Safety Systems

13 min read

Some important displayed primary circuit parameters are used as control signals for the safety systems. These parameters are constantly evaluated by the control system and when the allowed limits are breached, the system automatically intervenes. (Source: © PozitivStudija / stock.adobe.com)

Some important displayed primary circuit parameters are used as control signals for the safety systems. These parameters are constantly evaluated by the control system and when the allowed limits are breached, the system automatically intervenes.

Under regular conditions, the power plant is controlled by active systems. These systems need electricity to function and they respond to operator or computer instructions. They can also handle regular operating deviations (e.g. the control of the primary circuit pressure). In case of a serious accident that might result in impaired nuclear safety, the systems must react correctly, under all conditions. That is why the safety systems that do not rely on electronics, electricity, or an operator, take over in such instances.

The simplest safety systems are the passive systems. Systems rely on the laws of physics (gravitation, convection, the reactor’s physical features) or they are simplified, so that only a minimum of outside actions is required and so that they function even with limited electric energy. Passive safety systems have no moving parts; they do not need any electricity or operating liquids and operate automatically without electronics or operator action.

Safety systems of the VVER 440 model V 213 reactor using the bubble containment principle.

Safety systems of the VVER 440 model V 213 reactor using the bubble containment principle.

Barriers

The most important in the nuclear passive safety systems have no moving parts; they do not need any electricity or operating liquids and operate automatically without electronics operator actions. Simply, they are just barriers. The most important in the nuclear power industry is to prevent the release of radionuclides into the environment. That is the reason why there are several layers of barriers surrounding the nuclear fuel.

The last barrier that ensures, in case of an accident, that radioactive substances are not released into the environment is the containment. It is a hermetically sealed reinforced concrete envelope surrounding the entire primary circuit. (Source: ©ChristopheB / stock.adobe.com)

The last barrier that ensures, in case of an accident, that radioactive substances are not released into the environment is the containment. It is a hermetically sealed reinforced concrete envelope surrounding the entire primary circuit.

Fuel matrix

Uranium oxide shaped as a ceramic cylinder is very strong and resistant and most radionuclides generated by the fission reaction remain fixed inside.

Fuel cladding

Zircalloy protects the fuel pellets against direct contact with the coolant and ensures that no radioactive substance will be released into the coolant.

Reactor vessel

A thick-walled steel reactor vessel is another barrier protecting the environment against the release of radionuclides. It is about 30 cm thick and is able to resist very high pressures.

Containment

Its role is to contain any pressure in case of an accident, e.g. a breach of a circulation circuit, and contain the radionuclides in case of their escape. There are many types of containments. The most common are envelopes made of pre-stressed concrete surrounding the entire primary circuit, clad with a layer of steel on the inside. The envelope is hermetically sealed and a slight overpressure is maintained inside. The walls are about 1 m thick and can withstand pressures 2 to 3 times higher than atmospheric pressure. The containment is resistant against an explosion inside the reactor building, as well as an impact of a falling airplane.

Safety barriers of a nuclear power plant.

Safety barriers of a nuclear power plant.

The functionality of these barriers is constantly monitored. Fuel integrity is checked by the coolant: in case of fuel failure, fission products are released into the coolant. The integrity of the primary circuit is checked by the coolant pressure. If the primary circuit pressure drops, there is a leak somewhere. Similarly, the containment integrity is verified, since there should be a constant overpressure maintained inside it. In case any of these barriers loses its integrity, other safety systems step in, based on the severity of the failure.

Inherent Safety Components

The concept of “inherent safety” refers to components that rely on the laws of physics. They make sure that the power plant can handle deviations from operating conditions or even an accident without the intervention of any electronics or an operator. Thanks to inherent safety components, an accident is not propagated and so the reactor itself returns to a safe state.

In the past, important parameter values were recorded by printers on paper. Today, all new power plants use computer data archiving. (Source: © PozitivStudija / stock.adobe.com)

In the past, important parameter values were recorded by printers on paper. Today, all new power plants use computer data archiving.

One of the most important inherent safety components is a reactor core structure that ensures, due to negative feedback, that no spontaneous increase of the fission reaction above the optimal values takes place. A negative thermal coefficient means that if the reactor core temperature increases, the fission reaction intensity decreases and thus also the temperature. It is anticipated that some Generation IV reactors will use this behavior for self-regulation. The existence of a negative void coefficient is very important for reactors cooled and moderated by water. Water slows neutrons down to the slow neutrons needed for the fission reaction. If the coolant starts to boil, the steam bubbles exhibit a lower moderation capability, resulting in a decrease in the a fission reaction and subsequently the temperature is reduced back to its regular operating value.

Another inherent safety component is the employment of convection for the cooling system design. The primary circuit branches conducting the hot coolant are placed above the branches entering the reactor and conducting the cold coolant. In case of a loss of all pumps, at least partial coolant circulation and thus core cooling will still be ensured by convection. Generation IV reactors use fast neutrons for fission and are cooled by molten lead. The reactor core layout is such that during reactor shutdown, a simple convection is sufficient for the coolant to circulate and the reactor core is safely cooled; it does not depend on the availability of the pumps and the reactor is thus even safer.

Another inherent safety component is gravitation, used by the emergency shutoff rods. They are suspended above the reactor core by electromagnets and dropped into the core by gravity, if required.

There are many inherent safety components in a nuclear power plant and the modern plants use them more and more since they lead to even safer nuclear reactor operation and they help to meet the nuclear safety requirements, no matter what the conditions.

Nuclear Reactor Safety

The reactor is the most important piece of the nuclear power plant. Information about its actual state is crucial for the operator, both for its operation, as well as for compliance with nuclear safety regulations. (Source: © Cmon / stock.adobe.com)

The reactor is the most important piece of the nuclear power plant. Information about its actual state is crucial for the operator, both for its operation, as well as for compliance with nuclear safety regulations.

Nuclear reactor safety has three basic goals:

1. Control the nuclear fission;
2. Cool the nuclear fuel;
3. Contain any radionuclides.

Control rods that contain a neutron absorber are used to control the fission reaction. The reactor power output is changed simply by inserting or withdrawing these rods from the reactor core. Emergency shutoff rods are used to stop the fission reaction altogether. This action is known as “scram”. In most reactors, the emergency shutoff rods are suspended above the reactor core by electromagnets and, if required, they drop into the core by gravity. This provides a reactor safe shutoff even in the case of total loss of electric power: the electromagnets disconnect and the rods drop into the reactor core. In some types of reactors, the rods are explosively driven into the core, so that their action is even faster. The fission reaction halts within a few seconds.

Even a shutdown reactor generates a lot of heat and must be cooled permanently. Reactor cooling is provided by a redundant cooling system. It is based on the circulation of the coolant in the primary circuit by means of circulating pumps. Very important is also the final heat absorber used to remove heat, promptly and effectively, from the coolant. Some power plants use cooling towers and their final heat absorber is the atmosphere. The power plants that are cooled by water, use river water or seawater.

The containment and some other hermetically sealed areas cannot be accessed when the reactor is operating. Special passages for operators are opened only during refueling and maintenance shutdowns. (Source: © Shchipkova Elena / stock.adobe.com)

The containment and some other hermetically sealed areas cannot be accessed when the reactor is operating. Special passages for operators are opened only during refueling and maintenance shutdowns.

In the case of a loss of coolant accident (LOCA), each reactor can employ a whole range of emergency cooling systems (emergency core cooling system, or ECCS). Their role is to replace lost coolant, control the pressure, and ensure permanent reactor core cooling and heat removal. The systems used are based on the type and severity of the accident. The cooling medium is replenished from storage tanks, often placed above the primary circuit, so that the coolant does not have to be pumped but flows by gravity.

The coolant may be replenished by high-pressure injection when the loss of coolant is minor and the primary circuit operating pressure can be maintained, or when the reactor power increases and it is difficult to reduce the primary circuit pressure. Low-pressure injection is used for long-term final cooling of  reactor core. The coolant replenishment systems consume very little electric energy (no more than needed to open and close the valves), but circulating pumps require more electricity. In case of the total loss of electric power, there is an isolated heat removal system that uses reactor steam to drive the pumps. This system is powered just by a DC control battery and remains functional for at least 24 hours.

The pressurizer controls the primary circuit pressure automatically. It is a cylinder connected to the primary circuit, half-filled with coolant and half-filled with steam. If the primary circuit pressure is too low, the coolant in the pressurizer heats up by electric heaters generating more steam; its pressure increases and thus also the coolant pressure in the system increases. If the pressure is too high, the steam is sprayed, making it condense, and the pressure is reduced.

If the primary circuit pressure is so high that a loss of integrity might result, the excess pressure is reduced by bubble condensation. Steam from the pressurizer is bled through valves and supplied to a bubble condenser tower, where it bubbles through a large pool of water (often mixed with boric acid). In this way it is cooled, condensed, and the pressure is thus reduced. If the containment pressure is elevated, the containment interior space may be sprayed, resulting in condensation and pressure reduction.

Cylinder of the large diesel generator, the stand-by electric power supply in a power plant facility. In case of loss of electric supply, these generators supply the block’s safety and control systems. For example, in the Temelin nuclear power plant, the diesel generators are the tenth stand-by power supply of electricity. In case of loss of grid and malfunction of all the other nine measures, they will be used. (Source: © Alexey Stiop / stock.adobe.com)

Cylinder of the large diesel generator, the stand-by electric power supply in a power plant facility. In case of loss of electric supply, these generators supply the block’s safety and control systems. For example, in the Temelin nuclear power plant, the diesel generators are the tenth stand-by power supply of electricity. In case of loss of grid and malfunction of all the other nine measures, they will be used.

Redundancy

All the safety components of a nuclear power plant are redundant. Many safety-critical systems are triply redundant or even more. Any nuclear power plant requires electric power for its safe operation. During regular operation, this is supplied from the grid. However, on loss of power, the grid must be replaced by its own electric supplies inside the power plant. The most frequently used are diesel generators. Before they start up, the energy of a flywheel may be used. The critical safety components have their own power supply. Components necessary for cooling the reactor core have their own power supplies located inside the containment. Batteries are also used as a standby power supply. However, their power output is limited. Batteries supply various important systems, such as the control system for the emergency cooling or the reactor state diagnostic system.