- Email: [email protected]
Advanced power reactors with improved safety characteristics
Appl. Radiat. Isot. Vol. 46, No. 6/7, pp. 701-706, 1995
~
Pergamon
0969-8043(95)00135-2
Copyright © 1995ElsevierScienceLtd Printedin Great Britain.All rights reserved 0969-8043/95 $9.50+ 0.00
Advanced Power Reactors with Improved Safety Characteristics A. B I R K H O F E R Technical University Munich, Arcisstrasse 21, 80333 Munich, Germany The primary objective of nuclear safety is the protection of individuals, society and environment against radiological hazards from accidental releases of radioactive materials contained in nuclear reactors. At a worldwide scale, several advanced reactor concepts are currently being considered, some of them already at a design stage. Essential safety objectives include both further strengthening the prevention of accidents and improving the containment of fission products should an accident occur. Two typical approaches can be distinguished: The first approach basically aims at an evolution of power reactors currently in use, taking into account the findings from safety research and from operation of current plants. The second approach consists in more fundamental changes compared to present designs, often with strong emphasis on specific passive features protecting the fuel and fuel cladding barriers. The paper describes the basic objectives of such developments and illustrates important technical concepts focusing on next generation plants, i.e. designs to be available for industrial application until the end of this decade.
I. Introduction According to the statistics of the International Atomic Energy Agency (IAEA) 417 nuclear power plants were operated in the world at the end of 1993. They produced about 17% of the world's electricity. Furthermore, a significant number of nuclear power plants is under construction. Countries such as France, Japan, China, Korea, Taiwan, U.K., Russia and the Czech and Slovak Republics are continuing or even expanding their nuclear programs. Thus, the number of the world's nuclear power plants is increasing in spite of the problems of public acceptance resulting in abandoning some projects. The large majority of these facilities is equipped with large light water reactors (LWRs). The safety record of the more than 300 Western nuclear power plants is good. After about 5500 cumulated plant operating years, it can hardly be contested that these plants--at normal operational conditions--produce electrical energy at a very low level of environmental and health risk. Moreover, the only severe accident in a Western nuclear power plant, which happened in 1979 in Harrisburg, did not lead to damage outside the plant. Nevertheless, safety concerns are often related to the possibility of a large scale nuclear accident. The accident at Chernobyl in 1986 has pushed ahead such fears in many countries. It was caused by
enormous design deficiencies and extraordinary flaws in organization and human behaviour. However, as we do not know similar deficiencies in concept and operational structures of Western plants, the accident cannot be considered a point of reference for the safety of Western nuclear technology. Irrespective of such technical arguments, the Western public acceptance of nuclear energy was drastically impaired by the catastrophe. On the other hand, in a world with rapidly growing population and energy consumption, it seems not realistic to expect that the role of nuclear energy decreases in the foreseeable future. On the contrary, the environmental problems with burning fossil fuels and the large difficulties in expanding the use of renewable energies are likely to make greater demands on the future nuclear contribution. Nuclear technology is developing further in order to correspond to that demand and safety is playing an essential role in that process.
2. CurrentSafety Concepts The primary objective of nuclear safety is the protection of individuals, society and environment against radiological hazards from accidental releases of radioactive materials contained in nuclear reactors. Hereto, these materials are enclosed by several successive barriers and the barriers protected against
701
702
A. Birkhofer
mishaps and accidents by a multilevel system of safety precautions. The very safety design comprises three levels of protection. High priority is given to prevention of any kind of mishaps. The occurrence of faults and the propagation of disturbances are prevented as early as possible. If a disturbance propagates nevertheless or if a severe damage happens, redundant safety systems provide the protection of the barriers. The evolution of Western reactor technology continuously strengthened these concepts and their implementation using the results of safety research and the lessons from operating experience. Evaluation of that experience confirms the effectiveness of the approach: - - t h e number of scrams generally has dropped to an average in the range between less than one up to a few scrams per plant and year. - - t h e frequency of actuation of safety system has been considerably reduced. - - T h e fraction of the occupational risk, which is related to radiation exposure, is small and decreasing. - - T h e radiation exposure of members of the public, anyhow far below the geographical variations of the exposure received from natural background radiation, has been further and considerably reduced. - - P l a n t specific probabilistic safety analyses, meanwhile carried out for a large number of facilities in order to identify weak points of design and possible improvements, indicate that the probabilities of a severe core damage accident are generally below 10 -4 per plant and year, a value which has been set safety goal for existing nuclear plants by the international nuclear safety advisory group (INSAG) of the IAEA. Irrespective of the high level of accident prevention by current safety technology, research has also addressed beyond-design accidents, i.e. postulated accidents with failure of several or even all engineered safeguards. This research has shown that the thermal inertia of the plants provides considerable time during such an event during which severe core damage can still be prevented by any action capable to restore core cooling. If that should not succeed it would still be possible in many cases to effectively confine the accident consequences to the plant by protecting the containment against the loads resulting from core melt. Such accident management aims at early detecting the emergence of a severe accident, at controlling and ending it or at mitigating its consequences focusing on most vital safety objectives such as shut-down of the plant, cooling of the core, integrity of the containment and the limitation of radioactive releases. Accident management is being progressively established as an additional level of defense in depth. Probabilistic safety analyses indi-
cate, that this level considerably reduces the risk of a severe core damage accident.
3. General Trends in the Development of Future Reactors The current dominance of large LWRs is due to the favorable economics of these plants and the higher specific costs of smaller plants. Nevertheless, the further development of reactor technology considers a broad range of quite different approaches with essential differences regarding technical principles, plant size and time scales for industrial application. Essential objectives include both further strengthening the prevention of accidents and improving the containment of fission products should an accident occur. Basically, three categories of new reactor concepts can be distinguished: - - T h e first category includes designs with almost exclusive reliance on passive (or inherent) safety mechanisms aimed at eliminating possibilities of core degradation. The nature of those mechanisms often imposes rather fundamental changes such as reduction of plant size and power level compared to present large designs. Therefore, concepts of this category are often termed "innovative" or "revolutionary". In particular for small innovative designs, the specific costs are significantly above those of large LWRs. Most of them are assumed to require a prototype before industrial use. They will therefore generally be available for industrial application in a comparatively late time frame. - - T h e second category comprizes reactors of medium size (600-1000 MWe) combining proven technology with new passive safety features (mostly replacing the current active systems) for prevention of fuel damage in the event of an accident. Such reactor concepts are often termed mid-sized passive reactors. Their specific costs are generally higher than those of large LWRs but much below those of small innovative concepts. Some of these designs might require a prototype before industrial use. They will generally be available in a time frame between 10 and 20 yr. - - T h e third category includes designs constituting an evolution of large ( > 1 0 0 0 M W e ) nuclear steam supply systems (NSSS) currently in use, taking into account the findings from safety research and from operation of current plants. Such designs are often termed "large evolutionary" and are typically water cooled. Some of them also include (passive) innovative features. Of particular importance in that regard are innovative containment concepts aimed at mitigating the consequences of severe core damage accidents. Large evolutionary designs generally
Advanced power reactors with improved safety characteristics do not require a prototype for proof of performance. Some of them are already available for industrial application, other are expected to be available by the beginning of the next decade. For all new reactor concepts, defense in depth continues the fundamental basis of safety even if the emphasis on specific levels may be different. A common objective is a strengthening of accident prevention resulting in further reduction of the probability of severe core damage. It is international consensus that frequencies below 10- 5 per plant and year should be strived for. Much smaller accident probabilities are generally assumed difficult to be validated with currently available methods and operating experience. Improved mitigation of consequences of potential severe accidents is therefore considered an essential complementary goal. Hereto, many new concepts aim at strengthening the containment of fission products in the event of such an accident. A widely accepted objective is a containment assuring that the probability of an accident with severe consequences is about one order of magnitude below the probability of severe core damage.
4. Overview of Advanced Technologies The spectrum of new reactor concepts considered world wide ranges from designs already or soon available such as French N4-r and German Konv o i + to innovative approaches aimed at the long term such as modular high-temperature gas cooled reactors. Some technological trends are common to a major number of these developments. An example is the use of technical progress in electromcs and information technology for digital control of safety systems and for more complete and rapid communication. However, many features are quite different for different projects and it is impossible to describe them all in a short paper. The following description addresses selected examples. Some other concepts follow similar ideas. For instance, the simplified boiling water reactor concept developed in the U.S.A. in cooperation with foreign partners is rather similar to the German SWR-600 described below. However, there are also quite different approaches such as liquid metal reactors which are not described here but nevertheless possess a considerable potential for long term energy supply. It should also be mentioned that the development of new reactor concepts is not restricted to the Western world. The Russian nuclear program also includes a remarkable number of interesting projects.
4.1. Innovative concepts relying on passive safety mechanisms 4.1. I. Modular high-temperature gas-cooled reactor. The modular high-temperature gas-cooled reactor ( M HTGR ) constitutes the third generation of gas cooled reactors. The development of this small-sized
703
reactor was mainly advanced in Germany and the U.S.A. It can be used for both electricity and process heat generation. A M H T G R core produces a few hundred MW thermal power. It consists of (hexagonal or spherical) graphite fuel elements cooled by helium and surrounded by a reflector of unfueled graphite blocks. The fuel elements contain the fuel in form of a large number of tiny fuel particles (less than 1 mm in diameter) which are coated with porous graphite and covered by successwe layers of pyrolytic carbon, silicon, carbide and pyrolytic carbon. The robustness of these particles with regard to temperature transients is an essential safety feature. Data from tests indicate essentially no failure of the coating around the fuel particles occur below 1600°C. In the event of an emergency, the graphite provides a large heat sink limiting the temperature. Furthermore, the small-size design permits efficient passive heat transfer to the exterior. Tests which were conducted in the late 1980s on a small high-temperature gas-cooled reactor in Germany demonstrated this reactor's safe response to conditions in which the coolant rapidly escapes from the reactor core and no emergency system is available to restore coolant flow. On the other hand, it would be a major issue for a commercial reactor that the design, as presently configured, does not have a conventional containment. 4.1.2. Process inherent ultimate safety reactor. The Swedish process inherent ultimate safety reactor (PIUS) concept is a mid-sized pressurized water reactor (PWR) with almost exclusive reliance on passive safety features. The fuel assemblies are standard pressurized reactor fuel elements, the steam generators, located outside the concrete reactor vessel, use a conventional straight-tube once-through design. Characteristic features are the use of gravity effects, lack of actively actuated components, and lack of need for direct intervention of the human operator during transients. The reactor is contained in a cylindrical structure ~mmersed in a large prestressed-concrete pressure vessel filled with cool, highly borated water. The design includes a double internal steel liner to prevent leakage of vessel water. During normal operation the hot coolant loop is separated from the cool vessel water by two hydraulic density locks. This lock makes use of the principle that water separates naturally into layers of different densities. Loss of circulation in the primary loop results in the cold, borated water being drawn into the core through the chimney effect, thus shutting down the reactor. Power is controlled by the temperature and the boron content of the reactor circulating loop (no control rods). Residual core heat can be removed either by the steam generators or by the vessel water pool. Pool heat removal is used for extended shutdowns or in emergency conditions and can be achieved by either passive or active means. In the passive heat removal
704
A. Birkhofer
system, heat exchangers submerged in the pool transfer heat to a secondary circuit, which is cooled by naturally circulating ambient air drawn from a dry cooling tower. Without this heat removal system, the pool inventory is still sufficient to cool the reactor for 1 wk after reactor shutdown. The prestressedconcrete pressure vessel also serves as containment, in which the reactor and all key safety systems are located. It is large enough to store spent fuel for the lifetime of the reactor and provides a high level of protection against external impacts. 4.2. Mid-sized reactors with passive safety systems 4.2.1. Advanced passive pressurized water reactor. The advanced passive (AP-600) reactor design was developed in the U.S.A. It has the proven uranium oxide fueled core, with reductions in flow rates, and core power density to increase design thermal margins. The steam generators are of U-tube design. Emergency cooling in the AP-600 is achieved with passive systems using a combination of three cooling water sources, gravity drain of water from two core makeup tanks, a large refueling water storage tank suspended above the level of the core, and two pressurized accumulator tanks. Core decay heat can be removed through a passive residual heat exchanger located in the refueling water storage tank. This heat exchanger transfers decay heat to the refueling water by natural circulation. The containment structure is a cylindrical steel shell that, in emergencies, can be cooled by evaporating water, which is gravity-fed from a large tank above the containment structure. This tank holds a 3-day water supply and can be refilled extemally. Heat is ultimately removed to the atmosphere by a natural air circulation system. Like emergency core cooling, containment cooling requires only automatic valve operations after any major energy release from a major loss of coolant accident. 4.3. SWR-600 The SWR-600 is a mid-sized design being developed in Germany. The reactor operates at a comparatively low power density and with natural circulation of water so that the recirculation pumps are eliminated, resulting in a simpler reactor vessel, reduced vulnerability to loss of coolant, and reduced maintenance. The larger reactor vessel needed for natural circulation provides the additional benefit of a greater inventory of water above the core at the initiation of any transient conditions. Passive emergency core cooling is achieved by a large flooding pool above the reactor so that coolant injection is achieved by gravity driven flow. This feature not only eliminates the injection pumps, but also associated valves, piping, and diesel generator power supplies. An emergency condenser submerged in the flooding pool is used to remove long-term, post-accident decay heat. This passive feature,
already successfully proven in very early German designs, would also be effective in the event of a loss of coolant. The concept further includes passive mechanisms for actuation of safety functions in the event of a decrease of the water level in the reactor pressure vessel. The SWR-600 concept includes innovative containment features in order to avoid major consequences in the event of core damage accident. Among these are the design of the containment against pressure loads from severe accidents, passive cooling of the outer wall of the pressure vessel, a core catcher arrangement, and the inertization of the containment atmosphere. 4.4. Large evolutionary designs Large evolutionary designs are improved versions of current nuclear plants with capacities of greater than 1000 MWe. They seek greater safety margins, greater ease of construction, improved reliability and availability, improved maintainability, lower costs and greater ease of operation over existing large LWRs. Practically all major vendors of nuclear power plants work on such projects. Examples are the advanced boiling water reactor (ABWR: Japan, U.S.A.), the advanced pressurized water reactor (APWR-1300: Japan, U.S.A.), the system 80+ PWR (U.S.A., Sweden, Korea), the W W E R 1000-V392 (Russia), the N 4 + PWR (France), the Konvoi 95+ (Germany) and the European pressurized water reactor (EPR: France/Germany). Some of these designs also include innovative features. Of particular importance are innovations aiming at a more effective mitigation of severe core damage accidents which were not explicitly considered in the design of the current generation of LWR plants. A characteristic example of a large evolutionary LWR design with such type of innovation is the French/German EPR project described in the following.
5. The French-German Evolutionary Approach In early 1992, the French utility Electricit~ de France (EdF), a consortium of German utilities, and the constructor Nuclear Power International (NPI), a joint venture of F R A M A T O M E and Siemens, decided to join the efforts in developing a project for the next generation of nuclear power plants, called the "European pressurized water reactor (EPR)". In order to take maximum benefit of the acquired technological knowledge the project aims at an evolutionary development of the most advanced French and German PWR designs. In addition, new design features are introduced for the containment. As the EPR should be licensable in France and in Germany, work is currently underway in France and Germany to formulate a common requirement forming the basis for the safety demonstration. An essential rationale for the French-German
Advanced power reactors with improved safety characteristics
705
Table 1. Perspectives of selected future reactor concepts Safety features: 1. Accident prevention 2. Mitigation of accident consequences APWR ABWR SYS 80+ BWR 90 N4+ Konvoi 95+
1. Evolutionary, conventional active safety systems 2. Conventional containment, single innovative features
EPR
1. Evolutionary, mainly active safety systems 2. Passive elements (innovative containment design)
AP600 SBWR SWR-600
1. Mainly passive safety systems 2. Partially innovative elements
MHTGR HTR module
1. Mainly inherent features and passive systems
Size
Time scale for industrial use
Technical maturity maturity
large
short-term
high
large
short-term
high
medium
medium-term
medium
small
long-term
medium
small/ medium
long-term
low
2. Not yet defined PIUS PRISM
1. Mainlyinherentfeatures and passivesystems 2. Simplifiedor conventional containment
development is reasoning that another (after Chernobyl) major accident with serious off-site consequences must be averted in the long term and on a global scale, i.e. in a world with approx 500 nuclear power stations. Hereto, a further reduction of the core melt probability is complemented by a "deterministic" exclusion of major off-site damage even in the event of a severe core melt accident. In order to meet the first objective the EPR development search a larger independence of the different levels of defense in depth by eliminating events capable to "bypass" one or several levels of defense and by "optimized" balance of different safety measures. Important elements are improving the man-machine interface, increasing the thermal inertia, decreasing complexity, increased use of passive elements, and consideration of preventive accident management in the plant design. Hereto, the lessons from operating experience with existing plants and results of research such as probabilistic assessments are evaluated. In order t o meet the second objective the Frenchy--German development includes technical developments assuring that there is no longer a need for an evacuation and no longer a possibility of a longterm and large-scale land contamination even in the event of a core damage accident. The maximum conceivable releases shall necessitate only limited protection measures in area and time. Hereto it is intended to consider those severe accident scenarios in the design of the containment which are recognized relevant by safety research and general considerations. Accident situations and phenomena which could lead to large early releases are to be "practically eliminated". Such sequences and phenomena are core meltdown under high system pressure or with conARI 46/6-7--V
tainment bypass, global hydrogen detonations, reactivity accidents, steam explosion (in vessel/ex-vessel), and direct containment heating. Low pressure core melt is to be "dealt with", so that the containment withstands associated loads and the decay heat of the molten core can be removed. Hereto, the EPR design includes a number of technical innovations of the containment such as core catcher and molten core spreading. This approach uses reference scenarios for severe ancient scenarios and the alternative for the corresponding initiating events to exclude them or to "deal" with them by design features.
6. Conclusions In 1991 the IAEA Conference The Safety of Nuclear Power: Strategy for the Future has summarized basic requirements for new reactor concepts as follows: - - " O n e of the necessary prerequisites for the revival of the nuclear power programme is the regaining of public acceptance, and future reactor designs must be perceived as safe by the public. Of special importance to public acceptability are the techniques used to limit off-site consequences . . . " - - " N e x t generation nuclear power plant designs will have incorporated design improvements for accident prevention." - - " T h e next generation of nuclear power plant designs will improve accident mitigation systems. They will consider severe accident scenarios explicitly and systematically in design. The containment system will then play a key role for the next generation of reactors."
706
A. Birkhofer
The new reactor concepts currently under development in the world respond to these requirements by various technical approaches. For instance, considerable differences exist regarding the degree of innovation to be implemented for accident prevention and accident mitigation, the extent to which safety relies on passive safety features, the plant size, costs and technical maturity, and the time scale for industrial application. Table 1 gives an overview on a number of typical Western projects currently underway. The answer to the question which designs provide the best perspectives regarding safety not only depends on basic concepts and specific (passive) safety features but also on factors such as an appropriate balance of different safety measures within defense in depth and long-term reliability. Even if many passive safety features of small- and mediumsized reactor concepts are rather convincing it must be taken into account that there is no general rule they are always more reliable than active systems. F o r instance, gravity driven injections are governed by rather small driving forces leading to flow
patterns possibly difficult to evaluate under accident conditions. Other important aspects are the dimensions "time" and "experience" including the degree of maturity of the respective technologies. It is relevant whether and to which extent existing operational experience can be used for a further development and if a concept requires a demonstration plant before industrial use. Safety assessments will generally be on weaker grounds for innovative nuclear steam supply systems (often just existing as paper studies) than for proven technology with a large amount of operating experience. That also holds for probabilistic analyses. Last but not least it should not be forgotten that the safety record of Western light water reactors is very good and that it is expected to increase further by learning from experience and research within the evolution of the technology. On the whole, a step-bystep development of new approaches starting with evolution of proven designs including selected innovations in the near term and progressing to more innovative solutions in the long run seems therefore the most promising.
~
Pergamon
0969-8043(95)00135-2
Copyright © 1995ElsevierScienceLtd Printedin Great Britain.All rights reserved 0969-8043/95 $9.50+ 0.00
Advanced Power Reactors with Improved Safety Characteristics A. B I R K H O F E R Technical University Munich, Arcisstrasse 21, 80333 Munich, Germany The primary objective of nuclear safety is the protection of individuals, society and environment against radiological hazards from accidental releases of radioactive materials contained in nuclear reactors. At a worldwide scale, several advanced reactor concepts are currently being considered, some of them already at a design stage. Essential safety objectives include both further strengthening the prevention of accidents and improving the containment of fission products should an accident occur. Two typical approaches can be distinguished: The first approach basically aims at an evolution of power reactors currently in use, taking into account the findings from safety research and from operation of current plants. The second approach consists in more fundamental changes compared to present designs, often with strong emphasis on specific passive features protecting the fuel and fuel cladding barriers. The paper describes the basic objectives of such developments and illustrates important technical concepts focusing on next generation plants, i.e. designs to be available for industrial application until the end of this decade.
I. Introduction According to the statistics of the International Atomic Energy Agency (IAEA) 417 nuclear power plants were operated in the world at the end of 1993. They produced about 17% of the world's electricity. Furthermore, a significant number of nuclear power plants is under construction. Countries such as France, Japan, China, Korea, Taiwan, U.K., Russia and the Czech and Slovak Republics are continuing or even expanding their nuclear programs. Thus, the number of the world's nuclear power plants is increasing in spite of the problems of public acceptance resulting in abandoning some projects. The large majority of these facilities is equipped with large light water reactors (LWRs). The safety record of the more than 300 Western nuclear power plants is good. After about 5500 cumulated plant operating years, it can hardly be contested that these plants--at normal operational conditions--produce electrical energy at a very low level of environmental and health risk. Moreover, the only severe accident in a Western nuclear power plant, which happened in 1979 in Harrisburg, did not lead to damage outside the plant. Nevertheless, safety concerns are often related to the possibility of a large scale nuclear accident. The accident at Chernobyl in 1986 has pushed ahead such fears in many countries. It was caused by
enormous design deficiencies and extraordinary flaws in organization and human behaviour. However, as we do not know similar deficiencies in concept and operational structures of Western plants, the accident cannot be considered a point of reference for the safety of Western nuclear technology. Irrespective of such technical arguments, the Western public acceptance of nuclear energy was drastically impaired by the catastrophe. On the other hand, in a world with rapidly growing population and energy consumption, it seems not realistic to expect that the role of nuclear energy decreases in the foreseeable future. On the contrary, the environmental problems with burning fossil fuels and the large difficulties in expanding the use of renewable energies are likely to make greater demands on the future nuclear contribution. Nuclear technology is developing further in order to correspond to that demand and safety is playing an essential role in that process.
2. CurrentSafety Concepts The primary objective of nuclear safety is the protection of individuals, society and environment against radiological hazards from accidental releases of radioactive materials contained in nuclear reactors. Hereto, these materials are enclosed by several successive barriers and the barriers protected against
701
702
A. Birkhofer
mishaps and accidents by a multilevel system of safety precautions. The very safety design comprises three levels of protection. High priority is given to prevention of any kind of mishaps. The occurrence of faults and the propagation of disturbances are prevented as early as possible. If a disturbance propagates nevertheless or if a severe damage happens, redundant safety systems provide the protection of the barriers. The evolution of Western reactor technology continuously strengthened these concepts and their implementation using the results of safety research and the lessons from operating experience. Evaluation of that experience confirms the effectiveness of the approach: - - t h e number of scrams generally has dropped to an average in the range between less than one up to a few scrams per plant and year. - - t h e frequency of actuation of safety system has been considerably reduced. - - T h e fraction of the occupational risk, which is related to radiation exposure, is small and decreasing. - - T h e radiation exposure of members of the public, anyhow far below the geographical variations of the exposure received from natural background radiation, has been further and considerably reduced. - - P l a n t specific probabilistic safety analyses, meanwhile carried out for a large number of facilities in order to identify weak points of design and possible improvements, indicate that the probabilities of a severe core damage accident are generally below 10 -4 per plant and year, a value which has been set safety goal for existing nuclear plants by the international nuclear safety advisory group (INSAG) of the IAEA. Irrespective of the high level of accident prevention by current safety technology, research has also addressed beyond-design accidents, i.e. postulated accidents with failure of several or even all engineered safeguards. This research has shown that the thermal inertia of the plants provides considerable time during such an event during which severe core damage can still be prevented by any action capable to restore core cooling. If that should not succeed it would still be possible in many cases to effectively confine the accident consequences to the plant by protecting the containment against the loads resulting from core melt. Such accident management aims at early detecting the emergence of a severe accident, at controlling and ending it or at mitigating its consequences focusing on most vital safety objectives such as shut-down of the plant, cooling of the core, integrity of the containment and the limitation of radioactive releases. Accident management is being progressively established as an additional level of defense in depth. Probabilistic safety analyses indi-
cate, that this level considerably reduces the risk of a severe core damage accident.
3. General Trends in the Development of Future Reactors The current dominance of large LWRs is due to the favorable economics of these plants and the higher specific costs of smaller plants. Nevertheless, the further development of reactor technology considers a broad range of quite different approaches with essential differences regarding technical principles, plant size and time scales for industrial application. Essential objectives include both further strengthening the prevention of accidents and improving the containment of fission products should an accident occur. Basically, three categories of new reactor concepts can be distinguished: - - T h e first category includes designs with almost exclusive reliance on passive (or inherent) safety mechanisms aimed at eliminating possibilities of core degradation. The nature of those mechanisms often imposes rather fundamental changes such as reduction of plant size and power level compared to present large designs. Therefore, concepts of this category are often termed "innovative" or "revolutionary". In particular for small innovative designs, the specific costs are significantly above those of large LWRs. Most of them are assumed to require a prototype before industrial use. They will therefore generally be available for industrial application in a comparatively late time frame. - - T h e second category comprizes reactors of medium size (600-1000 MWe) combining proven technology with new passive safety features (mostly replacing the current active systems) for prevention of fuel damage in the event of an accident. Such reactor concepts are often termed mid-sized passive reactors. Their specific costs are generally higher than those of large LWRs but much below those of small innovative concepts. Some of these designs might require a prototype before industrial use. They will generally be available in a time frame between 10 and 20 yr. - - T h e third category includes designs constituting an evolution of large ( > 1 0 0 0 M W e ) nuclear steam supply systems (NSSS) currently in use, taking into account the findings from safety research and from operation of current plants. Such designs are often termed "large evolutionary" and are typically water cooled. Some of them also include (passive) innovative features. Of particular importance in that regard are innovative containment concepts aimed at mitigating the consequences of severe core damage accidents. Large evolutionary designs generally
Advanced power reactors with improved safety characteristics do not require a prototype for proof of performance. Some of them are already available for industrial application, other are expected to be available by the beginning of the next decade. For all new reactor concepts, defense in depth continues the fundamental basis of safety even if the emphasis on specific levels may be different. A common objective is a strengthening of accident prevention resulting in further reduction of the probability of severe core damage. It is international consensus that frequencies below 10- 5 per plant and year should be strived for. Much smaller accident probabilities are generally assumed difficult to be validated with currently available methods and operating experience. Improved mitigation of consequences of potential severe accidents is therefore considered an essential complementary goal. Hereto, many new concepts aim at strengthening the containment of fission products in the event of such an accident. A widely accepted objective is a containment assuring that the probability of an accident with severe consequences is about one order of magnitude below the probability of severe core damage.
4. Overview of Advanced Technologies The spectrum of new reactor concepts considered world wide ranges from designs already or soon available such as French N4-r and German Konv o i + to innovative approaches aimed at the long term such as modular high-temperature gas cooled reactors. Some technological trends are common to a major number of these developments. An example is the use of technical progress in electromcs and information technology for digital control of safety systems and for more complete and rapid communication. However, many features are quite different for different projects and it is impossible to describe them all in a short paper. The following description addresses selected examples. Some other concepts follow similar ideas. For instance, the simplified boiling water reactor concept developed in the U.S.A. in cooperation with foreign partners is rather similar to the German SWR-600 described below. However, there are also quite different approaches such as liquid metal reactors which are not described here but nevertheless possess a considerable potential for long term energy supply. It should also be mentioned that the development of new reactor concepts is not restricted to the Western world. The Russian nuclear program also includes a remarkable number of interesting projects.
4.1. Innovative concepts relying on passive safety mechanisms 4.1. I. Modular high-temperature gas-cooled reactor. The modular high-temperature gas-cooled reactor ( M HTGR ) constitutes the third generation of gas cooled reactors. The development of this small-sized
703
reactor was mainly advanced in Germany and the U.S.A. It can be used for both electricity and process heat generation. A M H T G R core produces a few hundred MW thermal power. It consists of (hexagonal or spherical) graphite fuel elements cooled by helium and surrounded by a reflector of unfueled graphite blocks. The fuel elements contain the fuel in form of a large number of tiny fuel particles (less than 1 mm in diameter) which are coated with porous graphite and covered by successwe layers of pyrolytic carbon, silicon, carbide and pyrolytic carbon. The robustness of these particles with regard to temperature transients is an essential safety feature. Data from tests indicate essentially no failure of the coating around the fuel particles occur below 1600°C. In the event of an emergency, the graphite provides a large heat sink limiting the temperature. Furthermore, the small-size design permits efficient passive heat transfer to the exterior. Tests which were conducted in the late 1980s on a small high-temperature gas-cooled reactor in Germany demonstrated this reactor's safe response to conditions in which the coolant rapidly escapes from the reactor core and no emergency system is available to restore coolant flow. On the other hand, it would be a major issue for a commercial reactor that the design, as presently configured, does not have a conventional containment. 4.1.2. Process inherent ultimate safety reactor. The Swedish process inherent ultimate safety reactor (PIUS) concept is a mid-sized pressurized water reactor (PWR) with almost exclusive reliance on passive safety features. The fuel assemblies are standard pressurized reactor fuel elements, the steam generators, located outside the concrete reactor vessel, use a conventional straight-tube once-through design. Characteristic features are the use of gravity effects, lack of actively actuated components, and lack of need for direct intervention of the human operator during transients. The reactor is contained in a cylindrical structure ~mmersed in a large prestressed-concrete pressure vessel filled with cool, highly borated water. The design includes a double internal steel liner to prevent leakage of vessel water. During normal operation the hot coolant loop is separated from the cool vessel water by two hydraulic density locks. This lock makes use of the principle that water separates naturally into layers of different densities. Loss of circulation in the primary loop results in the cold, borated water being drawn into the core through the chimney effect, thus shutting down the reactor. Power is controlled by the temperature and the boron content of the reactor circulating loop (no control rods). Residual core heat can be removed either by the steam generators or by the vessel water pool. Pool heat removal is used for extended shutdowns or in emergency conditions and can be achieved by either passive or active means. In the passive heat removal
704
A. Birkhofer
system, heat exchangers submerged in the pool transfer heat to a secondary circuit, which is cooled by naturally circulating ambient air drawn from a dry cooling tower. Without this heat removal system, the pool inventory is still sufficient to cool the reactor for 1 wk after reactor shutdown. The prestressedconcrete pressure vessel also serves as containment, in which the reactor and all key safety systems are located. It is large enough to store spent fuel for the lifetime of the reactor and provides a high level of protection against external impacts. 4.2. Mid-sized reactors with passive safety systems 4.2.1. Advanced passive pressurized water reactor. The advanced passive (AP-600) reactor design was developed in the U.S.A. It has the proven uranium oxide fueled core, with reductions in flow rates, and core power density to increase design thermal margins. The steam generators are of U-tube design. Emergency cooling in the AP-600 is achieved with passive systems using a combination of three cooling water sources, gravity drain of water from two core makeup tanks, a large refueling water storage tank suspended above the level of the core, and two pressurized accumulator tanks. Core decay heat can be removed through a passive residual heat exchanger located in the refueling water storage tank. This heat exchanger transfers decay heat to the refueling water by natural circulation. The containment structure is a cylindrical steel shell that, in emergencies, can be cooled by evaporating water, which is gravity-fed from a large tank above the containment structure. This tank holds a 3-day water supply and can be refilled extemally. Heat is ultimately removed to the atmosphere by a natural air circulation system. Like emergency core cooling, containment cooling requires only automatic valve operations after any major energy release from a major loss of coolant accident. 4.3. SWR-600 The SWR-600 is a mid-sized design being developed in Germany. The reactor operates at a comparatively low power density and with natural circulation of water so that the recirculation pumps are eliminated, resulting in a simpler reactor vessel, reduced vulnerability to loss of coolant, and reduced maintenance. The larger reactor vessel needed for natural circulation provides the additional benefit of a greater inventory of water above the core at the initiation of any transient conditions. Passive emergency core cooling is achieved by a large flooding pool above the reactor so that coolant injection is achieved by gravity driven flow. This feature not only eliminates the injection pumps, but also associated valves, piping, and diesel generator power supplies. An emergency condenser submerged in the flooding pool is used to remove long-term, post-accident decay heat. This passive feature,
already successfully proven in very early German designs, would also be effective in the event of a loss of coolant. The concept further includes passive mechanisms for actuation of safety functions in the event of a decrease of the water level in the reactor pressure vessel. The SWR-600 concept includes innovative containment features in order to avoid major consequences in the event of core damage accident. Among these are the design of the containment against pressure loads from severe accidents, passive cooling of the outer wall of the pressure vessel, a core catcher arrangement, and the inertization of the containment atmosphere. 4.4. Large evolutionary designs Large evolutionary designs are improved versions of current nuclear plants with capacities of greater than 1000 MWe. They seek greater safety margins, greater ease of construction, improved reliability and availability, improved maintainability, lower costs and greater ease of operation over existing large LWRs. Practically all major vendors of nuclear power plants work on such projects. Examples are the advanced boiling water reactor (ABWR: Japan, U.S.A.), the advanced pressurized water reactor (APWR-1300: Japan, U.S.A.), the system 80+ PWR (U.S.A., Sweden, Korea), the W W E R 1000-V392 (Russia), the N 4 + PWR (France), the Konvoi 95+ (Germany) and the European pressurized water reactor (EPR: France/Germany). Some of these designs also include innovative features. Of particular importance are innovations aiming at a more effective mitigation of severe core damage accidents which were not explicitly considered in the design of the current generation of LWR plants. A characteristic example of a large evolutionary LWR design with such type of innovation is the French/German EPR project described in the following.
5. The French-German Evolutionary Approach In early 1992, the French utility Electricit~ de France (EdF), a consortium of German utilities, and the constructor Nuclear Power International (NPI), a joint venture of F R A M A T O M E and Siemens, decided to join the efforts in developing a project for the next generation of nuclear power plants, called the "European pressurized water reactor (EPR)". In order to take maximum benefit of the acquired technological knowledge the project aims at an evolutionary development of the most advanced French and German PWR designs. In addition, new design features are introduced for the containment. As the EPR should be licensable in France and in Germany, work is currently underway in France and Germany to formulate a common requirement forming the basis for the safety demonstration. An essential rationale for the French-German
Advanced power reactors with improved safety characteristics
705
Table 1. Perspectives of selected future reactor concepts Safety features: 1. Accident prevention 2. Mitigation of accident consequences APWR ABWR SYS 80+ BWR 90 N4+ Konvoi 95+
1. Evolutionary, conventional active safety systems 2. Conventional containment, single innovative features
EPR
1. Evolutionary, mainly active safety systems 2. Passive elements (innovative containment design)
AP600 SBWR SWR-600
1. Mainly passive safety systems 2. Partially innovative elements
MHTGR HTR module
1. Mainly inherent features and passive systems
Size
Time scale for industrial use
Technical maturity maturity
large
short-term
high
large
short-term
high
medium
medium-term
medium
small
long-term
medium
small/ medium
long-term
low
2. Not yet defined PIUS PRISM
1. Mainlyinherentfeatures and passivesystems 2. Simplifiedor conventional containment
development is reasoning that another (after Chernobyl) major accident with serious off-site consequences must be averted in the long term and on a global scale, i.e. in a world with approx 500 nuclear power stations. Hereto, a further reduction of the core melt probability is complemented by a "deterministic" exclusion of major off-site damage even in the event of a severe core melt accident. In order to meet the first objective the EPR development search a larger independence of the different levels of defense in depth by eliminating events capable to "bypass" one or several levels of defense and by "optimized" balance of different safety measures. Important elements are improving the man-machine interface, increasing the thermal inertia, decreasing complexity, increased use of passive elements, and consideration of preventive accident management in the plant design. Hereto, the lessons from operating experience with existing plants and results of research such as probabilistic assessments are evaluated. In order t o meet the second objective the Frenchy--German development includes technical developments assuring that there is no longer a need for an evacuation and no longer a possibility of a longterm and large-scale land contamination even in the event of a core damage accident. The maximum conceivable releases shall necessitate only limited protection measures in area and time. Hereto it is intended to consider those severe accident scenarios in the design of the containment which are recognized relevant by safety research and general considerations. Accident situations and phenomena which could lead to large early releases are to be "practically eliminated". Such sequences and phenomena are core meltdown under high system pressure or with conARI 46/6-7--V
tainment bypass, global hydrogen detonations, reactivity accidents, steam explosion (in vessel/ex-vessel), and direct containment heating. Low pressure core melt is to be "dealt with", so that the containment withstands associated loads and the decay heat of the molten core can be removed. Hereto, the EPR design includes a number of technical innovations of the containment such as core catcher and molten core spreading. This approach uses reference scenarios for severe ancient scenarios and the alternative for the corresponding initiating events to exclude them or to "deal" with them by design features.
6. Conclusions In 1991 the IAEA Conference The Safety of Nuclear Power: Strategy for the Future has summarized basic requirements for new reactor concepts as follows: - - " O n e of the necessary prerequisites for the revival of the nuclear power programme is the regaining of public acceptance, and future reactor designs must be perceived as safe by the public. Of special importance to public acceptability are the techniques used to limit off-site consequences . . . " - - " N e x t generation nuclear power plant designs will have incorporated design improvements for accident prevention." - - " T h e next generation of nuclear power plant designs will improve accident mitigation systems. They will consider severe accident scenarios explicitly and systematically in design. The containment system will then play a key role for the next generation of reactors."
706
A. Birkhofer
The new reactor concepts currently under development in the world respond to these requirements by various technical approaches. For instance, considerable differences exist regarding the degree of innovation to be implemented for accident prevention and accident mitigation, the extent to which safety relies on passive safety features, the plant size, costs and technical maturity, and the time scale for industrial application. Table 1 gives an overview on a number of typical Western projects currently underway. The answer to the question which designs provide the best perspectives regarding safety not only depends on basic concepts and specific (passive) safety features but also on factors such as an appropriate balance of different safety measures within defense in depth and long-term reliability. Even if many passive safety features of small- and mediumsized reactor concepts are rather convincing it must be taken into account that there is no general rule they are always more reliable than active systems. F o r instance, gravity driven injections are governed by rather small driving forces leading to flow
patterns possibly difficult to evaluate under accident conditions. Other important aspects are the dimensions "time" and "experience" including the degree of maturity of the respective technologies. It is relevant whether and to which extent existing operational experience can be used for a further development and if a concept requires a demonstration plant before industrial use. Safety assessments will generally be on weaker grounds for innovative nuclear steam supply systems (often just existing as paper studies) than for proven technology with a large amount of operating experience. That also holds for probabilistic analyses. Last but not least it should not be forgotten that the safety record of Western light water reactors is very good and that it is expected to increase further by learning from experience and research within the evolution of the technology. On the whole, a step-bystep development of new approaches starting with evolution of proven designs including selected innovations in the near term and progressing to more innovative solutions in the long run seems therefore the most promising.