With regard to new nuclear facilities, this Guide shall apply as of 16 September 2019 until further notice. With regard to operating nuclear facilities and those under construction, this Guide shall be enforced through a separae decision to be taken by STUK. This Guide replaces Guide YVL B.3, 15 November 2013.

pdf version | Explanatory memorandum
Requirements in Finnish and English with id-information

According to Section 7 r of the Nuclear Energy Act (990/1987), the Radiation and Nuclear Safety Authority (STUK) shall specify detailed safety requirements for the implementation of the safety level in accordance with the Nuclear Energy Act.

The publication of a YVL Guide shall not, as such, alter any previous decisions made by STUK. After having heard the parties concerned STUK will issue a separae decision as to how a new or revised YVL Guide is to be applied to operating nuclear facilities or those under construction, and to licensees’ operational activities. The Guide shall apply as it stands to new nuclear facilities.

When considering how the new safety requirements presented in the YVL Guides shall be applied to the operating nuclear facilities, or to those under construction, STUK will take due account of the principles laid down in Section 7 a of the Nuclear Energy Act (990/1987): The safety of nuclear energy use shall be maintained at as high a level as practically possible. For the further development of safety, measures shall be implemented that can be considered justified considering operating experience, safety research and advances in science and technology.

In accordance with Section 7 r(3) of the Nuclear Energy Act, the safety requirements of the Radiation and Nuclear Safety Authority (STUK) are binding on the licensee, while preserving the licensee’s right to propose an alternative procedure or solution to that provided for in the regulations. If the licensee can convincingly demonstrate that the proposed procedure or solution will implement safety standards in accordance with this Act, the Radiation and Nuclear Safety Authority (STUK) may approve a procedure or solution by which the safety level set forth is achieved.

Translation. Original text in Finnish.

101. The IAEA’s general safety requirements [4] prescribe that the safety of nuclear power plants shall be assessed. Guide YVL B.3 “Deterministic safety analyses for a nuclear power plant” presents the requirements for the nuclear power plant’s deterministic safety nalyses. [2019-09-02]

102. Under Section 3 of STUK Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018), it is stated that: The safety of a nuclear facility shall be assessed when applying for a construction license and operating license, in connection with plant modifications, and at Periodic Safety Reviews during the operation of the plant. It shall be demonstrated in connection with the safety assessment that the nuclear facility has been designed and implemented in a manner that meets the safety requirements. The safety assessment shall cover the operational states and accidents of the plant. The safety of a nuclear facility shall also be assessed after accidents and, whenever necessary, on the basis of the safety research results. [2019-09-02]

103. Under Section 3 of STUK regulation STUK Y/1/2018, it is stated that: The nuclear facility’s safety and the technical solutions of its safety systems shall be assessed and substantiated analytically and, if necessary, experimentally. The analyses shall be maintained and revised as necessary, taking into account operating experience from the plant itself and from other nuclear facilities, the results of safety research, plant modifications, and the advancement of calculation methods. [2019-09-02]

104. Under Section 3 of STUK regulation STUK Y/1/2018, it is stated that: The analytical methods employed to demonstrate compliance with the safety requirements shall be reliable, verified and validated for the purpose. The analyses shall demonstrate the conformity with the safety requirements with high certainty. Any uncertainty in the results shall be considered when assessing the meeting of the safety requirements. [2019-09-02]

105. Section 22 b § of the Nuclear Energy Decree (161/1988) set release and dose limits for radioactive substances during anticipated operational occurrences, postulated accidents, design extension conditions and severe accidents. [2019-09-02]

106. Section 10 of STUK Regulation STUK Y/1/2018 prescribes the principles for ensuring the integrity of the fuel, the primary and secondary circuit as well as the containment during plant normal operational conditions, operational occurrences and accidents. [2019-09-02]

201. Guide YVL B.3 applies to deterministic safety analyses for licensing of new nuclear power plants, plant modifications of operating nuclear power plants and periodic plant safety assessments. [2019-09-02]

202. A separate decision will be made on how the Guide applies to other nuclear facilities. [2013-11-15]

2.1 Other Guides concerning safety analyses

203. Requirements pertaining to the nuclear power plant’s risk management and probabilistic risk assessments are given in Guide YVL A.7 “Probabilistic risk assessment and risk management of a nuclear power plant”. [2019-09-02]

204. The requirement for the reactor and fuel behaviour analyses is set forth in para 608 of Guide YVL A.6 “Conduct of operations at a nuclear power plant”. [2019-09-02]

205. The requirement for analyses made in order to prevent criticality accidents is set forth in chapter 5 of Guide YVL B.4 “Nuclear fuel and reactor”. [2019-09-02]

206. Protection of the nuclear power plant from internal and external hazards and the analysis methods pertaining to the hazards are presented in Guide YVL B.7 “Provisions for internal and external hazards at a nuclear facility”. [2019-09-02]

207. The requirements for analyses of releases and doses are set forth in Guide YVL C.4 “Assessment of radiation doses to the public in the vicinity of a nuclear facility”. [2019-09-02]

208. The requirements for analyses of emergency situations and the emergency plan are set forth in Guide YVL C.5 “Emergency arrangements of a nuclear power plant”. [2019-09-02]

209. The requirements for the service loadings, stress analyses, brittle fracture analyses and leak-before-break analyses of the nuclear power plant’s primary circuit and other important nuclear pressure equipment are given in Guide YVL E.4 “Strength analyses of nuclear power plant pressure equipment”. [2019-09-02]

210. The requirements for analyses of failures of I&C systems are set forth in chapter 5.2 of Guide YVL B.1 “Safety design of a nuclear power plant”. [2019-09-02]

2.2 Associated guides

211. The system design requirements for failure criteria and the requirements for achieving a controlled and safe state are given in Guide YVL B.1 [2019-09-02]

212. The acceptance criteria for nuclear fuel are given in Guide YVL B.4. [2019-09-02]

213. The acceptance criteria for the pressure control of the nuclear power plant’s primary circuit are given in Guide YVL B.5 “Reactor coolant circuit of a nuclear power plant”. [2019-09-02]

214. The acceptance criteria for the integrity of the nuclear power plant’s containment are given in Guide YVL B.6 “Containment of a nuclear power plant”. [2019-09-02]

301. Analyses pertaining to the plant’s behaviour as well as releases of radioactive substances and radiation doses caused by the releases shall cover the nuclear power plant’s normal operational states, anticipated operational occurrences, postulated accidents, design extension conditions and severe reactor accidents. Examples of the events to be analysed are given in [4 and 5]. [2019-09-02]

302. The scope of the analysed events shall provide a comprehensive assessment of the nuclear power plant’s behaviour during incidents and accidents as well as releases and doses due to incidents and accidents. [2013-11-15]

303. Operator actions shall be assessed to identify essential operator actions needed in accident management and to assess the effects of potential operator errors. [2019-09-02]

304. The inadvertent actuation of every system accomplishing a safety function shall be addressed as an initiating event. [2013-11-15]

305. Pressure control analyses for the reactor coolant circuit shall consider cases during which the reactor pressure tends to increase or decrease in consequence of an initiating event, and situations where the coolant circuit pressure must be increased or decreased. [2013-11-15]

306. Pressure control analyses shall cover also low operating temperatures. [2019-09-02]

307. Removed. [2019-09-02]

308. Severe reactor accident analyses shall cover all actions required for the plant's severe reactor accident strategy and the phenomena associated with the strategy. [2013-11-15]

4.1 General

401. Analyses shall cover anticipated operational occurrences and accidents that determine or limit the dimensioning of systems accomplishing safety functions. [2013-11-15]

402. Anticipated operational occurrences and accidents shall be analysed starting from the initiating event and ending in a safe state. [2013-11-15]

4.2 Methods of analysis

403. The suitability of analysis methods for their purpose shall be justified. [2013-11-15]

404. A description of the models and calculation methods employed in the analyses shall be presented. The models shall be described to a level of precision that allows for verifying the correctness of the model in relation to the plant design as well as assessing the applicability of the selected modelling solutions. The information presented in the description shall include an analysis model that describes the facility or a part thereof (such as the nodal distribution used in the model), a justification for the model parameters selected and the plant data used in the analyses or a reference to a source from where the plant data is available. [2019-09-02]

405. The validation of the physical models and computer code used for the analyses shall be substantiated by comparing their calculation results to separae effects tests or tests carried out on entire systems, or to disturbances that have occurred at nuclear power plants. Comparison with models that have already been validated may also be utilised. [2013-11-15]

406. The plant and fuel type specific experimental correlations used in the calculation methods shall be justified by presenting the measurement data from which the correlations have been derived. If the correlation is commonly known and the measurement data are publicly available, a bibliographic reference is sufficient. [2013-11-15]

407. If reliable calculation methods are not available, the acceptability of the technical solution in question shall be justified by means of experiments. [2013-11-15]

408. The accepted methods to be used in the plant behaviour analyses are either the conservative analysis method supplemented with sensitivity studies or the best estimate method supplemented with uncertainty analysis.

409. Sensitivity studies supplementing conservative analyses shall define how sensitive the results are for the models used, the initial conditions and the main paraeters. [2013-11-15]

410. Utilisation of the best estimate method shall be supplemented with an uncertainty analysis that is justifiable by statistical methods. Examples of such methods are given in [7]. [2019-09-02]

4.3 Assumptions for the analyses

411. The initial conditions of the analyses and the chosen parameters used for the analyses shall be justified. [2019-09-02]

411a. If the choice that is the least beneficial in terms of the acceptability of the end result is not unambiguous, analysis results covering the parameter’s entire range of variation shall be presented. [2019-09-02]

412. When using the best estimate method, the failure combination that is the least beneficial to the functionality of the systems shall be chosen in accordance with the failure criteria presented in chapter 4.3 of Guide YVL B.1. [2013-11-15]

413. The selected consideration time preceding operator actions and the time to accomplish the actions shall be sufficiently long. The durations chosen shall be justified. Operators can be assumed to act on each analysed event in accordance with the procedures available in written or electronic form. [2013-11-15]

4.3.1 Assumptions for anticipated operational occurrence analysis

414. Anticipated operational occurrences shall be analysed as follows:
1. All plant systems operate according to design, with the exception of the failure or operator error analysed as the initiating event and the consequences of the initiating event. The most penalising failure in accordance with the (N+1) failure criterion shall be assumed for systems which limit the development of operational occurrences into accidents.
2. Non-safety classified systems shall not be utilised as systems mitigating the consequences of the event. The operation of non-safety classified systems (start-up, ongoing operation or stoppage) shall be postulated if a system’s designed operation could aggravate the consequences of the initiating event. Systems designed for anticipated operational occurrences or postulated accidents shall be assumed to operate at their minimum level of performance. [2019-09-02]

414a. It is not necessary to combine an assumption of the loss of off-site power with analyses of anticipated operational occurrences. The loss of off-site power shall be analysed as a separate initiating event. [2019-09-02]

4.3.2 Assumptions for postulated accident analysis

415. Safety systems shall be assumed to operate at their minimum system performance during postulated accidents. [2019-09-02]

416. Normal operation systems shall not be utilised as systems mitigating the consequences of an event. The operation of normal operation systems (start-up, ongoing operation or stoppage) shall be postulated if a system’s designed operation could aggravate the consequences of the initiating event. [2019-09-02]

417. In analyses of postulated accidents, only systems designed for postulated accidents may be utilised as systems mitigating the consequences of an event from the initiating event up until the controlled state and during the maintenance of this state. The operation (start-up, ongoing operation or stoppage) of systems limiting the development of operational occurrences into accidents shall be postulated if a system’s designed operation could aggravate the consequences of the initiating event. [2019-09-02]

418. An assumption of the loss of off-site power shall be combined with postulated accidents if it could aggravate the consequences of the initiating event. The loss of off-site power shall be postulated at the worst possible point of time in terms of managing the situation. [2019-09-02]

4.3.3 Assumptions for design extension condition analyses

419. For DEC A accidents, the most penalising single failure shall be assumed in one of the systems whose operation is required to accomplish a safety function in the event in question. For DEC B and C accidents, a single failure need not be assumed. The consequences of an initiating event shall be assumed in the analyses. [2019-09-02]

419a. Normal operation systems shall not be utilised as systems mitigating the consequences of the event in the analyses of DEC A accidents. The operation of normal operation systems (start-up, ongoing operation or stoppage) shall be postulated if a system’s designed operation could aggravate the consequences of the initiating event. [2019-09-02]

420. In the analyses of DEC A accidents, the initiating event shall be combined with a simultaneous loss of off-site power if it could aggravate the consequences of the initiating event. It is not necessary to combine the loss of off-site power with another initiating event in the analyses of DEC B or C accidents unless it is a likely consequence of the initiating event. [2019-09-02]

421. In design extension condition analyses, best estimate methods can be applied concerning assumptions of the plant's initial state and the performance of operating subsystems. [2013-11-15]

422. When the best estimate method is applied to design extension conditions, analyses do not need to be supplemented by an uncertainty analysis in accordance with requirement 410. Analyses of DEC A accidents shall, when necessary, be supplemented by sensitivity studies which demonstrate a sufficient margin with regard to the acceptance criteria. [2019-09-02]

4.3.4 Assumptions for severe reactor accident analysis

423. In analysing severe reactor accidents, best estimate methods can be applied concerning assumptions of the plant's initial state and the performance of operating subsystems. However, the more essential the function, the better assurance for its successful accomplishment shall be provided. [2013-11-15] [2013-11-15]

424. In severe accident analyses, application of the best estimate method need not be complemented with an uncertainty analysis as required in para410. [2013-11-15]

425. In severe reactor accident analyses, the most penalising failure according to the failure criteria presented in Guides YVL B.1 and B.6 shall be assumed for systems designed for severe reactor accident management. Consequences of the initiating event shall also be taken into account. [2019-09-02]

425a. In the analyses of severe reactor accidents, the inoperability of the external power grid shall be postulated up until the controlled state following a severe reactor accident and during the maintenance of this state. [2019-09-02]

426. The time needed for actions required for the severe reactor accident management strategy and other factors relating to the implementation of the actions (e.g. accessibility of locally operated equipment) shall be justified. [2019-09-02]

427. Analyses justifying the hydrogen management strategy shall separaely evaluate cases in which the hydrogen generation rate increases. [2013-11-15]

4.3.5 Assumptions for cooling circuit pressure control analysis

428. Coolant circuit pressure control analyses for anticipated operational occurrences shall be made in the manner required in chapter 4.3.1. It is not necessary to postulate a single failure in primary circuit blow-off valves in these analyses, but the valve control system shall fulfil the (N+1) failure criterion. [2019-09-02]

429. Cooling circuit pressure control analyses for accidents shall be performed as required in chapters 4.3.2–4.3.4. [2019-09-02]

430. In analyses of postulated accidents leading to pressure increase, assumptions for the analyses shall be chosen with the following amendments and additions:

1. Reactor scram occurs from the second signal of the reactor protection system.
2. Pressure reduction systems other than safety valves and the equivalent blow-off valves fail.
3. Safety valves and equivalent blow-off valves are assumed to fail in the closed position as follows:

   Total number of valves:	Failing:
   2–3	1
   4–8	2
   ≥ 9	One fourth of the total number, rounded up to the next whole number.

4. The discharge flow capacity of safety valves and equivalent blow-off relief valves equals the nominal capacity determined on the basis of an applicable standard and the opening pressure equals to the nominal setting.
5. Safety valves and equivalent blow-off valve relief valves are arranged in accordance with decreasing capacity. Equal capacity valves are further arranged in relation to one another in accordance with increasing opening pressure. The valves thus arranged are assumed to fail as follows: first, fourth, ninth, etc.
6. If more than one control device is needed to control the operation of a safety valve or an equivalent blow-off relief valve and the control devices have been set at different pressures, the higher setting pressure shall be assumed as the opening pressure.

[2019-09-02]

431. Removed. [2019-09-02]

5.1 Events to be analysed

501. Release and radiation dose analyses shall be performed on those transient and accident cases required in para 301 which are limiting as regards the release of radioactive substances and radiation doses. Selection of the limiting cases shall be justified. [2019-09-02]

502. The analyses referred to in para 501 shall be supplemented with an analysis of the containment's retention capability, in which the source term into the containment is calculated according to the maximum number of failed fuel rods (10%) allowed in a class 2 postulated accident as required in para 417 of Guide YVL B.4 . [2019-09-02]

503. The explanatory memorandum of Guide YVL D.3 lists operational occurrences and accidents that shall be postulated for nuclear fuel handling and storage. [2019-09-02]

5.2 Methods of analysis

504. The requirements for plant behaviour analysis methods, which are given in chapter 4.2, apply to the release analysis methods. [2013-11-15]

505. Guide YVL C.4 presents requirements for the analysis methods that are used to estimate radiation doses to the public in the vicinity, caused by the release of radioactive substances from a nuclear power plant. [2019-09-02]

5.3 Assumptions for release and dose related analyses

5.3.1 General assumptions

506. In analysing releases, the same assumptions shall be used to describe the plant as are used in the analyses in chapter 4.3. [2013-11-15]

507. At least the same amount of radioactive substances shall be assumed in the primary coolant at the beginning of an event as is set as the maximum limit in the Technical Specifications of the plant. [2019-09-02]

508. The number of leaking fuel rods before an accident shall be chosen in conformity with para 507. [2013-11-15]

509. The increasing release of fission products due to the pressure difference change between the failed fuel and coolant shall be taken into account in evaluating the concentration of radioactive substances in the primary coolant. The increase in concentration and its dependence on time shall be justified. [2019-09-02]

510. The effect of cooling water that enters the failed fuel rods on the release of radioactive substances shall be taken into account in the analyses. [2013-11-15]

511. The distribution of radioactive substances into gaseous and liquid phases of the leaking substance shall be justified. [2013-11-15]

512. A fraction of the iodine mixed with the steam shall be assumed to be gaseous. The distribution of iodine into gaseous and aerosol phases shall be justified. [2013-11-15]

513. The halogens released into airspace shall be assumed to be partly bound to inorganic and partly to organic compounds. The distribution into the various kinds of compounds shall be justified. [2019-09-02]

514. The radioactive substances entering the airspace shall first be assumed to be transported into the environment via the ventilation and filtering system in a way corresponding to the normal functioning of the system. If the ventilation system can be used in several different ways in the above-mentioned situation, the way leading to the most extensive releases shall be chosen for the analysis. [2013-11-15]

515. Isolation of ventilation may be assumed in accordance with the design of the plant's protection systems, so that any changes in the parameters used as protection limits during accidents are assessed conservatively. [2013-11-15]

516. If the pressure and temperature inside the containment during an accident exceed the values for which the containment leak-tightness requirements have been set and during which the leak rate is experimentally measured, the leak rate used for release calculations shall be separately justified. [2013-11-15]

5.3.2 Fuel handling related postulated accident assumptions

517. In the analysis of the drop of a spent fuel assembly, it shall be assumed that the assembly

1. has been in the reactor core during the whole cycle at full power
2. has been located in the most heavily loaded position of the reactor core and has reached a full discharge burn-up
3. has cooled down for the shortest time of cooling possible in the accident analysed
4. is damaged in such a way that all fuel rods in the assembly lose their leak-tightness.

[2019-09-02]

518. If a transfer cask filled with spent fuel is lifted with the lid not tightly closed, it shall be assumed in the analyses that

1. an accident can occur in any room and at any time when a transfer cask is being lifted
2. the cask has been loaded with fuel that has reached a full discharge burn-up
3. the cooling time required for fuel prior to transfer is the minimum time required in the administrative restrictions
4. the number of failed fuel rods shall be conservatively estimated.

[2019-09-02]

519. In the analysis of the drop of a heavy object, it shall be assumed that

1. an accident can happen at any location where the handling of heavy objects above fuel is allowed
2. the falling object that is applied to the room in question is the most penalising one as regards the damage it causes
3. the fuel burn-up is the highest and the cool-down time the shortest possible in the accident under consideration
4. the number of damaged fuel rods shall be conservatively estimated.

[2013-11-15]

520. During spent fuel handling accidents, all released noble gases shall be assumed to enter the airspace of the building in question. If fuel failure occurs under water, in estimating the release of other fission products, it can be assumed that a part of them is retained by the water and only part is released to the airspace above the water. [2013-11-15]

521. Removed. [2019-09-02]

5.3.3 Dispersal of radioactive substances into the environment

522. Assumptions of the dispersal of radioactive substances into the environment and population dose calculations are presented in Guide YVL C.4. [2013-11-15]

6.1 General requirements

601. Moved to Guide YVL B.1. [2019-09-02]

602. The acceptance criteria set forth in chapters 6.2 and 6.3 are presented for the conservative analysis method. In applying a best estimate method with uncertainty analysis, the result is acceptable if there is a 95% probability with 95% confidence that the examined paraeter will not exceed the acceptance limit set for the conservative analysis method. [2019-09-02]

603. Chapter 4.3 of Guide YVL B.1 sets forth requirements for the reaching of a controlled and safe state. [2013-11-15]

604. Section 22 b § of the Nuclear Energy Decree (161/1988) sets limits for releases of radioactive substances and doses during anticipated operational occurrences and accidents. [2019-09-02]

605. Acceptance criteria for the failure analyses of I&C systems are set forth in chapter 5.2 of Guide YVL B.1. [2013-11-15]

606. The acceptance criteria for the strength analyses of the nuclear power plant’s pressure equipment are given in Guide YVL E.4. [2013-11-15]

607. Removed. [2019-09-02]

6.2 Anticipated operational occurrences

608. The failure or malfunction of a single active component during the normal operation of the plant, analysed as an anticipated operational occurrence with the assumptions in Section 1 of requirement 414, shall not lead to a need to start systems designed for postulated accidents. [2019-09-02]

609. The overpressure acceptance criterion for an event to be analysed as an anticipated operational occurrence using the assumptions in item 1 of para 414 is that design pressure of the primary circuit is not exceeded, and that not a single safety valve of the primary circuit opens. [2019-09-02]

610. The fuel integrity acceptance criteria for anticipated operational occurrences are given in Guide YVL B.4, chapter 4. [2013-11-15]

611. Acceptance criteria for the pressure control of the nuclear power plant during anticipated operational occurrences are given in Guide YVL B.5, chapter 4.2. [2013-11-15]

612. Acceptance criteria for the containment leak-tightness during anticipated operational occurrences is given in Section 10 of STUK Regulation STUK Y/1/2018. [2019-09-02]

6.3 Postulated accidents

613. The fuel integrity acceptance criteria for postulated accidents are given in Guide YVL B.4, chapter 4. [2013-11-15]

614. Acceptance criteria for the pressure control and depressurisation during postulated accidents of a nuclear power plant are given in Guide YVL B.5, chapters 4.3 and 4.4. [2013-11-15]

615. The acceptance criterion for the overpressure protection in postulated accidents is that the pressure of the object to be protected stays below 1.1 times the design pressure of the protected object. [2013-11-15]

616. Acceptance criteria for the containment in postulated accidents are given in Section 13 of Government Decree 717/2013 and in Guide YVL B.6, chapter 3. [2013-11-15]

6.4 Design extension conditions

617. The fuel integrity acceptance criteria for design extension conditions are given in Guide YVL B.4, chapter 4. [2013-11-15]

618. The acceptance criterion for the DEC overpressure protection analysis is that the pressure of the object to be protected stays below 1.2 times the design pressure of the protected object. [2013-11-15]

6.5 Severe accidents

619. Requirements for the depressurisation of the primary circuit during severe reactor accidents are given in Section 10 of STUK Regulation STUK Y/1/2018, and in Guide YVL B.5, chapter 4.4. [2019-09-02]

620. Acceptance criteria for the containment’s behaviour during severe reactor accidents are given in Guide YVL B.6, chapter 3. [2019-09-02]

701. The documents to be submitted to STUK for the nuclear power plant’s licensing process are given in Guide YVL A.1 “Regulatory oversight of safety in the use of nuclear energy”. [2019-09-02]

702. As part of the suitability analysis to be submitted during the decision-in-principle phase, the licence applicant shall demonstrate that the organisation performing the analyses has adequate competence to conduct transient and accident analyses for the preliminary safety analysis report as required in Guide YVL B.3. [2013-11-15]

703. The preliminary safety analysis report shall present the calculation methods for transient and accident analyses and their validation, as well as the preliminary transient and accident analyses demonstrating the acceptability of the systems’ technical solutions. [2013-11-15]

703a. After the construction licence has been granted, with regard to changes in systems important to safety or their detailed design, analyses of transients and accidents indicating the acceptability of the design solutions shall be submitted as part of the modification documentation. [2019-09-02]

704. The final safety analysis report shall present the calculation methods for transient and accident analyses and their validation, as well as the final transient and accident analyses demonstrating the acceptability of the systems’ technical solutions. [2013-11-15]

705. The essential results of the analyses shall be presented in the preliminary and final safety analysis reports. Detailed information on the assumptions and calculation methods used in the analyses may be presented in either the safety analysis report or the topical reports. [2013-11-15]

706. The description of the models and analysis methods as required in para 404 shall be delivered to STUK for information as part of the preliminary and final safety analysis reports. [2013-11-15]

707. The analyses of the preliminary safety analysis report shall describe the plant to the level of detail that is possible at this design stage, in order to facilitate analyses of the plant's operation in all operational conditions during anticipated operational occurrences and accidents. [2013-11-15]

708. The analyses conducted for the operating licence shall describe the plant in a way consistent with the plant for which the operating licence is applied. [2013-11-15]

709. The analyses conducted for an operating plant shall describe the plant in a way consistent with the plant’s current status or consistent with the plant after the implementation of the plant modifications. [2013-11-15]

710. An assessment on the effects of the planned modification to plant behaviour during transient and accidents, and a summary of design analysis results shall be provided as part of the conceptual plan required for modifications to an operating nuclear power plant’s systems important to safety. Analyses verifying the acceptability of the technical solutions shall be provided as part of the pre-inspection documentation. [2019-09-02]

711. In connection with periodic safety assessments, the licensee shall evaluate the scope of and need for updates in transient and accident analyses, and update the analyses for the final safety analysis report, where necessary. [2019-09-02]

801. During the decision-in-principle phase, STUK reviews the suitability analysis provided with the application for a decision-in-principle and the description of calculation methods used in the transient and accident analyses presented in it. STUK draws up a preliminary safety assessment based on the review. [2013-11-15]

802. STUK reviews the preliminary safety analysis report provided with the construction licence application and the transient and accident analyses contained in it, as well as the validation of the calculation methods used. STUK draws up a safety assessment based on the review. [2013-11-15]

803. STUK reviews the final safety analysis report provided with the operating licence application and the transient and accident analyses contained in it, as well as the validation of the calculation methods used. STUK draws up a safety assessment based on the review. [2013-11-15]

804. STUK reviews the conceptual plans, pre-inspection documents and changes to the final safety analysis report of systems modifications in operating nuclear power plants, and approves the above on the basis of the review. [2013-11-15]

805. In the construction licence stage and operating licence stage and, if necessary, during plant operation, STUK shall conduct independent comparative analyses of the most important initiating events impacting the dimensioning of the plant systems, or have such conducted by an outside expert organisation. [2019-09-02]

1. Nuclear Energy Act (990/1987). [2013-11-15]
2. Nuclear Energy Decree (161/1988). [2013-11-15]
3. STUK Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018). [2019-09-02]
4. Safety Assessment for Facilities and Activities, General Safety Requirements. IAEA Safety Standards Series No. GSR Part 4 (Rev.1). IAEA, Vienna 2016. [2019-09-02]
5. Deterministic Safety Analysis for Nuclear Power Plants. IAEA Specific Safety Guide No. SSG-2. IAEA, Vienna 2009. [2013-11-15]
6. Removed. [2019-09-02]
7. Best Estimate Safety Analysis for Nuclear Power Plants: Uncertainty Evaluation. IAEA Safety Reports Series No. 52. IAEA, Vienna 2008. [2013-11-15]
8. Safety of Nuclear Power Plants: Design. IAEA Safety Standards Series No. SSR-2/1 (Rev.1). IAEA, Vienna 2016. [2019-09-02]

Initiating event

Initiating event shall refer to an identified event that leads to anticipated operational occurrences or accidents.

Controlled state

Controlled state shall refer to a state where a reactor has been shut down and the removal of its decay heat has been secured. (STUK Y/1/2018)

Controlled state following a severe reactor accident

Controlled state following a severe reactor accident shall refer to a state where the removal of decay heat from the reactor core debris and the containment has been secured, the temperature of the reactor core debris is stable or decreasing, the reactor core debris is in a form that poses no risk of re-criticality, and no significant volumes of fission products are any longer being released from the reactor core debris. (STUK Y/1/2018)

System

System shall refer to a combination of components and structures that performs a specific function.

Minimum system performance

Minimum system performance can be determined by making the following assumptions:
1. Consider the consequential effects of the initiating event (component failure, for example).
2. Furthermore, select the failure combination that is most detrimental to the functionality of the system in accordance with the failure criterion presented in requirement 442 of Guide YVL B.1. The single failure with the highest reactivity effect is also assumed to occur in the reactor scram system.
3. Determine the performance parameters for each functioning component, which conform to the acceptance limits of components in periodic tests.

Qualification

Qualification is normally used as a synonym for “validation” in YVL-guides. Qualification shall refer to confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.

Validation

Validation shall refer to confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.

Conservative analysis method

Conservative analysis method shall refer to a manner of preparing a safety analysis that considers the uncertainties related to the calculation models and initial assumptions so that, with a high level of certainty, the consequences of the event analysed would be milder than the analysis results.

Criticality accident

Criticality accident shall refer to an accident caused by an uncontrolled chain reaction of nuclear fissions. (STUK Y/1/2018)

Loading analysis

Loading analysis shall refer to the computational analysis, covering the entire life cycle, of the mechanical and thermal loads (service loads) to which a component is subjected in the operational conditions and accidents used as the facility's design bases over the course of its entire life cycle, when the procedures, specifications and analyses concerning operation, required functions and sequences of events are taken into account.

Normal operating conditions

Normal operating conditions shall refer to the planned operation of a nuclear facility according to the operating procedures. Normal operating conditions also include testing, plant start-up and shutdown, maintenance and the replacement of nuclear fuel. (STUK Y/1/2018)

YVL Guides also use the term normal operation, which means the same as normal operating conditions.

Anticipated operational occurrence

Anticipated operational occurrence shall refer to such a deviation from normal operation that can be expected to occur once or several times during any period of a hundred operating years. (Nuclear Energy Decree 161/1988)

Postulated accident

Postulated accident shall refer to a deviation from normal operation which is assumed to occur less frequently than once over a span of one hundred operating years, excluding design extension conditions; and which the nuclear facility is required to withstand without sustaining severe fuel failure, even if individual components of systems important to safety are rendered out of operation due to servicing or faults. Postulated accidents are grouped into two classes on the basis of the frequency of their initiating events: a) Class 1 postulated accidents, which can be assumed to occur less frequently than once over a span of one hundred operating years, but at least once over a span of one thousand operating years; b) Class 2 postulated accidents, which can be assumed to occur less frequently than once during any one thousand operating years. (Nuclear Energy Decree 161/1988)

Design extension condition

Design extension condition shall refer to:
a. an accident where an anticipated operational occurrence or class 1 postulated accident involves a common cause failure in a system required to execute a safety function;
b. an accident caused by a combination of failures identified as significant on the basis of a probabilistic risk assessment; or
c. an accident caused by a rare external event and which the facility is required to withstand without severe fuel failure.
(Nuclear Energy Decree 161/1988)

Pressure control analysis

Pressure control analysis shall refer to an analysis used to demonstrate that the pressure control systems meet the design requirements set for them.

Best estimate method

Best estimate method shall refer to a method of preparing a safety analysis where the physical modelling of any phenomenon studied is as realistic as possible, and the initial assumptions for the analysis are realistically selected.

Safe state

Safe state shall refer to a state where the reactor has been shut down and is non-pressurised, and removal of its decay heat has been secured. (STUK Y/1/2018)

Safe state following a severe reactor accident

Safe state following a severe reactor accident shall refer to a state where the conditions for the controlled state of a severe reactor accident are met and, in addition, the pressure inside the containment is low enough that leak from the containment is minor, even if the containment is not leak-tight. (STUK Y/1/2018)

System/structure/component important to safety

System/structure/component important to safety shall refer to systems, structures or components in safety classes 1, 2 and 3 and systems in class EYT/STUK.

Safety-classified system/structure/component

Safety-classified system/structure/component shall refer to a system, structure or component assigned to safety classes on the basis of its safety significance.

Safety functions

Safety functions shall refer to functions important from the point of view of safety, the purpose of which is to control disturbances or prevent the generation or propagation of accidents or to mitigate the consequences of accidents. (STUK Y/1/2018)

Severe reactor accident

Severe reactor accident shall refer to an accident in which a considerable part of the fuel in a reactor loses its original structure. (STUK Y/1/2018)

Failure criterion (N+1)

(N+1) failure criterion shall mean the same as the single failure criterion. Single failure criterion (N+1) shall mean that it must be possible to perform a safety function even if any single component designed for the function fails.

(N+2) failure criterion

(N+2) failure criterion shall mean that the most important safety functions necessary to bring the plant to a controlled state and to maintain it must be ensured in postulated accidents even if any individual component of a system providing the safety function is inoperable and even if any other component of a system providing the same safety function or of a supporting system necessary for its operation is simultaneously inoperable due to the necessity for its repair, maintenance or testing.

Single failure

Single failure shall refer to a failure due to which a system, component or structure fails to deliver the required performance.

Single failure criterion

Single failure criterion (N+1) shall mean that it must be possible to perform a safety function even if any single component designed for the function fails.