I&C Status in France & Recommendations to IAEA

I&C Status in France & Recommendations to IAEA IAEA TWG-NPPIC Meeting 22-24 May 2013 Vienna Patrick SALAUN EDF R&D

Contents 1. I&C projects at EDF NPPs The 900 MW series 3 rd Ten-Yearly Outage 4 th Ten-Yearly Outage The 1300 Mw Series 3rd Ten-Yearly Outage The N4 Series 2nd Ten-Yearly Outage The EPR Plant 2. R&D Topics at EDF 3. Some Recommendations to IAEA IAEA - TWGNPPIC Meeting May 2013 2

Nuclear Power Plants in France Nuclear power in France : 74,8% (2012) 59 nuclear units, erected following 4 different standards: PWR 900 MW series : 34 units 6 CP0, 18 CP1, 10 CP2 units Connection to the grid: 1977-1988 3rd ten-yearly outage: 2008 2018 4th ten-yearly outage : 2018-2028 PWR 1300 MW series : 20 Units 6 P4 / 14 P 4 units Connection to the grid: 1985-1994 2nd ten-yearly outage: 2005-2013 3rd ten-yearly outage: 2015 2023 PWR 1450 MW series : 4 units Connection to the grid: 1996-1999 2nd ten-yearly outage: 2017-2019 PWR EPR series : The first unit in France, currently being built Flamanville Chinon Civaux Le Blayais Golfech Paluel Penly Gravelines Chooz Cattenom Nogent Fessemheim Dampierre St-Laurent Belleville Bugey St-Alban Cruas Tricastin Life time extension : up to 60 years for most units IAEA - TWGNPPIC Meeting May 2013 3

I&C Technologies in the NPPS in France Various technologies from analog components to microprocessor-based products 900 1300 N4 EPR Turbine Control Electronic components (REC 70) REC 70 Digital equipment (MicroRec) Digital equipment. (MicroRec) Digital equipment (P320) Analog Automation Analogue electronic components (8720 & 9020 series) 9020 series COTS DCS (Micro Z) DCS (Contronic E) Specific PLC (SCAP) DCS (T2000) Logic Automation Electromagnetic relays COTS PLC (Controbloc) DCS (Contronic E) Specific 1E PLC (CS3) DCS (T2000) Reactor Protection Electromagnetic relays Analogue electronic components Specific 1E digital system (SPIN) Specific 1E digital system (SPIN-N4) Specific F1A digital system (TXS) Control Room Systems Conventional panel Computerized aids Conventional panel Computerized aids Computerized CR Conventional panels (Remote & back-up) Computerized CR Conventional panels (Back-up ) IAEA - TWGNPPIC Meeting May 2013 4

Mission US 2012 - EDF 5 EDF NPPs Life Cycle Management Life cycle management of Nuclear plants is based on: Global initial strategy regarding critical I&C systems: Spare part of components Long term agreement with the suppliers : competencies and tools Daily routine operation and maintenance activities incorporating an important feedback experience (with related activities of systems support) Exceptional maintenance program: applied to generic hazards or degradations concerning the whole Fleet of NPPs or part of it, decided and planned at national level on several years, implemented once (or twice) in the life of the plant. Periodic safety reviews (PSR) (every 10 years) including ageing evaluation to check agreement to safety requirements. Long outage every 10 years (TYO) Best time is large modernisation or replacement Research activities (R&D and international projects) EDF specific programs led by Engineering Division and Operation Division 5

The I&C Projects at EDF The 900 MW Series I&C Projects IAEA - TWGNPPIC Meeting May 2013 6

900 MW Series I&C Technologies Electromagnetic relays for logic control (about 20 000 per unit) Discrete modules for the analog acquisition and control loops (Bailey 8720 & 9020) Hardwired panels in the control room IAEA - TWGNPPIC Meeting May 2013 7

900 MW Series I&C Projects for the 3 rd TYO (1) The I&C ageing observation phase (2002-2003) results : Most of the I&C components can last up to the next TYO (40 years) at least : For example : The relay-based systems and the panels of the Control Room don t need to be changed, for ageing or obsolescence reasons Good long-term agreement with suppliers for critical systems. No large I&C modernization projects but some partial renovation such as : Modernization of the Turbine Control system (on CP0, only). Same architecture : Card-by-card replacement. Redesign of the cards with new analog components. Renovation of Diesel Alarm System : replacement of the relay-based system by a PLC Partial modernization of the Rod Control system (IPS-NC) : No modification of the instrumentation (1E) and of the power modules (gripper coil current generator). The new system is based on PLCs (computation), networks and FPGA-Based modules (slave cycler. Time constraint : 1 ms). Renovation of the In-Core Instrumentation system. New system based on PLCs (same as for Rod Control system) and a supervisor shared with the RCS Some modules of the Process Instrumentation System (Bailey 8720 on CP0 : discrete analog technology) were replaced (redesign with new components but same technology) The 3rd ten-yearly outage in progress, from 2008 (Head unit) up to 2018, with 3 or 4 outages per year. IAEA - TWGNPPIC Meeting May 2013 8

900 MW Series I&C Projects for the 3 rd TYO (2) Renovation of the Rod Control System Renovation of the In-core Instrumentation system IAEA - TWGNPPIC Meeting May 2013 9

900 MW Series I&C Projects for the 4th TYO Context : Plant life extension : up to 60 years Little I&C modernization has been done up to now Large scale I&C renovation may be necessary The best time : the 4th Ten-yearly Outage, from 2019 Constraints : Limited physical space in the electrical buildings for new equipment Licensing duration Process for defining the renovation strategy & solutions : Three steps before making the decision regarding I&C modernization: Phase 1: Evaluation of the health of each I&C system, through an observation phase Phase 2: Identification of external influences potentially impacting the current I&C systems, such as functional or safety improvements (DIN/DPN requirements) Phase 3: Identification of possible technical solutions (DCS, relays ) and detailed analysis of renovation scenarios (pre-project studies) Phases1 & 2 started in 2010 and the phase 3 is about to be finished mid 2013. IAEA - TWGNPPIC Meeting May 2013 10

900 MW Series the 4th TYO planning for I&C Projects 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 June Large I&C renovations likely DIN/DPN Requirements Requirement specifications Call for tender, consultation, contracts 1 year Pre-Project Studies Supplier studies, development and testing I&C Aging Analysis Software licensing begins 2015 : 4 years before TTS Installation plan, site preparation and training Project SF60 : Safety modifications 6 ½ years ASN Approval of Cat A software modifications: 9 months before TTS Outage first unit (TTS) IAEA - TWGNPPIC Meeting May 2013 11

900 MW Series 4 th TYO - Results of phase 1 Diagnostic phase directed by the Engineering Division (SEPTEN) and R&D in 2011 : Concerns all I&C systems important for plant safety or availability on levels 1 and 2 of the I&C architecture All systems classified into 4 families : Family 0: can be maintained until the fifth ten-yearly outage at least Family 1: the conclusions are not yet finalized Family 2: conclusions clear (renovation or replacement required) but having only a minor impact in terms of installation or outage planning Family 3: diagnostic is clear but due to potential impact on the outage and installation, several renovation scenarios must be studied Equipment Diagnostic Forecast VD4 + 20 years Aging Obsolescence Result Qualification Margins Evolutions Capacity Result Family Alternator protection Water level regulation Reactor protection and tester Elementary system relays N/A N/A N/A 0 N/A 2 3 3 IAEA - TWGNPPIC Meeting May 2013 12

900 MW Series 4 th TYO - Results of phase 3 Five possible technical solutions were under consideration: Bespoke solutions : Densification based on the existing I&C technologies : Densified relay-based system : replacement of existing 4-relay circuit boards by 8-relay boards New analog boards with densified components Field Programmable Gate Arrays (FPGA): to replace a number of relay circuits or for new functions Commercial off the shelf (COTS) solutions : Hardwired logic solvers: Deterministic logic solvers or other discrete electronic components Programmable Logic Controllers (PLC) : for Category A and for Category B or C applications Application of selection criteria for each identified scenario (based on a technology and equipment being renovated) and proposition of possible scenario : they are still studied in more detail. For the relay-based system, two scenarios for partial renovation: densification PLC (replacement Elementary System by Elementary system). For the RPS, two scenarios : Current architecture conserved : separation of signal acquisition/treatment (SIP-P) and vote/logic (RPR), densification of current technologies. Modification of the current architecture, integration of SIP-P and RPR into a digital protection system IAEA - TWGNPPIC Meeting May 2013 13

900 MW Series 4 th TYO Selection Criteria (extr.) Intrinsic qualities Basic and additional functions Hardware and software licensing Site impact/modifications/ maintenance/training Sustainability Contextual criteria Scope of the renovation Impact on I&C architecture and on plant outage Control room impact Supplier impact EDF/engineering, operational impacts Criteria analyzed Iso-functionality at minimum, failure detection and signaling, greater accuracy/performance? Category A, B or C achievable? Configuration tools, documentation, modification, maintenance, training, cyber-security, testability Component lifetime, replaceability, portability Criteria analyzed What equipment? Space gained? Regrouping of functions/equipment, modification of interfaces and cabling, removal/installation of equipment, ventilation requirements, outage duration Commands, displays, archives Experience feedback, upgrade and maintenance possibilities, sustainability Training, expertise, operational requirements, ongoing qualification Evaluation based on expert judgment, scoring from +++ to --- Each expert adds a comment to justify the score or to propose actions to obtain further information IAEA - TWGNPPIC Meeting May 2013 14

The I&C Projects at EDF The 1300 MW Series I&C Projects IAEA - TWGNPPIC Meeting May 2013 15

1300 MW SERIES I&C Projects for the 3rd TYO (1) The 3rd ten-yearly outage in preparation. Head of series in 2015. The I&C Ageing Observation phase and Preliminary studies (2007-2009) gave their results: Some I&C modernization projects are decided Modernization of the Main Control Room. Same design, hardwired panels are kept but some improvement of the Information System are decided : new tools and HIS for helping the operators (real-time control) New supervisor with more screens and with new or improved mimic diagrams, video Improvement of the alarm management, together with the renovation of part of the Controbloc ( New systems with functionalities added for monitoring the reactor behavior (connected to the power up rate) : Core 3D_monitoring Replacement of the paper recorders by digital recorders (cat. B) Integration of the Cyber Security constraints Modification of the Simulator (training) Modernization of the RPS, RCS, NIS with SPINLine4 (RRCN) technology RPS: Partial modernization at computation level. Keep the global architecture, the I/0 racks and the cabling RCS: Total modernization NIS: Partial modernization at computation level. keep the I/0 racks and cabling Common Maintenance tool for the 3 systems IAEA - TWGNPPIC Meeting May 2013 16

1300 MW SERIES I&C Projects for the 3rd TYO (2) Logic Automation system (Controbloc): No problem (aging, obsolescence ) for the next ten years (spare parts ), but : new functionalities/alarms may be added and not enough margin : Renovation of the part of the system (UGA/B) in charge of collecting and dispatching alarms to the control room (Alstom Alspa (P320) system ) Some improvement at the system level to be considered: * Development of a bridge between the existing Controbloc and a PLC (first installation : Flamanville) * Re-design of a module URN (FPGA-based solution, in cat.b): improving the link with the plant computer (TCI) and (re)capitalize the knowledge on the original design. Conventional Island: Turbine Control & Protection: replacement of actual I&C system (REC70 or µrec) by a DCS, replacement of hydromechanics protections by a SIL3 I&C system with logic 2oo3 Feedwater flow control system: Replacement of actual I&C system (BAILEY 9020) The first unit (TTS) is Paluel 2 : the outage is planned for April 2015 IAEA - TWGNPPIC Meeting May 2013 17

The I&C Projects at EDF The 1450 (N4) Series I&C Projects IAEA - TWGNPPIC Meeting May 2013 18

N4 SERIES Preparation of the 2nd TYO Evaluation of the health of each I&C system (obsolescence, ageing, margins ) has been performed in 2011 & 2012/, through an observation phase Results given through 5 families: Family 0: Systems/equipment can be maintained until VD+20 years Family 1: Systems/equipment can be maintained until VD+10 years Family 2: The conclusions are not clear. Pre-studies have to be launched for renovation Family 3: Conclusions clear (renovation or replacement required) but having only a minor impact in terms of installation or outage planning. E.g. Maintenance interface for system CO3. Family 4: Diagnostic is clear (renovation partial- needed) but potential impact on the outage and installation. E.g. the synoptic in the MCR. The conclusions were presented at the end of 2012. The pre-studies have been engaged, in 2013. The first unit (TTS) is Chooz B1 : the outage is planned for 2018. IAEA - TWGNPPIC Meeting May 2013 19

The I&C Projects at EDF The EPR project (Fla) I&C Projects IAEA - TWGNPPIC Meeting May 2013 20

EPR FLAMANVILLE (under construction) EPR : Generation III+ PWR Design. Based on N4 (F) and KONVOI (G) experience. I&C Architecture : T2000/S5, TXS & P320 (Turbine) Current situation : Number of I&C cubicles on site. The other are on platform for tests In operation in 2016 IAEA - TWGNPPIC Meeting May 2013 21

The I&C Projects at EDF Some R&D projects on I&C Systems IAEA - TWGNPPIC Meeting May 2013 22

Some current R and D projects on I&C (1) Projects concerning the next NPPs (EPR) as well as for current NPPs Independent Confidence Building : Formal verification (software, FPGA) Test : functional test coverage (Testminator prototype for safety logic functions), statistical tests Verification of the sizing of the I&C architecture : time performance, Safety Cyber Security (I&C systems and connected tools) Basic Design: Proposal for a basic/generic architecture (Industrially reasonable, Acceptable in all the countries) Design of optimized (cost) I&C architectures by allocation of the functions under constraints (capacity, performance, safety ). Anticipation in the Design of the short life time of I&C systems: modularity, data models, interface. Impact (benefit & risk) of the new technologies: Wireless, FPGA Contribution of FPGA-based solutions (safety systems, diversity, Cyber Security ) Integration of operation needs (Integration of information and separation of safety classes ) Proposal of a short list of pre-qualified I&C PLCs for K3/Cat B & C : dedicated, decentralized systems Next generation of HIS: new functionalities for operation, Human Factor, classified digital products (requirements & development) IAEA - TWGNPPIC Meeting May 2013 23

Some current R and D projects on I&C (2) Harmonics Project (China-Europe): Harmonized Assessment of the Reliability of MOdern Nuclear I&C Software Objective : to ensure that the nuclear industry has well founded and up-to-date methods and data for assessing software of computer-based safety systems of Gen-II and Gen-III NPPs. the project should foster an international consensus based on a sound scientific and technical approach, and hopefully provide a good basis for harmonization Model Driven Engineering: methods & tools To ensure the continuity of the studies: Throughout the project lifecycle, between functional and equipment and from plant design to plant operation To have an updated knowledge database: To understand design choices and to pass knowledge across generations Concept PLM (Product Lifecycle Management) : clarification of justifications in the documentary reference frame. Requirements Traceability. Multi-views diagrams. Common Database for the various designers (process, mechanical, I&C ) European MODRIO Project (ITEA2): Bridging the gap between system design and system operation. Use of open standards : Modelica and FMI. IAEA - TWGNPPIC Meeting May 2013 24

Some current R and D projects on I&C(3) Knowledge management: retrieve, rebuild, and structure useful knowledge to maintain ageing units. First application : 900 MW plants Instrumentation: Assessment of measurement uncertainties, Measurement environment monitoring (EMC, temperature, radiation ), Innovative technologies (chemical tracer, ultrasonic, fiber optics sensing ) Monitoring (of plant performance, and of equipment/component/system reliability): based on physical (Modelica/Dymola) and/or statistical models for early detection and quantification (e.g. Steam Generator fouling/clogging, MW loss, equipment failure prognostics,...) IAEA - TWGNPPIC Meeting May 2013 25

Recommendations To IAEA IAEA - TWGNPPIC Meeting May 2013 26

Recommendation to the IAEA : Topics to focus on (1) EDF considers that most of the topics provided at the previous TWG-NPPIC meeting (2011) are still current topics on which IAEA should focus. Maintaining the existing Nuclear Power Plants (old and recent) with a High Safety level: Rising up the Safety Level of old plants, in order to achieve the best accessible Safety level (but not necessary the current Safety level applicable to the new NPPs). Arrive at an international consensus which leaves few margins of interpretation to each country Methodology and framework for re-examination of the level of safety of the units before renovation or periodically Perform audits on current situation and propose risks reduction (process, I&C, Human ) Post-Fukushima actions: exchange on the best practices. Survey the ageing of I&C equipment and control the Obsolescence (analog as well as digital equipment, cabling, connectors ): Understanding of ageing mechanisms. Maintenance strategies: e.g. periodic replacement or on failure? Evaluation of costs, risks, benefits of different I&C maintenance options: modernization, repair. How to deal with the short life time of the new digital system (software evolution )? Implement each new software release? Integrate the ageing workforce, the inadequate existing documentation and the new generation in a long-term management of I&C expertise : Identification and documentation of key knowledge, including I&C design basis. How to retrieve, rebuild, structure and pass the documented knowledge to the new generation? How to attract and keep the new generation? How to train the current I&C engineers to the new technologies? IAEA - TWGNPPIC Meeting May 2013 27

Recommendation to the IAEA : Topics to focus on (2) Safe Aspects : International consensus on Safety requirements for new NPPs Define more precisely the Safety Level to reach: between the high level requirements and the National Regulator requirement/iec Standards. Define a minimal number of unavoidable requirements (from various standards, norms, rules ) that all the units must satisfy for their I&C architecture and components. Efficiency Aspect Specification & Design of I&C architecture taking lifetime into account. Product Lifecycle Management (PLM) : requirements traceability, Modification Methods & tools for Plant performance improvement: New technologies for reduction of uncertainties in measurements to increase power output while maintaining safety margins Reduction of likelihood of human errors Reduction of operation & maintenance costs (information systems, on-line monitoring, diagnostic ) New Technologies - Impact Evaluation of COTS I&C equipment and I&C architecture I&C platforms, architecture, smart devices (we are at the limits of the acceptable complexity) Representation of digital systems in probabilistic models Realistic consideration for assessment of software (system + application) : Verification and Validation (tests) as complementary tools. Test coverage. Software common cause failures Classified HIS : same interface for the operator (HF aspect) IAEA - TWGNPPIC Meeting May 2013 28

Recommendation to the IAEA : Topics to focus on (3) New Technologies - Impact (cont.) Regulatory uncertainties regarding new technologies : ASICs / FPGAs, Smart Devices, Data communication networks (including fieldbus), Wireless technologies, Cyber-security SMR (Small Modular Reactor) Impact on Safety and Security rules of a centralized CR for multiple small reactors Level of automation (because of reduced team for operation) IAEA - TWGNPPIC Meeting May 2013 29

I&C Status in France & Recommendations to IAEA Thank you for your attention IAEA - TWGNPPIC Meeting May 2013 30