1 / 29

Safety Approach, Safety Issues and Provisions

Safety Approach, Safety Issues and Provisions . Technical Workshop to Review Safety and Design Aspects of European LFR Demonstrator (ALFRED), European LFR Industrial Plant (ELFR), and European Lead Cooled Training Reactor (ELECTRA) Joint Research Centre, Institute for Energy and Transport,

mei
Download Presentation

Safety Approach, Safety Issues and Provisions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Safety Approach, Safety Issues and Provisions Technical Workshop to Review Safety and Design Aspects of European LFR Demonstrator (ALFRED), European LFR Industrial Plant (ELFR), and European Lead Cooled Training Reactor (ELECTRA) Joint Research Centre, Institute for Energy and Transport, Petten, the Netherlands, 27–28 February 2013 Luigi Mansani Luigi.mansani@ann.ansaldo.it

  2. ALFRED SAFETY APPROACH

  3. Gen II & III Safety Safety Level that has been attained by the currently operating Gen II NPPs is already very good Quantitative safety objectives applicable to Gen III NPPs are very ambitious and guarantee an improved level of protection reducing the level of risk in a demonstrable way Gen IV Safety Goals Excel in operational safety and reliability Have a very low likelihood and degree of reactor core damage Eliminate the need for offsite emergency responses in case of severe accidents Fundamental Safety Objectives General nuclear safety objective: To protect individuals, society and the environment by establishing and maintaining in NPPs an effective defence against radiological hazard Radiation protection objective: To ensure in normal operation that radiation exposure within the plant and due to any release of radioactive material from the plant is As Low As Reasonably Achievable (ALARA) Technical safety objective: To prevent with high confidence accidents in NPPs; to ensure radiological consequences, if any, would be minor, even for accident of very low probability; and to ensure that the likelihood of severe accidents with serious radiological consequences is extremely small Safety Approach

  4. Safety level of GEN III plants (e.g. AP1000 and EPR) is the reference for future reactors  adoption of quantitative safety objectives recommended by EUR Safety improvement for Gen IV systems is possible through progress in knowledge and technologies and the application of a cohesive safety philosophy early in the design process safety is to be “built-in” to the fundamental design rather than “added on” full implementation of the Defence in Depth principles  Exhaustive: complete identification of initiating events Progressive: no major consequences from short sequences Tolerant: no “cliff edge effects” Forgiving: sufficient grace period and recover possible during accidental situations Well-balanced: no sequence contributes in an excessive way to damaged plant states “risk-informed” approach  deterministic approach complemented with a probabilistic one Safety Approach

  5. Defence in Depth main principle compensate for potential human and mechanical failures with several levels of protection, including successive barriers, preventing the release of radioactive material to the environment Safety Approach • Defence in Depth strategy • prevent accidents • if prevention fails, limit potential consequences of accidents and prevent their evolution to more serious conditions • WENRA structure of DID levels • Several beyond design basis scenario are now included in the design basis (multiple failures accidents) • Consideration of practically eliminated situations (at level 4) since the design stage

  6. Basic Safety Function Control of the reactivity (reactor power) Removal of heat from the core (cooling the fuel without exceeding decay heat plus heat losses) Confinement of radioactive materials (within the appropriate barriers) and control of operational discharges, as well as limitation of accidental releases Barrier and Level of Defence Fuel matrix; Fuel cladding; Primary coolant boundary; Confinement (containment system) Safety Approach

  7. Design for Safety To enhance systems reliability and to protect against common cause failures : Redundancy: use of more than the minimum number of sets of equipment to fulfill the safety function Diversity: systems or components performing the same safety function differ for principle of operation, physical variables or manufacturer Independency: the independence among redundant safety systems or systems belonging to different safety classes can be accomplished through functional isolation or physical separation

  8. EUR Chapter 2.1 “Safety Requirements” “Basis for the Safety Approach for Design & Assessment of Generation IV Nuclear Systems” by RSWG Safety Objectives for New Power Reactors (WENRA Reactor Harmonization Working Group) IAEA safety reports, e.g. INSAG-10: Defense in Depth in Nuclear Safety NS-R-1: Safety of Nuclear Power Plants: Design INSAG-3: Basic Safety Principles for Nuclear Power Plants Used References

  9. Gen III plants : Deterministic approach (conservative code and assumptions) applied to Design Basis Conditions Probabilistic approach (realistic conditions and BE data), generally applied for Safety assessment of Beyond Design Basis conditions (Design Extended Conditions) Gen IV plants: Complementary use of deterministic and probabilistic approaches, to be used in an iterative manner since the conceptual stage of design Safety Demonstration Integrated Safety Assessment Methodology (ISAM) Objective Provision Trees (OPT)

  10. In the ALFRED design process the Objective Provision Tree (OPT) is adopted For each level of DiD (normally level 1 to 5) and for each safety objective/function identification of: the possible challenges to the safety functions, the plausible mechanisms which can materialize these challenges, the provided provision(s) to prevent, control or mitigate the consequences The IE for both ALFRED and ELFR identified through the application of the MLD (top -down approach): The analysis starts with three main pathways  challenges to the three physical barriers Fuel Cladding Challenges RCS Boundary Challenges Containment Challenges Identification of initiating events for LFR

  11. ALFRED Fuel Cladding Challenges

  12. ALFRED RCS Boundary Challenges

  13. ALFRED Containment Challenges

  14. Reactivity and power distribution anomalies Inadvertent control rod assembly withdrawal Control rod assembly drop Changes in core geometry due to earthquake Fuel assembly loaded in an incorrect position Fuel assembly loaded with incorrect composition SG tube rupture Fuel rod damage Increase in heat removal from primary system Reduction in feedwater temperature Increase in feedwater flow Excessive increase in secondary steam flow Inadvertent opening of SG SS safety valve Decrease in heat removal by Secondary System Inadvertent actuation of Isolation Condenser SG feedwater system line break Loss of normal feed Turbine trip Resulting list of events • Inadvertent closure of main steam isolation valves • Loss of load • Loss of AC power • FW pump failure or malfunction • SG Flow blockage • FW line break • Decrease in Primary Coolant System Flow Rate • Fuel Assembly Partial Blockage • Flow by-pass from Inner vessel (break in the pumps inlet ducts) • Mechanical or an electrical failure of a primary pump (Partial loss of flow) • loss of electrical supplies to primary pumps (Complete loss of Flow) • Pump Shaft Break • Pump Shaft Seizure • Decrease in Primary Coolant Inventory • Loss of coolant accident resulting from Main vessel leakage or break • Challenges to reactor Building • Steam line break • Feed line break • Cover Gas line break • Leakage from Vessel Top Closure

  15. EUR approach: DBC1 Design Basis Category 1 Conditions (Normal Operation) DBC2 Design Basis Category 2 Conditions (Incident Conditions): Conditions which may occur once or more in the life of the plant (f >10-2). DBC3 Design Basis Category 3 Conditions (Accident Conditions): Conditions which may occur very infrequently (10-2 > f >10-4). DBC4 Design Basis Category 4 Conditions (Accident Conditions): Conditions which are not expected to take place (10-4 > f > 10-6), but are postulated because their consequences would include the potential release of significant amounts of radioactive material. Categorization According to Frequency of Occurrence

  16. Design Basis Category 2 Conditions Inadvertent control rod assembly withdrawal Control rod assembly drop Inadvertent actuation of DHR systems Reduction in feedwater temperature Increase in feedwater flow Excessive increase in secondary steam flow Inadvertent opening of SG SS safety valve Loss of normal feed Turbine trip Inadvertent closure of main steam isolation valves Loss of load Loss of AC power Mechanical or an electrical failure of a primary pump (Partial loss of flow) Events classified by frequencies • Design Basis Category 3 Conditions • Fuel assembly loaded in an incorrect position • Fuel assembly loaded with incorrect composition • Loss of electrical supplies to primary pumps (Complete loss of Flow) • Steam generator tube rupture • Design Basis Category 4 Conditions • Pump Shaft Break • Pump Shaft Seizure • SG feedwater system line break, • Fuel Assembly Partial Blockage • SG flow Partial Blockage • Steam line break • Cover Gas line break • Feed line break

  17. Single initiating events should be "dealt with" or "excluded" : “dealt with” events: proof that the plant can deal with design extension conditions is achieved with specific rules (e.g. best estimate); a limited number of initiators, sequences or situations are “practically eliminated” by showing, with a robust demonstration that, through the implementation of specific provisions, the corresponding risk is made acceptable initiators rejected within the Residual Risk (RR) Beyond Design Basis Conditions

  18. DEC are a specific set of accident sequences that goes beyond Accident Conditions Complex Sequences: certain unlikely sequences which go beyond those in the deterministic design basis in terms of failure of equipment or operator errors and have the potential to lead to significant releases but do not involve core damage Severe Accidents: certain unlikely event sequences beyond Accident Conditions involving significant Core Damage which have the potential to lead to significant releases Design Extension Conditions (DEC)

  19. Design Extension Conditions are addressed to identify the need for implementation of measures (upgraded or additional equipment or accident management procedures) for Complex Sequences (decreasing their probability) and Severe Accidents (to prevent early and delayed containment failure and to minimise releases for the remaining conditions) General rules to be applied (DBC assessment Rules do not necessarily apply): Possible operator actions and needed grace delay time (EUR state that Operator action shall not be credited before 30 minutes) Qualification of provisions: required demonstration of capability of performing required actions and survivability independency of provision needed to mitigate a DEC versus those provided to fulfil DBC requirements Possible role of low safety classified or non-classified provisions, including the possible use of some provision beyond their initially intended DBC capability, to bring the plant to a controlled state or to mitigate the consequences of a severe accident DEC Approach

  20. ALFRED SAFETY ISSUES AND PROVISIONS

  21. Structural erosion and corrosion Safety issue: molten lead interacts with structural materials through corrosion at high-temperature and erosion Design provisions to improve the compatibility of lead and steels Material selection: austenitic low-carbon steels (AISI 316L) for components at low temperatures and low irradiation flux (e.g. reactor vessel), T91 for the Inner Vessel and Fuel Assembly structures, 15/15 Ti stabilised steels for fuel cladding and spacer grids Operate at low temperature range (400 °C - 480°C) and maintain a controlled amount of oxygen dissolved in the coolant to build-up a protective corrosion barrier Utilize surface coatings: the corrosion resistance of structural materials can be enhanced by FeAl alloy coatings with ad-hoc techniques (aluminization or GESA technology) Limit coolant flow velocity: the lead flow velocity is limited to a value that cause a negligible erosion (typically 2 – 3 m/s) R&D activities: Suitable materials, e.g. Maxthal ceramics for pump impeller or ODS steel for structures Coating processes (e.g. tantalum) already used in conventional plants Lead chemistry (corrosion inhibitors)

  22. Steam Generator Tube Rupture Safety issues: water interaction with lead in case of SGTR can potentially pose several concerns: formation and propagation of pressure waves due to dynamic interactions between the discharged jet flow and molten lead formation and expansion of the mixing zone leading to pool sloshing pre-mixture entering a coolant-coolant interactions (CCI) regime leading to a steam explosion water evaporation results in Reactor Vessel pressurization steam transport toward the reactor core with potential reactivity insertion • Available results (experiments & analyses) • Rupture induced pressure wave poses no significant threat to in-vessel structures, except very few adjacent tubes (no sudden water vaporization) • Sloshing-related fluid motion is well bounded in a domain beyond the SG • experimental findings from Beznosov (assessment of Brest reactor) show that high-pressure discharge of water into molten lead forms a disperse phase of small-diameter steam bubbles that are, in general, stable, since thick vapour film prevents the effective liquid-liquid contact. When the small bubbles coalesce and form a large steam bubble, the water has readily evaporated  no potential for steam explosion

  23. Design provisions to prevent or mitigate over-pressurization and steam/water entrainment in the core adoption of double wall bayonet tube in the Steam Generator: in case of one out of two wall tube break, primary lead does not interact with the secondary water and the tube break is detected monitoring the Helium gap pressure in case of simultaneous rupture of both tube walls: rupture disks are installed in the reactor roof to relief the resulting over-pressure to reduce the potential of steam transport to the core, a mechanical device at the steam generator tube outlet promotes the separation between lead and steam minimizing flow rate from the break (orifices water side; low SG water inventory) R&D activities: Preliminary experimental activities performed at Enea Brasimone (LIFUS facility) aimed to explore the phenomenology and code qualification Planned (short term) activities for one full scale SG double wall bayonet tube Further experimental and computational investigations on a SG mock up are planned in the ATHENA facility at Enea Brasimone (construction planned) Suitable experimental and computational program to verify the effectiveness of the above design provisions Steam Generator Tube Rupture

  24. Coolant flow blockage Safety issue: excessive amount of lead oxides and other impurities in the lead coolant could result in circuit fouling and slugging with reduction of flow cross sections, potentially causing coolant flow blockages Design provisions control of coolant parameters and quality, control of concentration of dissolved oxygen in the coolant removal of lead oxide and other impurities from coolant (e.g. using hydrogen or coolant filtration) purification and control of cover gas sudden and complete flow blockage prevented by the FAs design solution consisting of multiple inlet openings. Gradual blockage caused by deposition of material can be monitored by detection of each FA outlet temperature increase (possible due to the adopted wrapped Hexagonal FAs) R&D activities: detailed design of the purification and control systems for ALFRED are currently under study

  25. Coolant freezing Safety issue: the high melting point (327°C) can pose concerns related to the possibility of lead freezing/solidification: is this a safety issue or an investment protection issue? Design provisions Feed Water Temperature Control (FWTC) to assure a feedwater temperature not lower than 335 ºC Design of DHR actuation logic to exclude the simultaneous operation of both DHRs systems Auxiliary heating system to ensure the minimum temperature of the lead by transmitting heat from the secondary system during long outages Preheating of surfaces having contact with the liquid lead during commissioning of the plant (without fuel assembly) R&D activities: Dedicated experimental and computational analyses aimed to demonstrate the possibility of lead re-melting severe fuel damage Design changes to DHRs are under investigation in the MAXSIMA project in order to make the grace time infinite, avoiding freezing (eliminating the need of operator action) The commissioning & start up procedures for ALFRED is under investigation

  26. Core compaction following earthquakes Safety issue: the rearrangement of fuel assemblies into a geometrically more compact configuration induced by earthquakes might lead to positive reactivity insertions Design provisions 2D seismic isolators under the primary building * Wrapped hexagonal Fuel Assemblies in contact and laterally restrained at bottom core structures designed to ensure that the maximum elastic deformation following a DBE does not lead to reactivity insertion greater than 1 $ * This design provision faces also the issue : Large specific weight of lead and its quantities in the primary pool might, in case of external excitations, challenge structural integrity or functionality of components

  27. Chemical and radio toxicity Safety issues: polonium formation interaction with fission products in case of clad failures chemical toxicity of lead Intrinsic lead features Po production rate in Pb is low and its volatility is depressed through the lead retention properties  for ALFRED the calculated total Po production in the 3400 tons commercial lead (C1) is 0.4 g, and Po volatized fraction in the cover gas at 480°C and 800 °C is 2.0 10-10 and 3.0 10-7 respectively Lead has good retention properties of FPs (e.g. I, Cs, Sr) and only a small fraction is expected to be vaporized into the cover gas system I volatilized fraction in Lead at 480°C and 800 °C is 9.0 10-8 and 3.0 10-5 respectively Cs volatilized fraction in Lead at 480°C and 800 °C is 2.4 10-7 and 4.9 10-6 respectively Sr volatilized fraction in Lead is very small (< 10-15)

  28. Chemical and radio toxicity Safety issues: polonium formation interaction with fission products in case of clad failures chemical toxicity of Lead Intrinsic lead features Due to the low vapour pressure of Pb (2.8 10-5 Pa at 400 °C), its concentration inside the containment during refuelling or ISI operation (with vessel open) is reasonably low  a conservative evaluation (value above the Pb free surface) gives about 2 μg/m3 Considering mixing the ALFRED cover gas volume (80 m3) with the reactor hall volume (24000 m3) the Lead concentration would be reduced of a factor 103 Lead chemical toxicity thresholds in air for workers is 150 μg/m3 (by Council Directive 1998/24/EC and by HSE EH40/99 Occupational exposure limits - 1999) Lead chemical toxicity thresholds in air for general population is 0.5 μg/m3 (by Council Directive 1999/30/EC) or 0.5-1 μg/m3 (by WHO Environmental Health Criteria 165 -1995)

  29. ALFRED Thank you for your attention

More Related