Passive safety designs

28 February 2001

If countries are to expand their nuclear programmes, they must first meet several prerequisities. One prerequisite is the development of designs with increased levels of safety. One way to achieve this is through passive safety design.

There are several prerequisites for the expansion of the various nuclear programmes around the world. First and foremost, nuclear energy has to be economically competitive and, at the same time, acceptable on safety grounds. One such approach to safety is that of advanced passive safety.

Advanced passive technology captures the strategic goals of the worldwide nuclear community including; increased safety, reliability, economics, environmental friendliness and public acceptance. Achievement of these goals will give the nuclear industry a bright future.

Westinghouse has based its design strategy for passive plants on the US Advanced Light Water Reactor Utility Requirements (ALWR URD) or the European Utility Requirements (EUR).

A concerted effort was made to simplify systems and components to ease construction, enhance operation and maintenance, and improve economics.

Passive plant safety systems performance relies on the natural forces of gravity, natural circulation, and evaporation to shutdown and cool down the plant in the event of an accident. These passive systems also contribute to improved plant economics through simplification. They eliminate the need for safety grade AC power and the active pumps and support systems that are used in traditional safety systems.

Westinghouse has developed three advanced passive PWR designs.

The AP600 is a two-loop 600MWe plant designed in collaboration with the US DoE, EPRI, the Advanced Reactor Corporation, and 22 other international partners.

The EP1000 is a three-loop, 1000MWe variant of the AP600, which was developed with seven european participants to meet to EUR requirements.

The AP1000 is a two-loop, 1000MWe configuration developed using the AP600 design to the maximum extent possible.

Passive design objectives

The primary design objectives of the advanced passive technology is to provide greatly simplified nuclear plant designs that meet or exceed the latest regulatory requirements and safety goals, while being economically competitive with other systems.

Passive safety features

The passive safety systems use only natural forces, such as those of gravity, natural circulation, and compressed gas to guarantee plant safety.

No safety-grade pumps, fans, diesel generators or other rotating machinery are used. A few simple valves align the passive safety systems when they are automatically activated. In most cases, these valves are fail-safe. These passive safety systems are significantly simpler than conventional LWR safety systems.

In addition to being simpler, the passive safety systems do not require the large network of safety support systems needed in current generation nuclear plants, such as AC power, HVAC, cooling water systems, and the associated siesmic buildings to house these components. These reductions in systems led to the elimination of safety-grade emergency diesel generators and their network of support systems, air start, fuel storage tanks and transfer pumps, and the air intake/exhaust system.

Passive safety systems include: passive safety injection, passive residual heat removal, and passive containment cooling. All of these systems have been designed to meet the NRC single-failure criteria and other recent criteria, including lessons learned from Three Mile Island, as well as unresolved and generic safety issues. The use of probabalistic safety assessments (PSAs) have also been key in evaluating system design trade-offs and in quantifying the safety of the design.

Plant economics

One driving force for the advanced passive technology was to improve plant economics. The long-standing belief that nuclear power capital costs have been too high in most western countries has limited the growth of nuclear option in those countries. Advanced passive plant engineering activities focused on simplification as a primary tenant of the design process, but also became a critical element in cost reduction. However, in addition to design simplification and associated reductions, goals were set to find ways to reduce plant construction schedules, thereby reducing construction costs.

AP600 passive plant

Westinghouse, in co-operation with its partners, developed the AP600. This has a planned site construction schedule of 36 months from first concrete to fuel load. This schedule is much shorter than current experience because of the reductions in bulk materials, components and building volumes. In addition, schedule reductions will be helped by the significant use of factory-built modules for both structural members and systems. Initiating factory construction of these modules would be approved consistent with site schedule requirements. These modules are designed to be transported by rail or barged via waterways. Parallel efforts in the factory and onsite will facilitiate this short construction schedule.

The economic results of these improvements in plant costs and construction timing have led to plant cost reductions of 20-30% compared to current designs of a similar plant output. Plant costs for the AP600 were confirmed by completing a detailed cost buildup using direct quotes for 25,000 specific items. This evaluation led to the following plant completion costs, assuming a two-unit AP600 site:

•Direct and indirect costs $1650 million

•Owners costs $205 million

•Total cost $1520/kWe


Safety used to be measured in terms of redundancy and multiple levels of defence. With the advent of new risk assessment tools, such as Probabilistic Safety Assessment (PSA), that attitude has changed.

The AP600 plant design has achieved an improvement in safety by a factor of 10-100 over current plants.

In addition, the common mode failures (CMFs) can be evaluated using the PSA design tools. The results of these analyses have led to the use of diversity of functions using passive systems, which significantly reduces the two main sources of CMF concerns: maintenance error and component failure.

Safety assessment

In June 1992, Westinghouse submitted the Safety Analysis Report and the PSA to the US Nuclear Regulatory Commission (NRC). The NRC replied with a Draft Safety Evaluation Report, listing its questions, to which Westinghouse responded. In May 1996, the NRC issued a supplement to the Draft Safety Evaluation Report on the AP600 computer codes and testing programme. All issues were resolved to NRC’s satisfaction and it issued its Final Design Approval in September 1998. The NRC issued a Design Certification in December 1999.

EP1000 passive plant

In late 1991, the major European utilities formed an organisation in order to develop the European Utility Requirement (EUR) document. The requirements of EUR form the basis for the procurement of the next generation of European LWRs, and these are expected to have a significantly wider application in the international market. The requirements cover PWR and BWR plants, and include both conventional and passive safety features.

In 1994, seven European utilities, together with Westinghouse and Ansaldo, undertook the European Passive Plant Programme to develop a 1000MWe design known as the EP1000. The plant is being designed to meet the EUR, and is therefore expected to be licensable in Europe. The AP600 passive plant design has been used as a reference design for this development programme.

Design objectives

The EP1000 is a three-loop, 1000MWe passive PWR design. The EP1000 closely follows the AP600 plant systems design with regards to safety systems, containment and construction strategies.

Consistent with Westinghouse practise, those systems not required to meet all safety systems criteria are used as the first level of defence against more probable events. As the second level of defence, the EP1000 uses passive safety systems similar to the AP600 to provide the desired level of plant safety and to satisfy the EUR. As in the AP600, the EP1000 uses passive safety systems to establish and maintain core cooling and containment integrity without the need for operator action or AC power.

EUR applicability

Compliance with the EUR has been a key design requirement for the EP1000. Assessments have been made throughout the design process in order to define the impact on the Westinghouse passive plant designs in meeting these requirements.

As a result of this, the following design changes have been made specifically to meet the EUR.

•To conform with the requirement of using both UO2 and 50% MOX fuel, it was decided that an 18-month, 50% MOX core design would be the base design for EP1000. This approach maintains the interchangeability of the MOX and UO2 core designs.

•Low-boron core designs have been developed for both the EP1000 24-month UO2 and 18-month 50% MOX core designs.

•The Normal Residual Heat Removal System and Component Cooling Water System (CCS) have been redesigned to increase the capability to reduce the reactor coolant temperature to 90°C within 36 hours after shutdown with a single failure in the RNS, and initiate system operation within 6 hours after reactor shutdown.

•The EP1000 Spent Fuel Pool Cooling Water System (SFS) and spent fuel pool (SFP) have been sized to accomodate 15 years of MOX spent fuel, plus 10 years of UO2 spent fuel, plus one full-core offload.

•The EP1000 Chemical and Volume Control System (CVS) and Liquid Radwaste System (WLS) designs have been modified to accomodate boron recycling.

•More stringent offsite dose limits have resulted in the consideration of containment leak-tightness improvements. The EP1000 containment isolation is a significant improvement over that of conventional PWRs by a reduction in the number of containment penetrations from 93 (for a conventional three-loop plant) to 50. The current EP1000 includes an additional passive secondary Containment Ventillation System.

Current assessment of the EP1000

The design definition and verification phase was first initiated in 1997, and is currently ongoing with objectives of establishing the EP1000 economics and developing the safety case report for submittal to Europeam licensing authorities. Current estimates indicate that the EP1000 has a 20% cost advantage over other conventional designs of similar size.

The results of the EP1000 compliance assessment against the EUR volumes 1 and 2, revision B have shown that the EP1000 design fulfills all of the harmonised expectations of the EUR.

The EP1000 compliance assessment has been reviewed and approved by the EUR administration group as well as the EUR steering committee.

AP1000 passive plant

The AP1000 is a logical extension of the AP600 and EP1000 designs. Many of the studies from these earlier efforts provided a high confidence that a two-loop configuration of the passive technology could produce over 1000MWe with minimal changes in the AP600 design.

In fact, maintaining as many aspects of the AP600 design as possible became a design objective of the AP1000. The obvious purpose of moving forward with the AP1000 was to optimise power output, thereby reducing the resulting generation costs. The objective has been met, and has led to a plant that is competitive with all types of fossil and renewable generation options. The AP1000 is a two-loop, 1000MWe plant that keeps the same basic design of the AP600, and having the same footprint for the nuclear island. The main differences between the parameters of the AP600 and AP1000 are shown in the table on page 22.

Those component changes that impact the plant the most are the size of the steam generator, from a delta-75 to a delta-125, and the larger reactor coolant pump.

One of the added benefits of larger reactor coolant pumps is a higher inertia compared to the AP600. This allows an increased margin for departure from nucleate boiling (DNB) for loss-of-flow events, by providing increased coastdown flow to the core. The containment is also larger, but only in height, in order to accomodate the greater mass and energy of the reactor coolant system.

The reactor vessel is the same diameter as the AP600, and the number of fuel assemblies goes from 145 to 157. Core power density is increased from the very low value for the AP600 to one slightly less than plants operating today.

The core height is increased from 12 feet to 14 feet. This increases the reactor vessel length below the reactor vessel nozzles by 18 inches. Fuel handling equipment and the integrated head package are correspondingly slightly longer. The spent fuel storage pool is slightly deeper to ensure sufficient clearance to accommodate the longer fuel elements.

Proven components

•Steam generators Arkansas 2, Ulchin 5 and 6.

•Digital I&C Sizewell B, Ulchin 5 and 6.

•Fuel South Texas 1 and 2, Doel 3, Tihange 4.

•Reactor coolant pumps US Navy.

Safety assessment

Using the test data developed for the AP600 and similar designs, the AP1000 is capable of meeting higher power output requirements with proven technology. The PSA shows that the plant simplifications are not power-level dependent.

Competitive generation

Calculating the expected economic performance requires the establishment of plant performance parameters, fuel cycle assumptions, and plant cost data. The following parameters are consistent with current plant operations in the USA. Using this data indicates that the generation costs below 3.2c/kWh for twin AP1000 units constructed at a single site. The bottom line is that the AP1000 will be very competitive with generation using other types of fossil and renewable fuels.

Generation cost assumptions

Forty year economic lifetime. The AP1000 is designed for 60 years of operation. Approximately 10% added to capital costs for first time engineering.

O&M and fuel costs equal to efficient US utilities. One year between commercial operation of units 1 and 2.

Current safety assessment

The NRC has agreed to identify fundamental assumeptions and areas of review that are necessary to obtain Design Cerification for the AP1000 beyond those already accepted by the NRC in the AP600 Design Certification process.

Interest in the AP1000 has led to support from the DoE and EPRI, primarily to facilitate the completion of the plant’s safety case review.

The future of passive design

This passive safety design concept offers to the world the enticing prospect of providing increased safety, reliability and improved economics.

The active development of passive design, with its increased modularity, probably represents the single best prospect to enable a global nuclear renaissance to take place. Westinghouse believes that it is well on the way to turning this possibility into a reality.

Privacy Policy
We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.