Nuclear Safety - Unequaled Design

Passive-safety systems. Multiple levels of defense. Advanced controls.

The AP1000® pressurized water reactor (PWR) is based on a simple concept: In the event of a design-basis accident, such as a main coolant-pipe break, the reactor is designed to achieve and maintain safe shutdown conditions without operator action, and without the need for ac power or pumps. Rather than relying on active components, such as diesel generators and pumps, the AP1000 reactor relies on natural forces - gravity, natural circulation and compressed gases - to keep the core and the containment from overheating.

The AP1000 PWR provides multiple levels of defense for accident mitigation (defense-in-depth), resulting in extremely low core-damage probabilities while minimizing the occurrences of containment flooding, pressurization and heat-up. Defense-in-depth is integral to the AP1000 reactor design, with a multitude of individual reactor features including the selection of appropriate materials; quality assurance during design and construction; well-trained operators; and an advanced control system and reactor design that provide substantial margins for plant operation before approaching safety limits. In addition to these protections, the following features contribute to defense-in-depth of the AP1000 reactor:

The AP1000 reactor has a unique capability to respond to extreme, Fukushima-like events due to three fundamental safety advancements:

  • Self-actuation: For station blackouts, critical systems, structures, and components automatically achieve a fail-safe configuration without operator action or AC/DC power
  • Self-sufficiency: Passive safety eliminates the importance of AC power and cooling supply
  • Self-contained: Systems, structures, and components that place the reactor in safe shutdown are protected within the containment vessel by a robust shield-building

Non-safety Systems. The non-safety-related systems respond to the day-to-day reactor transients, or fluctuations in plant conditions. For events that could lead to overheating of the core, these highly reliable non-safety systems actuate automatically to provide a first level of defense to reduce the likelihood of unnecessary actuation and operation of the safety-related systems.

Passive Safety-Related Systems. The AP1000 reactor safety-related passive systems and equipment are sufficient to automatically establish and maintain core cooling and containment integrity indefinitely following design-basis events, assuming the most limiting single failure, with no operator action, and no on-site or off-site ac power sources. An additional level of defense is provided through diverse mitigation functions that are included within the passive safety-related systems.

In-vessel Retention of Core Damage. The AP1000 reactor is designed to drain the high capacity in-containment refueling water storage tank (IRWST) water into the reactor cavity in the event that the core has overheated. This provides cooling on the outside of the reactor vessel preventing reactor vessel failure and subsequent spilling of molten core debris into the containment.

Retention of debris in the vessel significantly reduces uncertainty in the assessment of containment failure and radioactive release to the environment due to ex-vessel severe accident phenomena such as the interaction of molten core material with concrete.

Fission Product Release. Fuel cladding provides the first barrier to the release of radiation in the highly unlikely event of an accident. The reactor coolant pressure boundary, in particular the reactor pressure vessel and the reactor coolant piping, provide independent barriers to prevent the release of radiation. Furthermore, in conjunction with the surrounding shield building, the steel containment vessel provides additional protection by establishing a third barrier and by providing natural convection air currents to cool the steel containment. The natural convection cooling can be enhanced with evaporative cooling by allowing water to drain from a large tank located at the top of the shield building on to the steel containment.

Large Safety Margins

The AP1000 PWR meets the U.S. NRC deterministic-safety and probabilistic-risk criteria with large margins. The safety analysis is documented in the AP1000 reactor Design Control Document (DCD) and Probabilistic Risk Assessment (PRA). Results of the PRA show a very low core damage frequency (CDF) that is 1/100 of the CDF of currently operating plants and 1/20 of the CDF deemed acceptable in the Utility Requirements Document for new, advanced reactor designs. It follows that the AP1000 reactor also improves upon the probability of large release goals for advanced reactor designs in the event of a severe accident scenario to retain the molten core within the reactor vessel.

Additional Resources

AP1000 Station Blackout Brochure