With regard to new nuclear facilities, this Guide shall apply as of 1 July 2019 until further notice. With regard to operating nuclear facilities and those under construction, this Guide shall be enforced through a separate decision to be taken by STUK. This Guide replaces Guide YVL B.2, 15 November 2013.

pdf version | Explanatory memorandum
Requirements in Finnish and English with id-information

According to Section 7 r of the Nuclear Energy Act (990/1987), the Radiation and Nuclear Safety Authority (STUK) shall specify detailed safety requirements for the implementation of the safety level in accordance with the Nuclear Energy Act.

The publication of a YVL Guide shall not, as such, alter any previous decisions made by STUK. After having heard the parties concerned STUK will issue a separate decision as to how a new or revised YVL Guide is to be applied to operating nuclear facilities or those under construction, and to licensees’ operational activities. The Guide shall apply as it stands to new nuclear facilities.

When considering how the new safety requirements presented in the YVL Guides shall be applied to the operating nuclear facilities, or to those under construction, STUK will take due account of the principles laid down in Section 7 a of the Nuclear Energy Act (990/1987): The safety of nuclear energy use shall be maintained at as high a level as practically possible. For the further development of safety, measures shall be implemented that can be considered justified considering operating experience, safety research and advances in science and technology.

According to Section 7 r(3) of the Nuclear Energy Act, the safety requirements of the Radiation and Nuclear Safety Authority (STUK) are binding on the licensee, while preserving the licensee’s right to propose an alternative procedure or solution to that provided for in the regulations. If the licensee can convincingly demonstrate that the proposed procedure or solution will implement safety standards in accordance with this Act, the Radiation and Nuclear Safety Authority (STUK) may approve a procedure or solution by which the safety level set forth is achieved.

Translation. Original text in Finnish.

101. Under Section 4 of the Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018), the safety functions of a nuclear facility shall be defined and the related systems, structures and components classified on the basis of their safety significance. In addition, requirements set for and the actions taken to ascertain the compliance with the requirements of the systems, structures and components implementing safety functions and connecting systems, structures and components shall be commensurate with the safety class of the item in question. [2019-06-15]

102. Under Section 5 of the Radiation and Nuclear Safety Authority Regulation on the Safety of Disposal of Nuclear Waste (STUK Y/4/2018), the safety functions for the operation of the nuclear facility and long-term safety functions shall be defined, and the systems, structures and components performing them and related to them shall be classified. The classification shall take into account the use of the systems, structures and components on the basis of significance in terms of operational safety, long-term safety or both, if necessary. [2019-06-15]

103. The quality management requirements applied to the systems, structures and components of different safety classes are given in Guides YVL A.3 “Leadership and management for safety”, YVL B.1 “Safety design of a nuclear power plant” and, with regard to components and structures in various fields of technology, in the E Series YVL guides. [2019-06-15]

104. Sections 35 and 36 of the Nuclear Energy Decree contain the requirement that the classification document shall be submitted to STUK as part of the construction and operating licence application. [2019-06-15]

201. This Guide applies to the safety classification and seismic classification of nuclear facilities, classification document review as well as the design, construction and operation requirements for facility parts that ensue from classification. [2013-11-15]

202. Removed. [2019-06-15]

3.1 Principles of safety classification

301. Classification of the nuclear facility’s systems, structures and components shall primarily be based on deterministic methods supplemented, and complemented by a Probabilistic Risk Assessment (PRA) and expert judgement. Requirements of producing and use of the PRA are stated in quide YVL A.7 “Probabilistic risk assessment and risk management of a nuclear power plant”. [2019-06-15]

302. For management of the nuclear facility’s safety functions, the facility shall be divided into structural and functional entities, i.e. systems. [2019-06-15]

302a. The systems shall be further divided into structures and components. The division shall be such that every structure and component affecting the nuclear facility’s operation and safety shall belong to a system. [2019-06-15]

303. The nuclear facility’s systems, structures and components shall be grouped into the Safety Classes 1, 2 and 3 and Class EYT (non-nuclear safety) on the basis of their importance for safety. [2019-06-15]

304. The safety classification of systems shall be based on the facility’s safety functions and the significance of the systems that perform them in terms of the reliability of these safety functions, with due consideration to ensuring safety by defence-in-depth. [2013-11-15]

305. The safety classification of structures shall be based on the structural strength, integrity and leaktightness required to accomplish safety functions or to prevent the spreading of radioactive substances. A structure’s safety class is determined based on which of these justifications requires a higher safety class. [2013-11-15]

306. The safety classification of components shall be based on the function required of them to accomplish safety functions or to prevent the spreading of radioactive substances as well as on the structural strength, integrity and leaktightness required of them. A component’s safety class is determined based on which of these justifications requires the highest safety class. [2013-11-15]

307. All components defined as a safety class boundary are assigned to a higher safety class. [2013-11-15]

307a. Heat exchangers with one side connected to piping classified to a higher safety class and the other side to piping classified to a lower safety class are, in their entirety, classified to the higher safety class. The steam generators of a pressurised water reactor plant are an exception to the general rule of classification of heat exchangers; their primary side is classified to safety class 1 and the secondary side to safety class 2. [2019-06-15]

308. In establishing and applying safety classification, attention shall be paid to the fact that ensuring safety sets different requirements on different types of equipment. For example, structural integrity, mechanical strength and corrosion resistance for pressure equipment and pressurised piping are required. Also functional reliability is required for pumps and valves, Non-pressurised piping and vessels shall, above all, be resistant to corrosion. In fuel storage, the preservation of the storage geometry within safe limits of the storage geometry is of vital importance. With the help of safety classification, requirement levels are graded among systems, structures and components of the same type. The requirements to be set for different types of components need not be similar, but the requirements shall underline the reliability of each component, the focus being on their most important safety features. [2019-06-15]

309. The quality requirements for systems, structures and components as well as for quality assurance shall be so defined that the requirement level is higher in a higher safety class. The requirements shall focus on matters affecting the reliability of safety functions: verification of the structural integrity of structures and components as well as the operational reliability of systems. The requirements shall cover the design, manufacture, construction, installation, commissioning, inspection and actions during the operation of the classified item. [2019-06-15]

3.2 Classification criteria relating to safety functions

310. Systems shall be grouped into three Safety Classes 1, 2 and 3 and Class EYT (non-nuclear safety) based on their significance for the implementation of safety functions. [2019-06-15]

311. When a structure or component is needed to accomplish a system's safety function, or when the structure or component essentially affects the system's safety significance, the system structure or component is assigned to the same safety class as the system that forms the structural or functional entity. Individual components may also be assigned to a safety class higher than the system itself, for example, in positions where the system connects to a system in a higher safety class. Individual components may also be assigned to a lower safety class if it can be justifiably demonstrated that they have no effect on the accomplishment of the system’s safety function. [2019-06-15]

311a. Nuclear reactor cooling circuit (primary circuit) shall be assigned to Safety Class 1. [2019-06-15]

312. Systems accomplishing safety functions and their necessary support systems shall be assigned to Safety Class 2 if they are designed to provide against postulated accidents to bring the facility to a controlled state and to maintain this state. [2019-06-15]

312a. Systems and components accomplishing the containment isolation function and the necessary support systems for the implementation of the function shall be assigned to Safety Class 2 if they are designed to provide against postulated accidents. [2019-06-15]

313. Safety Class 3 shall include systems that
1. are designed to bring the facility into a safe state after anticipated operational occurrences, postulated accidents and design extension conditions DEC A
2. are designed to bring the facility into a controlled state after a severe reactor accident
3. accomplish the diversity principle and are designed to ensure the bringing of the reactor into a controlled state in case of the failure of a system primarily taking care of a corresponding safety function
4. mitigate the consequences of operational occurrences unless they are assigned to a higher safety class for some other reason
5. are designed to control reactor power, pressure or make-up water (the main controllers of the nuclear power plant) provided that they, in case of their failure, directly initiate a Safety Class 2 safety function
6. contribute to nuclear fuel handling or lifting of heavy loads and may, in case of their failure, cause damage to structures or components important to safety by the loss of the safety function implemented by the structure or component, cause spent fuel damage or the possibility of some other significant radiation exposure
7. have been installed as fixed parts of the plant contributing to the radioactivity monitoring of plant processes and ventilation or the control of releases in the plant
8. have been installed as fixed parts of the plant contributing to the monitoring of dose rates or radioactivity of rooms provided that they have control functions
9. are designed to cool spent nuclear fuel
10. prevent significant dispersion of radioactive substances outside the containment when components or structures containing radioactive substances fail or operate erroneously
11. prevent dispersion of radioactive substances inside the containment when components or structures containing radioactive substances fail or operate erroneously provided that the resulting radiation exposure of workers may be significantly higher than normal
12. are essential for maintaining working conditions in the main control room, emergency control room, emergency response centre and other rooms needed in accident situations
13. belong to instrumentation referred to in requirement 5214 of Guide YVL B.1. [2019-06-15]

314. Systems belonging to Class EYT shall be classified to Class EYT/STUK if the system
1. protects systems that perform safety functions from internal or external events, such as fire prevention systems and systems implementing security arrangements
2. monitors radiation, surface contamination or radioactivity of the plant, instruments, workers or the environment (e.g. the environmental radiation monitoring network) or it is used to produce essential information for the radiation safety of the population in an emergency situation (meteorological system) but the system does not belong to Safety Class 3
3. is necessary for bringing the facility to a controlled state and onwards to a safe state in case of events involving a design basis category DEC combination of failures (DEC B) or a rare external event (DEC C)
4. is necessary for bringing the facility from a controlled state to a safe state after a severe reactor accident and for maintaining it
5. is necessary for cooling stored spent nuclear fuel by the diversity principle or for heat transfer from stored spent nuclear fuel to a secondary, final heat sink
6. includes structures or components whose damage may cause significant dispersion of radioactive substances in the plant facilities or to the environment. [2019-06-15]

3.3 Classification criteria ensuring structural resistance, integrity and leaktightness

315. Based on the structural strength, integrity and leaktightness required of them to prevent the spreading of radioactive substances, structures and components shall be grouped into three Safety Classes 1, 2 and 3 as well as Class EYT (non-nuclear safety). [2013-11-15]

316. Safety Class 1 shall include structures and components whose failure could result in an accident compromising reactor integrity and requiring immediate actuation of safety functions. Safety Class 1 includes nuclear fuel, the reactor pressure vessel and those components of the primary circuit whose failure results in a primary circuit leak that cannot be compensated for by systems relating to normal plant operation. [2019-06-15]

317. The following primary circuit components not assigned to Safety Class 1 shall be classified in Safety Class 2:
1. small-diameter piping which, in the event of a break, do not cause a leak that cannot be compensated for by systems relating to normal plant operation
2. components connected to the reactor coolant system through a passive flow-limiting device and which do not, in case of rupture, cause a leak larger than is manageable by systems relating to normal plant operation
3. components which, in the event of their rupture, can be isolated from the reactor coolant system by two successive, automatically closing valves having a closing time that is short enough to allow for safe reactor shutdown and cooldown. [2019-06-15]

318. To be assigned to Safety Class 2 are structures and components whose
1. integrity is required for reactor decay heat removal or the containment of radioactive substances inside the facility following a Safety Class 1 component failure or pipe rupture
2. failure brings about the danger of an uncontrolled chain reaction
3. failure endangers nuclear fuel integrity
4. failure endangers integrity of a Safety Class 1 barrier.

• main components and piping of the emergency core cooling system
• structures of the core support and reactor shutdown system
• primary circuit piping supports and brackets
• the reactor containment including structures relating to the containment isolation function as well as other structures directly connecting to the containment
• nuclear fuel storage racks.

[2019-06-15]

319. To be assigned to Safety Class 3 are
1. buildings and structures ensuring the operability and physical separation of Safety Class 2 systems
2. structures and components ensuring Safety Class 3 functions
3. structures and components relating to barriers to the dispersion of radioactive substances or structures relating to the handling of radioactive materials not assigned to higher safety classes and whose failure could result in a significant release of radioactive substances within the facility or to the environment. [2019-06-15]

320. When determining the safety class of small-diameter piping (DN ≤ 50), the following principles shall be followed:
Small-diameter piping (DN ≤ 20) connected to Safety Class 1 piping or equipment belongs to Safety Class 2. The leakage control pipes (DN ≤ 20) of the sealings of primary circuit equipment belong to Safety Class 3.
Small-diameter piping connected to Safety Class 2 piping or equipment belongs to Safety Class 3.
Small-diameter piping connected to Safety Class 3 piping or equipment belongs to Class EYT (non-nuclear safety). [2013-11-15]

321. The classification of small-diameter piping is not lowered if a leak in the pipe results in the loss of the safety function on which the classification is based. Small-diameter piping of this kind includes impulse lines relating to protection I&C systems measurements, fuel pipes of diesel generators and coolant pipes of pumps. [2013-11-15]

322. Piping supports and brackets shall be placed in a safety class one step lower than the class of piping they support. The supports of Safety Class 3 and EYT piping belong to Class EYT. [2013-11-15]

3.4 Seismic classification

323. The systems, structures and components of nuclear facilities shall be assigned to three categories, S1, S2A and S2B, based on the seismic resistance requirements set for them. [2013-11-15]

324. Systems, structures and components assigned to seismic category S1 shall maintain their integrity, leaktightness, functionality and proper position in a loading situation caused by a design basis earthquake. If justifiable, some components may be assigned only a certain feature, such as leaktightness, which must be maintained in a loading situation induced by a design basis earthquake. [2013-11-15]

325. Seismic category S1 shall comprises
1. in a boiling water reactor, the reactor pressure vessel, main steam pipes up to the containment outer isolation valves including the valves and other piping connecting to the primary circuit up to the containment isolation valves including the valves
2. in a pressurised water reactor, the reactor pressure vessel, primary circuit piping and valves, pressuriser, primary circulation pumps, steam generators, other piping connecting to the primary circuit and secondary circuit pipelines up to the containment isolation valves including the valves
3. reactor pressure vessel internals
4. Safety Class 2 systems, structures and components required to bring the plant to a controlled state during anticipated operational occurrences or postulated accidents at least to the extent that the system’s earthquake-resistant subsystems accomplish the single-failure criterion
5. structures and components which, in case of failure, may bring about significant spreading of radioactive substances inside or outside the facility
6. systems, structures and components required to bring the facility into a safe state and to maintain it
7. systems and structures ensuring the subcriticality and cooling of stored nuclear fuel including spent nuclear fuel storage pools
8. systems, structures and components that are essential for emergency response activities
9. systems which are located in rooms containing safety-classified systems, components or structures and which contain oil, other inflammable fluids or combustible gases or oxygen and other systems whose failure in consequence of a seismic event causes a fire hazard, and systems containing great amounts of toxic or asphyxiating gases
10. the fire detection and alarm systems and fire extinguishing systems with extinguishing agents in rooms containing safety-classified components, unless the consequences of a fire can be demonstrated as highly insignificant by analyses. [2019-06-15]

326. Seismic category S2A shall comprise systems, structures and components the maintenance of whose operability and integrity is not essential for the accomplishment of safety functions but which may have effects depending on their system connection or location (e.g. collapse, falling) or due to other reasons (release of a hazardous substance, fire, flooding) on the safety-related operation or integrity or automated safety functions of seismic category S1 systems. [2019-06-15]

327. All seismic category S1 and S2A components shall be assigned the characteristics (e.g. functionality, integrity) that they must maintain after a loading situation caused by a design basis earthquake. [2013-11-15]

328. Seismic category S2B shall comprise all other systems, structures and components of the nuclear facility. [2013-11-15]

329. Seismic categorisation shall be verified by means of Probabilistic Risk Assessment (PRA). [2013-11-15]

330. The classification document shall mention in the seismic classification section with regard to systems, structures and components belonging to categories S1 and S2A whether their design shall also take into account vibration-induced loading following a large commercial airliner crash and an explosion pressure wave according to YVL B.7. [2019-06-15]

3.5 Classification document

331. Moved to para 104. [2019-06-15]

332. The classification document shall present
1. safety classification criteria
2. seismic classification criteria
3. connection between safety class and quality requirements
4. a list of systems
5. system-specific lists of structures and components for Safety Class 1, 2 and 3 components as well as lists of Class EYT pressure equipment and Class EYT/STUK systems
6. safety class of systems, structures and components
7. seismic classification of systems, structures and components
8. environmental qualification of structures and components
9. flow diagrams for process systems and air conditioning
10. main diagrams for electrical systems
11. conceptual diagrams of I&C systems. [2019-06-15]

333. In the list of systems, the systems shall be consistently arranged into groups and provided with identification markings and safety class designations. [2013-11-15]

334. Classification of buildings, structures and the facility’s main components and their physical location at the facility shall be presented in drawings or in some other manner appropriate for presenting building classification. [2013-11-15]

335. System boundaries shall be unambiguously indicated in the classification document’s main diagrams for electrical systems and in the schematic diagrams of I&C systems. [2013-11-15]

336. The flow diagrams of process systems shall show at least system and class boundaries as well as the process-technical location of components in the system. [2019-06-15]

336a. The safety classification of piping shall be indicated in the flow diagrams of the process systems. [2019-06-15]

337. The classification document shall be updated during the nuclear facility’s operation. [2013-11-15]

401. Based on their safety class, STUK determines the scope of the regulatory oversight of systems, structures and components. [2013-11-15]

402. During the application for a construction licence, STUK assesses the appropriateness of the preliminary system-level safety classification document required under Section 35 of the Nuclear Energy Decree (161/1988) and approves the preliminary classification document. [2013-11-15]

403. During the operating licence phase, STUK reviews and, based on the review, approves the final classification document. [2013-11-15]

404. During the nuclear facility’s operation, STUK reviews and, based on the review, approves modifications and additions to the classification document. STUK also assesses any needs to modify the classification document based on operating experience and the results of PRA, for example. [2013-11-15]

1. Nuclear Energy Act (990/1987) [2013-11-15]
2. Nuclear Energy Decree (161/1988) [2013-11-15]
3. Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018). [2019-06-15]
4. Radiation and Nuclear Safety Authority Regulation on the Safety of Disposal of Nuclear Waste (STUK Y/4/2018). [2019-06-15]
5. Removed. [2019-06-15]
6. Safety of Nuclear Power Plants: Design. IAEA Safety Standards Series, Requirements, No. SSR 2/1 (Rev. 1). IAEA 2016. [2019-06-15]
7. Report WENRA Safety Reference Levels for Existing Reactors, Issue G. WENRA 24.9.2014. [2019-06-15]
8. Safety Classification of Structures, Systems and Components in Nuclear Power Plants, SSG-30, 2014, IAEA. [2019-06-15]

Diversity principle

Diversity principle shall refer to the backing up of functions through systems or components having different operating principles or differing from each other in some other manner, with all systems or components able to implement a function separately. (STUK Y/1/2018)

Controlled state

Controlled state shall refer to a state where a reactor has been shut down and the removal of its decay heat has been secured. (STUK Y/1/2018)

System

System shall refer to a combination of components and structures that performs a specific function.

Seismically classified system/structure/component

Seismically classified system, structure or component shall refer to a system, structure or component which has been classified in different seismic categories based on the earthquake resistance requirements set for them.

Anticipated operational occurrence

Anticipated operational occurrence shall refer to such a deviation from normal operation that can be expected to occur once or several times during any period of a hundred operating years. (Nuclear Energy Decree 161/1988)

Postulated accident

Postulated accident shall refer to a deviation from normal operation which is assumed to occur less frequently than once over a span of one hundred operating years, excluding design extension conditions; and which the nuclear facility is required to withstand without sustaining severe fuel failure, even if individual components of systems important to safety are rendered out of operation due to servicing or faults. Postulated accidents are grouped into two classes on the basis of the frequency of their initiating events: a) Class 1 postulated accidents, which can be assumed to occur less frequently than once over a span of one hundred operating years, but at least once over a span of one thousand operating years; b) Class 2 postulated accidents, which can be assumed to occur less frequently than once during any one thousand operating years. (Nuclear Energy Decree 161/1988)

Design extension condition

Design extension condition shall refer to:
a. an accident where an anticipated operational occurrence or class 1 postulated accident involves a common cause failure in a system required to execute a safety function;
b. an accident caused by a combination of failures identified as significant on the basis of a probabilistic risk assessment; or
c. an accident caused by a rare external event and which the facility is required to withstand without severe fuel failure.
(Nuclear Energy Decree 161/1988)

Design basis earthquake

Design basis earthquake shall refer to facility site ground motion used as the basis for the nuclear facility’s design. The design basis earthquake shall be so defined that in the current geological conditions the anticipated frequency of occurrence of stronger ground motions is not more often than once in a hundred thousand years (1×10^-5/a) at median confidence level. A design basis earthquakes are represented using peak ground acceleration and ground response spectra.

Probabilistic Risk Assessment, PRA

Probabilistic risk assessment (PRA) shall refer to quantitative assessments of hazards, probabilities of event sequences and adverse effects influencing the safety of a nuclear power plant. (Nuclear Energy Decree 161/1988)

Safe state

Safe state shall refer to a state where the reactor has been shut down and is non-pressurised, and removal of its decay heat has been secured. (STUK Y/1/2018)

Safe state following a severe reactor accident

Safe state following a severe reactor accident shall refer to a state where the conditions for the controlled state of a severe reactor accident are met and, in addition, the pressure inside the containment is low enough that leak from the containment is minor, even if the containment is not leak-tight. (STUK Y/1/2018)

System/structure/component important to safety

System/structure/component important to safety shall refer to systems, structures or components in safety classes 1, 2 and 3 and systems in class EYT/STUK.

Safety-classified system/structure/component

Safety-classified system/structure/component shall refer to a system, structure or component assigned to safety classes on the basis of its safety significance.

Safety functions

Safety functions shall refer to functions important from the point of view of safety, the purpose of which is to control disturbances or prevent the generation or propagation of accidents or to mitigate the consequences of accidents. (STUK Y/1/2018)

External events

External events shall refer to exceptional situations or incidents occurring in the vicinity of a nuclear facility that could have a detrimental effect on the safety or operation of the plant.

Severe reactor accident

Severe reactor accident shall refer to an accident in which a considerable part of the fuel in a reactor loses its original structure. (STUK Y/1/2018)