With regard to new nuclear facilities, this Guide shall apply as of 1 July 2019 until further notice. With regard to operating nuclear facilities and those under construction, this Guide shall be enforced through a separate decision to be taken by STUK. This Guide replaces Guide YVL B.6, 15 November 2013.

pdf version) | Explanatory memorandum
Requirements in Finnish and English with id-information

According to Section 7 r of the Nuclear Energy Act (990/1987), the Radiation and Nuclear Safety Authority (STUK) shall specify detailed safety requirements for the implementation of the safety level in accordance with the Nuclear Energy Act.

The publication of a YVL Guide shall not, as such, alter any previous decisions made by STUK. After having heard the parties concerned STUK will issue a separate decision as to how a new or revised YVL Guide is to be applied to operating nuclear facilities or those under construction, and to licensees’ operational activities. The Guide shall apply as it stands to new nuclear facilities.

When considering how the new safety requirements presented in the YVL Guides shall be applied to the operating nuclear facilities, or to those under construction, STUK will take due account of the principles laid down in Section 7 a of the Nuclear Energy Act (990/1987): The safety of nuclear energy use shall be maintained at as high a level as practically possible. For the further development of safety, measures shall be implemented that can be considered justified considering operating experience, safety research and advances in science and technology.

According to Section 7 r(3) of the Nuclear Energy Act, the safety requirements of the Radiation and Nuclear Safety Authority (STUK) are binding on the licensee, while preserving the licensee’s right to propose an alternative procedure or solution to that provided for in the regulations. If the licensee can convincingly demonstrate that the proposed procedure or solution will implement safety standards in accordance with this Act, the Radiation and Nuclear Safety Authority (STUK) may approve a procedure or solution by which the safety level set forth is achieved.

Translation. Original text in Finnish.

101. Section 10 of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) states that in order to prevent the dispersion of radioactive substances, the structural defence-in-depth safety principle shall be implemented. Structural defence-in-depth design shall prevent dispersion of radioactive substances from the fuel of the nuclear reactor into the environment by means of successive barriers which are the fuel and its cladding, the reactor cooling circuit (primary circuit) and the containment. [2019-06-15]

102. Section 10(3) of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) states that in order to ensure containment building integrity,

1. the containment shall be designed to maintain its integrity during anticipated operational occurrences and, with a high degree of certainty, during all accident conditions;
2. pressure, radiation and temperature loads, radiation levels on plant premises, combustible gases, impacts of missiles and short-term high energy phenomena resulting from an accident shall be considered in the design of the containment; and
3. the possibility of containment leaktightness becoming endangered as a result of reactor pressure vessel fracturing shall be extremely low. [2019-06-15]

103. Section 10(4) of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) states that a nuclear power plant shall be equipped with systems to ensure the stabilisation and cooling of molten core material generated during a severe accident. The possibility of direct interaction of molten core material with the load bearing containment structure shall be extremely low. [2019-06-15]

104. According to Section 11(3) of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018), in order to prevent accidents and mitigate the consequences thereof, a nuclear power plant shall be provided with systems for shutting down the reactor and maintaining it in a sub-critical state, for removing decay heat generated in the reactor; and for retaining radioactive materials within the plant. Design of such systems shall apply redundancy, separation and diversity principles that ensure implementation of a safety function even in the event of malfunctions. [2019-06-15]

105. Section 11(8) of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) states that the systems needed for reaching and maintaining a controlled state and the monitoring of the progress of an accident and the plant’s status in severe reactor accidents in a nuclear power plant shall be independent of the systems designed for normal operation, anticipated operational occurrences and postulated accidents. The leaktightness of the containment during a severe reactor accident shall be reliably ensured. [2019-06-15]

106. Section 11(9) of Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) states that the plant shall be designed so that it can be reliably brought into a safe state after a severe reactor accident. [2019-06-15]

107. Section 22 b(3) of Nuclear Energy Decree (161/1988) specifies the dose limits for anticipated operational occurrences, Class 1 and 2 postulated accidents and design extension conditions. [2019-06-15]

108. Section 22 b(4)(5) of Nuclear Energy Decree (161/1988) states that the release of radioactive substances arising from a severe accident shall not necessitate large scale protective measures for the population nor any long-term restrictions on the use of extensive areas of land and water. In order to limit the long term effects, the limit for atmospheric releases of cesium-137 is 100 terabecquerel (TBq). The possibility of exceeding the set limit shall be extremely small. [2019-06-15]

109. Section 22 b(6) of Nuclear Energy Decree (161/1988) states that possibility of a release in the early stages of an accident requiring measures to protect the population shall be extremely small. [2019-06-15]

201. Guide YVL B.6 sets out detailed requirements and acceptance criteria for design and leaktightness testing of the nuclear power plant containment by which compliance with the provisions of Nuclear Energy Act (161/1988) and the Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018) discussed in section 1 is ensured and demonstrated. The requirements set out in Guide YVL B.6 supplement requirements set out in Guide YVL B.1 “Safety design of a nuclear power plant”. [2019-06-15]

202. Application of Guide YVL B.6 to other nuclear facilities is subject to a separate application decision. [2013-11-15]

2.1 Associated guides

203. The requirements for the safety design of nuclear power plants are set out in Guide YVL B.1 “Safety design of a nuclear power plant”. [2019-06-15]

204. The requirements for addressing internal and external hazards at nuclear power plants are set out in Guide YVL B.7 “Provisions for internal and external hazards at a nuclear facility”. [2019-06-15]

205. Detailed containment design requirements pertaining to aircraft impacts are specified in Guide YVL A.11 “Security of a nuclear facility”. [2019-06-15]

206. The requirements for the deterministic safety analysis of nuclear power plants are set out in Guide YVL B.3 YVL B.3 “Deterministic safety analyses for a nuclear power plant”. [2019-06-15]

207. The requirements for design, construction and in-service inspections of the concrete, steel and composite structures of safety-classified buildings of nuclear facilities are set out in Guide YVL E.6 “Buildings and structures of a nuclear facility”. [2019-06-15]

208. The requirements for electrical and I&C equipment of nuclear facilities are set out in Guide YVL E.7 “Electrical and I&C equipment of a nuclear facility”. [2019-06-15]

209. The requirements for marking of emergency exits are set out in Guide YVL B.8 “Fire protection at a nuclear facility”. [2019-06-15]

210. The requirements for construction and commissioning of the nuclear facility are set out in Guide YVL A.5 “Construction and commissioning of a nuclear facility”. [2019-06-15]

211. The requirements for the operation of a nuclear power plant are set out in Guide YVL A.6 “Conduct of operations at a nuclear power plant”. [2019-06-15]

212. The requirements for ageing management in nuclear facilities are set out in Guide YVL A.8 “Ageing management of a nuclear facility”. [2019-06-15]

3.1 General requirements

301. A nuclear power plant shall be provided with a leaktight containment system to:

1. limit the release of radioactive substances during normal operation, anticipated operational occurrences and accidents;
2. protect the plant against natural and human induced external events; and
3. provide a protective biological shield during normal operation, anticipated operational occurrences and accidents. [2013-11-15]

302. The containment shall protect the integrity of the reactor and its cooling circuit against external events.

303. The containment shall be designed to ensure leak-tightness in case of the external events listed in Guides YVL B.7 and YVL A.11. The containment shall protect the reactor and systems performing safety functions against external events. [2013-11-15]

304. The containment system shall reduce radiation exposure from all sources located inside the containment so as to keep any doses received by the personnel working outside the containment as low as reasonably achievable. [2013-11-15]

305. The containment shall be designed so that following a postulated accident or a design extension condition the plant can be brought in the long term to such a state that allows removal of fuel from the reactor pressure vessel. [2013-11-15]

306. A concrete containment shall be lined with leaktight steel cladding. [2013-11-15]

3.2 Containment integrity in disturbances and accidents

307. Containment design pressure and temperature as well as the corresponding allowed leakage in postulated accidents shall be determined. The containment is considered to be leaktight, when the leakage is less than the allowed leakage. [2013-11-15]

308. The containment design pressure and temperature in postulated accidents are determined by the containment analyses performed in compliance with Guide YVL B.3 by selecting the postulated accident exerting the highest load on the containment as the limiting case. A 10% safety margin shall be added to the maximum pressure (gauge pressure) obtained from the analyses to compensate for the uncertainties associated with the calculation methods and the calculation case. [2019-06-15]

309. The containment shall be dimensioned so as to ensure that it retains its leaktightness in a severe reactor accident even if 100% of the easily oxidising reactor core materials react with water. [2013-11-15]

310. Containment pressure and temperature limits shall be determined within which the containment retains its leaktightness in severe reactor accidents. [2019-06-15]

311, The leaktightness of the containment in severe reactor accidents shall be demonstrated using the containment temperature and pressure obtained from the severe accident analyses performed in compliance with Guide YVL B.3 by increasing the maximum pressure (gauge pressure) by a 50% safety margin and by pressure increase due to hydrogen combustion calculated according to the AICC principle. [2019-06-15]

312. A containment based on the pressure suppression concept shall be designed to ensure that an accident involving the loss of the pressure suppression function will not lead to the loss of containment structural integrity. [2013-11-15]

313. Any accident situation detailed in requirement 312 shall be analysed as a design extension condition (DEC B). The assumptions to be used in the analyses of design extension conditions are presented in Guide YVL B.3. [2013-11-15]

3.3 Containment leak tests

314. The design shall allow for the testing of the leaktightness of the containment, its penetrations, access locks and hatches. [2013-11-15]

3.4 Collection of materials leaked from the containment

315. Any leaks of radioactive substances from the gas space of the primary containment shall be led to the secondary containment from which they can be collected and processed as appropriate. [2013-11-15]

316. The space between the primary and secondary containment shall be provided with a filtered ventilation system capable of maintaining the annulus at a sub-atmospheric pressure during accidents. The secondary containment ventilation system shall remain operable even in the event of a single failure. [2019-06-15]

3.5 Penetrations and access locks

317. Containment penetrations and access locks and hatches shall be designed to withstand the same temperature and pressure loads as the containment itself. [2013-11-15]

318. Location, structure, protection and sealing materials of containment penetrations, access locks and hatches, and isolation valves shall ensure their operability and leaktightness during normal operation, anticipated operational occurrences and accidents. [2013-11-15]

319. Containment penetrations shall withstand the loads exerted by piping movements and accidents as intended in requirement 318. [2019-06-15]

320. There shall be a minimum of two personnel access locks. The personnel access locks shall be located sufficiently far away from each other so as to ensure that at least one of them can be used as an emergency exit from the containment in all situations. Both shall also be operable without electrical power. The requirements for marking of emergency exits are set out in Guide YVL B.8. [2013-11-15]

321. The personnel access locks in the containment shall consist of air locks designed to ensure that at least one door is always closed when the air lock is used for passage. Both doors of the airlock shall be kept closed at all times except when the airlock is used for entering or exiting the containment. [2019-06-15]

322. Equipment hatches shall be provided with double seals capable of being leak-tested. The equipment hatch of the containment shall be kept closed. The equipment hatch may only be opened in circumstances where it can be closed quickly enough to prevent releases resulting from potential transients or accidents under such circumstances. Requirements 353 and 355 concern the use of the equipment hatch during shutdowns. [2013-11-15]

322a. It shall be possible to isolate also other containment access locks and penetrations than those expressly stated in this guide in case of a single failure. [2019-06-15]

3.6 Containment isolation

323. The design shall allow reliable closing of every line penetrating the containment pressure boundary and communicating with the primary coolant or containment atmosphere. Such lines shall be equipped with at least two independent isolation valves in series. The diversity principle shall be applied to the isolation valves in series. [2019-06-15]

324. The isolation valve according to requirement 323 shall be locked closed or have provisions to be closed automatically, in which case it shall be controlled by the plant’s protection system or be of the passively closing type (check valve). There shall be at least one isolation valve both inside and outside the containment. [2013-11-15]

325. Each pipeline penetrating the containment pressure boundary that is not connected to the primary coolant or directly connected to the gas space of the containment shall be provided with at least one isolation valve outside the containment. [2019-06-15]

326. The isolation valve according to requirement 325 shall be either automatically actuated, locked-closed or remotely operated manually. [2013-11-15]

327. The containment isolation valve shall close quickly enough to effectively limit release of radioactive substances from the containment through the valve in an accident. [2013-11-15]

328. The line between the containment isolation valve and the containment boundary shall be as short as possible. [2013-11-15]

329. A check valve may not be used as a containment-external isolation valve. [2013-11-15]

329a. The control function of the containment isolation valves shall be ensured with systems designed for severe reactor accident management. Ensuring shall be tolerant of a single failure for the pipes that are not automatically isolated in connection with an initiating event leading to containment isolation. [2019-06-15]

330. Moved to para. 322a. [2019-06-15]

331. A specific requirement (456e) regarding the isolation valve control function is presented in Guide YVL B.1. [2019-06-15]

332. Automatically actuated containment isolation valves shall preferably be of the self-closing type (fail-safe close) in the event of a loss of power supply to the isolation valve actuator. [2013-11-15]

333. The design shall allow monitoring of the position of the isolation valves from the control room, with the exception of locked-closed manually operated valves. For those valves, information of the valve position must be available at the control room. [2013-11-15]

3.7 Containment internals

334. Loads arising in accident conditions shall not damage containment internal structures or components necessary for accident management to the extent that the damage prevents proper accident management. [2013-11-15]

3.8 Pressure management and temperature management in accident conditions

335. A nuclear power plant shall have systems to remove heat from the containment during accidents. The safety function to be performed by these systems is to reduce containment pressure and temperature, and to keep them at a sufficiently low level. [2019-06-15]

336. Containment heat removal in postulated accidents shall be ensured by one or several systems that together meet the 72-hour self-sufficiency criterion also in the event of a single failure even if any single component affecting the safety function were simultaneously out of operation due to repair or maintenance. [2019-06-15]

337. Containment heat removal in a severe reactor accident shall be ensured even in the case of a single failure. It shall be possible to execute heat removal without water, fuel or any other material replenishments external to the plant site for 72 hours. [2019-06-15]

337a. The implementation of severe reactor accident management shall avoid complex manual or automatic controls and dependence on an external power source. [2019-06-15]

338. Venting of the steam-gas mixture accumulated in the containment into the environment shall be used only, if no other means designed for pressure control are available. This shall be taken into account in the design of the containment pressure reduction function. [2019-06-15]

339. Following a severe reactor accident, it must be possible to decrease the pressure difference across the containment pressure boundary to a level consistent with the safe state following a severe accident . [2019-06-15]

340. With design solutions where containment pressure decrease in compliance with requirement 339 is done by venting gas from the containment into the environment, the venting system must be provided with an efficient filter. After filtering, the released gases shall be routed to the plant ventilation stack. Any combustible gases contained by the discharged gas shall not compromise accident management or the measurement of radioactive emissions. [2013-11-15]

340a. Systems used in bringing the plant to a safe state following a severe reactor accident are not required to be independent from the systems designed for normal operation, anticipated operational occurrences and postulated accidents. When using systems that do not fulfil this independence in order to bring the plant to a safe state or to maintain it following a severe reactor accident, the operability of the systems shall be demonstrated in conditions following a severe reactor accident. [2019-06-15]

340b. It shall be possible, if necessary, to restore the operability of the systems required to bring the plant to a safe state or to maintain it following a severe reactor accident in conditions following the accident. [2019-06-15]

340c. Functions required to bring the plant to a safe state or to maintain it following a severe reactor accident shall be implemented by one or several systems. If the systems are located in facilities that are not accessible in conditions following a severe reactor accident, the single-failure criterion shall be applied to the function in terms of components requiring an external power source. [2019-06-15]

3.9 Combustible gases and energetic phenomena

341. The containment structure and systems used for managing accidents shall prevent such gas burns, gas explosions or other energetic phenomena that may jeopardise containment integrity or leaktightness, or the operability of the components needed for accident management. [2013-11-15]

342. Combustible gases shall be primarily managed by systems and components that are located inside the containment and do not require an external power supply. [2013-11-15]

3.10 Management of reactor debris in a severe reactor accident

343. The debris of a damaged reactor shall be cooled in such a way that release of radioactive substances to the containment atmosphere can be effectively reduced, and that the heat radiated from the debris will not endanger containment integrity. [2013-11-15]

3.11 Cleaning of the gas space in accidents

344. The design shall allow removal of radioactive substances from the containment gas space in accident conditions. [2013-11-15]

3.12 Coatings

345. The coatings used in the containment shall not endanger accident management. [2013-11-15]

3.13 Containment instrumentation

346. Moved to Guide YVL B.1. [2019-06-15]

347. Removed. [2019-06-15]

348. Removed. [2019-06-15]

349. The requirements for measurement and monitoring instrumentation and their qualification are presented in Guides YVL B.1 and YVL E.7. [2019-06-15] (Translation corrected 2020-02-05)

3.14 Containment pressure tests and leak tests

350. A containment pressure test shall be performed prior to the commissioning of the plant to demonstrate the structural integrity of the containment. The overpressure used in the pressure test shall be at least 1.15 times the containment design overpressure. The requirements for commissioning of the nuclear power plant are set out in Guide YVL A.5. The requirements for the containment pressure and leak test plans are set out in Guide YVL E.6. [2013-11-15]

351. Regular leak tests shall be performed on the containment as well as its penetrations, access locks and hatches to ensure that the leaktightness of the containment remains at an acceptable level throughout the service life of the plant. The leak test shall be performed at a pressure equivalent to the maximum pressure in the postulated accident exerting the highest load on the containment. The leak test shall be performed at intervals that enable reliable monitoring of containment leaktightness. [2013-11-15]

352. The containment shall be so designed that the test pressure of the periodic leak test will not endanger the operability of the containment and the structures and components within the containment, or significantly shorten their service life. [2013-11-15]

352a. The estimated date and test programme of the containment pressure and leak tests shall be submitted to STUK no later than one month before the execution of the test. [2019-06-15 ]

3.15 Requirements pertaining to shutdown states

353. The containment or, alternatively, the secondary containment, shall remain leaktight in shutdown states if:

1. fuel is handled inside the containment;
2. heavy loads are transferred above a loaded reactor;
3. heavy loads are transferred above spent fuel pools;
4. actions are taken which increase reactor criticality or may lead to an uncontrollable reduction in the primary circuit water volume. [2013-11-15]

354. The emergency ventilation systems of the secondary containment shall remain operable in conditions where containment leaktightness is required. [2013-11-15]

355. If it is necessary to make the containment non-leaktight during an outage, it shall be possible to restore the leaktightness of the containment within a short enough period of time to effectively prevent release of radioactive substances into the environment in the event of a potential accident occurring during the outage. Justification shall be given for the time required for restoring leaktightness. [2013-11-15]

356. If the leaktightness of a non-leaktight containment cannot be restored in outage conditions, the damage to nuclear fuel during the outage shall be practically eliminated. [2019-06-15]

401. Stages of the containment licensing – decision-in-principle, construction license, operation license and plant modifications – and principles of STUK plant and system level oversight are set out in Guide YVL B.1. Documents pertaining to license applications are set out in Guide YVL A.1 “Regulatory oversight of safety in the use of nuclear energy”. [2019-06-15]

402. The pressure and leak tests specified in requirements 350 and 351 will be overseen by STUK. Requirements for delivery of the test results to STUK are set out in Guide YVL A.9 “Regular reporting on the operation of a nuclear facility”. [2019-06-15]

403. Removed. [2019-06-15]

1. The Nuclear Energy Act (990/1987). [2013-11-15]
2. The Nuclear Energy Decree (161/1988). [2013-11-15]
3. Radiation and Nuclear Safety Authority Regulation on the Safety of a Nuclear Power Plant (STUK Y/1/2018). [2019-06-15]
4. Safety of Nuclear Power Plants: Design, IAEA Safety Standards, Specific Safety Requirements SSR-2/1 (Rev. 1), IAEA Vienna 2016. [2019-06-15]
5. Design of Reactor Containment Systems for Nuclear Power Plants, IAEA Safety Standards, Safety Guide NS-G-1.10, IAEA Vienna 2004. [2019-06-15]
6. WENRA Safety Reference Levels for Existing Reactors, Western European Nuclear Regulators’ Association, Reactor Harmonization Working Group, September 2014. [2019-06-15]

AICC

AICC, Adiabatic Isochoric Complete Combustion, shall refer to a conservative estimate of the pressurisation caused by a hydrogen burn (not a dynamic load, however). The burn is assumed to be adiabatic (no heat is transferred to the structures), isochoric (volume remains unchanged) and complete (all available hydrogen burns up).

Initiating event

Initiating event shall refer to an identified event that leads to anticipated operational occurrences or accidents.

Controlled state

Controlled state shall refer to a state where a reactor has been shut down and the removal of its decay heat has been secured. (STUK Y/1/2018)

Controlled state following a severe reactor accident

Controlled state following a severe reactor accident shall refer to a state where the removal of decay heat from the reactor core debris and the containment has been secured, the temperature of the reactor core debris is stable or decreasing, the reactor core debris is in a form that poses no risk of re-criticality, and no significant volumes of fission products are any longer being released from the reactor core debris. (STUK Y/1/2018)

System

System shall refer to a combination of components and structures that performs a specific function.

Qualification

Qualification is normally used as a synonym for “validation” in YVL-guides. Qualification shall refer to confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.

Normal operating conditions

Normal operating conditions shall refer to the planned operation of a nuclear facility according to the operating procedures. Normal operating conditions also include testing, plant start-up and shutdown, maintenance and the replacement of nuclear fuel. (STUK Y/1/2018)

YVL Guides also use the term normal operation, which means the same as normal operating conditions.

Anticipated operational occurrence

Anticipated operational occurrence shall refer to such a deviation from normal operation that can be expected to occur once or several times during any period of a hundred operating years. (Nuclear Energy Decree 161/1988)

Postulated accident

Postulated accident shall refer to a deviation from normal operation which is assumed to occur less frequently than once over a span of one hundred operating years, excluding design extension conditions; and which the nuclear facility is required to withstand without sustaining severe fuel failure, even if individual components of systems important to safety are rendered out of operation due to servicing or faults. Postulated accidents are grouped into two classes on the basis of the frequency of their initiating events: a) Class 1 postulated accidents, which can be assumed to occur less frequently than once over a span of one hundred operating years, but at least once over a span of one thousand operating years; b) Class 2 postulated accidents, which can be assumed to occur less frequently than once during any one thousand operating years. (Nuclear Energy Decree 161/1988)

Design extension condition

Design extension condition shall refer to:
a. an accident where an anticipated operational occurrence or class 1 postulated accident involves a common cause failure in a system required to execute a safety function;
b. an accident caused by a combination of failures identified as significant on the basis of a probabilistic risk assessment; or
c. an accident caused by a rare external event and which the facility is required to withstand without severe fuel failure.
(Nuclear Energy Decree 161/1988)

72-hour self-sufficiency criterion

72-hour self-sufficiency criterion shall means that the system to which the criterion is applied must be able to perform its function for a minimum of 72 hours so that for the first 24 hours no material replenishments (such as filling the water or fuel tank of the system) are needed, and for the following 48 hours provisions and material reserves exist at the plant site to arrange the necessary material replenishments for the system.

Accident

Accident shall refer to postulated accidents, design extension conditions and severe accidents. (Nuclear Energy Decree 161/1988)

Primary containment

Primary containment shall refer to a pressure-proof and leak-tight building surrounding the reactor and its coolant circuit, the function of which is to protect the reactor and the coolant circuit from external events and prevent the release of radioactive substances into the environment in accidents. When the word ‘containment’ is used in Guide YVL B.6, it refers to the primary containment. The primary containment may be surrounded by a secondary containment. The purpose of the secondary containment is to make possible the recovery and processing of any radioactive substances leaking form the primary containment. For this purpose, the interim space between the primary containment and secondary containment is kept at underpressure. The secondary containment may also provide protection against external events.

Containment system

Containment system shall refer to the containment (structure) and its systems that are designed to isolate the containment, remove heat from inside the containment, and control radioactive substances and combustible gases in accident scenarios.

Safe state

Safe state shall refer to a state where the reactor has been shut down and is non-pressurised, and removal of its decay heat has been secured. (STUK Y/1/2018)

Safe state following a severe reactor accident

Safe state following a severe reactor accident shall refer to a state where the conditions for the controlled state of a severe reactor accident are met and, in addition, the pressure inside the containment is low enough that leak from the containment is minor, even if the containment is not leak-tight. (STUK Y/1/2018)

Safety functions

Safety functions shall refer to functions important from the point of view of safety, the purpose of which is to control disturbances or prevent the generation or propagation of accidents or to mitigate the consequences of accidents. (STUK Y/1/2018)

Severe reactor accident

Severe reactor accident shall refer to an accident in which a considerable part of the fuel in a reactor loses its original structure. (STUK Y/1/2018)

Failure criterion (N+1)

(N+1) failure criterion shall mean the same as the single failure criterion. Single failure criterion (N+1) shall mean that it must be possible to perform a safety function even if any single component designed for the function fails.

(N+2) failure criterion

(N+2) failure criterion shall mean that the most important safety functions necessary to bring the plant to a controlled state and to maintain it must be ensured in postulated accidents even if any individual component of a system providing the safety function is inoperable and even if any other component of a system providing the same safety function or of a supporting system necessary for its operation is simultaneously inoperable due to the necessity for its repair, maintenance or testing. (STUK Y/1/2018)

Single failure

Single failure shall refer to a failure due to which a system, component or structure fails to deliver the required performance.

Single failure criterion

Single failure criterion (N+1) shall mean that it must be possible to perform a safety function even if any single component designed for the function fails.