Support to the UK Office for Nuclear Regulation in the Generic Design Assessment review of the AP1000 PSA

Jacobsen Analytics was selected by the UK Office for Nuclear Regulation (ONR) to perform the Generic Design Assessment (GDA) of the Probabilistic Safety Assessment (PSA) for the UK submission of the Westinghouse AP1000 reactor design. The final report of the assessment of the AP1000 PSA [1] by the Health and Safety Executive (HSE), based on Jacobsen Analytics' supporting analysis, has been released to the public and can be found on the HSE website. The GDA was a process of four steps whereby the requesting parties submitted their designs for regulatory approval for potential new-build in the UK.

The PSA review covered all the technical areas of the Level 1 and Level 2 PSA including shutdown modes, internal fire, internal flooding and external hazards, although some of these elements were limited in scope. Evidence supporting the PSA claims and arguments were assessed during GDA Steps 3 and 4 to determine how the PSA Safety Assessment Principles (SAP) would be met.

The GDA assessment was conducted following the guidance and structure of the Nuclear Directorate's PSA technical assessment guide [2]. The Assessment Expectation Tables within the TAG were followed and the level of detail in the analysis implicit in each of the above areas was assessed. It was decided that the detail provided or adequacy of the documentation would be judged as (A) Adequate, (P) Partial, (N) None or Not met, (N/A) Not Applicable or Not Assessed. Where appropriate Jacobsen recommended or suggested issues to be further considered by the HSE. For most items rated as (P) or (N) Proposed Technical Queries (PTQs) were suggested by Jacobsen.

Artist's impression of an AP1000 Nuclear Power Plant

The assessment of the AP1000 PSA was performed in two stages:

  1. Step 3 GDA, which focussed on methods applied to the various aspects of the PSA and identification of additional documentation required to support a detailed review and;
  2. Step 4 GDA, which performed the detailed review. To help reach a conclusion of whether an AP1000 could be constructed and operated safely in the UK. To evaluate the importance of the findings in the various PSA technical areas a Risk Gap Analysis (RGA) was also conducted.

The RGA took into account responses from Westinghouse Electric Company to the TQs in all areas of the Level 1 and Level 2 PSA. This required evaluation of responses to the TQs and additional requests for information where necessary. Sensitivity analysis where potential for significant uncertainty had been identified was also assessed.

Level 1 PSA RGA:

  • Identified qualitative gaps and errors in the PSA.
  • Missing initiating events.
  • Systems analysis modelling changes and missing common cause failures.
  • Success criteria and accident sequence concerns.
  • Human reliability analysis (HRA).
  • Updated data analysis using up-to-date data sources.
  • External hazards and seismic (a simplified and bounding seismic risk evaluation on important structures with fragility data).
  • Low power and shutdown PSA maintenance unavailabilities and HRA dependencies.

Level 2 PSA RGA:

  • Revised In Vessel Retention (IVR) failure probability.
  • Revised operator actions for spurious opening of atmospheric dump valves and large loss of coolant accident.
  • Explicit modelling of systems for IVR.
  • Included dependency for Level 2 operator action with Level 1 human error probabilities.
  • Corrected allocation of sequences to plant damage state.

The estimated risk gap addressing the review findings, which could be evaluated quantitatively in the GDA, concluded that the core damage frequency and large early release frequency for the AP1000 were likely to be higher than the figures estimated by Westinghouse, but were still lower than those figures of merit for operating pressurised water reactors. Also, it was acknowledged that there were conservatisms in some aspects of the AP1000 PSA model and data. All this suggested that the risk associated with the AP1000 design could be low enough to meet the Basic Safety Objectives (BSO) for Targets 7 and 9 from NT.1 of the HSE's Safety Assessment Principles. Further information can be found in a White Paper.


[1] HSE AP1000 PSA GDA Assessment Report Reference Report ONR-GDA-AR-11-003, Revision 0.

[2] Health and Safety Executive, Nuclear Directorate - Business Management System Probabilistic Safety Assessment Technical Assessment Guide, T/AST/030 Issue 3.

[3] Interim Design Acceptance Confirmation (ONR-GDA-iDAC-11-002 Issue 1).

For further information please contact our Leatherhead office: