Safety principles

Assurance of nuclear safety is based on general principles that have been formed by experience and research. According to these principles, safety is ensured by so-called defence in depth and multiple arrangements. 

The aim is to prevent accidents using good design, high quality and careful operations. However, if a fault or an accident occurs, safety systems are used in order to gain control over it. If this also fails, the goal is to mitigate the environmental impact of the accident as effectively as possible. The design and dimensioning of safety systems are based on computational accident analyses and experimental data.

Defence-in-depth safety approach

Ensuring the safety in order to prevent reactor damage and harmful effects of radiation is done on several successive functional and structural levels that secure each other. This approach is called defence in depth. Ensuring safety can be separated into preventive, protective and mitigating levels.

The first, i.e. the preventive level

The aim is to prevent deviations from the normal operating state of the plant by means of a high level of design and operation. High quality standards and adequate safety margins are applied on the design, manufacture, installation and maintenance of important equipment. In addition, the design aim is to use inherently stable solutions that correct abnormal circumstances. In particular, the reactor is designed in such a way that the inherent feedback will seek to prevent an uncontrolled increase of reactor power. This is based on the fact that a power increase will lead to a rise in reactor temperature, which in turn reduces power.

The second, i.e. the protective level

Although high quality standards are set for the design and operation of facilities, accidents and operating problems may still occur. Because of this, nuclear power plants are equipped with systems to detect problems and prevent their development into serious accidents. These systems ensure in particular reactor shutdown, cooling of the reactor core and removal of residual heat.

The third, i.e. the mitigating level

If the progression of the accident cannot be prevented with actions on the first and second level, it is still possible to mitigate its consequences. In this case, the most important thing is to ensure that the containment building remains intact and that the containment building systems are operational.

Multiple barriers protect the environment

One of the key principles of nuclear safety is to have multiple barriers between radioactive substances and the environment.

1

Nuclear fuel

The first barrier is the nuclear fuel itself. During normal operation, the majority of fission products are in a solid state and will remain as part of the ceramic fuel material. A small part of the gaseous fission products ooze out of the fuel material, but in any case remain inside the tight fuel rod cladding.

2

Cooling circuit wall

The second barrier for release is the cooling circuit wall. Fission products released from leaking fuel rods and radioactive corrosion products contained in the coolant remain in normal operation within a tight cooling circuit, from where they are removed in a controlled manner using a coolant cleaning system or a gas processing system and will be processed as nuclear waste later.

3

Containment building

The third barrier for release is formed by the pressure-resistant and gas-tight containment building surrounding the reactor. Its task is to contain radioactive materials released if the cooling circuit is damaged.

4

Outer containment building

The fourth barrier is usually formed by another building on the outside of the actual containment building, the outer containment or reactor building. Small amounts of gas that may be leaking from the actual containment building are collected from the outer containment building and discharged through filters into the outside air. Most of the radioactive materials with the exception of inert gases are captured in the filters.

The redundancy principle means that safety systems are composed of several mutually compensatory parallel, i.e. redundant subsystems. For example, the system can consist of four subsystems, two of which are sufficient to carry out the required safety function. Alternatively, there may be three subsystems, where the safety function can be carried out by only one operating subsystem.

The use of different operating principles, i.e. the principle of diversity, means that the same operation is carried out by systems based on different operating principles. The aim is to improve the reliability of systems, and in particular to reduce the occurrence of so-called common mode failures at the same time in different subsystems. This principle is applied, for example, on reactor shutdowns, which must be possible to be carried out using two systems based on two different principles. One system can be based on control rods and the other on pumping boron solution, which acts as a neutron absorber, into the reactor.

The principle of separation means that parallel subsystems in safety systems are placed in such a way that their simultaneous damage due to, for example, fire or flood is unlikely. Separation can be done by placing the subsystems in different locations or by placing them in the same space at a sufficient distance from each other, or by building protective structures between the subsystems. Safety-significant systems are placed in different locations from other systems in the facility.

In addition to physical separation, functional separation is also observed. This prevents the mutual interactions between adjacent or interconnected systems. Examples of this include the use of isolation transformers in electronic circuits and isolating valves in systems containing liquid or gas.