The UK nuclear regulator has downgraded its concerns about the EDF/Areva EPR reactor’s control and instrumentation system.
It originally flagged the EPR I&C system during its pre-licencing generic design assessment process by making it an issue that might prevent the design from being approved in 2009. It closed the regulatory issue in November 2010.
As part of its response to the concerns, EDF/Areva have agreed to install a hardwired backup of the digital I&C system.
In a public letter, NII said, “while there are some outstanding actions to complete, we are satisfied that you have addressed the majority of the key actions associated with the Regulatory Issue..We recognize that EDF and AREVA have put in a considerable amount of high quality work to get to this position.”
EDF Energy Chief Executive Vincent de Rivaz said: “This decision by the UK safety authority is very good news for the EPR. “The control and instrumentation issue was, and is, one of the most sensitive in terms of nuclear safety and was vital to resolve.”
The UK NII went on to explain the reasons why it flagged up the system, and what has changed since then, in more detail.
“The RI was based on four major concerns:
1. The complexity of interconnectivity between the very important Class 1 Safety Systems and lower Safety Class control systems. Of particular concern was that the lower Classes 2 and 3 Safety Systems could have write access to the highest Class 1 Safety System (the main Reactor Protection System). This also challenged our important safety assessment principle that Safety Systems should be completely independent of control systems.
2. There was a lack of Class 1 equipment including hard-wired and simple technology as a diverse backup to the highly computerised and sophisticated screen based displays and controls in the Main Control Room and Remote Shutdown Station.
3. The Class of many of the important control systems was Class 3 whereas our interpretation of the International Standards (IEC 61226:2009) was that such systems should be engineered to Class 2 standards.
4. The probabilistic claims being made on the two computer-based Safety System platforms meant that the common failure of both was equivalent to being ‘incredible’ so that the event could effectively be discounted.”
“Taking each concern above In turn, the accepted response from EDF and AREVA has been as follows.
1. All networked communications will be one-way, from the Class 1 systems to lower Class 2 and 3 systems. The implementation will be through the isolation provided by one-way diodes. The permissive signals that were to be implemented through the lower Class systems will now be implemented using Class 1 Safety Information and Control System (SICS) equipment including a Qualified Display System.
2. There will be a Class 1 SICS operational in the Main Control Room and a similar panel in the Remote Shutdown Station. The SICS will include simple hard-wired technology and will be fully operational for alarms and displays at all times. Actuation signals from the SICS will be switched on if the Class 3 Plant Information and Control System fails.
3. Class 2 systems, rather than Class 3, will now provide the important station control systems. This will be achieved by reallocating functions to fully comply with IEC 61226:2009 and upgrading the Reactor Control and Surveillance Limitation system to Class 2.
4. Probabilistic claims on each of the main C&I platforms will have lower limits than in the original design for the UK. The shortfall in overall reliability of the safety systems will be made up by the introduction of a Non-Computer-Based Safety System (NCSS). The functions of the NCSS have been designed although details on the platform selection are still being evaluated by EDF and AREVA. However, they have given a commitment that the platform technology will be diverse to all hardware and software on the main Safety Systems.”
In August, French nuclear regulator ASN ordered EDF to modify the I&C system for the Flamanville reactor. It instructed the company to duplicate some of the reactor protection systems from the lower safety class system (SPPA T2000) to the higher safety class system (Teleperm XS).
Related ArticlesSpringfields awards reactor fuel component contract to UK