As with any major event in the global commercial nuclear generating industry, the March 2011 Fukushima Daiichi incident has provided many lessons for the global nuclear power industry. Following the event, nuclear regulators and plant operators around the world performed systemic safety assessments of their nuclear plants. The assessments resulted in nuclear plant operators making a variety of safety enhancements to increase robustness against very low probability external events, extend coping capabilities for loss of AC power beyond the current plant licensing basis, enhance severe accident management mitigation capabilities and enhance emergency management capabilities.
Many of these safety improvements have been consistently implemented around the world. For example: a review of committed and completed safety enhancements revealed that all countries implemented new means of supplying water and electricity into plants using portable equipment; validated the current seismic and flooding basis for their plants; and enhanced emergency planning to include potential simultaneous accidents at multiple units.
The review also shows that while there are many commonalities, there are some significant differences in country-specific safety enhancements. There are a variety of drivers for these differences, including a political environment that either supports or rejects nuclear energy, safety enhancements already made, regulatory landscapes affecting how new requirements are added within countries to the operating licences of their plants and whether the emphasis within that country is on preventing accidents versus mitigating the consequences of accidents. These differences affect the scope, priority and timing of safety enhancements.
National SAFER Response Center in Arizona.
This article compares and contrasts three unique country approaches to identifying post-Fukushima safety enhancements and the safety enhancements being made in the US, Slovenia and Taiwan. The US currently operates 99 units with five more under construction, Slovenia operates a single unit at the Krško site and Taiwan operates six units on three sites with another two units under suspended construction.
US
The US commercial nuclear operating fleet is very broad and diverse. There are multiple nuclear steam supply system vendors and numerous variations of the original designs operating at different stages of their licences by 23 utilities.
Shortly after the Fukushima event, the US Nuclear Regulatory Commission (NRC) appointed what it called a "Near Term Task Force" to evaluate what happened at the Fukushima Daiichi site and make recommendations for improving safety for both operating and new nuclear reactors. The task force’s final report, "Recommendations for Enhancing Reactor Safety in the 21st Century," detailed 12 recommendations to be considered by the NRC. The recommendations focused on improving the NRC’s regulatory framework, and the efficiency of NRC programmes, enhancing nuclear plant protection and mitigation capabilities, and enhancing nuclear plant emergency preparedness. The recommendations made included a combination of plant modifications, re-evaluations of existing systems and programmes, as well as programme enhancements.
These 12 recommendations were prioritised by the NRC into three tiers in order of greatest to least safety benefits. Based on the recommendations the NRC issued three orders in 2012 to industry that resulted in:
- All plants, regardless of design, are installing hardware in spent fuel pools to measure the water level from the surface to the top of the fuel stored in the pool.
- All plants with reactor designs similar to the boiling water reactor (BWR) designs at Fukushima are installing hardened vents capable of withstanding a severe accident.
- All plants are implementing the Diverse and Flexible (FLEX) Coping Strategies developed by industry and accepted by the NRC.
While all of these modifications improved plant safety, by far the most significant safety enhancement in the US following the Fukushima accident is the implementation of the FLEX programme. This programme was designed by industry and formalised through the Nuclear Energy Institute in response to an NRC order requiring all plants to implement mitigating strategies to address beyond design basis external events, specifically to establish indefinite coping capability for an external event that causes a complete loss of all AC power and a loss of normal access to the ultimate heat sink. Indefinite coping is accomplished in three phases:
- Using installed plant equipment that is independent of AC power and would survive the external event.
- Using portable equipment stored onsite that can provide power and water to the plant through various connection points.
- Using an offsite resource that will be made available within 24 hours of plant notification that such resources may be necessary.
The FLEX programme has been a significant industry undertaking in the US requiring many plant modifications, including creating multiple connection points for portable pumps and generators, constructing buildings to store the portable equipment and other actions to further enhance plant robustness such as installing low-leakage reactor coolant pump seals. FLEX has also resulted in other significant changes including developing new procedures for the operation of all of the new equipment, conducting ongoing maintenance activities for all of the new equipment, training plant personnel (both operations personnel and others who may be called to use the equipment during an event) and creating and maintaining an ongoing programme to manage all aspects of FLEX.
The typical cost to industry for implementing the FLEX programme was in the range of $20 to $40 million per unit. The majority of nuclear plants in the US had up to five years to implement FLEX and most will be in compliance by the end of 2016; however, a few plants require more time due to the significance of the modifications necessary at those plants.
Beyond these significant investments, US nuclear utilities have also established and are maintaining a countrywide overall response capability for beyond design basis external events. This capability includes two diverse and redundant equipment storage facilities called National Strategic Alliance for FLEX Emergency Response (SAFER) Centers (NSRCs) that contain portable equipment such as generators, pumps, hoses, and other supporting equipment; two redundant SAFER Control Centers (SCCs) in Lynchburg, Virginia (primary) and Birmingham, Alabama (alternate), that will be staffed and operated to coordinate the SAFER response for any event. An industry organisation called SAFER was also established to oversee their use and the overall programme’s implementation.
The SAFER organisation has established plans that allow response to a request for assistance from any plant to be responded to with exactly what that plant needs within 24 hours from either of the NSRCs, which are located in Memphis, Tennessee, and Tolleson near Phoenix, Arizona. This level of emergency preparedness was achieved through well- organised and thorough planning that has resulted in a playbook for each plant site. Each plant site’s playbook includes a list of equipment to be sent for that site’s specific needs. To ensure the 24 hour response, the SAFER organisation established contracts with Federal Express Custom Critical and commercial heavy- lift helicopter operators to transport a first set of equipment that would be small enough to be transported by helicopter, if necessary, to arrive within 24 hours. Additional larger equipment would go to the site within 72 hours.
The safety benefit obtained from FLEX through this redundancy, what the NRC calls defence in depth, can be significant. Preliminary risk assessments show up to a 30% reduction in core damage frequency – depending on plant design – once FLEX is implemented. Even though the NRC indicated that the US nuclear fleet was operating safety and could have dealt with a Fukushima-type event, the US industry has spent approximately $4 billion to enhance the safety of its fleet to incorporate the lessons learned, with a primary focus on enhancing the robustness of plants to safely respond to beyond design basis external events to prevent core damage.
Slovenia
Nuklearna Elektrarna Krško operates the single nuclear power plant in Slovenia. Prior to Fukushima, the Krško Nuclear Power Plant had, like the plants in the US, already taken steps to mitigate damage against the loss of a large area from a man-made catastrophic event, including obtaining portable equipment and creating connection points. Additionally, Krško was in the process of installing another safety diesel generator and an extra dike to increase protection against higher flood levels.
Following the Fukushima accident, Slovenia, as part of the European Union (EU), conducted stress tests of the Krško plant. The upgrades already implemented before the accident were important contributors to the excellent results Krško had during the EU stress tests. Other contributors were significant upgrades the Krško NPP was already planning as a result of applying for a licence extension in 2009 to operate beyond 2023.
The Krško Safety Upgrade Programme (SUP) was designed in response to the Slovenian Nuclear Safety Administration’s (SNSA) regulations and interpretation of reference safety levels from the WENRA report, "WENRA Reactor Safety Reference Levels", concerning reasonable measures to prevent and mitigate severe accidents in preparation for the possibility of extending original plant operating licences. The reference safety levels within the report are agreed on by WENRA members and were updated in 2014 to incorporate lessons learned from the event at the Fukushima site.
The SUP considered newly defined Design Extension Conditions (DEC), which are separated into two categories, A and B. Category A addresses core damage prevention following beyond design basis initiating events, including providing long-term residual heat removal. Category B addresses containment integrity in case of core melt and reactor vessel failure and minimises radioactive releases to protect the public and the environment so that there is no long-term contamination in the land around the plant.
Based on the defined requirements for DEC Category A, Krško has or will install:
- An additional new bunkered building containing supplementary borated and unborated water sources in two tanks with capability to refill the water from underground wells; an additional auxiliary feedwater pump able to deliver water to both steam generators via new piping routed differently than existing piping; and an extra intermediate head safety injection pump able to deliver water to the reactor vessel via new piping routed differently than existing piping.
- A new independent system for primary circuit depressurisation powered by a completely independent power source and with additional bypass valves installed around the existing pressuriser pressure control valves.
- An additional new alternative residual heat removal pump and heat exchanger installed in the lower elevation of the existing auxiliary building with the capability to recirculate water either from the reactor coolant system or from containment, or either through the existing residual heat removal heat exchangers or the new heat exchanger, which will be cooled by mobile pump(s).
- Piping and sprays above/around the spent fuel pit to ensure the spent fuel can be cooled by spraying using mobile pumps in case the water is lost from the spent fuel pit.
- A piping and mobile heat exchanger kit with a pump, powered by a diesel generator engine to allow the spent fuel pit to be cooled in the case of a loss of an existing heat sink and existing heat removal systems (two trains) from the spent fuel pit.
- Flood doors and water barriers to prevent water ingression to all the buildings containing safety-related equipment in case of a flooding event on the plant site.
- A new emergency control room (ECR) in the bunkered building. From this new bunkered location operators will be able to control decay heat removal in all plant states.
To provide required information to the operators in the ECR during the first 24 hours of an accident covering DEC Category B conditions, additional instrumentation will be installed and powered from the ECR in the bunkered building. DC power for this additional instrumentation and the ECR will be provided by batteries with the capacity to operate for 24 hours.
For DEC Category B, the following two additional systems, which are designed to withstand twice the design basis earthquake value, have already been implemented:
- Passive containment filtering vent system with no power requirements for the first 24 hours. The system is completely passive and contains particulate filters in containment and iodine filers in the auxiliary building.
- Passive autocatalytic recombiners (PARs) relocated from the reactor vessel to containment to prevent hydrogen deflagrations/ explosion in case of core damage.
Owing to the SUP’s complexity and required financial resources, the programme is being implemented in three phases, which began
in 2012 and will end in 2021. The first phase – installing the passive containment filtering vent system and relocating PARs – was completed in 2013. The second phase – installing the ECR; alternative heat removal systems for the reactor cooling circuit, containment and spent fuel pit; and alternative reactor coolant system depressurization system will be implemented until the end of 2018. The third phase – additional bunkered building with additional water sources and pumps to inject water to the secondary and primary side – will be implemented until the end of 2021.
Significant changes are being implemented in the accident management organisation as well as in the facilities to protect and assure habitable conditions for plant personnel during beyond design bases accidents including the one involving a severe accident with core melt.
While Krško also implemented a FLEX programme similar to the US to prevent core damage, the SUP went well beyond FLEX and incorporated many plant modifications that would not only provide additional defence in depth to prevent core damage, but would also mitigate a core damage event in the extremely unlikely possibility of occurrence. The Krško approach is one of, or perhaps the most thorough, approach in the world regarding plant modifications to address post-Fukushima safety regulations while also providing additional confidence that the plant can safety operate beyond its initial licence period.
Taiwan
In Taiwan all nuclear plants are operated by the Taiwan Power Company or Taipower. The Atomic Energy Council (AEC) – an independent government agency of the Executive Yaun of the Republic of China – is responsible for atomic safety, development and regulations. Prior to Fukushima Taiwan’s sites had already increased their safety by installing an air-cooled gas turbine generator and an air-cooled swing diesel generator for backup emergency power. Following the Fukushima Daiichi event, the AEC required Taiwanese nuclear power plants in operation and then under construction to undergo a comprehensive safety assessment (CSA). The CSA was carried out in two phases:
- Phase I – Safety Assessment which fully inspected and evaluated various site features including site selection, design basis accidents, construction quality, maintenance, accident management and response programmes to reinforce the capabilities of prevention and mitigation of accidents.
- Phase II – Stress Tests that verified design robustness and recognised cliff-edge effects – or qualitative degradation of a plant’s safety condition – and hidden weaknesses (using the EU Stress Test specifications).
The Phase I Safety Assessment looked at 11 major items including station blackout, flood and tsunami protection, integrity, and cooling capability of the spent fuel pool among other items. According to the results, 96 improvement items were identified for the operating plants and 67 items for the new plant were developed. The Phase II Stress Tests reassessed external events and it was determined the design basis of the plants still bound the tsunami reassessment and the 10,000 year flooding assessments. Nevertheless, flooding protection capabilities were still strengthened at the sites through enhancements such as constructing watertight barriers, building tsunami-protective walls and bunkering the air-cooled swing diesel generator so that it can operate during a flooded condition at the site. The earthquake-resistant capabilities of some of the plants were also enhanced as part of the seismic hazard evaluation to ensure success for beyond design basis seismic events.
While the sites already had the air-cooled gas turbine and diesel swing generators, as part of the safety enhancements, additional mobile equipment was procured for power and water injection. Documents were also developed that govern specifications, storage, test intervals and responsible organisations in charge of this equipment.
One of the lessons learned from the Fukushima event is that timely disposition in the main control room is the key issue affecting the evolution of an event and therefore that Symptom-based emergency operating procedures may not be capable of overcoming an extended damage event. As a result, the Ultimate Response Guideline (URG) was created to stop the evolution and make immediate decisions to prevent core damage. The objective of the URG is to secure the reactor core through either the reactor pressure vessel for BWRs or steam generator depressurisation for PWRs, as well as containment venting; switching the ultimate heat sink from sea to atmosphere and injecting service water or sea water by mobile, low-pressure fire trucks when necessary; all within one hour of the event.
In addition to the prevention measures that have been implemented, Taipower is also investigating and will implement severe accident mitigation measures such as PARs and containment filtered vents. Once completed Taiwan will have made extensive enhancements that address prevention and mitigation, utilising portable equipment and permanent plant modifications.
Conclusions
Following the Fukushima Daiichi event nuclear operators and regulators around the world made significant efforts to understand and incorporate the lessons learned into the nuclear plants through safety enhancements. As highlighted in this article the approaches to implementing preventative and mitigating safety enhancements vary by country. While the approaches may differ, it is clear there have been many enhancements made around the world that have significantly improved the ability of nuclear plants to safely protect against even very highly improbable events.
Enhancements have been made not only to the physical plant but also to training and emergency preparedness of the individuals responsible for responding to an event. By reinforcing beyond design basis preparedness and response, these safety enhancements protect plants, populations and the environment against a wide range of natural events as well as potential man-made events.
Nuclear safety is an evolving process, the industry is always improving and learning based on the operation of more than 400 nuclear reactors around the world. Whether a potential event is avoided or a minor event or a very significant occurrence – such as what occurred at Fukushima Daiichi – happens, the industry uses lessons learned to further strengthen nuclear safety every day. This striving for ever-improved safety makes a safe industry even safer. It will enhance public confidence in this very important, zero carbon producing energy source that will be an important energy contributor for many decades to come.
Authors: Božidar Krajnc, Director, Engineering Services Division, Krško Nuclear Power Plant, Slovenia; Dr Lang-Chen Wang, Inspector General, Nuclear Safety Department, Taiwan Power Company, Taiwan, ROC; Michael Powell, Director, Fukushima Initiatives, Palo Verde Nuclear Generating Station, Arizona Public Service Company, US; Jeffrey Taylor, Director, Business Development, Westinghouse Electric Company, US.