Safety Systems

The main safety systems are:

  • Safety injection system (SIS). using a supplementary water tank, provides injection of low or medium pressure water into the primary circuit, in the event of loss of water due to a leak in the piping. The aim is to maintain the core inside the vessel constantly immersed in water, to avoid damage to the fuel. If the core is not in contact with water, the rods would overheat and the cladding tubes may risk damage.
  • Residual Heat Removal System (RHRS). In the event of reactor shutdown, thermal power continues to be generated by the enormous quantity of fission product decays.
    Immediately after reactor shutdown, this power is around 5-7% of the nominal power and therefore there is still a considerable amount of residual power that must be removed to avoid damages. RHRS handles this removal with an independent circuit.
  • Emergency Feedwater System (EFWS). In the event of a limited water supply to the steam generator (for example, due to failure of a pump in the secondary circuit, or to a leak), the EFWS lets water into the secondary circuit using independent pumps.
  • Electrical Power Supply System. This system goes into action when there is a blackout in the mains electricity network. Diesel generators start up within just a few seconds and supply the electric power necessary for the safety procedures.

The reactor’s instrumentation and control system contributes to safety by collecting data (readings such as pressure, temperature, etc.) and information on the state of the reactor itself.
It is the first system to act in the first seconds after an incident. Over the past 20 years considerable advances have been made in the field of I&C (Instrumentation and Control): in the EPR project, the instrumentation and control systems are totally digitalised and satisfy the strict requirements for third generation reactors.

In EPR plants, a better man/machine interface, that is a more user-friendly one, has also been devised for the control systems. This factor should not be underestimated especially in the exceptional case of an accident, when an easily interpreted interface may both speed up and avoid errors in the action by an operator.