for its safety performance are shared between individual NPMs. The water pool can be common for more than one module present in an NPP; however, the segments of the pool can be isolated from each other. It is particularly important in case of an accident to minimize the influence of one module’s transient to the whole NPP [17]. The ECCS consists of three Reactor Vent Valves (RVVs) and two Reactor Recirculation Valves (RRVs). The RVVs are located at the top of the RPV enabling the discharge of the steam directly to the containment vessel. The RRVs connect the containment to the downcomer just above the core and therefore they let the coolant recirculate into the RPV. All five valves are closed during normal operation and open automatically in case of LOCA or any other Anticipated Operational Occurrence (AOO) or design basis accident related to deficiency of normal cooling. After the ECCS actuation (when at least two RVVs and one RRV is open) the steam from the pressurizer is discharged into the containment vessel and then condensed on its inside surface. The coolant is routed back to the RPV through the RRVs. The RPV pressure and water level decrease and the containment pressure and water level increase to reach equilibrium and safely shutdown the NPM. The core remains covered with water in case of any LOCA-type event and possible fuel damage is limited to the negligible levels. The long-term ECCS operation is possible without operator action for at. 26.

(27) least 72 hours. The cooling function of the ECCS is completely passive with the heat conducted through the containment wall to the water pool. Another purpose of emergency core cooling system is to provide Low Temperature Overpressure Protection (LTOP) for the RPV. During the start-up and shutdown conditions the RPV temperature is low and the maximum allowable pressure should not be exceeded. To ensure that, the LTOP is actuated whenever RCS minimal temperature is below 436 K (325°F) and the RVVs are capable to open at the temperature dependent setpoints. When the coolant is discharged directly to the CNV, the pressure decreases and therefore remains below the safety limits until the reactor reaches its full power or is shutdown [18]. The major difference in safety approach between NuScale SMR and traditional large PWR is that there is no need for additional water supply in NuScale design. In case of any design basis accident, the coolant is kept inside the CNV and the decay heat is removed through the containment walls to the reactor pool. In large PWRs, the safety systems must provide the water injection to the primary system to prevent the core uncovery. According to the publicly available results of Probabilistic Safety Analysis (PSA) for NuScale reactor, the expected Core Damage Frequency (CDF) is 3x10-10/reactor·year and Large Early Release Frequency (LERF) is 2.1x10-11/ reactor·year [19]. The core damage and eventual radioactive release of more than one module in an NPP would have more severe consequences. However, the design of the plant provides the minimization of the multi-module accident risk. No safety equipment, beside the reactor pool divided into isolated segments, is shared by more than one module. The calculated probability of multimodule core damage is 4.1x10-11/plant·year. Expected large release frequency due to internal events for multiple modules is 1.7x10-13/ plant·year [19] [20].. 27.

(28) 3.. Generation III reactors. The works on generation III reactors designs started in 1980s. The Three Mile Island (1979) and Chernobyl (1986) accidents increased the public anxiety about the nuclear power plants safety and designers were forced to propose even more reliable solutions for accident mitigation. generation III designs are mostly the advanced versions of previously developed generation II reactors, using well-known light water (BWR, PWR) and heavy water (PHWR) technologies. Some of the new reactor designs are very large, up to 1600 MWel. The first generation III unit to start operation was an ABWR (Advanced Boiling Water Reactor) in 1996 in Japan (Kashiwazaki 6). However, this reactor, along with all BWRs in Japan, is still shut down after the Fukushima accident in 2011. The advanced reactor designs have numerous advantages comparing to their “basic” versions. Some of the gen. III features are: -. advanced safety systems, often passive (e.g., gravity-driven emergency cooling),. -. another new safety features, e.g., “core catcher”, hydrogen recombination system, double containment walls, more redundant safety and control systems,. -. improved fuel technology and thermal efficiency allowing to use uranium more efficiently (approximately 17% less uranium needed per unit of electricity generated in new reactors) and produce less nuclear waste,. -. prolonged operational lifetime (60 years, extendable to even 100 years of operation).. All these changes and improvements encourage designers to call generation III reactors inherently safe. The predicted core damage frequencies are significantly lower. Also, the passive safety systems allow the reactor shutdown and decay heat removal for (typically) 72 hours after the design basis accident without operator action and with no electric power available. However, some of the new safety equipment (such as core catcher and double containment wall) generates additional costs and complicates the construction [21] [22] [23].. 28.

(29) 3.1. Current status of generation III reactors. 3.1.1. Pressurized Water Reactors Most of the currently operating generation III reactors as well as those in development are pressurized water reactors. This is the best-known technology with the biggest operational experience. One of the generation III PWR already in operation is AP1000 (Advanced Passive) developed by Westinghouse. The reactor bases on AP600 design that gained its final certification application in 1999. The AP1000 is a two-loop reactor with a gross power rating of 3415 MWt and net electrical output of 1110 MWel. The designers’ goal was to develop simplified reactor with less equipment that will be cheaper to build comparing to other generation III reactors. Therefore, AP1000 requires significantly less piping, control cables, seismic building volume, fewer pumps and valves. It uses numerous passive safety systems to mitigate design basis accidents without operator action. Most important systems and components are: Automatic Depressurization System (ADS), Passive Core Cooling System, In-Containment Refueling Water Storage Tank (IRWST). The maximum AP1000 core damage frequency is 5.09x10-7/reactor·year (while the acceptance criteria for new reactors is 10-5/reactor·year). AP1000 final design certification was approved by NRC in 2005. Four units are already in operation in China (Zhejiang and Shandong) and two reactors are being constructed in the USA (Georgia). EPR (European or Evolutionary Pressurized Reactor) is another generation III PWR design. It was developed by joint venture of French Framatome and EDF and German Siemens. This four-loop reactor generates 4500 MWt and has net electrical output of around 1650 MWel. The reactor is more efficient and flexible in terms of fuel (5% enriched uranium oxide can be used as well as reprocessed uranium and mixed uranium plutonium oxide (MOX)). The enhanced safety characteristic is gained by simplification of the safety systems and their 4fold redundancy, reduced sensitivity to human errors, larger water inventories of pressurizer and steam generator, double wall containment. The EPR maximum core damage frequency is 6.1x10-7/reactor·year. Two first EPR units started their operation in China (Taishan) in 2018 and 2019. Four units are under construction in Europe but two face significant and 29.

(30) costly delays, one in Flamanville, France and another one in Olkiluoto, Finland. The other two units are constructed in UK - Hinkley Point C project - and this project is also touched by the delays and cost escalation. APR1400 (Advanced Power Reactor) is a new PWR design developed by Korea Electric Power Company (KEPCO). The reactor has a capacity of 4000 MWt and net electrical output of 1400 MWel. Its primary circuit contains two loops (each having one hot leg and two cold legs), four coolant pumps, two large U-tube type steam generators and a pressurizer. APR1400 uses fuel assemblies smaller than standard ones (16x16 instead of 17x17) and therefore the number of assemblies in the core is higher, 236. The optimal arrangement of fuel assemblies in the core allows for very good management of neutron flux and loadfollowing capacity. The use of improved, redundant and passive safety systems allows to expect the core damage frequency to be less than 10-5/reactor·year. Currently there are two APR1400 units in operation in South Korea (Shin Kori), another two are under construction at the same site and four units are being constructed in United Arab Emirates (Barakah). VVER-1200 (Vodo-Vodyanoi Energetichesky Reaktor; Water-Water Power Reactor) is a Russian advanced design of a PWR, with output power ~1200 MWel. VVER reactors have been developed since 1960s and every next model had increased capacity, efficiency and improved safety characteristics. The main differences between VVER and other PWR designs are horizontal steam generators, hexagonal fuel assemblies and large reactor coolant inventory. This type of reactor has been operated e.g., in Russia, Ukraine, Slovakia, Czech Republic, Germany and India. First units of VVER-1200 are already in operation in Russia and Belarus and other reactors are under construction (or planned) in Finland, Hungary, Bangladesh and China. Hualong One is a Chinese PWR with net power output of 1090 MWel, with a combination of active and passive safety systems and a double containment. The first demonstration unit has been connected to the grid at the Fuqing NPP in China in November 2020. Several other Hualong One reactors are now under construction in China and Pakistan.. 30.

(31) 3.1.2. Boiling Water Reactors The second most popular nuclear reactor technology in the world is BWR. There are also some advanced designs of boiling water reactors. Advanced Boiling Water Reactor (ABWR) is a generation III reactor offered by GE Hitachi and Toshiba. It generates 3926 MWt and the net electrical output is 1380 MWel. The main difference comparing to the standard BRW designs is the use of 10 reactor internal pumps placed on the bottom of the RPV instead of large recirculation pumps in containment. It improves the reactor performance and eliminates the need for complex piping connections to the RPV. The safety systems of ABWR are active, however the diversity and security of power sources, the redundancy of water injection sources and large ultimate heat sink ensure the core damage frequency at a very low level of 1.6x10-7. There were four ABWR reactors in Japan, but they are still out of operation after Fukushima accident. The new construction projects in Taiwan, the UK and the USA have been halted or shelved. ESBWR (Economic Simplified Boiling Water Reactor) is an improved version of ABWR, developed by Hitachi. The reactor’s thermal power is 4500 MWt and net electrical power: 1520 MWel. The design is more efficient and simpler, using 25% less valves, motors and pumps. ESBWR relies on passive safety systems, namely: the Isolation Condenser System, the Gravity Driven Cooling System and the Passive Containment Cooling System. Thanks to these systems, in case of an accident the reactor will shut down automatically and remain in safe, stable conditions without operator action and without any electrical power for at least 72 hours. The predicted core damage frequency is 1.65x10-8/reactor·year. ESBWR gained NRC design certification in 2014 but no specific decisions for the construction were taken since that time [21] [22] [23].. 3.2.. AP600 and AP1000 reactors. AP600 is an advanced pressurized water reactor developed by Westinghouse and licensed in 1999. It is a generation III design with thermal capacity of ~1940 MWt and net electrical output equal to 600 MWel. The design is simplified and less components (such as pumps, valves, pipes and cables) are used comparing to other reactors of the same size. Also, AP600 31.

(32) design is modular, which means that some major components can be built in a factory and transported to the site reducing costs and construction time. Safety is enhanced by using passive safety systems, low core power density, reduced design complexity, increased pressurizer volume etc. The plant design lifetime is 60 years.. Figure 2. AP600 reactor [24]. The reactor cooling system contains two cooling loops, each having a steam generator, two coolant pumps, one hot leg and two cold leg pipes. The pressure is controlled and maintained by a pressurizer connected to the cooling system by a surge line. The normal operating pressure is 15.51 MPa and the core outlet temperature is 588.75 K. Primary coolant flow rate is 9940 kg/s. The core consists of 145 fuel assemblies of standard 17x17 design. Fuel enrichment is 4.8% and the fuel cycle length is 24 months (but it can be also shortened to 18 months). The reactor system is enclosed in steel cylindrical containment, 39.6 m in diameter and 57.6 m high.. 32.

(33) Comparing to generation II PWR designs of similar electrical output, the AP600 reactor has several features: -. simplified modular design with reduced number of components (decreased cost and construction time),. -. usage of passive safety systems and redesign of other components to maximize safety,. -. high plant availability factor (>93%),. -. long (24 months) fuel cycle and 60 years design plant life [24].. AP600 relies on passive safety systems, the main of which are: Passive (Emergency) Core Cooling System (PXS) and Passive Containment Cooling System (PCS). Passive core cooling system mitigates any accidents related to leaks from the reactor coolant system when the core cooling becomes insufficient. PXS provides functions of decay heat removal, coolant injection and depressurization. Three different passive sources are used for safety injection: Core Makeup Tanks (CMTs), Accumulators (ACCs) and In-Containment Refueling Water Storage Tank (IRWST). The IRWST is designed for atmospheric pressure, therefore the primary system must be depressurized to use this injection source. Depressurization is initiated by Automatic Depressurization System (ADS) and takes place in four stages to finally lower the primary system pressure to about 0.18 MPa. PXS also includes the Passive Residual Heat Removal Heat Exchanger (PRHR HX) that enables core cooling after reactor shutdown in case of loss of feedwater. The heat sink for PRHR HX is provided by IRWST, sufficient for more than 1 hour of heat removal before the RCS coolant starts to boil. After that, the steam passes to the containment, condenses and drains back to the IRWST. The passive containment cooling system together with the PRHR HX should remove residual heat indefinitely with no operator action. Passive containment cooling system prevents the containment from exceeding its design pressure and temperature following accidents related to loss of primary coolant and loss of feedwater. PCS transfers heat from the containment directly to the environment. Its main component is the passive containment cooling water storage tank and the isolation valves. The tank is located above the containment vessel and the valves open automatically after the high containment pressure signal. Then the water starts to flow driven by the gravity and forms the water film over the head and walls of the containment reducing the pressure. The 33.

(34) water film evaporation together with the conduction through the steel containment vessel, convection from the containment surface to the water film and radiation from the water to the air baffle enable to maintain the containment pressure below the design value. The passive containment cooling water storage tank also provides makeup for the spent fuel pool if the emergency heat removal is needed [25]. AP600 did not find its way to commercial operation. The Westinghouse company used the economy of scale approach and designed AP1000 reactor, which is very similar to its smaller version, with the same operating pressure, core design and the arrangement of the passive safety systems. The AP1000 obtained the license in the USA in 2005. In 2008 the construction of four AP1000 reactors started in China. All these units were connected to the grid in 2018-19. Four reactors are being constructed in the USA since 2012, however they face significant cost overruns and delays and only Vogtle 3 and 4 unites construction is continued. The comparison of main parameters of AP1000, AP600, reference 2-loop large PWR and NuScale-SMR is presented in table 1. One should keep in mind that the proposed NuScale NPP will contains 12 modules, which means that the electrical output will be ~600 MWel. (or 924 MWel according to the latest update from NuScale Power [1]). According to the publicly available results of probabilistic safety analysis for AP600 reactor, the expected core damage frequency is 1.7x10-7/reactor·year and large early release frequency is 3x10-8/ reactor·year [24].. 34.

(35) Table 1. Main reactor paramaters' comparison [2] [26]. Systems / Components. AP1000. AP600. Reference 2-loop reactor. NuScale. Plant lifetime. 60 years. 60 years. 40 years. 60 years. Core power. 3400 MW. 1933 MW. 3390 MW. 160 MW. Net electrical output. ≥1000 WM. 600 MW. 1075 MW. 50 MW. Operating pressure. 15.51 MPa. 15.51 MPa. 15.51 MPa. 12.76 MPa. Hot leg temperature. 594.26 K. 588.71 K. 590.37 K. 587 K. SG design pressure. 8.72 MPa. 8.27 MPa. 7.58 MPa. 6.89 MPa. Main feedwater temperature. 499.82 K. 497.04 K. 502.59 K. 422.04 K. Number of fuel assemblies. 157. 145. 217. 37. Fuel assembly array. 17x17. 17x17. 16x16. 17x17. Active fuel length. 4.27 m. 3.66 m. 3.81 m. 2.44 m. Average linear power. 18.76 kW/m. 13.45 kW/m. 17.52 kW/m. 8.2 kW/m. Reactor vessel ID. 4.04 m. 3.99 m. 4.37 m. ~2.74 m. Steam generator type. vetical U-tube. vetical U-tube. vetical U-tube. helical coil. Number of steam generators. 2. 2. 2. 1. Number of reactor coolant pumps. 4. 4. 4. 0. Estimated flow per loop. 7308.78 kg/s. 4969.97 kg/s. 9647.59 kg/s. 587 kg/s. Total estmated flow. 14617.56 kg/s. 9939.94 kg/s. 19295.17 kg/s. 587 kg/s. CNV ID. 39.62 m. 39.62 m. 42.67 m. ~4.37 m. CNV volume. 58332.7 m3. 49837.7 m3. 75804.2 m3. 317.8 m3. Accumulator number x vol.. 2x 56.63 m3. 2x 56.63 m3. 2x 63.71m3. -. CMT number x vol.. 2x 70.79 m3. 2x 56.63 m3. IRWST number x vol.. 1x 2233.39 m. Diesel number x capacity. 2x 4000 kW. 3. 1x 2006.27 m 2x 4000 kW. 35. 3. 1x 1798.07 m 2x 4400 kW. 3. -.

(36) 4.. Nuclear safety. 4.1.. Approach to safety in nuclear power plants. Radiation protection is one of the most important issues in every facility and activity in which any radioactive materials are used, i.e., medical treatment, nuclear energy and research reactors exploitation, nuclear fuel production and storage etc. There are numerous medical and industrial benefits of using radioactive isotopes, however we should always keep in mind that ionizing radiation can be dangerous for human health and life when someone is exposed in an uncontrolled way. Therefore, the International Atomic Energy Agency publishes and constantly updates many documents and reports containing the requirements and guidelines on treatment of radioactive materials as well as procedures for any accident conditions in which they are involved. The whole of this documentation is called IAEA Safety Standards and more specifically they are divided into Safety Fundamentals, Safety Requirements and Safety Guides [27]. Every event resulting in radioactive releases can have international consequences and therefore IAEA obliges its member countries to comply with the safety standards so that the risk of radioactive pollution is as low as possible. This documentation is a result of a dialog between experts in nuclear energy, radiation protection and medicine and after publishing the rules are implemented into each country’s law by national regulatory authorities. The International Commission on Radiological Protection (ICRP) is an independent, nongovernmental organization (NGO) created in 1928. It gathers more than two hundred of world’s leading scientists and policy makers in radiological protection field. ICRP provides general recommendations on the protection rules and radiation exposure levels that are intended mostly for the regulatory bodies. So far, the Commission has published well over one hundred publications. The regulations are implemented into European Union directives. One of the main basic rules in radiation protection is called ALARA (As Low As Reasonably Achievable) principle, which states that the radioactive doses obtained by the patients, workers and other people, resulting from the standard procedures or emergency situations should be minimized as far as it is possible using rational methods. This rule came from the assumption that the risk of negative health effects decreases proportionally to the obtained radioactive dose [28]. According to ICRP recommendations, the limit for dose obtained by 36.

(37) the worker of nuclear facility is 50 mSv/year and the maximum dose for non-nuclear worker is 1 mSv/year (for comparison, the average dose obtained from the radioactive background in the world is 2.4 mSv/year) [29]. Polish atomic law mentions also workers taking part in removing the effects of radiological event or involved in interventions in case of such event. The limit of effective dose obtained by such worker is 100 mSv. The same act determines the maximum dose for a person living close to the NPP, that is 0.3 mSv/year [30]. In practice, with the development of nuclear rectors’ technologies, the actual radioactive doses obtained by people living close to the NPPs are negligible comparing to the radioactive background [31]. In order to ensure nuclear power plant safety and in case of an accident mitigate its consequences, the concept of defense in depth (DiD) was introduced. It includes five levels of protection, serving to prevent radioactive releases to the environment. -. Level I provides avoidance of any abnormal reactor states and equipment failures. The emphasis is put on the safest possible design, following rules such as safety systems redundancy, independence, and variability. The nuclear power plant should be designed in the conservative way, with appropriate safety margins and using the most reliable materials and equipment. Ensuring the proper safety culture is also a very important element of this level of defense.. -. Level II concerns detection and control of anticipated operational occurrences in the way that they do not evolve into more severe accidents and their consequences are acceptably low. It requires appropriate analysis to find out which initiating events could result in AOOs and to define relevant safety procedures.. -. Level III is devoted to less probable events, so-called design basis accidents. The reactors should be designed in a way to ensure automatic reactor shutdown in case of any DBA and to mitigate possible negative consequences by activating appropriate safety systems (e.g., emergency core cooling system) and following safety procedures.. -. Level IV includes procedures regarding the Beyond Design Extension Conditions (BDBA) that enables mitigating their consequences and keeping the radioactive releases to the environment as low as possible. The main assumption is preventing the loss of containment barrier. 37.

(38) -. Level V concerns the least probable but also the most dangerous situations when the radioactive releases to the environment occur (severe accidents, SA). For such cases the appropriate procedures are prepared aiming to minimize the scope of contamination and risk for the people. The crisis management center and emergency planning zones are necessary elements of emergency preparedness [32].. The DiD rule can be also interpreted as co-existence of several physical barriers preventing radioactive isotopes from being released outside the plant. In typical pressurized light water reactor three main barriers are: -. Fuel pellets, where most of the radioactive isotopes are produced in the process of nuclear fissions. The pellets form the fuel pin which is surrounded by zirconium cladding. As long as the fuel temperature is kept below the safety limits, the vast majority of the radioactive substances remains inside the pin,. -. The reactor pressure vessel with the coolant inside is the next barrier against the releases,. -. The last barrier, concrete containment vessel, surrounding the RPV also provides protection against the external threats [32].. Thanks to the DiD approach even if only one barrier retains its integrity, no serious radioactive releases to the environment should occur. NuScale has another two barriers against radioactive releases, namely the reactor pool which surrounds the containment vessel and the reactor building. The reactor building can be considered as a safety-related system. Currently designed reactors (generation III+ and IV) have enhanced safety features basing on natural phenomena such as gravity or natural convection. The safety systems using these laws are called passive safety systems and they are designed to provide automatic reactor shutdown, maintain containment integrity and prevent core damage and radioactive releases even without external power supply and without operator action [16].. 38.

(39) 4.2.. Operational states of an NPP. During the lifetime of an NPP different situations and states can occur, from normal operation to the severe accident. Many efforts are made to avoid any failures or accidents; however, safety procedures require the analyses of every possible event in terms of its probability and predicted consequences. The normal work of the reactor includes operation with nominal power but also all the scheduled breaks, maintenance and refueling. The abnormal NPP states are presented in table 2. Table 2. Classification of NPP abnormal operational states. Occurrence [1/reactor·year]. Characteristics. Plant state. Acceptance criteria. >10-2 (expected over the lifetime of the plant). Expected. Anticipated operational occurrences. No additional fuel damage. Possible. Design basis accidents. No radiological impact at all, or no radiological impact outside the exclusion area. 10-6-10-4 (chance less than 1% over the lifetime of the plant). Unlikely. Beyond design basis accidents (or Design Extension Conditions, DEC). Radiological consequences outside the exclusion area within limits. <10-6 (very unlikely to occur). Remote. Severe accidents. Emergency response needed. 10-4-10-2 (chance greater than 1% over the lifetime of the plant). In widely used classification, transients can be divided into: anticipated operational occurrences, design basis accidents, beyond design basis conditions (or design extension conditions) and severe accidents. it is assumed that event classified as anticipated operational occurrence can happen once in NPP lifetime and should not result in core damage. In case of design basis accident, the safety systems must guarantee prevention of radioactive releases outside the excluded area surrounding the plant. If the beyond design basis accident occurs, more severe consequences are expected, however the level radioactive release should be maintained below the acceptance limits. So-called severe accidents have more serious consequences but also the lowest, almost negligible probability of occurrence (table 2).. 39.

(40) In order to facilitate the classification of nuclear transients and accidents in terms of their consequences, IAEA together with OECD Nuclear Energy Agency (OECD NEA) have introduced in 1990 the International Nuclear and Radiological Event Scale (INES). The INES scale (figure 3 [33]) includes 7 levels of nuclear events, starting from the least severe anomaly (level 1) up to the major accident (level 7). Also, the events with no safety significance but deviating from normal operation can be classified (level 0, below scale).. Figure 3. Classification of nuclear events according to IAEA [33]. For each level of events on the scale, the related consequences were specified such as radioactive doses obtained by the workers and people in the vicinity of the plant, the predicted level of core damage and radioactive releases (expressed as an equivalent of terabecquerels of radioactive. 131. I). It was also determined what type of action should be. undertaken in case of each event. The possible actions include measurements of radioactivity in the proximity of the site, controls of potential food contamination and, in the worst case, the evacuation of local inhabitants to limit the health consequences. In the history of nuclear energy only two events were classified as level 7 on the INES scale: Chernobyl disaster in 1986 and Fukushima accident in 2011 (however, the radioactive releases to the environment after the Chernobyl disaster were significantly higher). The scale helps to inform the society clearly and honestly about any alarming events happening in the NPPs [34].. 40.

(41) 4.3.. NPP safety analyses. Nuclear safety analyses are conducted to assess probability, progress and consequences of any possible accident that can happen during the lifetime of the plant. Verification and at least additional analyses are necessary for every new built reactor, even if well-known design is used, because the potential initial events and the acceptance criteria can differ depending on the location of the plant. The safety analyses should prove that the level of predicted radioactive releases for any accident situation is below the limit set by law. Otherwise, the appropriate changes in the design are needed. An NPP safety study includes two complementary parts: Probabilistic Safety Analysis (PSA) and Deterministic Safety Analysis (DSA). Together they allow to assess what is the probability of each event and how severe consequences it can cause. The starting point to conducting PSA is determining the set of postulated initiating events (PIEs). PIEs are the events that influence the operation of the plant and can lead to potentially dangerous situations. The list of considered PIEs for all PWR reactors can differ slightly for different plants depending on the specific design and localization. PIEs can be divided into internal events (such as equipment failures, human mistakes) and external events (natural and human induced). The coincidence and mutual influence of two or more initiating events should be also analyzed in cases when its probability is not negligible. Probabilistic safety analysis can be performed using event trees (ETs) or fault trees (FTs). Event tree starts with initiating event that should result in automatic reactor SCRAM. On the next level of the tree the success and the failure of the automatic SCRAM is considered and for both situations their probability is determined. The next steps of the analysis show potential consequences and progress of each event path, always considering two possibilities: success and failure of safety equipment. At the end of such event tree the consequences and probabilities of each event sequence can be seen, from the complete mitigation of the accident up to the severe accident containing multiple safety systems failures. Such approach enables to determine weak and strong points among the safetyrelated equipment and assess the consequences of its failure. Fault tree is built in a different manner, starting from the severe accident conditions. Then, different events and sequences leading to this situation are considered. The events are 41.

(42) connected by the logic gates: AND, OR and XOR. This study helps to assess which failures, occurring together, have the most dangerous consequences and which safety systems complement each other to prevent the accident. Probabilistic safety analysis contains three consecutive levels. First one (PSAL1) is devoted to reactor core and - using event trees and fault trees - analyzes human mistakes and equipment failures together with their potential consequences. The main result of PSAL1 is the predicted core damage frequency. This is the base for the next level (PSAL2) in which the behavior and integrity of containment in cases of different events are analyzed. Such study provides the information on the risk of radioactive releases to the environment and assess the potential releases both qualitatively and quantitatively. The last step is PSAL3 including the analysis of spreading of radioisotopes outside the plant and potential health and environmental consequences of the contamination. Beside the results of PSAL2, the demographic and atmospheric characteristics of the site are considered as well as detailed information on each released radioisotope [35]. Deterministic safety analysis consists of precise simulation of accident resulting from specified initiating event or set of events. Numerous computational codes serve this purpose, allowing the overall analysis of systems response to the accident conditions, in neutronic, thermal-hydraulic, radiological and structural view. The simulation is most often conducted until the reactor reaches stable and safe conditions. Its result is the set of data showing how the basic reactor parameters (core decay heat, RPV pressure and temperature, coolant mass flow, neutron flux, radioisotope distribution etc.) were changing during the accident. Then, it can be assessed if any of the parameters went beyond the safety limits. Some of the most important values obtained in the analysis are coolant temperature and pressure and the temperature of fuel in the hottest point of the core. Coolant parameters show if any void fraction – unwanted in pressurized reactors – occurred and what was the critical heat flux ratio (CHFR). The occurrence of CHF would vastly decrease the possibility of heat removal by the coolant. The information on fuel temperature allows to determine if the fuel pins were damaged and to which extend. This fact is extremely important as the zirconium cladding surrounding the uranium oxide pellets is the first physical barrier against the release of radioisotopes to the coolant. The final and most severe effect of extreme fuel temperature growth is the core meltdown [36]. 42.

(43) There are various approaches to conducting deterministic safety analysis, depending on how conservative (pessimistic) assumptions are made before the simulation. Four possible approaches are shown in table 3. Computer codes considered as “best estimate” are those allowing for realistic simulation of all the important physical processes taking place in the reactor and prediction of plant systems’ behavior during the accident. Currently the availability of such codes is improving, and it is possible to check the reliability of the results using constantly developing databases from experimental and industrial reactors. Table 3. Approaches to deterministic safety analysis [36]. Option. Computer code. Availability of systems. Initial and boundary conditions. 1.Conservative. Conservative. Conservative assumptions. Conservative input data. 2.Combined. Best estimate. Conservative assumptions. 3.Best estimate plus uncertainty. Best estimate. Conservative assumptions. 4.Realistic. Best estimate. Best estimate. Conservative input data Best estimate Partly most unfavorable conditions Best estimate. The conservative approach is most often used in terms of availability of the systems. It means that in each accident analysis the analyst assumes unavailability of the system that would be most important for its mitigation. For example, in the simulations of design basis accidents, the situation of loss of power supply should be also considered. Such event prevents the active safety systems from actuation, and it can influence the severity of accident consequences. In case of initial and boundary conditions, again the pessimistic values of the most important parameters are often chosen. Initial conditions include RPV pressure and temperature, core thermal power, coolant mass flow etc. Boundary conditions are those related to the safety systems and heat and energy removal.. 43.

(44) In practice, the second (combined) approach is used most often. By using the code simulating the accident progress in most realistic way, choosing pessimistic initial and boundary conditions and conservative assumptions on systems availability, the analysis gives slightly inflated results. If the key reactor parameters obtained in such type of study are below the safety limits, it proves that the safety equipment is sufficient to mitigate given event. The third option, called best estimate plus uncertainty approach, is used in case of availability of tools and data describing how the main reactor parameters can vary in analyzed event. This approach is more time consuming, however it allows to assess which initial conditions have the biggest influence on accident progression and sometimes to eliminate unnecessary conservatism and find the optimal parameters for the design. The last, realistic option requires the use of probabilistic safety analysis results to assess the availability of the systems in case of different accidents. Realistic input data with uncertainties is used for the initial and boundary conditions. Therefore, this approach gives reliable results and with currently available computational power, algorithms and data, it is being developed by the NRC [36] [37] [38]. In overall safety analysis for the plant the combination of second and third approach is used, depending on availability of data, type, and expected frequency of analyzed event. In present work, the deterministic safety analysis is conducted for some of the most important scenarios (turbine trip, LOCA and station blackout) using best estimate system thermal-hydraulic code and with conservative assumptions in terms of safety systems availability.. 4.4.Acceptance criteria The results of any safety analysis should determine if the acceptance criteria for the given event and existing design are met, i.e., if the key reactor parameters are kept below the safety limits, allowing to avoid serious consequences.. 44.