ASN Report 2022

play in the event of an accident (“safeguard” systems ensuring emergency shutdown, injection of cooling water into the reactor, etc.) comprise at least two redundant and independent channels. Level 4: Control of accidents with core melt These accidents were studied following the Three Mile Island accident in the United States (1979) and are now taken into account in the design of new reactors such as the European Pressurised Water Reactor (Evolutionary Power Reactor – EPR). The aim is to preclude such accidents or to design systems that can withstand them. Level 5: Mitigation of the radiological consequences of significant releases This involves implementation of the measures set out in the contingency plans including population protection measures: shelter, taking of stable iodine tablets to saturate the thyroid and avoid fixation of released radioactive iodine, evacuation, restrictions on consumption of water and of agricultural products, etc. 1.2.3 Positioning of barriers To limit the risk of releases, several barriers are placed between the radioactive substances and the environment. These barriers must be designed to have a high degree of reliability and must be monitored to detect any weaknesses before a failure. There are three such barriers for Pressurised Water Reactors (PWRs): the fuel cladding, the boundary of the reactor primary system, and the containment (see chapter 10). 1.2.4 Deterministic and probabilistic approaches Postulating the occurrence of certain accidents and verifying that, thanks to the planned functioning of the equipment, the consequences of these accidents will remain limited, is known as a “deterministic” approach. This approach is simple to apply in principle and allows an installation to be designed (and its systems to be sized) with good safety margins, by using so-called “envelope” cases. The deterministic approach is however unable to identify the most probable scenarios because it focuses attention on accidents studied with pessimistic hypotheses. The deterministic approach therefore needs to be supplemented by an approach that better reflects possible accident scenarios in terms of their probability, that is to say the probabilistic approach used in the “Probabilistic Safety Assessments” (PSAs). Thus for nuclear power plants, the level 1 PSAs consist in establishing event trees for each “initiating event” leading to the activation of a safeguard system (level 3 of “Defence in Depth”), defined by the failure (or the success) of the actions provided for in the reactor management procedures and the failure (or correct operation) of the reactor. The probability of each sequence is then calculated based on statistics on the reliability of systems and on the rate of success of actions (including data on “human reliability”). Similar sequences that correspond to the same initiating event are grouped into families, making it possible to determine the contribution of each family to the probability of reactor core melt. Although the PSAs are limited by uncertainties concerning the reliability data and approximations in the modelling of the facility, they consider a broader set of accidents than the deterministic assessments and enable the design resulting from the deterministic approach to be verified and supplemented if necessary. They are therefore to be used as a complement to deterministic studies and not as a substitute for them. The deterministic studies and probabilistic assessments constitute an essential element in the nuclear safety case that addresses equipment internal faults, internal and external hazards, and plausible combinations of these events. To be more precise, the internal faults correspond to malfunctions, failures or damage to facility equipment, including as a result of inappropriate human action. Internal or external hazards correspond to events originating inside or outside the facility respectively and which can call into question the safety of the facility. Internal faults for example include: ∙ loss of the electrical power supplies or the cooling systems; ∙ ejection of a rod cluster control assembly; ∙ breaking of a pipe in the primary or secondary system of a nuclear reactor; ∙ reactor emergency shutdown failure. With regard to internal hazards, the following in particular must be considered: ∙ flying projectiles, notably those resulting from the failure of rotating equipment; ∙ pressure equipment failures; ∙ collisions and falling loads; ∙ explosions; ∙ fires; ∙ hazardous substance emissions; ∙ floods originating within the perimeter of the facility; ∙ electromagnetic interference; ∙ malicious acts. Finally, external hazards more specifically comprise: ∙ the risks induced by industrial activities and communication routes, including explosions, hazardous substance emissions and airplane crashes; ∙ earthquakes; ∙ lightning and electromagnetic interference; ∙ extreme meteorological or climatic conditions; ∙ fires; ∙ floods originating outside the perimeter of the facility; ∙ malicious acts. Limiting the consequences of discharges On-site emergency plan Limiting the consequences of a severe accident Serious accident management Control of accidents Maintaining within the authorised range Design Operation Prevention of anomalies Regulation systems, periodic checks Backup systems, accident procedures THE 5 LEVELS OF DEFENCE IN DEPTH ASN Report on the state of nuclear safety and radiation protection in France in 2022 123 • 02 • The principles of nuclear safety and radiation protection and the regulation and oversight stakeholders 01 02 07 08 13 AP 04 10 06 12 14 03 09 05 11