Dozens of engineers at the Office for Nuclear Regulation in Bootle, Merseyside, are coming towards the end of a quite staggeringly complex piece of work – the generic design assessment of the two reactors being considered for Britain’s proposed nuclear new-build programme.
The generic design assessment (GDA), which has been on-going for four years, has been a forensic examination of the Westinghouse AP1000 and Areva’s European Pressurised Water Reactor, establishing the safety case for both upfront before any construction has begun. The process has been extremely demanding, amounting to a total of around 50,000 working days and costing more than £50 million.
But the Office for Nuclear Regulation (ONR) insists that it has been worthwhile, as it has resulted in scores of specific design changes to major components and systems such as control and instrumentation, which should ensure that any subsequent build process runs as smoothly as possible.
According to Kevin Allars, director for the nuclear build programme at ONR, the GDA has proved to be a logical and methodical approach to assessing new nuclear power station designs. He says: “It is about looking at the safety case upfront so that we can identify any issues that need to be addressed before it gets to the point where companies build them.
“So when contracts are eventually placed for the reactors, there will already be a sense of regulatory approval for the designs being bought. It is about looking at things early in the process, and being open and transparent with the public and our stakeholders about what we are doing.”
The UK is alone in taking this type of approach to new nuclear construction – the GDA is a unique process that has never been done anywhere else in the world. Other countries pursuing nuclear new-build, such as France and Finland, have a staggered approval system where elements of construction can be carried out before the generic safety case is granted. But Allars is convinced that the UK approach makes more sense and should result in fewer delays when construction finally begins.
“The reactors being considered are new – they have not been run anywhere else in the world. So getting the safety case upfront, identifying issues and clearing them up, gives certainty to the designers, the operators, the vendors, and the regulators. And so far there have been no show-stoppers,” he says.
“The operators have said to us that they believe the GDA is a good way of working – but the proof will be in a few years’ time. If they don’t have to make significant reactor design changes for regulatory needs, rather than any design changes they need to make for their own needs, then actually that will prove this process has worked like we believe it should have.
“During the construction of what is Britain’s newest nuclear reactor in operation – Sizewell B – there were regulatory requirements that came along during the build phase that threw the project backwards. The GDA is good way of establishing some surety for regulatory requirements.”
The GDA began in August 2007 and has been characterised by a four-step approach, with each progressive technical assessment becoming more detailed. Transparency has been at the heart of the process, says Allars, with the ONR publishing extensive information relating to the reactor assessments, including technical reports, guidance, and regular updates on progress, and also allowing the general public to comment on its work.
Westinghouse, on the other hand, is yet to announce any confirmation of an operator who wants to buy its AP1000. Until such point, it is unlikely to progress its own application past the interim design acceptance stage.
Step 4 – the detailed design and safety assessment – was published in the summer. This report included a schedule of all of the issues identified as still requiring resolution by industry, along with the majority of the resolution plans that Westinghouse and Areva have already put in place.
The process identified 51 GDA issues to be resolved on the Westinghouse design, and 31 for the Areva design.
“That doesn’t mean that 51 is worse than 31, as they are not all the same size – it’s just pure numbers,” he says.
There’s no doubt that the ONR has made huge efforts to make the GDA process as transparent as possible. All GDA issues and resolution plans have been published in detail on the web, running into tens of thousands of words. Within the category of internal hazards alone, Westinghouse has been instructed to address issues of internal fire safety case substantiation, internal flooding, pressure part failure, internal explosion safety case substantiation, internal missile safety case and substantiation and analysis of the consequences of dropped loads and impact from lifting equipment included within the AP1000 design.
Areva faced several significant issues in the area of control and instrumentation (see box on page 26). These included design information for non-computerised safety systems, protection system independent confidence-building measures, and absence of adequate control and instrumentation architecture. In each case, both Westinghouse and Areva have been instructed to devise an acceptable resolution plan.
Despite the exhaustive nature of the work that has been undertaken, Allars says that throughout the GDA process the relationship between ONR staff and the reactor design teams at Westinghouse and Areva has been courteous and respectful, but robust and thorough. Allars strongly refutes any suggestions that at times it’s been too cosy, pointing towards several time-consuming design changes that have emerged from the process.
He says: “Back in October 2009 we challenged the French team very robustly on its control and instrumentation and we put a requirement on them which said their design was not good enough and they needed to do something about it. That was a very robust statement for us and they had to address it.
“If they hadn’t got past that hurdle then we would not have given approval at a later stage. So actually we challenged them on one of their fundamental principles. And they accepted that and went away and spent a lot of time thinking about it and they have changed their design. They have put new parts in, they have put a completely independent hardwired electrical system in place, that has cost them a lot of time and effort. We have now got a design that meets our safety assessment principles.”
At present, both reactor designs have one blank resolution plan each, covering any recommendations that emerge from a review currently being carried out by Mike Weightman, head of the Office for Nuclear Regulation, of events at the Fukushima nuclear plant in Japan. Only once both vendors have produced acceptable resolution plans for any issues coming out of the Weightman report will the ONR move towards issuing what is known as an interim design acceptance confirmation (DAC) which effectively says that it believes all outstanding technical issues can be resolved. The interim design acceptance is a staging post for the full DAC which is likely to be issued by the end of 2012. For Areva, the issuing of the DAC will be one of the crucial pieces of paper that goes into the licensing process for the installation of a new European Pressurised Water Reactor (EPR) at the Hinkley Point station in Somerset.
Allars says: “As far as we are concerned, the big dates are December this year when – if we get a credible resolution plan for issues out of the Fukushima report – we will then publish the interim DAC. That will be a signal that we believe all the issues with both reactors can be resolved.
“As far as the French EPR design is concerned, Areva should have its full DAC at the end of next year, which means that some point soon after that, if it is in a fit state to do so, it can apply for consent to start construction. That’s a timeline for starting to build – how long it takes from then to actually be built is for Areva to decide.”
So that means Allars and his team of engineers at Bootle have at least another year’s work on the GDA to keep them busy. He insists that the process, so far, has been aided by a “hands-off” approach from central government, with ministers and key civil servants in Whitehall exerting no undue pressure to get the work done to a prescriptive timescale. Allars says relevant ministers have been informed of progress on the GDA, but that political input has been kept to a minimum.
“The government has very much left the regulatory issues to ourselves and to the Environment Agency,” he insists. “Ministers have been much more focused on helping with any of the risks involved, such as ensuring that we have had the right level of staffing.
“But the government hasn’t got involved with any of the technical issues – when I put out a progress report I send it to ministers at the Department for Work and Pensions and the Department of Energy and Climate Change the day before it’s published just so they have got it. They don’t agree it or approve it.”
In short, Allars is proud of the work that his team has carried out on the GDA, and is mindful of the importance of what’s been achieved to date. “I am not a promoter of nuclear energy – it’s the government’s policy as to whether we have it or not. My role here has been as an independent robust regulator, who ultimately exists to serve the general public.”
Japan disaster leads to calls for regulatory shake-up
The Fukushima nuclear accident in Japan in March has led to calls for mandatory global nuclear safety rules, even though most operators claim that their assessments since the disaster show no major problems.
However, Christian Egenhofer, of the Brussels think-tank the Centre for European Policy Studies, called the voluntary “stress tests” proposed for European Union reactors following Fukushima “a joke. No one believes them”. He said that some tests, estimated by Areva to cost 100–200 million euros per plant, are less onerous than existing rules.
Member states of the United Nations’ International Atomic Energy Agency have also watered down a draft nuclear safety action plan.
But Jan-Horst Keppler, deputy head of nuclear development at the OECD’s Nuclear Energy Agency, said that Fukushima provided “a new dynamism for the view that there should be better coordination between national regulators”. Equally, Foratom, the European nuclear trade association, called for an EU-wide safety framework.
Although the EU’s 2009 nuclear energy directive promoted common standards, licensing and safety regulation remain EU member state responsibilities.
Egenhofer said that Fukushima offered a chance for policy change, particularly to address the risk of cross-border radioactive fall-out, accident procedures and cross-border compensation.
He claimed that the EU was ignoring the issue and called for it to rewrite its European Atomic Energy Community treaty, which only allows sanctions for nuclear fuel safety, to prevent proliferation, and not to promote reactor safety.
Areva forced to rejig control systems on its EPR
One of the most onerous regulatory issues identified by the GDA related to control and instrumentation on Areva’s European Pressurised Water Reactor (EPR). Four major concerns were recorded:
- The complexity of interconnectivity between Class 1 safety systems and lower safety class control systems. Of particular concern was that the lower Classes 2 and 3 safety systems could have write access to the highest Class 1 main reactor protection system. This challenged an important safety assessment principle that safety systems should be completely independent of control systems.
- There was a lack of Class 1 equipment including hard-wired and simple technology as a diverse back-up to the highly computerised and sophisticated screen-based displays and controls in the main control room and remote shutdown station.
- Many of the important control systems were Class 3 whereas Health and Safety Executive interpretation of the international standards (IEC 61226:2009) was that systems should be engineered to Class 2 standards.
- The probabilistic claims being made on the two computer-based safety system platforms meant that the common failure of both was equivalent to being “incredible,” so that the event could effectively be discounted.
The response from Areva proposed design changes to the control and instrumentation for the UK EPR:
- All networked communications will be one-way, from the Class 1 systems to lower Class 2 and 3 systems. Implementation will be through isolation by one-way diodes. The permissive signals that were to be implemented through the lower-class systems will now be implemented using Class 1 safety information and control system (SICS) equipment including a qualified display system.
- There will be a Class 1 SICS in the main control room and a similar panel in the remote shutdown station. The SICS will include simple hardwired technology and will be fully operational for alarms and displays at all times. Actuation signals from the SICS will be switched on if the Class 3 plant information and control system fails.
- Class 2 systems will provide the important station control systems. Reallocate functions to comply fully with IEC 61226:2009 and upgrade the reactor control and surveillance limitation to Class 2.
- Probabilistic claims on each of the main control and implementation platforms will have lower limits than in the original design for the UK. The shortfall in overall reliability of the safety systems will be made up by the introduction of a non-computer-based safety system.
Areva provided detailed design information that led to a GDA Step 4 conclusion in June 2011.
Engineer leads HSE’s nuclear new-build team
Kevin Allars is a chartered mechanical engineer. For 11 years he worked in the nuclear power industry, before, in 1989, joining the Health and Safety Executive’s Nuclear Installations Inspectorate, working in assessment, safety research, site inspection and policy functions. In 2000 he was promoted to become responsible for developing policy and legislative reform on nuclear and major-hazard sites. He also coordinated HSE’s input to the government’s response to the 9/11 terrorist attacks.
From 2003 Allars headed the HSE’s Chemical Industries Division.
In 2008 he moved to HSE’s Nuclear Directorate, as deputy chief inspector, responsible for inspection, assessment and enforcement at sites such as Sellafield and Dounreay, as well as managing the UK’s operational safeguards activities.
Since February 2009 he has been acting initially as the director for the new nuclear build generic design assessment, responsible for delivering the GDA for the proposed new-generation UK reactor designs.
Now, as programme director for the new nuclear build programme, he also covers the design, procurement and construction phases.