Safety is the top priority

For over 60 years, German nuclear power plants have made a contribution to the electricity supply. During this long period, the safety concept has proved its worth and has been continuously improved. The aim of the safety concept is to protect operating personnel and the general public from ionising (radioactive) radiation, which is generated during nuclear fission itself or emitted by the radionuclides produced during nuclear fission.

The basis of the safety concept in Germany and other countries is the interplay between plant safety, safety management, employee qualifications and a practised safety culture. The German nuclear power plants were recognised as being among the safest in the world and were continuously adapted to the advancing state of the art during their operation and could therefore be operated at the highest safety level until the last day of operation.

Fundamentals and principles of reactor safety

The planning, construction, operation and decommissioning of nuclear power plants in Germany and the EU are subject to strict legal regulations and state supervision. The central law for this in Germany is the Atomic Energy Act. A licence may only be granted if "the necessary precautions have been taken in accordance with the state of the art in science and technology against damage caused by the construction and operation of the plant" (Section 7 of the Atomic Energy Act).

The particularly high safety level of German nuclear power plants was achieved through the interaction of several factors:

  • Safety design according to the state of the art in science and technology, with ongoing retrofitting in line with new findings
  • Authorisation and supervision of construction and operation by state licensing authorities supported by independent expert institutions
  • A set of rules with strict requirements
  • Highest quality requirements during construction, regular revisions, inspections and recurring tests during operation and revisions
  • Regular review of the safety concept of the facilities, e.g. as part of periodic safety inspections or peer reviews by international teams
  • Radiation protection through containment of radioactive substances by means of multiple, staggered barriers and shielding as well as minimisation of emissions (air and water path) and radioactive waste
  • Operation by a well-trained operating team
  • Safety management and safety culture geared towards continuous improvement
  • Exchange of experience between operators, including at international level.

Reactor safety research has not come to a standstill either. In Germany and abroad, research programmes are taking place that promise further knowledge gains. Development programmes for new types of reactors of the so-called 4th generation are also contributing to scientific and technical progress in today's pressurised and boiling water reactors.

The commercial nuclear power plants operated in Germany had boiling or pressurised water reactors. In both cases, the electricity is produced in a generator driven by a steam turbine. In both types of reactor, water is used to transport the heat out of the reactor and also acts as a coolant to ensure that the reactor does not overheat. At the same time, the water also serves as a moderator, i.e. to slow down the neutrons released during nuclear fission.

Nuclear power plant with boiling water reactor (simplified schematic drawing)

  1. Reactor pressure vessel
  2. Fuel elements
  3. Control rods
  4. Circulation pumps
  5. Control rod drives
  6. Live steam
  7. Feed water
  8. High-pressure part of the turbine
  9. Low pressure part of the turbine
  10. Generator
  11. Exciter machine
  12. Capacitor
  13. Cooling water
  14. Preheating system
  15. Feed water pump
  16. Cooling water pump
  17. Concrete shielding

Only slowed-down neutrons can trigger a new nuclear fission. In a boiling water reactor, the steam is generated directly in the reactor. In pressurised water reactors, water transports the heat from the reactor to the steam generators, on the secondary side of which the steam for the turbine is generated. Due to the high pressure in the reactor circuit (primary circuit), the water does not boil. The water-steam circuit (secondary circuit) is also closed.

Nuclear power plant with pressurised water reactor (simplified schematic drawing)

  1. Reactor pressure vessel
  2. Fuel elements
  3. Control rods
  4. Control rod drives
  5. Pressure holder
  6. Steam generator
  7. Coolant pump
  8. Live steam
  9. Feed water
  10. High-pressure part of the turbine
  11. Low pressure part of the turbine
  12. Generator
  13. Exciter machine
  14. Capacitor
  15. Cooling water
  16. Preheating system
  17. Feed water pump
  18. Cooling water pump
  19. Concrete shielding

Safety technology: Safe containment of radioactive substances

A large inventory of radioactive substances is produced in the fuel rods of the pressurised or boiling water reactor during nuclear fission. Operating personnel and the general public must be reliably protected from ionising radiation from these radioactive substances. This is achieved firstly by hermetically sealing the radioactive substances and secondly by shielding them against direct radiation.

The barrier concept, which consists of several enclosing shells (see illustration), is used to safely contain the radioactive substances. The fundamental task of reactor safety is to maintain the effectiveness of the barrier concept in all operating states and incidents. Specifically, this requires compliance with the three protection goals:

Control of the reactivity, i.e. the neutron flux:

The reactor's power must be limited and it must be possible to shut it down safely in order to prevent excessive heat generation that cannot be dissipated by the available cooling systems. An uncontrolled increase in power resulting in overheating of the reactor must be physically impossible. After shutdown, it must also be possible to keep the reactor permanently shut down.

Fuel element cooling:

The heat generated by radioactive decay even after the reactor has been shut down must be able to be dissipated safely from the reactor core and the spent fuel pool so that the internal barriers are not jeopardised by overheating.

Protection of the barriers against loss of function:

This is not just about protection against overheating, but also against other causes such as overpressure, hydrogen explosions or external influences.

Inherent stability of the reactor core:

Inherent stability means that an increase in power or temperature in the reactor core always leads to a timely power limitation, if necessary until the reactor is shut down, solely due to inherent physical laws that cannot fail, without any active measures having to be taken. All commercial German nuclear power plants had this feature, and it is common to all pressurised and boiling water reactors in the world. It makes a significant contribution to compliance with the safety targets through staggered measures at the various safety levels.

This inherent safety is due to the fact that water is absolutely necessary to slow down the neutrons. No self-sustaining chain reaction can be maintained with fast neutrons that are not slowed down. If water is lost, for example due to a leak, the number of nuclear fissions is immediately reduced; the nuclear fission process comes to a standstill and the plant shuts itself down. The same effect occurs if the reactor core becomes too hot and a large amount of water vaporises. Steam slows down neutrons much less effectively than water.

▶▶ The catastrophic accident at Chernobyl in April 1986 was only possible because this reactor was not inherently stable in the lower power range. This meant that the reactor could explode if the internal pressure was too high.

The barrier concept

The containment barriers prevent radioactive substances from escaping. Some also serve to shield direct radiation. In detail, these are

  • the crystal lattice of the ceramic fuel pellets, which contains most of the fission products.
  • withholds
  • the metallic fuel rod sheaths around the fuel pellets
  • the reactor pressure vessel with closed cooling circuit
  • the concrete casing of the reactor (also called a biological shield, serves to shield the reactor)
  • the containment vessel (made of steel several centimetres thick in pressurised water reactors)
  • the reactor building made of thick reinforced concrete

As long as the first two barriers remain intact, the release of radioactive substances on a dangerous scale is physically impossible, i.e. impossible.

A significant destruction of the first two barriers is only technically possible if the reactor core is overheated until the fuel ceramic melts. With sufficient cooling, such overheating of the reactor core is impossible.

Safety barriers against the escape of radioactive substances

1 Crystal lattice of the fuel

2 Fuel rod cladding

3 Reactor pressure vessel

4 Concrete shielding

5 Safety container

6 Reinforced concrete shell

The design principles of the safety devices:

Always on the safe side: As a precautionary measure, the design of nuclear power plants always assumes the occurrence of events with unfavourable circumstances. For this reason, the design principles of redundancy, diversity, spatial separation, automation, self-sufficiency and the fail-safe principle are implemented during the planning and construction of the plant in order to maximise the effectiveness of the safety functions.

Redundancy principle to protect against individual faults and failures. It ensures that technical safety equipment consists of several identical and independent subsystems and that more of these are installed than are required to fulfil the safety function. This is why, for example, the emergency cooling systems required in the event of leakage incidents have been designed in such a way that two out of four (in some nuclear power plants one out of three) subsystems can fulfil the safety function.

Diversity principle to protect against systematic faults and common cause failures. Diversity means that systems with different modes of action are available for the same safety function. For example, the reactor can be shut down not only by retracting the control rods, but also by injecting boric acid.

Spatial separation, structural protection, decoupling of subsystems ensure that a sufficient number of subsystems of the safety equipment remain functional in the event of incidents such as fire or flooding.

▶▶ The most important cause of the meltdown accidents at Fukushima-Daiichi in Japan in March 2011 was the lack of structural protection against tsunami and the lack of spatial separation of the emergency power generators and other important safety equipment.

The fail-safe principle ensures that the system automatically switches to a safe state in the event of certain types of fault, such as the failure of the electrical power supply. For example, the control elements of the rapid shutdown system in pressurised water reactors are held electromagnetically above the reactor core. In the event of a power failure, they fall into the reactor core by gravity and thus shut down the reactor immediately.

Automation of incident management measures to protect against incorrect actions. In order to prevent the operating personnel from having to make decisions under time pressure, the accident control measures are automated in such a way that no manual intervention by the operating personnel is required for at least the first 30 minutes after the accident occurs. The accident control measures are automatically controlled by the reactor protection system. The reactor protection system is an electronic system that monitors plant operation using measuring equipment and automatically triggers safety measures if specified limit values are exceeded. It would thus also be effective against sabotage attempts by internal perpetrators or manipulation of the control technology.

Self-sufficiency: If the power supply via the high-voltage grids is lost, the nuclear power plant is able to maintain all safety functions (e.g. reactivity control, core cooling) in "island mode" for a sufficiently long period of time with the help of its generator and emergency power generators - i.e. without an external supply of electricity or auxiliary materials such as diesel fuel.

The concept of safety levels: Incident prevention is better than incident control

The basic idea behind the security levels is as follows:

  • As a first step, measures are taken at a security level to make errors and failures at least unlikely.
  • In a second step, errors and failures are nevertheless assumed (postulated) and then controlled at the next level by additional countermeasures.

The result is a "forgiving technique", which takes account of the fact that errors and failures can occur despite all the care taken in design and operation. It is therefore a misunderstanding to say that no faults can occur in a nuclear power plant.

More information on the concept of safety levels, the system of authorisation and supervision, radiation protection, staff qualifications, safety culture, emergency and disaster protection and other topics can be found in the publication "Safety is the top priority", which is available for download.

https://kernd.de/wp-content/uploads/2022/04/021sicherheit.pdf

KT L Logo RGB
ktg
coring
Inforum
en_GBEnglish (UK)
de_DE_formalDeutsch (Sie) en_GBEnglish (UK)
WordPress Cookie Plugin by Real Cookie Banner