17 th Symposium of AER on VVER Reactor Physics and Reactor Safety

1. 17th Symposium of AER on VVER Reactor Physics and Reactor Safety September 24-29, 2007, Yalta, Crimea, Ukraine SAFETY AND DESIGN LIMITS L.K. Shishkov, V.A. Gorbaev, S.V. Tsyganov Russian Research Center“Kurchatov Institute” Moscow, Russia

2. In the presentationwe are discussing the problems of ensuring the VVER safety designing and operation by means of limits at normal operation conditions. Generally the safety ensuring level for the VVER reactors corresponds to that of the PWR reactors IAEA working groups come to the same conclusion in the comparison of approaches. Note also that in spite of long-term collaboration of specialists and their attempts to draw nearer their approaches, a number of points, which appear for example, in efforts to the change from one justification logic to another, remain unclarified. In addition to some objective moments there are two circumstances: first it appears that the “west” companies try to maintain the confidentiality of their approaches and do not define concretely their recommendations, second, both sides invite high-skilled specialists who prefer to use their own logic and terminology, thus making it difficult for the specialists other side to understand them.

3. So the Russian approach to safety justification is the following: The NPP can be in one of four possible states : ·NO (normal operation); ·AFNO (anticipation failure of normal operation); ·DBA (design basis accident); ·BDBA (beyond basis design accident). For each of four above NPP states the Safety Criteria (SC) are determined: technological and radiation criteria (Fig.1).

4. Fig.1. Illustration to the Russian approach on Operating Limit and Safety Operating Limit

5. The meeting of SC is realized by change to other restrictions – limits for the chosen fuel cycle and checked in the designing and operation. The meeting of these restrictions following the sense of their introduction is sufficient for the SC to be satisfied. The limits are divided into two categories: Operation limits (OL) and Safety operation limits (SOL). The OL include the limits of normal operation (NOL) and the set points. The SOL include the safety limits (SL) and the set points for safety system actuation.  The parameters restricted by OL and SOL are determined by the reactor plant design, but essentially this parameters were established and checked by many years of successful operation of VVER reactors. The sufficiency of the chosen OL and SOL set by meeting the SC is checked in PSAR and FSAR.

6.  The fulfillment of OL and SOL are achieved by using set points taking into account the calculation and measurement errors and delay in mechanism or operator action. • These set points are called the safety set points. In addition to the safety set points the reactor plant in operation is provided with number of signalization set points, which control the reactor operation at nominal parameters for ensuring planned power level. • The application of OL and SOL is illustrated in Fig. 1, where typical transients and accidents are shown. • The West approach to ensurance of PWR safety is presented in papers • IAEA – TECDOC 1381; • “Operational limits and conditions and operating procedures for NPP” № NS-G-2.2 • and are illustrated in Fig. 2 – 4 and in Tables 1 – 3

7. Radiation protection COND 1&2, 0,3 mSv COND 3, 1 mSv COND 4, 100 mSv No fuel failure Limited fuel failure Core coolability Operating/Design Limits (e.g. ECCS) Design Limits (ECCS, RIA) Operating Limits (Tech Specs) DNB, LHGR, PCI Design criteria (fuel, core) Fig.2. Process of criteria (requirements/limits) definition

8. Fig.3. Categories of fuel safety related criteria.

9. Fig.4. Interrelationship between a safety limit, a safety system setting and operational limits

10. Tables 1- 3.

11. Let us note the difference between the Russian and West approaches to the justification of NPP safety. First the West approach suggests the division of limits into the Safety limits, Operation limits and Design limits mainly for dividing the parameters themselves into three groups and only after that to restrict changes in designing or operation. In the Russian approach the same parameter often has three numerical restrictions: Safety limit, Operation limit and Calculation limit (not correct translated as Design limit).

12. Here is an example of the VVER-440 design. Integral power Linear heat flax Design limit 100 % 325/Kmargin Operation limit 104 % 325 Wt/cm Safety limit 112 % 350 Wt/cm Safety limit West and Russian should not be identified. In the design operation conditions the West Safety limit is not attained while the Russian Safety limit can be reached and even exceeded (for example, Integral power at reactivity accident).

13. In the IAEA recommendations the questions of choice estimating the margin factors is slightly touched. What should be the probability of non-violation of the limit in using the margin factors (3, 2, 1.645). How the methodological and mechanical errors should be added. A special point about using interval estimation: (Probability 95 % and confidence interval 95 %) Why 95 %? Only DNB, all other parameters? It would be desirable to have clarifications on how these characteristics should be ensured.