The Law of Ukraine “On Nuclear Energy Use and Radiation Safety” defines nuclear safety as compliance with regulations, rules, standards and conditions of using nuclear materials that ensure radiation safety. In turn, radiation safety is compliance with authorized limits for radiation impact on the public, personnel and environment established by safety regulations, rules and standards.
According to Article 5 of this Law, the state policy in nuclear energy use and radiation protection is implemented through creation of an appropriate state system for nuclear and radiation safety, i.e. regulation considering a graded approach to safety requirements depending on potential nuclear and radiation hazard typical for specific activity with specific facilities (sources).
The history of nuclear regulation is interesting and exciting. The tremendous potential of nuclear energy was quickly recognized by scientists, experts and politicians, and defined its role and place in the military world and outlined its prospects for peaceful purposes.
The United States of America were the first in this area. The decisions made in this country on the nuclear safety regime in one way or another were followed by other states. Edward Teller, often called the father of the hydrogen bomb, headed the world’s first Advisory Committee on Reactor Safeguards in 1947 and formulated the basic nuclear safety principles: “We could not follow the usual method of trial and error. This method was an integral part of industrial progress before the nuclear age, but in the nuclear age, it presented intolerable risks. An error in the manufacture of an automobile, for instance, might kill one to ten people. An error in planning safety devices for an airplane might cost the lives of 150 people. But an error allowing the release of a reactor’s load of radioactive particles could endanger the population of an entire city. These trials had to be on paper because the actual errors could be catastrophic”.
American politicians recognized that nuclear energy potential could not be used without strict legal restrictions either for peaceful or military purposes. The world’s first nuclear energy act was put into force in 1946. The very first Advisory Committee on Reactor Safeguards of the United States Atomic Energy Commission (AEC) mentioned above was created in accordance with this law.
The main task of the Commission was to produce nuclear weapons, while the secondary task was to promote nuclear energy for peaceful purposes.
In 1947, aware of the importance to interact with the public and media, AEC created the public affairs office, and the United States Congress formed the Joint Committee on Atomic Energy, which became an AEC “watchdog” and made a political statement, apparently the first in the world, on the role of nuclear energy in nuclear activity: “the development, use and control of atomic energy shall be directed so as to promote world peace, improve the general welfare, increase the standard of living, and strengthen free competition in private enterprise”.
In 1947-1949, the USA established conditions for transfer of information received in nuclear weapons production to the public sector. The document “Atomic Energy and Public Enterprise” is published at this time. In 1953, the United States Congress Committee opened public hearings needed to “develop an understanding by the public of the private enterprise role in nuclear energy for peaceful purposes”. The role that the USA assigned to the private enterprise in nuclear energy development defined the task of the state, which was to establish safety limits and conditions in nuclear energy use and reflect them in a license for the relevant activity.
In February 1954, Dwight Eisenhower, the U.S. President, offers the Congress to oblige AEC “to define minimum regulatory requirements for safety and radiation protection during acceptance and use of fissionable materials”. On 30 August 1954, the new revision of Nuclear Energy Act came into force.
For the first time, regulation and licensing “for health protection and public safety” was introduced into the world practice. According to the Act, AEC needed to provide the industry with special nuclear materials to be used as a fuel in nuclear reactors, transfer information earlier classified as secret to improve nuclear engineering, license private nuclear power plants, and use enforcement measures to ensure compliance with regulatory requirements. The Act defined measures that ensure independency of regulatory and licensing functions inside AEC. There were also concerns that “the highest risk is that this great advantage for human beings (nuclear energy) can be crushed in the bud by excessive regulation”.
In 1954, the draft Nuclear Act envisaged creation of two agencies – on safety development and regulation. However, the U.S. officials had not supported the proposal, since it seemed impossible to provide two agencies with qualified staff. In 1975, the Atomic Energy Commission was separated, and AEC became the basis for the Department of Energy and Nuclear Regulatory Commission.
The standard set of the national regulatory authority features initially developed by the U.S. Nuclear Regulatory Commission and then followed by nuclear regulatory authorities of other states though with several differences is as follows:
- develop safety criteria and principles, safety regulations, rules and standards (regulatory control);
- assess safety of the claimed activity and, in the event of positive assessment results, issue a license (permit) for the claimed activity, including approval of safety limits and conditions within it (licensing);
- monitor licensee compliance with safety limits and conditions (oversight);
- use enforcement measures to induce the licensee to adhere to safety limits and conditions established by the license (enforcement).
Therefore, one of the most important tasks of nuclear safety regulation authorities was to form the safety concept for nuclear facilities, safety objectives, principles and criteria. Formation of this triad was not groundless. At the beginning, it was based on the military experience and standardization principles in related industries.
Any industrial activity is based on the system of regulatory documents that allows coordination of activity of many enterprises, organizations and individuals in time and space. The regulatory documents are the product of synergy between science and practice. From the very beginning, nuclear engineering had no practical experience and, at that time, scientific results did not provide rather a justified foundation for the specialized regulatory framework. The basic philosophy of the nuclear engineering is to ensure high quality of systems and components, high personnel qualification to prevent emergencies.
Largely, one had to rely on experience and standards of related industries: power engineering, chemical and metallurgical industry, military engineering. Primarily, proper regulatory documents were developed for specific nuclear aspects: reactor physics, radioactive materials, radiation protection, etc. It was assumed that high quality would limit possible damage to systems developed to remove heat released by nuclear fuel to finite size leak.
For the first time, requirements for NPP safety were presented comprehensively in “General Design Criteria for Nuclear Power Plants” (the U.S. Code of Federal Regulations, 10 CFR 50, Annex A). This document included 64 criteria, which presented NPP safety philosophy based on the defense-in-depth strategy. Unfortunately, the USSR officially decided to develop NPP safety requirements based on the defense-in-depth only in 1988, after the Chornobyl accident.
The defense-in-depth strategy includes the following levels:
Level 1. Prevention of abnormal operation – select a site, design, quality of NPP systems and components, operational documentation, maintenance, repair, modernization, personnel qualifications, formation of safety culture.
Level 2. Ensuring safety during abnormal operation and prevention of emergencies – eliminate incompliance with normal operation; automated protections and interlocks, which prevent abnormal operation progression into the emergencies; operating procedures; personnel training.
Level 3. Accident prevention and elimination – safety systems, emergency procedures, personnel training.
Level 4. Beyond design-basis accident management – use normal operation systems and safety systems to prevent beyond design-basis accidents, mitigate their consequences and transfer reactor into controlled state; make procedures for beyond design-basis accident management, personnel training.
Level 5. Emergency preparedness and response – control area and observation area, emergency plans, emergency training/exercise, radiation proof facilities and emergency centers.
System of NPP safety requirements presented in USSR documents began to emerge in the 1960s. The nuclear safety regulatory framework is based on “General Safety Provisions for Nuclear Power Plants that Came into Force in 1973 during Design, Construction and Operation”, OPB-73 (two years earlier OPB-71 (temporary) was enacted under the same title, but intended for limited use).
Safety (“…ensured protection of the public and personnel against external and internal exposure, and the environment against contamination by radioactive substances within authorized limits both during long-term normal operation and emergencies”) should have been ensured in low probability emergencies, such as flow circuit break. During NPP safety analysis, all devices and systems should be divided in three groups: normal operation equipment, protective and confining equipment.
The main safety principle is to provide high quality of normal operation systems, protective devices to prevent malfunction of normal operation systems, confining systems restricting spreading of radioactive substances, high qualification of personnel. Specific attention was paid to correct selection of a site, its distance from large population centers, emergency preparedness. Safety should have been ensured in any single failure of a normal operation device, or long-term non-detection of another device malfunction. Along with the failure of normal operation equipment, it is necessary to consider failure of one independent active protective device and one independent confining device.
It was discussed that NPP should be designed taking into account extreme natural events, and for protective and confining devices it was advisable to use passive devices. The design should have presented quantitative analysis of reliability, quantitative analysis of probability of emergencies considered in the design. High reliability of emergency protective systems should have been reached by high quality, multi-channel capability, inspections and testing, and availability of redundant power supply sources. Limits of fuel element damage and related radioactivity levels should have been defined during the design. It was necessary to define operating modes (with sufficient assumptions for uncertainties), for which one should have eliminated damage of fuel element. There were rather detailed requirements for design of a core, which then were put into the Nuclear Safety Rules issued a year later.
By the time of developed and introduced OPB-73, the USSR operated Beloyarsk NPP, Novovoronezh NPP and Kola NPP Stage 1, and constructed several other NPPs (Leningrad, Chornobyl, Kursk, Bilibino, and Armenian NPPs). Indeed, OPB-73 begins the history of NPP safety regulation in our country. Despite obvious differences in terminology, lack of formalized defense-in-depth concept, other differences from safety requirements earlier set up in the world, power units with WWER 1000/302, WWER 1000/338 and WWER 440/213 were designed and successfully operated in many countries.
Obviously, regulations that meet the requirements of the time can only be created based on construction and operation experience. Therefore, OPB-73 presented “List of Regulations and Rules” for “General Safety Provisions during NPP Design, Construction and Operation” with a note that “regulations and rules specified in the list are implemented when completed and approved”. Besides, it is “ … permitted to be guided by regulations and rules of power engineering” (Art. 1.1.2, OPB-73).
OPB-82 “Basic Safety Provisions during NPP Design, Construction and Operation” was the next stage in developing NPP safety requirements. The safety concept has not changed compared to OPB-73, but there were certain innovations, which significantly improved requirements and made them more specific.
The basic terms and definitions (terminology significantly differs from the one accepted today) were formulated for the first time. There was a clear definition of basic safety functions: control of chain reaction; heat removal from nuclear fuel; retention of radioactive substances within the established limits.
The notion of the operating organization was introduced at that time. This is the organization to which nuclear power plant is subordinated, but whose responsibility is actually limited to ensuring safe operation. There were some notions defined: design-basis accident (is established by current regulations and rules, and for which the design ensures NPP safety); maximum credible accident (design-basis accident with the most severe initiating event, which is established for each reactor type) and hypothetic accident, for which the design does not envisage technical measures ensuring NPP safety. There was also a notion of a maximum hypothetic accident introduce to present a hypothetic accident, which leads to a maximum possible release of radioactive substances to the environment under fuel element melting and damage of confining systems. It was defined that lists of initiating event s are presented in the technical safety justification and are agreed with the state oversight authorities.
There was a clear formulation of systems important to safety (normal operation systems, whose damage or failure are initiating events, and safety systems), and safety systems (systems aimed at prevention of accidents and limitation of their consequences). At that time, requirements for systems and equipment important to NPP safety were defined. They stated that NPPs should be designed, produced and mounted taking into account possible mechanical, thermal, chemical and other actions, which occur resulting from design-basis accidents and natural phenomena typical for the site.
After the accident at ChNPP, OPB-82 was extended with information on the need for analysis of hypothetic accidents, results of which should be used to develop emergency procedures and plans; on the need to create training centers; on measures to prevent formation of explosive gas concentrations; on means of radiation monitoring during hypothetic accidents. A phrase on admissibility of positive power reactivity effect, which was one of the causes of the accident of 1986, was removed.
Accident at Chornobyl NPP (1986) lead to significant changes in nuclear safety regulation. OPB-88 “Basic Safety Provisions for Nuclear Power Plants” was developed and enacted. Section “terms and definitions” was significantly extended. There appeared new notions, namely beyond design-basis accident management, pre-commissioning activities, initial and operational criticality, safety functions, components, common cause failure, safety culture, commissioning, special regulations and rules, etc., which greatly extended the agreed terminology and facilitated interaction during NPP design and operation. The document clearly defines that NPP safety shall be ensured by consistent implementation of the defense-in-depth principle based on the system of barriers on the way of radiation and radioactive substances, and system of measures to protect these barriers.
One should define initiating events and end states for the design-basis accident, and envisage safety systems that mitigate its consequences in accordance with the established limits for such accidents, taking into account single failure principle or one additional human failure. The notion of maximum design-basis is eliminated.
There was introduced a concept of beyond design-basis accident (eliminated notions of hypothetic and maximum hypothetic accident), which is caused by initiating events not considered in the design-basis accidents or characterized by additional failures, human errors that lead to severe damage (melting) of the core.
The document was extended with the notion of a severe accident (accident with nuclear fuel damage) and there was a need identified to analyze beyond design-basis accident scenarios to define measures for accident management and mitigation of their consequences. It became obligatory to perform probabilistic safety analysis and there were established targets for acceptability of analysis results to assess confidence in engineering and technical decisions made in the NPP design.
The purpose was to present general requirements for physical protection, fire safety, communication and notification means, and a number of other requirements resulting from ChNPP accident analysis.
OPB-88 presented classification by impact of systems and components (the notion of component was introduced for the first time) on safety in order to define requirements for their quality. Special safety regulations and rules to be either approved or allowed for use by the nuclear regulatory authority. There was a safety culture principle implemented for all individuals involved into NPP safety related activities.
The term “operating organization” was put in compliance with the worldwide practice. It was based on the principle of full responsibility of the operating organization for NPP safety that may not be delegated, and allocation of responsibilities between the operating organization and nuclear regulatory authority. The document presented clear requirements for the operating organization to be provided with a license by the nuclear regulatory authority on the relevant activity.
In 2000, OPBU-2000 “General Safety Provisions for Nuclear Power Plants” have been developed and enacted in Ukraine, which made no significant changes to OPB-88. There was a correction related to differences in the state nuclear regulation and management system.
In eight years, a new revision of the General Safety Provisions for Nuclear Power Plants (OPBU-2008) had been developed and put into force. This document gave additional information of NPP safety requirements, changed the document structure in order to present basic NPP safety principles and criteria based on IAEA publications and provided in the Basic Safety Principles for Nuclear Power Plants (INSAG-12).
Accidents at Three Mile Island NPP and Chornobyl NPP made a major impact on the development of nuclear engineering and led to significant rethinking of safety requirements. It seemed that taken measures helped to exclude severe accidents at NPPs. However, the accident at Fukushima NPP of 2011 demonstrated one more typical feature, which is a practical impossibility to predict in advance the combination of initiating events and their progression sequence, particularly where there is a major effect of the so-called human factor.
The accident at Chornobyl NPP and Fukushima-1 NPP accident progressed according to scenarios not considered in the designs not because they could not be foreseen. Possible causes of future Chornobyl accident have been known for many years before the accident, but no one believed they could be real. The same can be said about the accident at Fukushima-1 NPP. Knowing of what may happen does not mean the appropriate measures will be taken to prevent such events.
Besides, low probability of an event does not mean it would not happen (“any probability can happen infinite number of times”. Obviously, it is a human, who is the least predictable aspect in ensuring safety during all NPP life stages from design to decommissioning. All known severe accidents to some extent were caused by the so-called human factor, though showed at different times, sometimes long before accident itself. Therefore, all possible initiating events and their combination, accident scenarios have to be considered in the design. The design must envisage additional technical means for safety systems to manage accidents when they go beyond limits for which such systems have been calculated.
This aspect contributed to next upgrade of NPP safety requirements. There are two principles related to screening out accidents from being considered in the design. The first principle is a deterministic one, when internal peculiarities of reactor self-protection allow screening the accident out of consideration, since the accident is rather unlikely. The second principle is a probabilistic one, which says that one should seek the probability of boundary emergency release not to exceed 10-7 per reactor in a year. If this requirement is not met, one shall take additional technical measures for accident management in order to mitigate its consequences.
The current process used to improve NPP safety requirements is intended to:
- improve efficiency of defense-in-depth barriers, ensure their independence and resistance under different initiating events;
- ensure NPP power supply and removal of decay heat from nuclear fuel during a period of time required for restoration of external infrastructure, if it is destroyed in case of natural or man-made events;
- ensure operability of the last barrier (containment) under the most severe and low probability conditions, including accidents with severe core damage in order to prevent release of radioactive waste beyond NPP.
It is important to note that both regulatory authorities and operating organizations worldwide have come to consensus regarding the main safety criterion. They agreed to seek that in any possible accident the release of radioactive substances beyond NPP does not exceed values, which can lead to the need for rapid intervention (public sheltering or evacuation), and was limited to intervention measures only during a short period of time, and only within a limited territory.
Certainly, specific criteria differ from country to country and depending on characteristics of this or that NPP or site where it is located. Today, every state is eager to improve NPP safety requirements taking into account specified approaches.
One more issue is to consider changes in natural conditions of the site through increased margin of NPP characteristics as related to external actions, for example earthquakes.
NPP safety philosophy and practices are based on the defense-in-depth principle, which remains intact. Moreover, occurred severe accidents demonstrated that deviation from the defense-in-depth strategy leads to unpredicted events, negative consequences for safety. In this regard, there are no reasons to speak about a radical improvement of the NPP safety concept or requirements. They are systematically improved based on gained experience related to positive and, unfortunately, negative aspects of NPP design and operation.
Main challenges of nuclear regulation in Ukraine of 2014
In 2014, the main challenges of nuclear regulation in Ukraine were related to external hazards, namely annexation of the Autonomous Republic of Crimea and military actions in Eastern Ukraine. The international community has recognized violation of the Budapest Memorandum provisions with respect to Ukraine. On 24 March 2014, Mr. Ban Ki-moon, the UN Secretary General, noted this in his speech during the Hague Nuclear Security Summit and said that the safeguards were an important conditions for Ukraine to join the Nuclear Weapons Non-Proliferation Treaty (NPT), but their reliability has been seriously undermined by the events in Ukraine. The UN Secretary General expressed an opinion that this will have negative consequences for both regional safety and the nuclear weapons non-proliferation regime in general.
Due to external aggression, Ukraine lost regulatory control in the Crimea and certain territories of the Donetsk and Luhansk Oblast’. Connection with the Crimean State Inspectorate of Nuclear and Radiation Safety was lost in May-June, and it was officially subordinated to the Rostekhnadzor in September. The South-Eastern Inspectorate of Nuclear and Radiation Safety earlier located in Donetsk continued to operate and, in December 2014, it was relocated to Zaporizhzhya.
The following nuclear facilities are located in the Crimea: research reactor DR-100 of the Sevastopol National University of Nuclear Energy and Industry (SNUNEI) and two subcritical assemblies with low-enriched and natural uranium. Besides, there are several enterprises and medical institutions in the Crimea, which use devices and containers with radiation protection made of depleted uranium, and high-level radiation (five institutions, mainly oncology centers). Fortunately, no nuclear installations are located in the so-called Donetsk and Luhansk People’s Republic. There are high-level radiation sources and insignificant amounts of nuclear materials presented in radiation protection of containers for transport and storage of radiation sources, radiotherapy devices in oncology centers, and
- SNRIU material