Facebook Instagram Youtube Twitter

Level 4 – Severe Accidents

Design extension conditions are postulated accidents that are not considered for design basis accidents but are considered in the design process for the facility by the best estimate methodology and for which releases of radioactive material are kept within acceptable limits. DECs are those conditions not included in the DBAs and which have a frequency of occurrence that cannot be neglected and, in some cases, comparable with the frequency of some DBAs. These conditions are derived based on engineering judgment, deterministic assessments, and probabilistic assessments.

The design extension conditions shall be used to define the design specifications for safety features and for the design of all other items important to safety that are necessary for preventing such conditions from arising or, if they do arise, for controlling them and mitigating their consequences.

Design extension conditions comprise:

  • DECs without significant fuel degradation. For PWRs, some typical DECs without fuel degradation are not strongly design-dependent and are commonly postulated. The objective of the safety analysis of design extension conditions without significant fuel degradation aims to demonstrate that core melt can be prevented with an adequate level of confidence and that there is an adequate margin to avoid any cliff edge effects. The same or similar technical and radiological criteria as those for design basis accidents may be considered for these conditions to the extent practicable. Typically:
    • Station Blackout – SBO
    • Loss of core cooling in the residual heat removal mode
    • Extended loss of cooling of fuel pool and inventory;
  • DECs with core melting.  Although these events are unlikely, they cannot be “practically eliminated.” SSR-2/1 requires that the design is such to ensure the capability to mitigate the consequences of severe degradation of the reactor core. Therefore, it is necessary to select a representative group of severe accident conditions (DECs with core melt) to be used for defining the design basis of the mitigatory safety features for these conditions. For DECs with core melt, maintaining the integrity of the containment is the main objective. This also implies that the molten fuel’s cooling and stabilization and the heat removal from the containment need to be achieved in the long term. Typical scenarios are:
    • LB-LOCA with loss of all ac power (AB accident)
    • Containment bypass accidents (V)
Level 4 - Management of severe conditions
An objective of the safety analysis of design extension conditions without significant fuel degradation is to demonstrate that core melt can be prevented with an adequate level of confidence and that there is an adequate margin to avoid any cliff edge effects.

In addition to engineering and procedures which reduce the risk and severity of accidents, all plants have guidelines for severe accident management or mitigation (SAM). Severe accident scenarios commonly used evolved from those developed in the Reactor Safety Study, which is often referred to as WASH-1400.

Such plant conditions may be caused by multiple failures, such as the complete loss of all trains of a safety system, or by an extremely unlikely event, such as a severe flood.

The safety analysis of severe accidents should demonstrate that compliance with the acceptance criteria is achieved by features implemented in the design, combined with the implementation of procedures or guidelines for accident management. Radiological acceptance criteria in terms of doses to members of the public (or releases to the environment) used for the analysis of severe accidents should represent levels such that only offsite protective actions that are limited in terms of lengths of time and areas of application are necessary, and that there is sufficient time for their implementation early enough for them to be effective.

Level 4 of defense-in-depth includes procedures and equipment used to handle situations not covered by the first three levels of defense-in-depth; these are accidents that could result in reactor core melt. At level 4, the broad aim is to ensure that the likelihood of an accident entailing severe core damage, and the magnitude of radioactive releases in the unlikely event that a severe plant condition occurs, are both kept as low as reasonably achievable. The most important objective for mitigating the consequences of an accident in Level 4 is the protection of the confinement. Functions that protect the containment, such as containment cooling, penetration control, and hydrogen recombiners, are typically designed and analyzed to the same conservative standards as engineered safety features. The protection provided by the confinement may be demonstrated using best estimate methods.

Plant States

nuclear power plant states - accident conditions

Acceptance Criteria for Severe Accidents

Acceptance criteria for severe accidents are less prescriptive than the criteria for DBAs. Typically, the criterion is considered concerning the very low probability associated with a severe accident.

Examples of more specific criteria are as follows:

  • There should be no containment failure because of pressure and temperature loads.
  • There should be no immediate health effects on the population.
  • For long-term effects, the 137Cs release limit needs to be below the prescribed value.

Core Melt Accident

A reactor core melt accident is an event or sequence of events that result in the melting of part of the fuel in the reactor core. Although this event is very unlikely, it cannot be ruled out. There are many and many barriers that have to be breached. Especially, common (usually 3×100%) failure of the Emergency Core Cooling System (ECCS) must occur after severe loss of coolant accident.

See also: Reactor Core Melt Accident

See also: Nuclear Power Reactor Core Melt Accidents, Science and Technology Series. IRSN – Institute for Radiological Protection and Nuclear Safety. ISBN: 978-2-7598-1835-8

Cliff Edge Effects

The definition of cliff edge effect in the IAEA Safety Glossary is:

“In a nuclear power plant, an instance of severely abnormal plant behavior caused by an abrupt transition from one plant status to another following a small deviation in a plant parameter, and thus a sudden large variation in plant conditions in response to a small variation in an input.” 

The concept of the cliff edge effect was intensively used after the accident at the Fukushima Daiichi NPP. Cliff edge effects are usually associated with Beyond Design Basis External Events such as coastal and river floods, which are examples of external events with the potential to cause cliff edge effects.

Best Estimate plus Uncertainty Analysis

Using a conservative methodology may be so conservative that important safety issues may be masked. For example, the assumption of a high core power level may lead to high levels of the steam-water mixture in the core in the case of a postulated small break loss of coolant accident. Consequently, the calculated peak cladding temperature may not be conservative.

Example – Station Blackout – SBO

The term “station blackout” (SBO) refers to the complete loss of offsite power combined with the failure of the emergency diesel generators or alternative emergency power supply. Station blackout does not include the loss of available ac power to buses fed by station batteries through inverters or by alternate ac sources as defined in this section, nor does it assume a concurrent single failure or design basis accident. Because many safety systems necessary for reactor core decay heat removal depend on ac power, an SBO could result in a severe core damage accident. Hence to recover from, or cope with, an SBO event, the AC power supply must be restored from normal operation sources, standby sources, or alternate AC power sources as soon as possible to prevent fuel damage.

The SBO coping duration is defined as the time from the onset of an SBO to the time when either offsite (preferred) or onsite (EDGs) ac power is restored to at least one of the safe shutdown buses. The reactor core and associated coolant, control, and protection systems, including station batteries and other necessary support systems, must provide sufficient capacity and capability to ensure that the core is cooled and appropriate containment integrity is maintained in the event of an SBO for the specified duration.

Plants equipped with passive features for residual heat removal can cope for an extended duration. Still, it is important to recognize that efforts to restore AC power must continue to minimize potential fuel damage and maintain continuity of the DC power supply.

Radiological Assessment

Radioactivity release is one of the safety aspects for several DBA scenarios and some DEC scenarios: The following cases may be examples of DBA events with radiological consequences:

  • LOCAs with radionuclides escaping into the containment and released into the environment through design containment leakages
  • Accidents with leaks from the primary circuit bypassing the containment, such as instrument line rupture and PRISE leaks. Primary to secondary leaks (PRISE) remains one of the most serious events which can threaten the defense-in-depth of nuclear power plants and jeopardize safety.
  • Leaks from the primary circuit during maintenance, refueling, or other outages.

This group of accidents, more or less, leads to radioactivity releases from the fuel and the reactor coolant, their transport through the primary circuit, their release and transport to the containment, and the radiological source term released into the environment. The relevant acceptance criterion is:

“The release of radioactive material shall not result in offsite doses in excess of specific limits.”

Calculated doses must be below the limits for DBAs, assuming an event-generated iodine spike and an equilibrium iodine concentration for continued power operation and considering actual operational limits and conditions for the primary and secondary coolant activity. The radiological consequences for the environment depend primarily on short-term releases of iodine and longer-term releases of cesium. In practical terms, iodine releases determine short-term management of the accident, while cesium releases determine medium- and long-term management of the accident.

In addition to engineering and procedures which reduce the risk and severity of accidents, all plants have guidelines for severe accident management or mitigation (SAM). Severe accident scenarios commonly used evolved from those developed in the Reactor Safety Study, which is often referred to as WASH-1400. The following cases may be examples of DEC events:

  • LB-LOCA with loss of all ac power (AB accident)
  • Containment bypass accidents (mode V)

Acceptance criteria for severe accidents are less prescriptive than the criteria for DBAs. Typically, the criterion is considered concerning the very low probability associated with a severe accident.

Examples of more specific criteria are as follows:

  • There should be no containment failure because of pressure and temperature loads.
  • There should be no immediate health effects on the population.
  • For long-term effects, the 137Cs release limit needs to be below the prescribed value.
 
References:
Nuclear and Reactor Physics:
  1. J. R. Lamarsh, Introduction to Nuclear Reactor Theory, 2nd ed., Addison-Wesley, Reading, MA (1983).
  2. J. R. Lamarsh, A. J. Baratta, Introduction to Nuclear Engineering, 3d ed., Prentice-Hall, 2001, ISBN: 0-201-82498-1.
  3. W. M. Stacey, Nuclear Reactor Physics, John Wiley & Sons, 2001, ISBN: 0- 471-39127-1.
  4. Glasstone, Sesonske. Nuclear Reactor Engineering: Reactor Systems Engineering, Springer; 4th edition, 1994, ISBN: 978-0412985317
  5. W.S.C. Williams. Nuclear and Particle Physics. Clarendon Press; 1 edition, 1991, ISBN: 978-0198520467
  6. G.R.Keepin. Physics of Nuclear Kinetics. Addison-Wesley Pub. Co; 1st edition, 1965
  7. Robert Reed Burn, Introduction to Nuclear Reactor Operation, 1988.
  8. U.S. Department of Energy, Nuclear Physics and Reactor Theory. DOE Fundamentals Handbook, Volume 1 and 2. January 1993.

Nuclear Safety:

  1. IAEA Safety Standards, Safety of Nuclear Power Plants: Design, SSR-2/1 (Rev. 1). VIENNA, 2016.
  2. IAEA Safety Standards, Safety of Nuclear Power Plants: Commissioning and Operation, SSR-2/2 (Rev. 1). VIENNA, 2016.
  3. IAEA Safety Standards, Deterministic Safety Analysis for Nuclear Power Plants, SSG-2 (Rev. 1). VIENNA, 2019.
  4. IAEA TECDOC SERIES, Considerations on the Application of the IAEA Safety Requirements for the Design of Nuclear Power Plants, IAEA-TECDOC-1791. VIENNA, 2016.
  5. Safety Reports Series, Accident Analysis for Nuclear Power Plants with Pressurized Water Reactors. ISBN 92–0–110603–3. VIENNA, 2003.
  6. Appendix A to 10 CFR Part 50, “General Design Criteria for Nuclear Plants.”
  7. NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition.
  8. Nuclear Power Reactor Core Melt Accidents, Science and Technology Series. IRSN – Institute for Radiological Protection and Nuclear Safety. ISBN: 978-2-7598-1835-8
  9. ANSI ANS 51.1: Nuclear Safety Criteria for the Design of Stationary Pressurized Water Reactor Plants, 1983.

See above:

Nuclear Safety