Unofficial translation

Decree No. 430/2011

of the Nuclear Regulatory Authority of the Slovak Republic
of 16 November 2011,

on nuclear safety requirements

The Nuclear Regulatory Authority of the Slovak Republic (hereinafter the "Authority"), pursuant to Section
23(5) of Act No. 541/2004 Coll., on the peaceful use of nuclear energy (the Atomic Act) and on changes and
amendments to some acts, as amended by Act No 350/2011 Coll., enacts:

Section 1 Scope of application

(1) This Decree enacts details on nuclear safety requirements for nuclear facilities.
(2) Nuclear safety requirements for nuclear facilities must be met during their siting, design, construction, commissioning
(hereinafter "commissioning"), operation and decommissioning phases, and during the storage facility closing phase.
(3) Nuclear safety requirements for nuclear facilities also include safety classification criteria for selected facilities.
(4) This Decree also enacts details of the assessment of the scope, content and influence of changes, details of appraisal,
documentation, scope of feedback, scope and contents of a probabilistic assessment of nuclear safety, and the nuclear safety
indices and parameters that it monitors.

Section 2 Definitions
For the purposes of the Decree,

a) abnormal operation is an operational state deviating from normal operation that is expected to occur at least once during
the facility's useful life, and that taking into account corresponding design measures does not cause significant damage to
components important to nuclear safety, nor does it cause an emergency;
b) a safety group is a set of facilities that performs all activities required during a postulated trigger event so that limit values
listed in design specifications are not exceeded;
c) a safety system is a system ensuring the safe shutdown of a nuclear reactor or transfer of heat from the nuclear reactor's
active zone, or limiting the consequences of abnormal operation and design basis accidents,
d) the decommissioning phase is a time-wise and materially defined period of taking a nuclear facility or part thereof out of
operation with a clearly defined start and end state;
e) emergency conditions are deviations from normal operation that are more serious than abnormal operation, including
design basis and beyond design basis accidents;
f) a nuclear reactor is a facility that in cooperation with support systems utilizes nuclear energy as a source of other forms of
energy making it possible to utilize a nuclear facility pursuant to Section 2(f)(1) of the Act for the purpose for which it was
built;
g) a conservative approach to ensuring nuclear safety is an approach leading to a pessimistic result against specified
acceptability criteria;
h) a fail-safe component or system is one capable of switching to a safe state during its failure without the need to initiate any
activity;

1
i) the single failure criterion is the capability of a component or system to handle one random failure that can
result in the component or system losing its ability to perform its safety function; subsequent failures resulting from this
single occurrence are considered to be part of the single failure; j) qualification is confirmation that selected facilities are
capable of meeting their functional requirements during their design life, taking into account the effect of surrounding
conditions during their use, where surrounding conditions must include expected changes to operation, taking into account
their aging, wear and tear and the effect of occurrences; k) an above design basis accident is an accident that is more serious
than a design basis accident; for nuclear facilities with a nuclear reactor, this is an accident with possible damage to the active
zone; l) a selected above design basis accident is an above design basis accident during which the nuclear reactor's
active zone or fuel elements may be damaged, but that is manageable through the use of all available means and
measures considered during design and operation so that the amount of radioactive substances released into the vicinity of the
nuclear reactor does not exceed enacted limits1-1; m) normal operation is operation within the scope of specified
operating limits and conditions;
n) a graduated approach is the graduation of requirements for functionality, reliability, environmental
susceptibility, aging and quality assurance of a selected facility according to its importance from the perspective of nuclear
safety as well as the consequences of its failure, once the scope of testing and maintenance have been taken into account;
o) deep protection is a system of multiple physical barriers that prevent the spread of ionizing radiation and radionuclides into
work areas or the environment through the repeated use of technical and organizational measures serving to protect and
preserve the effectiveness of these barriers as well as to protect people and the environment;
p) a common cause failure is the functional failure of several facilities or systems due to any single cause;
q) a postulated trigger event is an event taken into account by design that can lead to abnormal operation or
emergency conditions, with the exception of severe accidents; r) a design basis accident is an accident taken into account
during design during operation of a nuclear facility
and for which damage to the nuclear facility and release of radioactive substance into the environment does not exceed
enacted limits1-1;
s) seismic level 1 is the maximum calculated earthquake that can occur in a specific location once per 100 years, and after
which a nuclear facility can be put back into operation; t) seismic level 2 is the maximum calculated earthquake that can occur
in a specific location once per 1,000
years, and during which the nuclear facility can still be shut down and put into a safe state; u) a severe accident is a
beyond design basis accident of a nuclear facility with a nuclear reactor that includes
serious damage to the active zone; v) a selected severe accident is a severe accident with a non-
negligible possible occurrence frequency.

Section 3 Safety classification of selected facilities

(1) Selected facilities must be identified and subsequently categorized based on their function and importance for nuclear safety
into safety classes I to IV. Classification of selected facilities is performed in a graduated manner, so that Class I includes
selected facilities with the highest demands on reliability, qualification, quality assurance, number and scope of inspections,
and related documentation. Selected facilities must be designed, engineered, manufactured, operated and maintained so
that their quality and reliability corresponds to their classification.
(2) Each nuclear facility is classified pursuant to (1) by creating:
a) a preliminary list of selected facilities, which defines individual selected facilities and auxiliary systems and
subsystems at the project design level for construction, giving their safety function and safety classification pursuant
to Annex 1;
b) a list of selected facilities that
1. precisely identifies individual selected facilities and their auxiliary systems and subsystems, giving their safety
function and safety classification pursuant to Annex 1,

1
) Government Order No. 345/2006 Coll., on basic safety requirements for the protection of health of workers and the population from ionizing
radiation
Government Order No. 346/2006 Coll. on requirements for ensuring radiation protection for external employees exposed to the risk of ionizing
radiation during their activity in a monitored zone.
Act No. 355/2007 Coll., as amended.
Section 2(2)(f) of Act No. 355/2007 Coll., on the protection, support and development of public health and on changes and amendments to some
acts, as amended.

2
 2. is composed of a text and graphical part that clearly defines the boundaries of the selected facility or system and
boundaries between classes, redundant power requirements, and standby or nonstandby states of systems with
safety functions that are to be included in deterministic safety analyses and relevant quality requirements,
including corresponding calculation programs and standards for design, manufacturing, installation and
inspection.
(3) Classification methods for selected facilities must be primarily based on deterministic methods, and if unavoidable,
probabilistic methods and engineering assessments may also be used, taking into account
a) safety functions performed,
b) consequences of their failure,
c) the likelihood of their activity being required during their failure,
d) the duration of the expected trigger event during which their activity may be required.
(4) If failure of a selected facility is not permissible for fully safe functionality, or its activity cannot be compensated for, the
selected facility must be placed in a safety class with a lower sequence number.
(5) Selected facilities on the boundary between various safety classes in a safety system must be placed in the lower-numbered
safety class to ensure a more conservative approach.
(6) A procedure pursuant to (5) may also be used during classification of selected facilities that are not equipped with adequate
monitoring systems, cannot be reliably segregated, or do not sufficiently meet backup or common cause failure resistance
requirements.
(7) Proposed classification must be verified using
a) design documents,
b) probabilistic methods focusing on corresponding facilities,
c) postulated trigger events for safety functions,
d) a selected conservative approach if there is a discrepancy between the results of probabilistic methods and a
deterministic approach.
(8) The list of selected facilities is reassessed during a periodic safety assessment of nuclear facilities, as well as during
proposed changes listed in Section 2(v) and (w) of the Act.
(9) Failure of a selected facility in any safety class cannot cause failure of a selected facility in a lower- numbered safety class.
Auxiliary systems and subsystems that assist selected facilities shall be placed in the same safety class as the related or
higher-order system.

Section 4 Nuclear safety requirements for nuclear facility siting

(1) During the siting of a nuclear facility, a geological and seismic loading assessment for the selected site must be produced,
containing
a) a probabilistic seismic hazard analysis for the site,
b) an assessment of seismic and geological conditions in the area, and the geo-engineering and geotechnical aspects of
the proposed site,
c) designation of earthquake-related hazard through a seismotectonic assessment of the area using the greatest possible
scope of collected information,
d) an assessment of the risk due to movement caused by earthquakes, taking into account the seismotectonic nature of the
area and site-specific conditions,
e) an uncertainty analysis as part of the seismic hazard analysis,
f) an assessment of the impact of potential surface shift at a fault on the site,
g) a review of the geological, geophysical and seismic characteristics of the region, regardless of state borders and the
site’s geotechnical characteristics, in accordance with international practice, performed in such a manner that the
resultant set of data is homogenous for the entire area or at least permits sufficient determination of the nature of
seismotectonic structures relevant for the site and the size of the region that was reviewed, the type of information
analysed and the scope and details of the analysis that were specified according to the nature and complexity of
seismotectonic conditions.
h) proof of the adequacy of the scope and detail of information analysed and research performed to determine danger
resulting from seismic movement and shift at a fault.
(2) Regardless of results of analyses performed pursuant to (1), the minimum level of seismic loading determined at the nuclear
facility site must be represented by a standard free-filed horizontal response spectrum corresponding to peak acceleration
equal to 0.1 g.
(3) Nuclear safety requirements for a nuclear facility in the siting phase also involve area characteristics that bar the siting of
a nuclear facility in this area, and are listed in Annex No. 2.

3
 Section 5 Nuclear safety requirements for nuclear facility design

(1) Nuclear safety requirements for nuclear facility design consist of general nuclear facility design requirements, special
design requirements for nuclear facilities with a nuclear reactor, and special storage facility design requirements.
(2) Requirements pursuant to (1) are listed in Annex No. 3.

Section 6 Nuclear safety requirements for nuclear facility construction,

commissioning, operation, decommissioning and, in the case of a storage facility, for
its closure
(1) Nuclear safety during the construction of nuclear facilities, their commissioning, operation, decommissioning and, in the
case of a storage facility, for its closure is contingent on meeting general requirements for nuclear facilities, special
requirements for nuclear facilities with a nuclear reactor, and special requirements for nuclear facilities pursuant to Section
2(f)(1) to (5) of the Act.
(2) Nuclear safety requirements pursuant to (1) are listed in Annex No. 4.

§ 7 Repealing provisions
Decree of the Nuclear Safety Authority of the Slovak Republic No. 50/2006 Coll., enacting details on requirements for the
nuclear safety of nuclear facilities during their siting, design, construction, commissioning, operation, decommissioning and
storage facility closure, and on safety classification criteria for selected facilities.

Section 8
This Decree has been passed in accordance with a legally binding act of the European Union in the area of technical standards
and technical regulations.2-1

Section 9 Effective date

This Decree takes effect on 1 January 2012.

Marta Ziaková m. p.

2
) Directive 98/34/EC of the European Parliament and of the Council laying down a procedure for the provision of information in the field of
technical standards and regulations (OJ L 204, 21 July 1998) as amended

4
 Annex No. 1
to Decree No. 430/2011 Coll.

CLASSIFICATION CRITERIA FOR

SELECTED FACILITIES
I. Selected facilities included in safety class I are facilities that form the boundary of a nuclear reactor’s cooling circuit,
except for those facilities whose damage can be compensated with a regular system for topping up coolant.
II. Selected facilities included in safety class II are facilities
a) that form the boundary of a nuclear reactor’s cooling circuit and do not belong to safety class I;
b) for shutting down a nuclear reactor during abnormal operation that could lead to an accident, and for shutting down a
nuclear reactor in order to reduce the consequences of an accident;
c) for maintaining sufficient coolant for cooling of a nuclear reactor’s active zone during an accident where the nuclear
reactor’s cooling circuit has not been damaged, and afterwards;
d) are designed as front-line systems for addressing situations requiring transfer of heat from the nuclear reactor’s active
zone when the nuclear reactor’s cooling circuit has been damaged, in order to reduce fuel damage;
e) are designed as front-line systems for addressing situations requiring transfer of heat during normal operation,
abnormal operation and accidents where the integrity of the nuclear reactor’s cooling circuit has not been breached;
f) for the prevention of escape of radioactive substances from nuclear fuel into its surroundings;
g) needed to restrict the escape of radioactive substances from irradiated fuel from its protective casing during accidents
and afterwards;
h) to limit the penetration of ionizing radiation outside the containment building during accidents and afterwards;
i) necessary from the perspective of meeting safety functions for supplying energy or controlling other Class I or II
components and that are intended for operation during the aftermath of an accident with loss of coolant from the
nuclear reactor’s cooling circuit or after an accident with breakage of high- energy piping;
j) intended for transport of spent nuclear fuel;
k) for the prevention of the escape of radioactive substances into the environment.

III. Selected facilities included in safety class III are facilities

a) that prevent prohibited transient processes related to reactivity changes;

b) that keep a nuclear reactor safely shut down after each shutdown;
c) that maintain sufficient coolant for cooling a nuclear reactor’ s active zone during normal and abnormal operation;
d) that transfer heat from safety systems up to the first accumulation volume sufficient from the perspective of meeting
safety functions;
e) that are needed to keep irradiation of the population and nuclear facility employees under specified limits1) during
accidents involving the release of radioactive substances and ionizing radiation from sources located outside the
containment building, and afterwards;
f) that are needed to maintain environmental conditions inside a nuclear facility necessary for the
operation of safety systems and staff access for the performance of activities important for nuclear
safety;
g) for the prevention of radioactive leaks from irradiated fuel during its storage at the nuclear facility during normal and
abnormal operation;
h) that remove residual heat from irradiated fuel stored at a nuclear facility;
i) needed to maintain sufficient subcriticality of nuclear fuel stored at a nuclear facility;
j) necessary from the perspective of meeting safety functions for supplying energy or controlling other
components, and that are not included in Class II, k) necessary from the perspective of meeting safety
functions and ensuring functionality of other Class I
to III components not related to energy management or supply systems and control; l) that are
intended for the handling of nuclear materials, nuclear waste and spent nuclear fuel;
m) that are intended for the transport of nuclear materials and radioactive waste in shipments of type B
(U), B (M) and C;
n) necessary to limit the discharge or leakage of solid, liquid or gaseous radioactive substances and
ionizing radiation during normal and abnormal operation.

5
 Annex No. 1
to Decree No. 430/2011 Coll.

IV. Selected facilities included in safety class IV are facilities intended for the prevention or reduction of consequences of
failure of other facilities included in safety classes I to III.

6
 Annex No. 2
to Decree No. 430/2011 Coll.

CHARACTERISTICS OF AN AREA
THAT BAR ITS USE AS A NUCLEAR
FACILITY SITE
The following characteristics of an area bar its use as a nuclear facility site:

a) During normal or abnormal operation or in the event of an operating incident, except for an accident, it cannot be
ensured that in this area:
3. set radiation dosage limits for the population3-1 shall not be exceeded,
4. set limits for human noise and vibration exposure shall not be exceeded, including on neighbouring properties
and buildings4),
5. a buffer zone can be provided for the protection of the population according to the type of production, materials
stored and types of hazardous materials released5-,
6. protection can be provided from the harmful effects of floods and extreme meteorological effects on nuclear
facilities6),
b) the area is threatened by the consequences of undermining, barrages of mine water or strong tremors due to mining
activity, gas or oil extraction or contains groundwater supplies;
c) the area experiences geodynamic and karstic phenomena endangering the stability of rock masses in the area such as
landslides, kinetically and seismically active faults, liquefaction of soils, tectonic activity or other phenomena that
can change the area’s surface grade past specified technical requirements;
d) the area is impinged upon by buffer zones for natural therapeutic resources, and underground and surfaces sources of
potable water;
e) the area contains declared mining areas with extraction of raw materials;
f) the area impinges upon the buffer zone of industrial or other economic structures with which unfavourable operating
collisions could occur;
g) the area’ s population density and distribution makes it impossible to effectively implement accident preparedness
measures;
h) planned installed electrical power output cannot be transmitted out of the area in a sufficiently safe and reliable fashion;
i) in the case of a storage facility, if there is a high or hard to predict risk stemming from external events and events
caused by human activity, or if the evolution of these activities cannot be reliable predicted for the duration of its
designed useful life.

3) Section 16 of Decree No. 532/2002 Coll., specifying details of general technical requirements for construction and general
technical requirements for structures utilized by persons with limited movement and orientation abilities.
Government Order No. 345/2006 Coll.
Government Order No. 346/2006 Coll.
Act No. 355/2007 Coll., as amended.

4) Section 16 and Section 20 of Ministry of the Environment of the Slovak Republic Decree No. 532/2002 Coll.
5) Section 4(6) and Section 50 of Ministry of the Environment of the Slovak Republic Decree No. 532/2002 Coll.

6) Section 48 of Act No. 50/1976 Coll., on zoning and building rules (the Building Act), as amended.
Section 3(4)(i) of Ministry of the Environment of the Slovak Republic Decree No. 453/2000 Coll., implementing some provisions
of the Building Act.

7
 Annex No. 3
to Decree No. 430/2011 Coll.

NUCLEAR SAFETY DESIGN

REQUIREMENTS FOR NUCLEAR
FACILITIES
PART A LIST OF

REQUIREMENTS
I. General design requirements for nuclear facilities

A. Basic nuclear safety requirements

B. Nuclear safety, safety functions and safety characteristics
C. Deep protection
D. Proper technical practice and operating experience
E. Nuclear safety research results
F. Design basis accidents
G. Radiation protection, ventilations systems and filtration systems
H. Preventing the occurrence and progression of equipment breakdowns
I. Fire protection
J. Protection from external phenomena K.
Control rooms
L. Safety systems and control systems M.
Electrical power system N. Heat transfer
J. Monitoring facility status during operation

II. Special design requirements for nuclear facilities with a nuclear reactor

A. Primary circuit, pressure vessel and active zone of the nuclear reactor
B. Primary circuit coolant makeup and cleaning system
C. Nuclear reactor active zone cooling system
D. Containment building system
E. Safety and severe accident analyses
F. Acceptability criteria
G. Fire protection
H. Emergency management centre
1. Safety systems
J. Electrical power system

III. Special design requirements for storage facilities

8
 Annex No. 3
to Decree No. 430/2011 Coll.

PART A REQUIREMENT
CONTENTS

I. General design requirements for nuclear facilities

A. Basic nuclear safety requirements

The design must

(1) be in accordance with specifications, and meet the requirements of supervisory bodies;
(2) take into account a permit holder’s requirements, including all standardized technical conditions, especially from the
perspective of maintaining nuclear safety and operating reliability;
(3) be in accordance with technical specifications and the safety analysis; it must ensure that all systems, assemblies and
components including their software are designed so that their quality and reliability correspond to their safety
classification;
(4) meet the requirements of an appropriate quality assurance programme;
(5) take into account the impact of every design change on nuclear safety;
(6) ensure that all systems, assemblies and components have characteristics that guarantee safe operation of nuclear facilities
during their entire design life, prevention of incidents, and protection of the health of persons inside the nuclear facility, the
population and the environment;
(7) categorize every proposed change to systems, assemblies and components important for nuclear safety according to their
safety significance;
(8) ensure that the amount and activity of radioactive waste created is as low as reasonably possible;
(9) contain a proposed measure to ensure sufficient safety protection from seismic events, including sufficient justification of
base data for earthquake resistance level specification;
(10) contain a set of design limitations in accordance with the main technical parameters of each system, assembly or component
for normal operation, abnormal operation and design basis accidents;
(11) ensure that nuclear facilities can be safely operated within a defined range of parameters and that safety systems have
constant access to the smallest possible set of selected auxiliary systems and subsystems to ensure all functions of safety
systems important from a safety perspective;
(12) contain a list of postulated trigger events, their categorization according to the frequency of their possible occurrence, and
acceptability criteria for assessment of processes occurring following these events;
(13) contain reasonable limits for systems, assemblies and components important for nuclear safety, taking into account aging
and wear and tear mechanisms during normal operation, abnormal operation and during design basis accidents;
(14) ensure that systems that could contain nuclear materials or radioactive substances guarantee sufficient safety during normal
operation, abnormal operation and during design basis accidents;
(15) contain facility qualification requirements;
(16) establish a set of limits and conditions, with the need for and wording of each limit or condition being justified in writing;
(17) contain principles for drawing up commissioning programmes and inspection, test and maintenance programmes that shall
prove that the nuclear facility meets design intent and is in accordance with safety requirements and quality requirements
for nuclear facilities;
(18) prove that buildings and facilities important for nuclear safety that will be jointly used by multiple parts of the nuclear
facility do not affect its safe operation; in the case of an incident on one part of the nuclear facility, the functionality of
other parts must not be affected;
(19) contain a requirement to implement pre-operational testing of the radiation situation of the nuclear facility site and its
surroundings;
(20) contain a requirement to perform repeated nuclear safety assessment and at the same time must increase its scope and level
in accordance with design phases; the nuclear safety assessment must confirm that design documentation meets safety
requirements in project specifications;
(21) utilize data derived from the safety analysis, previous operating experience, research results and tested design procedures
for the safety assessment;
(22) specify rules for the design and planning of systems, assemblies and components; these rules must be in accordance with
applicable technical regulations or technical standards enacted in the country of the client of the nuclear facility’s design or
facilities, or are used internationally, if their use is applicable;

9
 Annex No. 3
to Decree No. 430/2011 Coll.

(23) contain a requirement to submit an independent safety assessment audit and binding opinions of affected supervisory bodies
prior to submitting the project for assessment to the Authority; the safety assessment must be performed by corporate
subjects or individuals independent of those who designed the project;
(24) must contain supervision rules for monitoring and on-going documentation that all technical requirements of the nuclear
facility’s design have been met, including significant deviations from the original design, by the permit holder during
nuclear facility construction;
(25) must take into account planned decommissioning through design characteristics, taking into account expected levels of
contamination and activation of the nuclear facility at the end of operation.

B. Nuclear safety, safety functions and safety characteristics

(1) A safety-based approach must ensure sufficient means of keeping the nuclear facility in operation, appropriate reaction
immediately following a postulated trigger event, and make it easier to manage the nuclear facility for all postulated trigger
events considered during design, during them and afterwards, as well as for selected severe accidents.
(2) The project must retain a systematic approach to identifying systems, assemblies and components needed to meet safety
functions at various times following postulated trigger events.
(3) The sensitivity of the project’s design to a postulated trigger event must be minimized. The nuclear facility’s presumed
response to each postulated trigger event must be one of the following that can be reasonably achieved according to order
of importance:
a) the postulated trigger event does not have any serious impact on safety, or only causes a change in the nuclear facility’s
internal characteristics compared to its safe state,
b) following the postulated trigger event, the nuclear facility remains in a safe state through passive safety characteristics
or through the activity of safety systems that are in constant working order and are activated in reaction to the
postulated trigger event,
c) following the postulated trigger event, the nuclear facility is placed in a safe state using specified procedural activities.
(4) Achievement of requirements pursuant to (1) to (3) must be documented in the project through the results of deterministic
or probabilistic safety analyses.
(5) The nuclear facility’s design for ensuring safety during commissioning, normal operation, events pursuant to Section 2 (q)
and (r), abnormal operation, design basis accidents and to a reasonable extent also during selected severe accidents must
meet the following safety functions:
a) regulation of reactivity,
b) heat transfer,
c) trapping radioactive substances7-1 inside physical barriers,
d) regulation and restriction of the number and kind of radioactive substances released into the environment.

C. Deep protection

(1) Deep protection is divided into five levels, where the goal
a) of the first level of protection is prevention of abnormal operation and system breakdowns,
b) of the second level of protection is determining and limiting the development of states of abnormal operation in order
to prevent their escalation into an accident,
c) of the third level of protection is management of design basis accidents so that stable and acceptable conditions are
achieved following such incidents,
d) of the fourth level of protection is management of beyond design basis accidents, preventing their further development
and keeping leaks of radioactive substances at the lowest possible level; in the case of selected severe accidents,
reducing their impact,
e) of the fifth level of protection is the reduction of the radiological effects of significant leaks of radioactive substances
due to accidents.
(2) A nuclear facility’s design must include deep protection through the design being obliged to
a) take a conservative approach to ensuring nuclear safety in order to limit the occurrence of operating incidents;
b) address multiple physical barriers to the leakage of radioactive substances into the workplace and the environment;
c) provide multiple means of fulfilling safety functions through ensuring the effectiveness of physical barriers and
reducing the consequences of their breach;

7) Section 2(2)(q) of Act No. 355/2007 Coll., as amended.

10
 Annex No. 3
to Decree No. 430/2011 Coll.

d) also contain, aside from internal safety characteristics, a design using reliable technical means of ensuring safety;
e) contain measures to prevent the occurrence of operating incidents, to overcome them, andto reduce
their impact using systems, assemblies and components, as well as operating rules;
f) ensure that control of the nuclear facility is supplemented with the automatic response of safety
systems and intervention by selected employees.
(3) From the perspective of the deep protection concept, a nuclear facility’s design must have a high probability of preventing
a) threats to the integrity of physical barriers, aside from the activity of safety devices,
b) failure of physical barriers when they are needed,
c) failure of a barrier due to the failure of a different physical barrier.
(4) The design must take into account that the existence of multiple levels of deep protection is not sufficient to ensure
continued operation of a nuclear facility if one level of protection is not functioning. Permitted durations of barrier
unavailability for various operating modes may be defined.

D. Proper technical practice and operating experience

(5) Systems, assemblies and components must be designed according to applicable technical standards, their design must have
been verified in similar prior applications, and they must be selected to meet the nuclear facility’s reliability targets from
the perspective of nuclear safety.
(6) The design of a nuclear facility must take into account operating experience from similar nuclear facilities.

E. Nuclear safety research results

(1) The design of a nuclear facility must take into account available results of research programmes. If an unverified design or
unverified functions are being implemented, research programmes or a review of operating experience from similar
applications must be used to prove that a sufficiently conservative approach to ensuring nuclear safety has been taken. A
new design solution must be tested prior to commissioning, and its activity must be monitored during operation.
(2) The design of a nuclear facility must take into account operating experience from similar nuclear facilities. If the possibility
of failure of a system, assembly or component cannot be eliminated, preference must be given to facilities that exhibit
predictable failure modes and facilitate repair or replacement.

F. Design basis accidents

(1) The design must contain a list of design basis accidents, which must be derived from a list of postulated trigger events, in
order to specify limit conditions according to which systems, assemblies and components important from the perspective
of safety must be designed.
(2) The design must contain measures for the automatic triggering of activity of a needed safety system if rapid and reliable
reaction to a postulated trigger event is needed to prevent a more serious state that could endanger the next level of deep
protection.
(3) The design must permit manual activation of systems or other intervention by selected employees needed to diagnose the
state of the nuclear facility and for its timely induction into a stable, long-term shutdown state, presuming that the need for
intervention shall be discovered early enough and that relevant procedures for the reliability of such interventions have
been defined; it must also contain commensurate devices to monitor the state of the nuclear facility and control elements
for manual control of these systems.

G. Radiation protection, ventilation systems and filtration systems

(1) The design of a nuclear facility must respect and adhere to principles and requirements for ensuring radiation protection 1)
of employees, the population and the environment, and their continuous monitoring.
(2) Facilities that come into contact with radioactive substances must be designed, located and shielded so that the risk of
irradiating employees during all operating states is as low as can be reasonably achieved when taking into account technical,
economic and social factors, and so that irradiation is lower than enacted limits1).
(3) The design must include technical safety measures and procedures for the monitoring and reduction of possible radiological
consequences.
(4) The design must ensure that operating states that can result in high doses of radiation or released radioactive substances
have a very low frequency of occurrence, and that operating states with a significant frequency of occurrence have only
insignificant or no potential radiological consequences.

11
 Annex No. 3
to Decree No. 430/2011 Coll.

(5) The facility must be designed so that

a) it contains suitable means of warning the population and notifying individuals on the nuclear facility’s site and in the
danger zone during accidents;
b) it contains clearly marked escape routes with emergency lighting, ventilation and other systems and facilities needed
for the safe use of these routes;
c) it contains ventilation and filtration systems that, during normal operation, abnormal operation as well as emergencies:
1. reduce the activity concentration of radioactive substances in specified areas in accordance with access
requirements for these areas,
2. prevent the dispersion and uncontrolled escape of gaseous radioactive substances and aerosols into specified
areas and reduce volume activities below specified values,
3. ensure a suitable work environment in specified areas,
4. keep leaks of radioactive substances into the environment below enacted limits1-1;
d) in areas where systems, assemblies and components containing radioactive substances are found, specific and total
values of activity and employee irradiation are as low as can be reasonably achieved using technical and organizational
measures,
e) filters used have the required reliability and capture efficiency, and that their efficiency can be tested,
f) facilities important from the perspective of nuclear safety are redundant, and ventilation systems can continue working
during a single failure,
g) systematic monitoring of parameters important for assessment of the radiation situation and irradiation of employees
and the population during normal and abnormal operation and accidents is ensured.

H. Preventing the occurrence and progression of equipment breakdowns

(1) The design must take into account measures for the prevention of occurrence and progression of breakdowns. During the
breakdown or failure of a system that is important to nuclear safety, backup equipment that takes over its function must
meet the fail-safe criterion and single failure criterion.
(2) The single failure criterion is required for facilities important to nuclear safety everywhere where it is practical to
implement.
(3) The single failure criterion must be applied in nuclear facility design in every safety group. A safety group meets the single
failure criterion if it is proven that it meets its safety function in the following cases:
a) all potentially negative effects of a postulated trigger event on a given safety group are expected to occur,
b) the worst permitted configuration of safety systems is considered, taking into account maintenance, functional tests,
operational checks and repairs.
(4) The single failure criterion may not be met in an exceptional case, and must be justified in a safety analysis.
(5) For facilities important for nuclear safety, if the possibility of common-cause failures exists, principles of variety,
redundancy and independence must be applied to achieve the required reliability.
(6) The design must ensure suitable preventive and alleviative measures for potential flooding, fire, explosion, fragmentation,
pipe swing, influence of media flow or leakage of liquids from damaged systems, assemblies and components or other
facilities in a nuclear facility.
(7) The design must take into account the effect of external postulated trigger events that can trigger internal fires or flooding,
and can lead to the creation of fragments. These concurrent effects of external and internal events must be included in the
design.
(8) The boundary between systems, assemblies and components of various safety classes must be designed to ensure that any
failure in facilities of a lower class does not spread to facilities of a higher class.
(9) The project must include response analyses of the designed facility to postulated trigger events, including equipment failure
or incorrect operator procedures, in order to specify all internal events that can have an impact on nuclear safety. All
subsequent effects are considered to be part of the original postulated trigger event.
(10) The design must include the effect of various combinations of randomly occurring individual events that can lead to
abnormal operation or an accident.

I. Fire protection

(1) For every nuclear facility, a fire-risk analysis or other fire-hazard assessment must be prepared, also including an
assessment of the possible effect of fire on nuclear safety.
(2) Based on an analysis pursuant to (1), measures must be taken that ensure an acceptable level of nuclear safety is preserved,
even in case of fire in the nuclear facility.
(3) Facilities important for nuclear safety of nuclear facilities must be designed to achieve the following goals:

12
 Annex No. 3
to Decree No. 430/2011 Coll.

a) fire prevention,
b) identification, signalling and extinguishing of fires,
c) isolation of fires that have not been extinguished.
(4) The design must use non-flammable materials, materials that do not propagate fire, and fire-resistant structures.
(5) A nuclear facility must offer fire-control equipment that must be designed and located in such a manner that their failure
or incorrect functioning does not affect the functionality of facilities important for nuclear safety.
(6) Fire-control and fire-prevention systems must be certified.
(7) The project must include an analysis of the risk of explosion or fire to specify the required fire resistance of firewalls and
doors.

J. Protection from external phenomena

(1) Selected facilities must be designed so that during natural disasters that can be realistically expected, such as earthquakes,
windstorms, flooding, deluge, extreme outdoor temperatures, extreme cooling water temperatures, rain of all forms,
moisture, frost, the effects of flora, fauna and so on, or during events caused by human activity outside the nuclear facility
or during combinations thereof, it is possible to
a) safely shut down the nuclear facility and maintain it in a subcritical state,
b) remove residual heat from spent nuclear fuel or radioactive waste,
c) maintain leaks of radioactive substances below specified levels.
(2) Aside from requirements for the physical protection of nuclear facilities and nuclear materials enacted by special
legislation8-1, the design must also take into account
a) the most serious natural phenomena historically recorded in the area around the site of the nuclear facility and
extrapolated taking into account limited accuracy as far as size and time of occurrence are concerned;
b) a combination of effects of phenomena caused by natural conditions and human activity;
c) maximum expected acceleration given for the site’s location, based on an assessment of the location’s seismic loading
performed during the siting of the nuclear facility, specified as seismic level 1 and seismic level 2;
d) requirements for earthquake-resistant nuclear facility systems, components and structures or parts thereof that must
correspond to their safety function and presumed effects of an earthquake according to specified seismic level 1 and
seismic level 2;
e) airplane impacts.
(3) The project design must include a nuclear facility buffer zone for protecting the nuclear facility from external phenomena
that can be caused by natural conditions or human activity.

K. Control rooms

(1) A nuclear facility must be equipped with an operations control room (hereinafter a “control room”) from which the nuclear
facility can be safely and reliably monitored and controlled.
(2) A control room must be designed so that from the perspective of occupational health, it permits access and safe and healthy
conditions even during emergency conditions. The design must include ergonomic principles including the man-machine
interface.
(3) The design must ensure identification of internal and outdoor events that directly threaten the control room’s non-stop
operation and propose measures that restrict their influence as effectively as possible.
(4) Nuclear facilities must be designed to ensure the possibility of shutting down and maintaining the nuclear facility in a safe
state even if the control room becomes unusable. Corresponding equipment, preferably located in one room, must be
physically and functionally separated from the control room (hereinafter the “emergency control room”).
(5) The equipment layout and manner in which information is presented must provide an appropriate overall impression of the
nuclear facility’s status and operating characteristics.
(6) All equipment needed during manual control must be located where they are accessible during normal operation, abnormal
operation, and design basis accidents and to a reasonable extent also during selected severe accidents.
(7) The design must contain facilities that effectively provide visual and audible indication of the state of operating parameters
that have deviated from normal and could have an effect on nuclear safety.

8) Decree of the Nuclear Regulatory Authority of the Slovak Republic No. 51/2006 Coll., on details of requirements for ensuring
physical protection.

13
 Annex No. 3
to Decree No. 430/2011 Coll.

L. Safety systems and control systems

(1) Safety systems must be designed with the highest achievable functional reliability, backup and independence of individual
channels so that a single failure
a) does not cause the system to lose its protective function,
b) does not reduce the number of independent measurement and information channels of these systems to one.
(2) A safety system must permit periodic functional tests of individual independent information channels during normal
operation and testing of their common circuits when the nuclear facility is shut down. These common circuits must be
designed so their possible failures lead at most to shutdown of the nuclear facility, and not to loss of its protective function.
(3) A safety system must be designed so that the system of protection cannot be rendered ineffective by an incorrect action on
the part of a selected employee, but must not restrict correct actions.
(4) A safety system must be designed so that the effect of conditions during normal operation, abnormal operation and during
design basis accidents on backup channels do not cause it to lose functionality; otherwise its reliability based on a different
principle must be proven.
(5) If a control system or safety system is dependent on the reliability of a computer system, specific quality criteria and
procedures must be established and applied to the development, delivery and testing of computer system hardware and
especially software during the useful life of the control system and safety system.
(6) The level of reliability required of a computer system must be commensurate to its safety importance. The reliability level
must be achieved through a comprehensive strategy that uses mutually supplementary resources during each phase of
process development, taking into account effective analysis and test methods, as well as verification and validation
strategies in order to confirm project requirements.
(7) Computer system software verification and validation must be provided by a subject that is independent of the supplier.
(8) An analysis of failure states and consequences of failures must be performed for safety systems in order to ascertain system
vulnerability during component failures and assess the suitability of the design strategy for failure detection and alleviation
of their consequences.
(9) The reliability level presumed in the safety analysis for computer-based systems must include a specified level of
conservatism that balances out the complexity of the technology used and the difficulty of the safety analyses performed.
(10) The development process for a safety system or control system computer system must be documented and checked, and
must enable backtracking, including its testing and activation, as well as design changes to these systems.
(11) A safety system or control system computer system that has an influence on nuclear safety must be certified.
(12) Safety systems based on computer systems must meet the following conditions:
a) the use of high-quality hardware and software,
b) the entire development process, including checking, testing, commissioning and design changes must be
systematically documented and reviewed,
c) an independent assessment is needed to confirm the reliability of computer systems,
d) if system reliability cannot be proven with a high degree of confidence, protection functionality diversity must be
ensured.
(13) If it is not possible to prove the existence of a sufficient amount of data from operating activity of identical systems used
in similar cases, a conservative level of reliability presumed in the computer system's safety analysis must be adopted.
(14) Safety systems and control systems must be separated, so that a control system failure does not influence safety functions.
If this is not possible, functionally necessary and purposeful connections between safety and control systems must be
restricted to the extent that safety functionality is not influenced.
(15) Safety systems and control systems must have built-in automated safety measures so that during a justified timeframe after
the occurrence of an event, human intervention is not required, and information on automated safety measures must be
available so that their effect can be monitored.
(16) A safety system must be designed so that project parameters are not exceeded even during a control system malfunction.
Safety system activities must take precedence over control system activities and human activities, with the option of
activating the safety system manually.
(17) A computer-based safety system must have its reliability confirmed by specialists that are independent of its designer and
supplier; if the required system integrity cannot be proved with the expected level of reliability, other means must be used
to ensure safety functions are met.

14
 Annex No. 3
to Decree No. 430/2011 Coll.

(18) A safety system must be designed to recognize postulated trigger events and activate systems for the alleviation of their
consequences.
(19) Control systems must be designed to provide required signals on important operating parameters and processes exceeding
or falling below allowable limits.
(20) Control systems must be equipped with devices for monitoring, measuring, registering and controlling values and systems
that are important for nuclear safety during normal and abnormal operation.
(21) Control systems must continuously, at regular intervals, or as required record parameters that are important for nuclear
safety according to safety analyses.
(22) Indicators, signals and controllers must be designed and distributed so that employees constantly have sufficient
information on operation, and can intervene promptly if needed.
(23) Measuring instruments, indicators, signals and recording devices must be designed so that in the case of an incident they
provide
a) information on the current state of affairs,
b) basic information on the progress of events and records thereof,
c) data allowing for the characterization of the spread of radioactive substances and ionizing radiation into the
workplace and the environment.

M. Electrical power systems

(1) Electrical power systems must be designed so that external and internal electrical distribution failures affect operation as
little as possible.
(2) Systems with an impact on nuclear safety that require continuous uninterrupted power must be powered by batteries.
(3) Batteries must have sufficient capacity to maintain functionality for at least two hours under all circumstances. Like the
systems they power, these sources must be separate and independent.
(4) Technological systems that are redundant in order to ensure nuclear safety must be powered by at least two independent
electrical systems and power supplies. If the number of power supplies is lower than the number of independent
technological systems, it must be proven that reliability will not be reduced.
(5) If a single failure in power systems does not interfere with their functionality, a single failure of an electrical system or
power supply is allowed.
(6) If the availability of some system is necessary to ensure nuclear safety, its electrical system must deliver sufficient power
even during a single failure.
(7) Power supplies and systems must be prepared to deliver needed power in a shorter time than which is needed to start up
the equipment they power.
(8) The design of power supply circuitry for systems important for nuclear safety must allow power supply from emergency
sources independent of whether operating power supplies are active, and must ensure that functional testing of emergency
power supplies can also be performed during normal operation.

N. Heat transfer

(1) Facilities that participate in transferring heat released through fission and residual heat must be designed so that they
reliably ensure material cooling under all conditions.
(2) Heat transfer systems must be redundant, physically separate, insulated and may be capable of interconnection so that they
fulfil their function during normal operation even with a single failure, following shutdown even with a single failure,
during design basis accidents and selected beyond design basis accidents, and during loss of power from the external
network.
(3) If a nuclear facility is also used to produce heat for purposes of its deliver outside of the nuclear facility, it must be designed
to prevent the transfer of radioactive substances from the nuclear facility to heat distribution systems during normal
operation, abnormal operation, design basis accidents and to a reasonable extent also during selected severe accidents.

O. Monitoring facility status during operation

Selected facilities must be designed so that they can be monitored and tested during normal operation without
reducing the level of nuclear safety.

15
 Annex No. 3
to Decree No. 430/2011 Coll.

II. Special design requirements for nuclear facilities with a nuclear reactor

A. Primary circuit, pressure vessel and active zone of the nuclear reactor

(1) The pressure vessel of a nuclear reactor, the primary circuit and its auxiliary systems, control systems and safety systems
must be designed so that
a) during normal operation, during abnormal operation and during design basis accidents, the sturdiness, useful life and
functional reliability of their parts and equipment are ensured with a sufficient margin of error;
b) undue coolant leaks do not occur;
c) materials used for their manufacture are selected for their minimum activation during normal operation;
d) they are sufficiently resistant to the occurrence and development of failures.
(2) The pressure vessel of a nuclear reactor and primary circuit facilities must be designed so that regular and continuous
monitoring and testing can be performed during normal operation to verify nuclear safety.
(3) The design of a nuclear reactor’s pressure vessel and primary circuit facilities must include
a) operational checking and testing programmes and methods;
b) criteria for the assessment of results of operational checking and testing;
c) multiple physical barriers to prevent the release of radioactive substances into the workplace and the environment;
d) at least three various systems for monitoring and evaluating leaks during operation, if the “leak before break”
approach is used.
(4) A conservative approach used during the design of the nuclear reactor’s active zone and related control systems and safety
systems must ensure that
a) all parts inside the reactor are designed, manufactured and assembled to resist static effects and dynamic effects during
normal operation, abnormal operation and during design basis accidents to the extent needed to ensure safe shutdown
of the nuclear reactor and to maintain subcriticality and sufficient cooling of the active zone;
b) during normal operation and abnormal operation, limit parameters of fuel elements are not exceeded;
c) during accidents
1. excess reactivity that could lead to an uncontrolled fission reaction is not released,
2. the nuclear reactor can be safely placed into a subcritical state and maintained in this state,
d) the active zone can be cooled during the entire time of heat release;
e) damage limits for nuclear elements are not exceeded.
(5) The design of fuel elements must ensure that
a) specified maximum parameters that serve as a basis for the design of other facilities are not exceeded during normal
operation, during abnormal operation and during design basis accidents;
b) it is based on characteristics of materials used, on the effects of radiation and chemistry on these materials, on the
effects of static loading, dynamic loading and thermal loading, and on the accuracy of calculations, manufacture and
installation;
c) data used is sufficiently supported by experimental or operating experience.
(6) Mechanical parts of the active zone or mechanical parts located in its proximity must be designed to resist static and
dynamic effects during operation and during expected operating events. They must be built so that damage to them does
not increase reactivity and does not prevent the nuclear facility from being shut down or residual heat from being removed.

B. Primary circuit coolant makeup and cleaning system

(1) The system for making up coolant must be designed so that is capable of compensating for coolant leaks and volumetric
changes during normal operation and abnormal operation, taking into account coolant diversion for cleaning.
(2) The coolant cleaning system must be designed so that it is capable of removing crud and fission products that escape from
damaged fuel elements, while maintaining the required primary circuit coolant purity parameters.

C. Nuclear reactor active zone cooling system

(1) The design of an emergency cooling system for the active zone must ensure
a) reliable cooling of the active zone during design basis accidents caused by coolant loss so that
1. temperatures of fuel element cladding do not exceed specified values,

16
 Annex No. 3
to Decree No. 430/2011 Coll.

2. the energy contribution of chemical reactions between fuel element cladding and coolant does not exceed the
allowable value,
3. geometric changes to fuel elements and internal parts of the nuclear reactor that could affect cooling efficiency
do not occur,
4. residual heat is removed during the entire time of its release,
b) its sufficient backup, interconnectability, monitoring of leaks and the ability to capture them so that the emergency
cooling system of the active zone works reliably even during a single failure;
c) the ability of the system to support transfer of heat away from the active zone to the extent accounted for in the
design for selected severe accidents;
d) the ability to perform periodic testing and inspections
1. of the system’s sturdiness and impermeability,
2. of active system elements and their functional trial,
3. of the system as a whole and its functional trial under close to operating conditions.
(2) The system of residual heat removal must be designed so that limit parameters of fuel elements in a nuclear facility that
has been shut down are not exceeded.
(3) The design must include backup of safety systems for residual heat removal, monitoring coolant leaks and the ability to
capture them so that the residual heat removal system works reliable even in the case of a single failure and the loss of
external power.
(4) The design of the secondary circuit must ensure
a) reliable transfer of heat from the primary circuit,
b) discovery of any leaks from the primary circuit to the secondary circuit, and if such leaks are discovered, prevention
their further propagation.
(5) The design must include a solution for the reliable final removal of heat from selected facilities during normal operation,
abnormal operation and design basis accidents, and which during selected severe accidents must contribute to the removal
of heat. Final removal of heat is defined as the transfer of residual heat to the atmosphere or to water, or a combination
thereof.
(6) The reliability of systems contributing to the final removal of heat through its transfer, providing power or supplying media
to final heat removal systems must be achieved for example through the selection of tested equipment and systems, their
backup, variety, physical separation, interconnections and insulation.
(7) Postulated trigger events caused by natural conditions or human activity must be taken into account during the design of
the final heat removal system through the suitable selection of various means of heat transfer and supply systems that
deliver media for heat transfer.

D. Containment building system

(1) A nuclear facility must be equipped with a containment building system that, when postulated trigger events related to the
leak of radioactive substances and ionizing radiation into the environment occur, limit these leaks so that they are lower
than established limit leak values, if this function is not provided for by other means.
(2) The containment building must be designed so that its required degree of containment is maintained even during design
basis accidents. Aside from this, the ability to reduce the consequences of selected severe accidents and to limit the escape
of radioactive substances into the environment must be taken into account.
(3) Pressurized parts of the containment system must be designed with sufficient margin of error for the highest pressures,
underpressures and the highest temperatures that can occur during design basis accidents.
(4) The containment system must consist of a full-pressure enclosure or an enclosure equipped with a pressure and temperature
reduction system, of sealing facilities and ventilation and filtration systems that are dimensioned for all postulated trigger
events and that must ensure that permitted parameters are not exceeded even during design basis accidents.
(5) Facilities inside the containment building must be designed so that they fulfil their function and so that their effect on other
systems, assemblies and components is limited.
(6) Insulation materials, sheathing and coatings of systems, assemblies and components inside the containment building must
be designed so that their fulfilment of their safety functions is ensured and so that they resist the effects of their environment
even during design basis accidents.
(7) The containment building and systems, assemblies and components important for it to maintain its containment ability
must be designed so that it is possible to
a) perform leak tests at design pressure following
1. the installation of all bushings and feed-throughs,
2. repairs;
b) prior to commissioning, prove its integrity through a pressure test using a test pressure higher than design pressure;

17
 Annex No. 3
to Decree No. 430/2011 Coll.

c) during normal operation of the nuclear facility,

1. perform regular checks of individual assemblies and components of the containment building;
2. perform functional tests of individual containment building systems, assemblies and components;
3. perform regular leak tests of the containment building at design pressure or at lower pressures that permit
extrapolation;
4. prevent a reduction of its containment ability by flying fragments or pipe whipping.
(8) Bushings passing through the walls of the containment building must be designed so that
a) leak tests can be performed,
b) regular tests of their seals can be performed at design pressure independent of leak tests of the hermetic sheath,
c) they are protected from the effects of dynamic forces,
d) their number is as low as possible,
e) they all meet the same design requirements as the containment building itself.
(9) Primary circuit pipes that pass through the walls of the containment building, or pipes that are directly connected to the
containment building’s atmosphere must be equipped with reliable automatic shutoffs, each of which having at least two
shutoff elements in series that are located outside and inside the containment building and are controlled independently
and reliably. The outside shutoff elements must be located as close as possible to the containment building.
(10) Other pipes passing through the walls of the containment building must have at least one outside shutoff element located
as close as possible to the containment building.
(11) Shutoff elements must be designed so that they
a) can be regularly tested for leaks,
b) perform their function even during a simple failure, aside from their mechanical portion.
(12) Service openings in the walls of the containment building must be equipped with interlocking double doors so that
containment is always ensured. The tightness of service openings must correspond to the tightness of the containment
building system.
(13) Flow paths between parts of the space inside the containment building must be designed so that pressure differences
occurring during operating events do not damage the containment building or other the containment building system
facilities.
(14) If a heat removal system is used to transfer heat out of the containment building, it must be designed to ensure its reliability
and functional redundancy during a single failure.
(15) The containment building must be equipped with systems for the detection of hydrogen and radioactive substances that
could leak into it during and following postulated trigger events. Along with other systems, these systems must
a) reduce activity concentration and modify fission product composition,
b) monitor and maintain hydrogen concentrations at permitted levels in order to ensure containment building integrity.
(16) A containment building equipped with a pressure and temperature reduction system must have important support systems,
assemblies and components backed up to ensure their functionality even during a single failure.
(17) It must be possible to isolate the containment building during beyond design accidents. If the incident leads to a bypass of
the containment building, its consequences must be mitigated.
(18) The tightness of the containment building must not be reduced significantly for a reasonable time following a severe
accident.
(19) The pressure and temperature inside the containment building must be controlled during a severe accident.
(20) The concentration of flammable gases must be controlled during a severe accident.
(21) The containment building must be protected from internal overpressure during a severe accident.
(22) An active zone meltdown scenario at high pressures must be prevented.
(23) Damage to the containment building by molten fuel must be prevented to a reasonably achievable extent.

E. Safety and severe accident analyses

(1) The design must include analyses of the responses of the nuclear facility at least to the following postulated trigger events:
a) small, medium and large leaks of primary circuit coolant due to a burst in the main circulation piping,
b) a burst in the main steam piping and feed water piping,
c) reduced coolant flow through the reactor,
d) increased or reduced feed water flow,
e) increased or reduced steam flow,
f) unexpected opening of volume compensator safety valves,

18
 Annex No. 3
to Decree No. 430/2011 Coll.

g) unexpected activation of the emergency active zone cooling system,

h) unexpected opening of steam generator safety valves,
i) unexpected closing of main steam fittings on steam generator steam piping, j) burst of
steam generator heat exchanger tubes,
k) uncontrolled movement of emergency, control and compensation cartridges, l) ejection
of emergency, control and compensation cartridges, m) loss of external power, n) an
accident during fuel handling,
j) a failure of normal makeup of the primary circuit,
p) coolant leaks from the primary circuit to inserted circuits outside the hermetic zones,
q) a heat removal failure during natural circulation cooldown mode,
r) a storage facility cooling failure,
s) the fall of a load due to failure of lifting equipment,
t) fires, explosions and flooding.
(2) The design must include response analyses for the proposed facility for at least the following postulated external trigger
events:
a) unfavourable natural conditions, including
1. extreme wind load,
2. extreme outdoor temperatures,
3. extreme rain and local flooding,
4. extreme cooling water temperatures and icing,
5. earthquakes.
3. aircraft impact,
4. the effect of human activity and industrial activity near the nuclear facility.
(3) The design must include analyses of the following beyond design basis accident scenarios:
a) occurrence of abnormal operation with failure of automatic reactor protection,
b) complete loss of power for its own needs,
c) complete loss of feed water,
d) a primary coolant leak with failure of active zone emergency cooling,
e) loss of coolant in the reactor in natural circulation cooling mode,
f) complete loss of technical water,
g) loss of heat removal from the active zone for a reactor that has been shut down,
h) uncontrolled dilution of boric acid in the reactor,
1) bursting of several steam generator heat exchanger tubes,
j) bursting of steam lines along with the simultaneous bursting of a steam generator heat exchanger tube, k) loss of safety
systems needed during the long-term phase following a postulated trigger event, l) loss of depleted nuclear fuel storage
facility cooling.
(4) Analyses performed pursuant to the previous subsection may be performed in a realistic manner while using modified
acceptance criteria.
(5) Based on operating experience, relevant safety analyses and the results of research, the design must also focus on selected
severe accidents, while taking into account
a) the possibility of multiple failures of safety systems with a subsequent threat to the integrity of physical barriers
preventing the escape of radioactive substances; preventive or mitigating measures need not include the application
of a conservative approach to ensuring nuclear safety;
b) a set of selected events that are identified from among postulated trigger events using a combination of probabilistic
methods, deterministic methods and technical evaluation, and that have been subsequently reviewed using a set of
criteria in order to determine which severe accidents the design will address;
c) assessment and implementation of any design changes, changes to documentation or operating rules
that could reduce the likelihood of the occurrence of events selected pursuant to (b) or mitigate their
consequences, if their implementation is reasonably possible;
d) the ability to utilize some safety systems as sell as systems not directly related to nuclear safety, or additional
temporary systems for the accomplishment of functions other than those originally planned, and under operating
conditions other than originally expected, for putting the nuclear facility into a controlled state or to mitigate the
consequences of selected events pursuant to (b);
e) enactment of operating rules for the management of accidents during their occurrence;
f) for multi-block nuclear facilities with a nuclear reactor, the use of available support measures from
other blocks, as long as these blocks' safe operation is not threatened.
(6) Analyses of design basis accidents must take into account the uncertainty of parameters used to ensure that analysis
results are conservative.

19
 Annex No. 3
to Decree No. 430/2011 Coll.

(7) To preserve a conservative approach, design basis accident analyses may consider only activity of safety systems. The
activity of systems that are not classified as safety systems can only be taken into account if they have a negative effect on
a trigger event.
(8) In design basis accident analyses, the jamming of one regulation cartridge shall be considered as an additional complicating
factor for all other postulated trigger events.
(9) The design must include analyses that verify the behaviour of nuclear facilities during specific beyond design basis
accidents, including severe accidents, so that in cases of events with a very low probability of occurrence leakage of
radioactive substances harmful to the population and the environment is minimized to a reasonably achievable extent.

F. Acceptability criteria

(1) Trigger events must be grouped into a limited number of categories that correspond to the state of a nuclear facility with a
nuclear reactor or nuclear reactors according to their probability. Radiological and technical acceptability criteria must be
assigned to every state of a nuclear facility with a nuclear reactor or nuclear reactors, so that frequent trigger events shall
not have any or only small radiological consequences and those events that could have serious consequences must have a
very low probability.
(2) Criteria for the preservation of integrity of fuel rods, fuel temperature, boiling crisis margins and cladding temperatures
must be specified. Aside form this, criteria for the greatest permitted damage to fuel during any design basis incident must
be specified.
(3) Criteria for the protection of primary circuit integrity and for the protection of the secondary circuit to a reasonable extent,
including permitted pressure, temperature, transient temperature and pressure processes and internal tension must be
specified.
(4) Criteria for the protection of the containment building must be specified, including maximum temperature, pressure and
size of leaks.

G. Fire protection

The design must ensure that fire breaking out at an arbitrary location does not prevent the safe shutdown of the
nuclear reactor, keeping it in a safe state, and does not cause a leak of radioactive substances or radiation
exposure of persons above set limits.

H. Emergency management centre

(1) The design must also include an emergency management centre that must be separated from the control room as well as
from the emergency control room, and shall serve as the workplace of the managing group of the emergency response
organization. It contains information on important nuclear facility parameters and on the radiation situation in the nuclear
facility and its immediate surroundings; it must also have facilities for communicating with the control room or emergency
control room, with other important locations in the nuclear facility, and pursuant to special legislation. The emergency
management centre must be built for the protection of persons pursuant to special legislation9) so that their protection from
possible danger resulting from the incident is ensured for a sufficient amount of time.
(2) The design must include facilities to ensure backup of the emergency management centre if it is not functional or unusable.
The backup emergency management centre must be built in such a manner that all activities necessary according to the
emergency plan can be performed, and must be at a safe distance from the nuclear facility.

I. Safety systems

(1) The design must ensure that safety systems have outputs for activation of the nuclear reactor shutdown system, plus these
systems must
a) automatically activate to ensure that design parameters are not exceeded during events pursuant to Section 2(q) and
(r);
b) be capable of putting the nuclear reactor into a subcritical state during all operating states and maintain it in a
subcritical state even in a situation with the highest level of active zone reactivity;

9) Section 11 of Decree of the Ministry of the Interior of the Slovak Republic No. 532/2006 Coll., on technical construction
requirements and on technical conditions for civil protection facilities.

20
 Annex No. 3
to Decree No. 430/2011 Coll.

c) be capable of preventing spontaneous occurrence of a critical state; this requirement must be met even under presumed
activities increasing reactivity when placing the nuclear reactor into a subcritical state, including during a single failure
of these systems,
d) be composed of at least two independent systems based on various principles and capable of functioning even during
a single failure;
e) be designed so that one of the systems pursuant to (d) must be capable of placing the nuclear reactor into a subcritical
state as quickly as possible with a margin of negative reactivity;
f) be designed so that one of the systems pursuant to (d) must be capable of placing the nuclear reactor into a subcritical
state and to keep it in this state even in a situation with the highest level of active zone reactivity;
g) permit control of reactivity or modifications to neutron flow distribution during operation so that a negative reactivity
margin for placing the nuclear reactor into a subcritical state is constantly preserved.
(2) The design must also include the occurrence of possible postulated trigger events in low-output or reactor shutdown states,
when the readiness of safety systems or control systems may be reduced.
(3) The design must ensure qualified equipment including recording equipment for recording of needed information for the
monitoring of changes to the nuclear facility’s environment, the state of its safety systems for automatic reactor shutdown
and mitigation of the consequences of accidents, as well as other systems important for safety during and after accidents,
in the case of severe accidents only to a reasonable extent. This system must provide selected employees with necessary
information on the progress of the accident and the release of radioactive substances.
(4) The design must include adequate instruments usable during severe accidents according to their user manuals.
(5) Necessary information from measurements pursuant to the previous subsection must be displayed at the block control room,
emergency control room, as well as at the emergency management centre in such a manner that permits the assessment of
the state of the nuclear facility and its basic safety functions during severe accidents.
(6) Activation and use of safety systems must be automated or performed in a passive manner in such a way that staff
intervention is not required for at least 30 minutes following a trigger event. Any intervention by staff required by the
design during the first 30 minutes following a trigger event must be justified and legitimate.

J. Electrical power system

(1) The design must have the following sources of power available for systems that are important for nuclear safety:
a) operating power from the main generator,
b) two various sources of mains power from various very high voltage substations,
c) emergency power from an autonomous source located on the nuclear facility site.
(2) A design with several blocks on one site must also ensure that
a) each block will have its own source of emergency power,
b) each block will have its own connection to the electrical grid for outward transmission of power that is functionally
separate from the others, with all mutual connections being eliminated,
c) if a common backup power connection is used, its output must be sufficient for the concurrent startup of all blocks.

III. Special design requirements for storage facilities

Storage facility design must

a) take into account the amount, classes and dangerous characteristics of radioactive waste expected to be stored so that
physical and chemical compatibility is ensured with the selected site;
b) address adequate isolation of radioactive waste or spent fuel, taking into account their characteristics, site characteristics
and other safety aspects related to storage facility operation, its closure and institutional monitoring;
c) take into account operating activities, its closure plan and other factors that contribute to the protection of stored radioactive
waste and storage facility stability;
d) specify engineering barriers that supplement the function of the site’s natural characteristics, and jointly prevent or slow
down the escape of radionuclides from stored radioactive waste or spent fuel into the environment over the long term.

21
 Annex No. 3
to Decree No. 430/2011 Coll.

e) contain requirements for isolation of radioactive waste from the environment, always relying on a multiple-
barrier system of protection, whose safety functions are based on various physical or chemical processes
that prevent or slow down the escape of radioactive substances into the environment;
f) contain requirements for a gravitational drainage system and activity measurement of accumulated drainage water;
g) contain requirements for the implementation of a programme for monitoring and verifying the system’s ability to prevent
unwanted escape of radionuclides into the environment, taking into account a reduced need for active barrier maintenance
and monitoring after its closure;
h) address maintenance of safety during the storage facility’s designed useful life, primarily through passive features, so that
the need for activity after the storage facility is closed is minimized;
i) take into account the duration of institutional monitoring and activities that need to be performed within the scope of its
active part and passive part;
j) a preliminary design for its coverage and manner of closure;
k) address the possibility of radioactive waste recovery, and if this option is being considered, without
reducing the storage facility’s level of safety.

22
 Annex No. 4
to Decree No. 430/2011 Coll.

REQUIREMENTS FOR THE SAFETY

OF NUCLEAR FACILITIES DURING
THEIR CONSTRUCTION,
COMMISSIONING,
DECOMMISSIONING AND, IN THE
CASE OF STORAGE FACILITIES, FOR
THEIR CLOSURE
PART A LIST OF

REQUIREMENTS
I. General requirements for nuclear facilities

A. Organization of nuclear safety assurance and principles of safe construction, commissioning, operation,
decommissioning and, in the case of storage facilities, for their closure
B. Limits and conditions for safe operation or safe decommissioning
C. Safe decommissioning principles
D. Documenting activities and changes
E. Fire protection
F. Requirements for handling nuclear materials
G. Operating regulations
H. Requirements for regular maintenance, inspection and testing
I. Applying feedback from operating experience

II. Special requirements for nuclear facilities with a nuclear reactor

A. Preparedness for commissioning and meeting requirements for the physical commissioning phase and the power
generation commissioning phase
B. Preparedness for commissioning following fuel replacement (hereinafter “restart”)
C. Nuclear safety during operation
D. Keeping records and operating documentation
E. Ensuring regular maintenance, inspection and testing

III. Special requirements for nuclear facilities pursuant to Section 2(f) point 2 to 5 of the Act

A. Preparedness for commissioning

B. Preparedness for the startup of nuclear facilities or parts thereof on operating parameters following shutdown
(hereinafter “startup”)
C. Nuclear safety during operation
D. Keeping records and operating documentation
E. Storage facility closure principles

23
 Annex No. 4
to Decree No. 430/2011 Coll.

PART B CONTENTS OF
REQUIREMENTS

I. General requirements for nuclear facilities

A. Organization of nuclear safety assurance and principles of safe construction, commissioning, operation,
decommissioning and, in the case of storage facilities, for their closure

(1) The construction of nuclear facilities, their commissioning, operation, decommissioning and storage facility closure must
be governed by applicable quality assurance phase programmes and safety culture rules.
(2) For the purposes of activities pursuant to (1), the permit holder must create an organizational structure with specified
responsibilities and functional obligations, and regularly review it so that it reflects the nuclear facility’s current state.
(3) A test programme must be developed for each selected facility. If selected facilities are part of a technological system or
compose an integrated system, the test programme must be developed for the integrated system or its part.
(4) Test programmes for selected facilities are developed so that they verify the activity and functions of the activated facility
in prescribed operating states expected by the design and listed in an operating safety report.
(5) Prior to the beginning of the commissioning process, the permit holder must check that the nuclear facility is ready to be
started up by verifying and logging that post-installation test success criteria have been met for systems, assemblies and
components, while also noting incomplete work and shortcomings that could influence nuclear safety.
(6) Commissioning is a process during which the permit holder must verify if systems, assemblies and components built in
accordance with the design are functional and if they meet nuclear safety requirements according to the operating safety
report.
(7) Prior to the beginning of the commissioning process, the permit holder must complete verification of the functional
capabilities of individual systems under inactive conditions according to programmes whose results shall be supported by
logs and will be in accordance with success criteria specified in these programmes. The permit holder must produce a report
on the test results.
(8) The permit holder must perform commissioning according to startup programmes approved by the Authority so that each
phase and sub-phase composes an integrated set of tests, and the next phase or subphase cannot start until the preceding
phase or sub-phase has been properly completed and the fulfilment of all success criteria specified in its programme has
been evaluated and logged, which is one of the conditions for passing to the next commissioning phase or sub-phase.
(9) Prior to the start of a particular phase, the permit holder must perform a preparedness check for this phase, which verifies
a) completion of work and tests needed for the relevant phase;
b) meeting of success, work and test criteria specified in programmes from the previous phase, and the facility’s
preparedness for the next phase in accordance with the programme of the relevant phase;
c) the completeness and correctness of prescribed documentation, including documents and logs regarding the
preparedness of systems, assemblies and components participating in this commissioning phase;
d) that the quality assurance programme for the phase has been fulfilled;
e) documents on the fulfilment of previous conditions issued by the Authority;
f) certification of meeting the requirements of other supervisory bodies; and the
permit holder must produce a report on the results of this check.
(10) Limits and conditions in the applicable mode apply to a nuclear facility that is already in its first commissioning phase.
(11) During commissioning, the permit holder must verify that operating rules are technically accurate, and must eliminate any
shortcomings as they are found.
(12) During the occurrence of a condition that is dangerous from the perspective of nuclear safety, the permit holder must
suspend commissioning tests being performed and put the nuclear facility in a safe state.
(13) A nuclear facility is considered to have been started up once commissioning success criteria specified in commissioning
programmes have been met.
(14) Prior to the start of operation, the permit holder must check the readiness of the nuclear facility for operation by verifying
and logging

24
 Annex No. 4
to Decree No. 430/2011 Coll.

a) that tests for all phases of commissioning have been completed

b) that success criteria for individual phases of commissioning have been met pursuant to applicable approved phase
programmes,
c) that test operation has been completed and evaluated,
d) readiness of equipment and its operators for operation,
e) that documentation pursuant to Annex No. 1(C) of the Act matches the actual state of the nuclear facility.
(15) The permit holder must separate a part of a nuclear facility that is being commissioned, operated, decommissioned or in
the case of a storage facility, being closed, from a part where construction is continuing in such a manner that installation
work or any incidents on the part of the nuclear facility that is in construction do not influence the nuclear safety parts of
the facility that is being commissioned, operated, decommissioned or being closed
(16) The relevant permit holder must draw up safety indicators for operation, decommissioning or storage facility closure.
(17) A permit holder may perform tests or manipulation procedures and mode changes that are not described in operating rules
only based on a procedure drawn up in advance in accordance with the current quality assurance phase programme.
(18) If operation, decommissioning or closure of a nuclear facility or part thereof diverges from states that are taken into account
in operating rules, or during the occurrence of situations dangerous to nuclear safety, or if it is not possible to ascertain that
the nuclear facility is operating within applicable limits and conditions, or if the nuclear facility’s response is at odds with
expected response during commissioning, operation or decommissioning, the permit holder must take such actions and
measures so that the nuclear facility or part thereof is immediately placed into a safe state. If such a situation arises, the
permit holder may continue activities only once the causes of this situation have been clarified and eliminated.
(19) A permit holder must send the Authority the following, separately for each nuclear facility:
a) a daily operating report that contains
1. the nuclear facility ’ s operating status,
2. expiry or violation of limits and conditions,
b) a quarterly and semi-annual operating safety assessment that contains information on
1. the nuclear safety status, including its assessment through safety indicators,
2. operating reliability status of selected facilities,
3. safety improvements,
4. radiation protection, including the amount and forms of radioactive substances released into the environment,
5. fire protection,
6. emergency preparedness,
7. internal nuclear safety supervision,
8. creation and handling of nuclear waste including its transport,
9. creation and handling of spent nuclear fuel including its transport,
10. comparison of the decommissioning status achieved with the decommissioning phase plan.
(20) If set parameters are exceeded, safety systems must automatically activate. In the event of any failure of safety systems,
selected employees of the permit holder must activate them manually.
(21) A permit holder may begin with restart and startup of nuclear facilities or parts thereof to operating parameters following
their shutdown only when all facilities and systems needed to ensure reliable and safe operation have been tested and are
functional, and if they are in accordance with the design, the pre- operational safety report, the nuclear facility’s limits and
conditions, and with operating rules. After the check has been performed, the permit holder must produce a summary
document on the results of a readiness check of the nuclear facility and the permit holder’s employees for further operation.
(22) A permit holder must perform restart and startup of nuclear facilities based on programmes.
(23) The goal of restart and commissioning tests is to verify the functionality of the nuclear facility being started up during
prescribed operating states listed in the pre-operational safety report.
(24) A success criterion for restart or commissioning of a nuclear facility must be a match between measured values with values
specified in programmes. However, these values must not exceed limits specified in the pre-operational safety report.
Meeting test success criteria is a condition for the start of another restart test.
(25) A nuclear facility is considered to have been restarted once commissioning success criteria specified in programmes have
been met.
(26) Prior to the start of decommissioning or the start of storage facility closure, the permit holder must check the readiness of
the nuclear facility for decommissioning, or in the case of a storage facility for its closure, by verifying and logging
a) readiness of facilities and employees,

25
 Annex No. 4
to Decree No. 430/2011 Coll.

b) that documentation pursuant to Annex No. 1 point D is in accordance with the actual state of the nuclear facility.
(27) When making changes to a nuclear facility, a permit holder must assess the proposed change from the perspective of its
impact on operating documentation, staff preparation and configuration of a representative full-scale simulator, and include
any identified changes.

B. Limits and conditions of safe operation or safe decommissioning

(1) In case limits and conditions have been violated, a permit holder must have a system in place to bring matters back in line
with the specifications.
(2) If requirements pursuant to limits and conditions cannot be met, activities and a time limit for their performance shall be
specified that will place the nuclear facility in a safe state.
(3) For all normal operating modes, the minimum number of systems important for nuclear safety that must be operational
must be specified.
(4) A permit holder shall analyse cases of violation of limits and conditions, and draw up a system of preventive measures to
prevent repeat violation. The results of all violations shall be duly documented and filed.

C. Safe decommissioning principles

(1) A permit holder must immediately inform the Authority of that he plans to end the operation of a nuclear facility.
(2) Facilities that are functional during the decommissioning phase, equipment complexes built to support decommissioning
or are in protective storage, as well as activities related to dismantling, preparation for disposal and disposal of equipment
complexes are subject to commensurate operating safety requirements.
(3) A decommissioning concept plan and decommissioning phase plan, including relevant safety analysis, take into account
the nuclear facility type, the inventory of radioactive waste, and activities performed in accordance with their importance
for nuclear safety by using a graduated approach.
(4) No decommissioning activity may be executed without prior evaluation of its impact on nuclear safety. The risk of
performing such activities must be assessed through safety analyses.
(5) A permit holder must decommission a nuclear facility or part thereof in a manner that to a reasonable achievable extent
preferentially utilizes passive safety characteristics.
(6) All decommissioning activities in a given phase must demonstrably lead to achieving the final state defined in the
decommissioning phase plan.

D. Documenting activities and changes

(1) During construction, commissioning, operation and decommissioning of a nuclear facility, a permit holder must truthfully
and comprehensibly record values important to nuclear safety on a continuous basis so that the time span of their change
prior to transient states, during their occurrence and after their disappearance, is recorded.
(2) From the start of commissioning and during operation, a permit holder must record
a) results of facility tests during construction and commissioning,
b) expiry or violation of limits and conditions,
c) operation during work changes,
d) results and records of tests, inspections, maintenance and repairs to selected facilities,
e) parameters and records that provide important information about nuclear facility status,
f) equipment surface contamination values,
g) information regarding operating incidents,
h) results of employee health and psychology tests,
i) results of special professional qualification testing of employees, j)
results of professional qualification testing of employees,
k) information on the form and amount of radioactive substances released, on the amount of radiation in nuclear facility
areas and on human radiation exposure,
l) information on changes made to nuclear facilities,
m) information on the amount and movement of nuclear materials, special materials and equipment, and radioactive
waste, n) information on the creation and handling of radioactive waste,
o) information on inspections performed pursuant to requirements prescribed in limits and conditions.

26
 Annex No. 4
to Decree No. 430/2011 Coll.

(3) During storage facilities commissioning, operation, decommissioning and closure, a permit holder must ensure the
maintenance, tracking and storage of the following documentation:
a) operating rules,
b) operational schemes,
c) handling cards,
d) maintenance rules,
e) operating programmes,
f) emergency rules,
g) operating logs,
h) evaluation of checks and tests pursuant to the phase quality assurance programme, nuclear facility quality
requirements and quality requirements for selected facilities,
i) proof of having met qualification requirements, j)
vocational training records.

(4) Changes are made according to design requirements applicable to original systems, assemblies and components or their
documentation.
(5) A permit holder must specify procedures and responsibility for revision of documentation approved or assessed by the
Authority prior to making a change.
(6) A permit holder must draw up and use a system for the management of temporary changes that will ensure each temporary
change is designated on site and in documentation.
(7) After changes have been made prior to restart or further decommissioning or storage facility closure, a permit holder must
demonstrably inform employees of the change and must update relevant operating documentation.

E. Fire protection

A permit holder must create a fire protection and fire fighting system according to conclusions contained in the nuclear facility’s
safety report, or during decommissioning in the decommissioning phase plan, or during storage facility closure in the storage
facility closure and institutional supervision plan, including safety analyses and pursuant to special legislation.10)

F. Handling of nuclear materials

(1) When handling nuclear materials in nuclear facilities, a permit holder must eliminate the possibility of the development of
a fission chain reaction and release of radioactive substances into the environment.
(2) When handling nuclear material, a permit holder must ensure nuclear safety by
a) using equipment considered in the design and tested equipment,
b) performing activities according to operating documentation and based on results of safety analysis results listed in
the safety report.
(3) A permit holder must handle nuclear material and perform related activities in accordance with operating documentation
that contains
a) the sequence of individual steps during operations,
b) requirements for the readiness of systems, assemblies and components,
c) required safety measure,
d) identification data and nuclear material storage cartograms,
e) for a nuclear reactor and storage pool, also information on the concentration of soluble neutron absorber in primary
circuit coolant and in the storage pool.
(4) A permit holder must record every technical operation related to the relocation of nuclear materials in a separate document,
listing its initial and final location. The permit holder must record safety measures that have been taken in this document if
they are not listed in accompanying documentation.
(5) During the transport and storage of nuclear fuel, a permit holder must ensure sub-criticality pursuant to limits and
conditions, taking into account emergency situations presumed in the pre-operational safety report.

10)For example Act No. 314/2001 Coll., on fire protection, as amended, Decree of the Ministry of the Interior of the Slovak
Republic No. 121/2002 Coll., on fire prevention, as amended, Decree of the Ministry of the Interior of the Slovak Republic No.
719/2002 Coll., specifying characteristics, operating conditions and ensuring regular inspection of portable fire extinguishers and
mobile fire extinguishers, Decree of the Ministry of the Interior of the Slovak Republic No. 726/2002 Coll., specifying
characteristics of electronic fire alarm signalling, conditions for its use and ensuring its regular inspection.

27
 Annex No. 4
to Decree No. 430/2011 Coll.

(6) A permit holder must cool spent nuclear fuel during transport and handling so that heat emitted by the fuel is transmitted
away.

G. Operating rules

(1) A permit holder must carry out activities important for nuclear safety only according to operating documentation and
pursuant to established procedures or written orders so that they are in accordance with the approved quality assurance
phase programme, with limits and conditions, and in accordance with approved documentation, and so that these activities
do not disturb or endanger nuclear safety.
(2) A permit holder must establish operating rules for normal operation, abnormal operation, for accidents, and for all
decommissioning or storage facility closure modes; these rules must be drawn up to take into account the current state of
systems, assemblies and components.
(3) Operating rules for accidents are divided into procedures for emergency situations and instructions for managing severe
accidents.
(4) Procedures for addressing emergency situations are drawn up for design basis accidents, and provide instructions for
placing a nuclear facility back into a safe state.
(5) Procedures for addressing emergency situations are drawn up for beyond design basis accidents up to but not including the
start of damage to the nuclear reactor's active zone. Their intent is to renew or replace lost safety functions and to intervene
to prevent damage to the nuclear reactor’s active zone.
(6) Instructions for managing severe accidents are intended for the mitigation of the consequences of severe accidents, when
measures listed in procedures for addressing situations did not succeed in preventing damage to the nuclear reactor’s active
zone.
(7) Procedures for dealing with design basis accidents are based on symptom-oriented rules or on a combination of symptom
and event-oriented rules. Procedures for dealing with beyond design basis accidents are based on symptom-oriented rules.
(8) Procedures for dealing with emergency states are developed in a systematic manner and supported by realistic analyses
drawn up for the given nuclear facility and for a given purpose. Procedures for dealing with incidents are consistent with
other operating rules and instructions for managing severe accidents.
(9) Procedures for dealing with emergency states allow permanent control room staff to quickly recognize the emergency to
which they are being applied. They define initial and final conditions that allow permanent control room staff to select
suitable procedures, move between procedures, and to shift from procedures for instructions for managing severe accidents.
(10) instructions for managing severe accidents are developed in a systematic manner using a specific approach for a given
nuclear facility. The contain strategies for managing emergency scenarios identified in sever accident analyses.
(11) Procedures for dealing with emergency states and instructions for managing severe accidents are verified and validated in
the form in which they shall be used on site, in order to ensure that they are administratively and technically correct and
consistent with the environment in which they shall be used.
(12) The verification and validation procedure for procedures for dealing with emergency states and instructions for managing
severe accidents is documented. Validation is performed for the given nuclear facility. During validation, the effectiveness
of including the human factor into procedures and instructions is assessed. Validation of procedures is performed on a
representative full-scale simulator.
(13) Permanent control room staff and operating staff is trained and is regularly practices procedures for dealing with emergency
states using a representative full-scale simulator.
(14) Permanent control room staff and other professionally qualified employees of the permit holder are trained and regularly
practice with instructions for managing severe accidents using a representative full-scale simulator.
(15) Training pursuant to (13) and (14) also includes switching from procedures for dealing with emergency states to instructions
for managing severe accidents.
(16) Interventions of permanent control room staff stemming from instructions for managing severe accidents and needed to
renew required safety functions are planned and regularly practiced.
(17) A permit holder is responsible for adhering to operating rules and for their update.
(18) A permit holder must perform a regular check of operating rules, during which he makes use of his own operating
experience and operating experience from other comparable nuclear facilities, as well as current scientific and technical
knowledge.
(19) A permit holder is responsible for equipping the control room and emergency control room with one complete and updated
set of operating rules.

H. Regular maintenance, inspections and tests

28
 Annex No. 4
to Decree No. 430/2011 Coll.

(1) A permit holder must plan, perform and check the maintenance, inspection and testing of selected facilities at such a
technical level and at such intervals that the reliability and function of selected facilities is in accordance with design and
with evaluations performed in the safety report or during decommissioning in the decommissioning phase plan.
(2) A permit holder must perform maintenance and operating checks of selected facilities according to an established
programme of operating checks and checks pursuant to special legislation11). The permit holder must re-evaluate this
programme based on operating experience.
(3) A permit holder must ensure that selected facilities is taken out of operation for maintenance and operating checks only
with the approval of employees specified by him and in accordance with limits and conditions.
(4) Activities related to resolving departures from acceptable criteria discovered during maintenance, examination, tests and
inspections of selected facilities must be contained in relevant procedures.
(5) Non-destructive tests of assemblies, systems or components of a nuclear facility must be performed according to certified
test procedures, with certified test equipment and by qualified employees.
(6) After maintenance and checks have ended, a permit holder must perform a test of systems, assemblies and components
pursuant to an established programme, and must document its result in the test log.
(7) A permit holder must perform tests of systems, assemblies and components to which changes have been made in accordance
with established programmes.
(8) Repairs to selected facilities must be arranged and performed without undue delay taking into account technical means and
conditions, and taking into account the safety significance of the damaged component, system or assembly.

I. Feedback from experience with decommissioning a nuclear facility or part thereof or closing a storage facility or
part thereof

For feedback from decommissioning a nuclear facility or part thereof or closing a storage facility or part thereof, provisions
of the Act on Feedback from Operating Experience are applied in a commensurate manner.

n)Act No. 125/2006 Coll., on labour inspection and on changes and amendments to Act No. c. 82/2005 Coll., on illegal work
and illegal employment and on changes and amendments to some acts, as amended.

29
 Annex No. 4
to Decree No. 430/2011 Coll.

II. Special requirements for nuclear facilities with a nuclear reactor

A. Preparedness for commissioning and meeting requirements for the physical commissioning phase and the power
generation commissioning phase

(1) A permit holder must

a) divide commissioning into two phases, as follows:
1. physical commissioning, the purpose of which is to verify the neutron physics characteristics of the nuclear
reactor’s active zone and selected safety functions that are dependent on the neutron physics characteristics of
the nuclear reactor’s active zone; the beginning of physical commissioning is considered to be the insertion of
the first fuel cartridge into the nuclear reactor’s active zone; the permit holder must divide this phase into two
independent sub-phases, as follows:
1. a. insertion of nuclear fuel into the nuclear reactor’s active zone, and
1 .b. physical commissioning tests;
2. power commissioning, the purpose of which is to verify, at various power levels, the facility’s design
characteristics and design cooperation of all systems under stabilized operation and during transient processes;
the permit holder must divide this phase into individual sub-phases taking into account stabilized power output
test levels;
b) perform commissioning according to an approved phase programme and approved individual physical and power
commissioning test programmes;
c) perform commissioning in accordance with a commissioning schedule and applicable phase programme, which he
can modify based on test results, if needed.
(2) Physical commissioning and power commissioning programmes must contain:
a) the goal of the test,
b) initial test conditions,
c) safety measures,
d) a test procedure,
e) test success criteria,
f) specification of the individual responsible for performing and evaluating the test.
(3) A permit holder must insert nuclear fuel into a nuclear reactor according to a fuel insertion programme with a fuel insertion
cartogram.
(4) After insertion of nuclear fuel into a nuclear reactor, a permit holder must check the insertion into the nuclear reactor’s
active zone with the participation of the Authority.
(5) During physical commissioning, a permit holder must collect results of tests of the nuclear reactor's active zone neutron
physics characteristics, reactivity coefficients, control element characteristics, compensation and protection.
(6) A permit holder must produce a summary report on the results of physical commissioning.
(7) A permit holder may begin power commissioning only following the successful performance of all physical commissioning
tests, and following a preliminary evaluation of physical commissioning results, from which he shall prove that specified
conditions have been met.
(8) A permit holder may perform power commissioning according to the schedule and relevant phase programme, which he
can modify according to the results of physical commissioning if needed.
(9) A permit holder must perform power commissioning in phases according to an approved commissioning phase programme
and according to approved partial programmes of individual power commissioning subphases. The permit holder must
produce a report on each sub-phase of power commissioning.
(10) A permit holder may pass on to another sub-phase of power commissioning only once the results of tests from the previous
phase have been evaluated, and success criteria for the given phase have been met.

B. Preparedness for restart

(1) Prior to restart, a permit holder must arrange

a) addenda and amendments to the pre-operational safety report containing any changes made,
b) an update of limits and conditions and operating rules due to changes pursuant to (a),
c) documents and records on tests and preparedness of facilities and systems needed to ensure reliable and safe
operation,
d) documents and records of the results of operating checks,
e) a summary document on the preparedness of the nuclear facility and its staff for further operation,
f) fulfilment of success criteria related to activities pursuant to (c) and (d),
g) notification of the Authority of the exact date of restart of the nuclear facility.
(2) A permit holder must produce a summary report on restart results within two months of its completion.

30
 Annex No. 4
to Decree No. 430/2011 Coll.

C. Nuclear safety during operation

(1) A permit holder may perform a restart following shutdown by safety systems only after ascertaining the causes of the
shutdown and after they have been eliminated.
(2) During operation, a permit holder must ensure that
a) during operation, the effectiveness of the nuclear reactor’s control system and protection system actuators,
compensators, accident protection and the effectiveness of the liquid absorber is always known;
b) the current effectiveness of the nuclear reactor's control system and protection system actuators ensures the nuclear
reactor's shutdown and maintenance in a sub-critical state with a sufficient margin of error;
c) the speed at which positive reactivity is inserted into the reactor's active zone is such that output corresponding to a
controlled level was achieved with a higher period that that which is specified in limits and conditions, and criticality
on prompt neutrons;
d) his employees have sufficient information on the state of the reactor’s active zone and on the rate of change of
important data affecting nuclear safety.
(3) A permit holder may begin replacing fuel only when the fuel replacement programme has been approved by the Authority.
(4) A fuel replacement programme must contain a proposal for fuel insertion, distribution of fuel cartridges in the reactor's
active zone and in the storage pool before and after fuel replacement, with specification of relevant safety characteristics
that are comparable with characteristic and data listed in the safety report.
(5) A permit holder may perform extraction and insertion of nuclear fuel from/into the nuclear reactor without changing the
configuration of fuel cartridges in the active zone according to a nuclear fuel extraction and insertion plan that includes a
cartogram of fuel cartridge distribution in the active zone and in the spent fuel storage pool. After inserting nuclear fuel
into the active zone, the permit holder must check the insertion into the nuclear reactor's active zone and the spent fuel
storage pool with the participation of the Authority.
(6) A permit holder must ensure nuclear safety when handling nuclear material
a) through constant monitoring of the nuclear reactor's active zone during manipulation of nuclear fuel in the nuclear
reactor, including neutron flux density, concentration of soluble neutron absorber, and the level and temperature of
the coolant;
b) by inserting nuclear fuel into the nuclear reactor according to a separately developed programme for each insertion;
c) by extracting nuclear fuel from the nuclear reactor to the storage pool according to a separately developed programme
for each extraction;
d) by extracting nuclear fuel from the storage pool to the spent fuel storage facility according to a separately developed
programme;
e) by performing a check following the insertion of nuclear fuel into the nuclear reactor, certified by an independent
document;
f) by performing a check following the extraction of nuclear fuel from the storage pool to the spent fuel storage facility,
certified by an independent document.
(7) A permit holder uses a probabilistic assessment of nuclear safety to
a) support management and decision-making in the area of ensuring nuclear safety;
b) identify needed changes to facilities and operating rules, including measures for the management of severe accidents,
in order to reduce nuclear facility risks;
c) assess the overall risk of the nuclear facility, in order to prove a stabilized risk profile and confirm that a small change
in operating parameters shall not elicit serious changes in the nuclear facility's response;
d) assess the suitability of changes to the nuclear facility, safe operation limits and conditions, operating rules and to
assess operating incidents;
e) develop and validate vocational training programmes for selected employees and professionally certified employees,
including training on a representative full-scale simulator;
f) verify that the main contributors to risks are included in the facility's maintenance, inspection and test programme.
(8) When using a probabilistic safety assessment, it is necessary to
a) define its purpose and scope of applicability in the permit holder's internal decision-making process;
b) recognize and take into account the probabilistic assessment's limitations and ensure that it is suitable for a specific
use;
c) include systems components in the assessment, including their states and safety functions, that are important from the
perspective of assessing changes to test intervals and the allowed period of down time of these systems and
components;
d) ensure that systems and components that were identified in the probabilistic assessment as important to safety are
operable and that their importance is documented in the safety report.

31
 Annex No. 4
to Decree No. 430/2011 Coll.

(9) During operation, Level 1 and 2 probabilistic nuclear safety assessments are regularly reassessed during periodic safety
assessments of the nuclear facility, and always when
a) an important change to the nuclear facility's design has been implemented,
b) an important change to operating rules has been implemented,
c) a new significant risk has been found.
(10) Requirements pursuant to (1) to (6) also apply to test operation defined in special legislation12).

D. Keeping records and operating documentation

From the start of commissioning and during operation, a permit holder must keep records of
a) transient states and changes in parameters of selected facilities,
b) retained indications in selected facilities ensuring primary circuit integrity and of their propagation,
c) new indications in selected facilities and of their propagation.

E. Regular maintenance, inspection and testing

(1) For operating checks of mechanical components and pipe systems, systems for non-destructive testing must be certified
for the extent of testing, test equipment and personnel.
(2) A permit holder must draw up the following:
a) one month prior to the start of general repairs or extended general repairs, a schedule of operating checks of selected
facilities;
b) two weeks prior to the start of general repairs or extended general repairs, a schedule of work to be performed
during general repairs;
c) two weeks prior to the start of primary circuit leak tests, a schedule for restart following fuel replacement;
d) one month prior to restart, the neutron physics characteristics of the active zone applicable to the following
campaign;
e) upon completion of general repairs or extended general repairs:
1. a report containing results of operating checks,
2. a report on fulfilment of nuclear fuel safety criteria,
3. a report on the number of design-limited operating modes of selected primary circuit, steam and feed water pipe
facilities have been used up during the previous campaign and in total since the start of operation,
4. am assessment report on the remaining useful life of the nuclear reactor's pressure vessel and selected block
facilities, including the critical brittleness temperature of the nuclear reactor's pressure vessel,
5. a report evaluating test success criteria for restart following nuclear fuel replacement.

12) Section 84(1) and (2) of Act No. 50/1976 Coll., as amended.

32
 Annex No. 4
to Decree No. 430/2011 Coll.

III. Special requirements for nuclear facilities pursuant to Section 2(f) point 2 to 5 of the Act

A. Preparedness for commissioning

(1) During commissioning, a permit holder must perform

a) testing with inactive model media and active model media, whose purpose is to prove the functionality and
operability of individual equipment complexes and the entire technical facility,
b) testing with operating media whose purpose is to prove the operability of the entire technical facility within design
performance parameters.
(2) The permit holder may divide commissioning into phases.

B. Preparedness for the startup of nuclear facilities or parts thereof on operating parameters following shutdown
(hereinafter "startup")

(1) Prior to startup that was preceded by a shutdown of more than two months, a permit holder must ensure:
a) addenda, amendments and updates to approved documentation due to changes implemented during the nuclear
facility's shutdown;
b) certificates and logs on the testing and readiness of systems, assemblies and components necessary for reliable and
safe operation;
c) certificates and logs on results of operational checks;
d) a summary certificate on the readiness of the nuclear facility and its personnel for further operation, including
radiation, fire and technical safety certificates;
e) that success criteria concerning the results of activities pursuant to (b) and (c) have been met.
(2) Prior to startup, the permit holder must submit to the Authority a summary report on the fulfilment of requirements pursuant
to (1), and notify it of the exact startup date.

C. Nuclear safety during operation

(1) A permit holder may start up nuclear facilities or parts thereof to operating parameters following a shutdown due to an
operating incident only after the reason for shutdown has been ascertained and eliminated.
(2) A holder of a storage facility operation permit is responsible for following a storage facility monitoring programme during
its operation that serves to detect failures in barrier systems, monitor adherence to nuclear safety, timely implementation
of corrective measures and provides information for the update of safety analyses.

D. Keeping records and operating documentation

A permit holder records information listed in part B(I)(E)(2) in a commensurate manner.

E. Storage facility closure principles

(1) Material used to fill the interstices of the storage boxes must have suitable rigidity, permeability and absorptive
characteristics.
(2) The storage facility's cover must maintain integrity, prevent infiltration of water and have a long life.
(3) Storage facility safety must not be based exclusively only on its institutional monitoring and long-term active intervention.
(4) A permit holder must take measures to ensure post-operational checks during the active part of institutional monitoring.
(5) The results of post-operational monitoring serve to verify compliance with radiological impacts specified on the basis of
safety analyses and on proving expected storage facility behaviour.
(6) A permit holder records information listed in part B(I)(E)(2) in a commensurate manner.
(7) A holder of a permit for closure of a storage facility and institutional monitoring performs regular and systematic
assessments of the storage facility and reviews documentation at least every ten years after the closure of the storage facility.

33