Nuclear Power Plant Safety Systems

Each nuclear power plant in Canada has multiple, robust safety systems designed to prevent accidents, and reduce its effects should one occur. All of these systems are maintained and inspected regularly, and upgraded when necessary, to ensure plants meet or exceed strict safety standards established by the Canadian Nuclear Safety Commission. The systems perform three fundamental safety functions: controlling the reactor, cooling the fuel and containing radiation.

How a nuclear power plant works

The reactor

All nuclear power plants in Canada use the CANDU design - a safe, reliable, reactor technology.

CANDU reactors produce electricity through a process known as fission. Fission is the process of splitting atoms of natural uranium inside the reactor, releasing radiation and heat.

The split atoms then continue a “chain reaction”: more atoms continue to be split, resulting in more radiation and heat.

The heat - energy - is harnessed to make steam to power the turbines and generators, which in turn produce electricity.

This image shows the heat from the fission reaction is used to produce electricity.

Used nuclear fuel pool

After the uranium, or nuclear fuel, has been used in the reactor, it is removed and stored securely in a pool for a period of 6 to 10 years.

The water in the pool continues to cool the fuel and provides shielding against radiation.

All of Canada's fuel pools are built in ground, in separate buildings at the nuclear power plant, and are designed to withstand earthquakes.

Fuel pool
Fuel pool at the Bruce Nuclear Generating Station, Kincardine, Ontario

Top of page

Controlling the reactor

Normal operation

Controlling the reactor involves increasing, decreasing or stopping the chain reaction happening inside the reactor.

When the reactor is operating, the chain reaction (or power level) is controlled by moving adjuster rods and varying the water level in vertical cylinders.

Sensitive detectors constantly monitor different aspects, like temperature, pressure and the reactor power level.

When necessary, CANDU reactors can safely and automatically shut down within seconds.

Shutdown systems

All nuclear reactors in Canada have two independent, fast-acting and equally effective shutdown systems.

The first shutdown system is made up of rods that drop automatically and stop the chain reaction if something irregular is detected.

The second system injects a liquid, or poison, inside the reactor to immediately stop the chain reaction.

Both systems work without power or operator intervention. However, they can also be manually activated.

These systems are regularly and safely tested.

Cutaway view of a CANDU reactor showing the poison system and the shutoff rods.

Restarting the reactor

Once a CANDU reactor is shut down, it will stay that way until restarted by the operators in the control room.

There is no possibility of the reactor accidentally restarting on its own after it's shut down. The reactor must be manually restarted. This is another important safety feature.

Top of page

Cooling the fuel

Decay heat

Following shutdown, the amount of energy produced by the reactor decreases rapidly.

The nuclear fuel will, however, continue to produce some heat and must be cooled.

That heat, called decay heat, represents a small fraction of the heat produced during normal operation.

Fuel bundle
CANDU fuel bundle

Main cooling systems

Fuel cooling involves three main systems:

  • the heat transport system
  • the steam system
  • the condenser cooling system

The heat transport system brings the heat produced by the reactor to the steam generators.

This system is made up of very robust pipes, filled with heavy water - a rare type of water found in nature. Pipes and other components are maintained and inspected regularly, and replaced if necessary.

Inspections include measuring pipe wear and tear and identifying any microscopic cracks or changes well before they become a problem.

Quick fact

On average, one out of 7,000 drops of water is heavy water. It is 10% heavier than regular water because it includes a heavy form of hydrogen called deuterium.

Cutaway view from a CANDU nuclear power plant indicating where the heat transport system is located.
Heat transport system

The second system, the steam system, uses normal water. The heat from the reactor turns this water into steam to run the turbines and generators.

Cutaway view from a CANDU nuclear power plant indicating where the steam system is located.
Steam system

That steam is then cooled and condensed using a third system that pumps in cold water from a body of water such as a lake or reservoir. This is called the condenser cooling system.

Like other components, the steam and condenser cooling systems are regularly inspected.

These inspections take place throughout the life of the nuclear facilities to confirm that aging equipment is functioning as originally designed.

Cutaway view from a CANDU nuclear power plant indicating where the condenser cooling system is located.
Condenser cooling system

Shutdown cooling system

A simpler cooling system is used when the reactor is shut down for an extended period, for example during a planned outage.

It requires little power to function and is connected directly to the heat transport system. It allows the primary coolant system to be partly drained to perform inspection and maintenance work (e.g., inspection of the steam generator tubes or replacement of pump components).

Multiple power supplies

Cooling systems need electricity to operate. Under normal operation, they get their electricity from the same power grid as the rest of us.

Nuclear power plants in Canada are also equipped with multiple sources of backup power if they get disconnected from the grid.

Sources of backup power include onsite power - that is, the power produced by the plant itself.

In addition, the following are available:

Emergency power generators
Emergency power generators
  • two or three standby power generators
  • two or three emergency power generators
  • emergency batteries

Some plants include even more equipment.

You can learn more by watching our video that describes what would happen in the very unlikely event of a total station blackout - the situation that led to the Fukushima accident following the large tsunami that destroyed all available power sources onsite.

Natural circulation

One of the inherent and proven safety features of CANDU reactors is their ability to cool the reactor through natural circulation.

In CANDU reactors, natural circulation takes over when the pumps that normally push the coolant through the heat transport system stop functioning.

For natural circulation to continue over time, steam generators need to be filled with cool water.

How does it work?

This cooling feature of CANDU reactors works because of the difference in temperature and elevation between the steam generators (cooler and physically higher than the reactor core) and the reactor core (hotter and lower than the steam generators)

Emergency injection systems

Emergency pressurized nitrogen tanks
Emergency pressurized nitrogen tanks

In the unlikely event of a loss of heavy water, which could, for example, be caused by a pipe break, emergency injection systems would ensure water continues to circulate over the containers holding the fuel to cool it.

They would do this by working with pressurized tanks of nitrogen or pumps.

All plants have two or three such injection systems.

A collection basin located in the basement of the reactor building would recover the water and pump it back into the reactor until repairs could be made.

Emergency mitigation equipment

Verification of a portable emergency power generator
CNSC inspector verifying a portable emergency power generator

As one of the actions mandated by the CNSC following the Fukushima accident, nuclear power plant operators in Canada have been acquiring emergency mitigation equipment, such as portable power generators and pumps, which could be used to bring reactors to a safe shutdown state during a severe accident.

The equipment, located onsite and offsite, is easily transported and could be used in several ways.

For instance, it could be used to stabilize reactors, supply power to the control room and add water to the used nuclear fuel pools so they could continue cooling the used nuclear fuel.

Top of page

Containing radiation

Containment layers

Nuclear reactors are built with multiple barriers to safely contain radiation.

At the heart of all CANDU reactors are hardened ceramic pellets made of natural uranium.

These pellets contain the radiation. They form the first layer of containment.

The pellets are enclosed in rods, which form the second layer of containment. CANDU fuel rods are made of zircaloy, a metal alloy extremely resistant to heat and corrosion.

The rods are then loaded into pressure tubes, which are part of the heat transport system. This is the third layer of containment.

The pressure tubes are contained inside a metal tank called the calandria, which itself is contained inside a thick vault made of reinforced concrete.

The image shows different layers of radiation containment, which include the fuel pellet, fuel rod and pressure tube.

The fourth layer of containment is the building that houses and protects the reactor.

The walls of the reactor building are made of at least one metre of reinforced concrete.

The reactor building is surrounded by an exclusion (buffer) zone.

Minimizing radiation releases

During normal operation, nuclear power plants release very small amounts of radiation into the air and water.

These releases come from the reactor and its system and from waste management activities.

In order to reduce airborne releases, highly efficient filters and radiation monitors are installed as part of the ventilation systems.

Filters remove over 99% of the radiation from the air before it is released to the environment.

Similar systems are also installed to remove radioactivity from waterborne releases.

Verification of radiation levels
CNSC inspector verifying radiation levels

These releases usually come from wash water used to clean surfaces, floors and laundry, as well as from water draining from showers and sinks.

All radiation releases from nuclear facilities in Canada are very small. They are monitored and controlled by the plant operator, and reported to the CNSC.

The release levels are well below regulatory limits and do not pose any risk to the health and safety of persons or the environment.

Filtering systems are regularly inspected and power plant operators must, by law, report all radioactive releases into the environment.

Protecting containment in case of an accident

Safety systems are in place so that, in case of an accident, they can protect the containment from internal pressure due to steam releases inside the reactor building.

In a single-unit station, internal pressure would be lowered by spraying water from a dousing tank.

Cutaway view of the reactor building of a single CANDU unit, indication the location of the dousing tank, steam generators, the reactor and the collection basin.
Cutaway view of CANDU single unit reactor building

In a multi-unit station, pressure would be lowered by releasing steam and hot gases from the reactor building to the vacuum building.

The vacuum building is a structure specifically designed to quickly and safely lower pressure inside the reactor building. This building also has a dousing system to control pressure.

The vacuum and dousing systems work without power and are tested periodically under the supervision of CNSC inspectors.

Multi-unit reactor building
Cutaway view of a CANDU multi-unit nuclear power plant
Multi-unit nuclear power plant text version.

There are three main parts to the plant: the vacuum building, the reactor building and the turbine hall. The image identifies key components and where they are located in the plant. In the vacuum building, we find the dousing tank and pressure relief valves. In the reactor building, we can see the steam generators, the reactor and a collection basin, which is located in the basement of the building. The turbine hall is connected to the reactor building. The image shows the turbines, generator as well of the condenser for cooling water from a lake or sea. Some parts outside of the plant are also identified, namely the air filter system, beside the vacuum building, emergency and standby power generators and a transmission tower. Large image version

Hydrogen management

Inspection of passive autocatalytic recombiner
CNSC inspector taking a first-hand look at a newly installed passive autocatalytic recombiner.

Hydrogen gas can be produced during a severe accident. Hydrogen gas, which is flammable, could cause an explosion and damage the containment, as well as to personnel and other parts of the plant.

To deal with the potential hazards of hydrogen gas, most CANDU plants are equipped with hydrogen igniters or burners.

Recently, nuclear power plant operators have begun installing passive autocatalytic recombiners.

These are devices which passively (without need for external power) remove hydrogen from the containment and effectively reduce the risk of an explosion or fire.

Learn more