Hungarian Power Companies Ltd.

We provide energy to your everyday life

Skip Navigation LinksPaks II. Zrt. » Paks II. Ltd. » Nuclear Energy » Safety of Nuclear Power Plants

Skip Navigation LinksSafety of Nuclear Power Plants

Safe operation is the most important criterion for nuclear power plants. As a result of the nuclear chain reaction, a large quantity of radioactive material is produced in the nuclear reactor, which is able to generate heat during its decay even after the chain reaction is stopped (this is the residual heat). This special property leads to one of the main safety requirements for nuclear power plants: the core of the reactor and the fuel assemblies used have to be cooled for a long time, even after shutdown of the reactor. Without cooling, as a result of the residual heat, the fuel may become damaged and the radioactive materials in it may be released into the environment. Prevention of such release into the environment is the fundamental objective of nuclear safety. In addition to the provision of cooling, this also requires that the nuclear chain reaction is continuously kept under control, and the possibility of the number of fission reactions increasing excessively, the ‘excursion’ of the reactor, is prevented at any moment. Therefore, three fundamental goals of the safety functions are distinguished from the early stage of design:
  • keeping the chain reaction under controlled conditions and ensuring safe shutdown;
  • continuous cooling of the fuel in the reactor;
  • preventing the release of radioactive materials into the environment.

These safety functions are implemented at nuclear power plants by applying the philosophy of defence-in-depth.

Defence-in-depth is implemented at various levels. The goal is to avoid a particular level to develop to the next level. However, one must also prepare for its occurrence with appropriate plans, ensuring the availability of the necessary equipment. In the case of nuclear power plants this means, for example, trying to prevent various events and having safety functions designed for their occurrence. The five levels of defence-in-depth are as follows:

  1. prevention of deviations from normal operating conditions and malfunctions;
  2. detection of abnormal operating conditions and prevention of anticipated operational occurrences from becoming design basis accidents;
  3. handling of design basis accidents  as planned;
  4. stopping of beyond design basis accidents processes, and mitigation of their consequences;
  5. in the case of a significant release of radioactive materials, mitigation of radiological consequences.

With the development of science and technology, the safety standard of nuclear power plants is continuously increasing on the basis of the experience gained during the operation of reactors and during incidents and accidents that have occurred. Development is also encouraged by the authorities with increasingly stringent requirements. As a result, the design basis is also extended. This means that the occurrence of certain accidents is taken into account as early as in the design phase (the nuclear power plant is designed for them), and protective systems are built in and actions are taken to handle them, or the unit is simply redesigned in such a way as to avoid the occurrence of the given incident.


Ope​rating conditi​on
Frequency of event
(f [1/év])
Design operating condition 1
normal operation
Design operating condition 2
anticipated operational occurrences
f 10-2
Design operating condition 3
low-frequency design basis accidents
10-2 > f 10-4
Design operating condition 4
very low-frequency design basis accidents
10-4 > f 10-6

 ​ Table 1: Categorisation of the condition an events of a nuclear power plants


The safety standard is characterised, among others with Core Damage Frequency (CDF) and Large Release Frequency (LRF). These are numerical values obtained as a result of complex analyses and calculations.

CDF shows the probability at which significant physical damage to (e.g. melting of) the core of a nuclear power plant containing a large quantity of radioactive material could occur as a result of an accident. LRF shows that at what probability a large quantity of radioactive materials would be released into the environment. The difference between the two is related to Level 4 of the defence-in-depth; through the safety functions, release can be prevented even in the case of the occurrence of a core damage.

The four nuclear power plant units operating in Hungary started electricity generation at Paks in the 1980s. They belong to the Generation II reactors. For these units, according to the Hungarian standards, CDF may be maximum 10-4/year (0.0001/year) and LRF may be maximum 10-5/year (0.00001/year) at present. This practically means that the core of the nuclear reactor may be damaged a maximum of once every 10,000 years and, as a result, a large quantity of radioactive material may be released into the environment maximum once every 100,000 years. Furthermore, by successfully applying the principle of defence-in-depth, as a result of appropriate severe accident management, even such an incident would not necessarily result in public health impacts. 

Today, so-called Generation III units are being established, which are more advanced than the previous types. The authority prescribes maximum CDF and LRF values of 10-5/year and 10-6/year, respectively, for them; therefore, a core damage and a large emission may occur a maximum of every 100,000 years and a maximum of every 1 million years, respectively. The reasons for the difference in this order of magnitude are as follows:

  • passive safety systems are used, which do not require an external power supply; thus, for example, they are able to restore the safe condition of a unit even during an incident similar to the Fukushima earthquake and tsunami in 2011;
  • use of automatic systems; a decreasing number of actions are required by the operating personnel (the possibility of the occurrence of human error is much lower);
  • application of simpler systems, thereby reducing the possibility of failures;
  • use of modern structural materials that have an increased load-bearing capacity;
  • more advanced severe accident management systems (in the case of certain types, e.g. even in a complete core meltdown, the corium collects in a core catcher designed for it, where appropriate cooling can be ensured);
  • taking into account a wider range of possible external events during design (application of technical solutions for handling events such as an earthquake, the crash of an aeroplane, flooding or fire);
  • one safety function is provided by several systems, which are separated from each other in space; thus if one of them happens to be maintained and another fails, the safety function can be carried out without hindrance by the appropriate system.

Furthermore, the units to be established in Hungary belong to the so-called Generation III+, the safety standard for which is even higher: Rosatom adheres to CDF and LRF values of about 5.94×10-7/year and about 1.8×10-8/year, respectively, on the basis of which a core damage and a large release could occur a maximum of every 1.68 million years (!) and a maximum of every 5.5 million years (!), respectively.



atomeromu.hu - Definitions
atomeromu.hu - AES-2006