title: "ONR Safety Assessment Principles (SAPs)" type: wiki primary-source: onr/safety-assessment-principles.md updated: 2026-04-10 tags: [onr, nuclear, safety, assessment, saps, alarp, gda, new-build, licensing]
ONR Safety Assessment Principles (SAPs)
What SAPs Are
The Safety Assessment Principles are ONR's internal framework for assessing nuclear safety cases. First published 1979, current version is the 2014 edition (Revision 1, January 2020). They guide ONR inspectors when assessing whether a licensee has demonstrated that risks are reduced to ALARP (as low as reasonably practicable) and legal requirements have been met.
The SAPs are guidance to inspectors, not law. But because they define what ONR expects in a safety case, in practice they function as de facto standards. Any duty-holder - whether operating an existing facility or seeking approval for a new design - must either satisfy the SAPs or demonstrate equivalent safety through an alternative approach. The alternative route is hard, so the SAPs set the effective benchmark.
The SAPs apply to all nuclear licensed sites under the Nuclear Installations Act 1965: power stations, fuel manufacturing, enrichment, reprocessing, waste storage, and defence sites (with some carve-outs for naval reactor and weapon design).
Legal Basis
Underpinning legislation: - Nuclear Installations Act 1965 (NIA) - site licensing and licence conditions; sections are relevant statutory provisions of the Energy Act 2013 - Health and Safety at Work etc Act 1974 - overarching employer duties; the SFAIRP duty flows from here - Ionising Radiations Regulations 2017 (IRR17) - dose limits which are also legal limits within the SAPs numerical targets
Key licence conditions: - LC 15 - safety case requirements (the primary vehicle for demonstrating compliance) - LC 14 - periodic safety review (PSR, typically 10-year cycle)
International alignment: - IAEA Safety Standards (particularly SSR 2/1 for nuclear power plants) - WENRA Reference Levels (incorporated in ONR's Technical Assessment Guides as relevant good practice)
ALARP and the Three-Zone Framework
The SAPs apply the TOR/R2P2 risk framework:
- Unacceptable zone: activity ruled out unless exceptional reasons exist
- Tolerable zone: risk must be reduced ALARP (SFAIRP duty applies throughout); the duty requires risk reduction until costs would be grossly disproportionate to the benefit
- Broadly acceptable zone: no further regulatory pressure to reduce risk; SFAIRP duty still applies
The Numerical Targets section translates these zones into specific dose and frequency targets using two benchmarks: - BSL (Basic Safety Level): minimum standard; failing a BSL triggers strong presumption of enforcement - BSO (Basic Safety Objective): modern good practice; below this ONR need not seek further improvements
Two BSLs are also legal limits under IRR17 (marked BSL(LL)): 20 mSv pa for employees working with ionising radiation (on-site), and 1 mSv pa for members of the public (off-site). Breach of these requires immediate corrective action.
Key Numerical Targets
Nine numbered targets set out quantified risk criteria:
| Target | Subject | BSL | BSO |
|---|---|---|---|
| 1 | On-site worker dose (normal ops) | 20 mSv pa [legal limit] | 1 mSv pa |
| 2 | Group average worker dose (normal ops) | 10 mSv pa | 0.5 mSv pa |
| 3 | Off-site public dose (normal ops) | 1 mSv pa [legal limit] | 0.02 mSv pa |
| 4 | Design basis fault dose (frequency-dependent staircase) | 20-500 mSv on-site / 1-100 mSv off-site | 0.1 mSv on / 0.01 mSv off |
| 5 | Individual risk of death from accidents (on-site) | 1 x 10^-4 pa | 1 x 10^-6 pa |
| 6 | Single accident frequency by dose band (on-site) | Staircase: 10^-1 to 10^-4 pa | 10^-3 to 10^-6 pa |
| 7 | Individual risk of death from accidents (off-site) | 1 x 10^-4 pa | 1 x 10^-6 pa |
| 8 | Facility accident frequency by dose band (off-site) | Staircase: 1 to 10^-4 pa | 10^-2 to 10^-6 pa |
| 9 | Societal risk: 100+ fatalities | 1 x 10^-5 pa | 1 x 10^-7 pa |
Target 9 (societal risk) is based on the 1990 Barnes Report finding that an event causing 100-300 deaths should not be more frequent than 1 in 100,000 years.
Principle Groups Overview
The SAPs contain principles across twelve thematic sections. Total: approximately 200+ individually coded principles.
| Group | Code | Section | Scale |
|---|---|---|---|
| Fundamental Principles | FP.1-FP.8 | Legal baseline; use "must" language | 8 principles |
| Leadership and Management | MS.1-MS.4 | Leadership, capable org, decisions, learning | 4 principles |
| Safety Cases | SC.1-SC.8 | Process, outputs, lifecycle, maintenance, ownership | 8 principles |
| Siting | ST.1, ST.3-ST.6 | Siting criteria, physical aspects, multi-facility | 5 principles |
| Engineering Key Principles | EKP.1-EKP.5 | Inherent safety, sensitivity, defence in depth, safety functions | 5 principles |
| Safety Classification | ECS.1-ECS.5 | Classification, codes and standards | 5 principles |
| Equipment Qualification | EQU.1 | Qualification of SSCs | 1 principle |
| Design for Reliability | EDR.1-EDR.4 | Inspectability, redundancy/diversity, CCF, single failure | 4 principles |
| Reliability Claims | ERL.1-ERL.4 | Claimed reliability, achievement, automatic protection | 4 principles |
| Commissioning | ECM.1 | Pre-operational commissioning | 1 principle |
| Maintenance/Inspection/Testing | EMT.1-EMT.8 | In-service requirements | 8 principles |
| Ageing and Degradation | EAD.1-EAD.5 | Safe working life, margins, material monitoring | 5 principles |
| Layout | ELO.1-ELO.4 | Access, security, nuclear matter movement | 4 principles |
| External/Internal Hazards | EHA.1-EHA.19 | Hazard identification, seismic, flooding, fire, aircraft | 19 principles |
| Pressure Systems | EPS.1-EPS.5 | Closures, flow limiting, relief, overpressure, discharge | 5 principles |
| Metal Integrity | EMC.1-EMC.34 | Largest sub-section; fabrication through in-service life | 34 principles |
| Non-Metal Integrity | ENC.1-ENC.2 | Non-metallic SSC justification and examination | 2 principles |
| Civil Engineering | ECE.1-ECE.26 | Structural performance through flood defence monitoring | 26 principles |
| Graphite Reactor Cores | EGR.1-EGR.15 | AGR/Magnox specific; brick cracking, models, surveillance | 15 principles |
| Safety Systems | ESS.1-ESS.27 | Protection systems, automatic actuation, diversity | 27 principles |
| C&I Safety-Related | ESR.1-ESR.10 | Control and instrumentation requirements | 10 principles |
| Essential Services | EES.1-EES.9 | Power, cooling, backup sources | 9 principles |
| Human Factors | EHF.1-EHF.12 | Systematic integration, HRA, competence, procedures | 12 principles |
| Nuclear Matter Control | ENM.1-ENM.8 | Strategy, accountancy, storage, retrieval | 8 principles |
| Process Engineering | EPE.1-EPE.5 | Fault-tolerant processes, severe accident behaviour | 5 principles |
| Chemistry | ECH.1-ECH.4 | Chemistry effects, monitoring, control systems | 4 principles |
| Containment and Ventilation | ECV.1-ECV.10 | Containment strategy, barriers, monitoring | 10 principles |
| Reactor Core | ERC.1-ERC.4 | Fundamental functions, dual shutdown, stability | 4 principles |
| Heat Transport | EHT.1-EHT.5 | Coolant inventory, heat sink, failure prevention | 5 principles |
| Criticality Safety | ECR.1-ECR.2 | Double contingency approach | 2 principles |
| Radiation Protection | RP.1-RP.7 | ALARP hierarchy, contamination, shielding | 7 principles |
| Fault Analysis | FA.1-FA.25 | DBA, PSA, severe accident analysis | 25 principles |
| Data and Model Validity | AV.1-AV.8 | Model adequacy, validation, sensitivity, data collection | 8 principles |
| Numerical Targets | NT.1-NT.3 | Assessment against targets, time at risk, applying targets | 3 principles |
| Accident Management | AM.1+ | Strategies and plans for accident and emergency management | 1+ principles |
| Radioactive Waste | RW.1-RW.7 | Strategy, minimisation, storage, hazard reduction | 7 principles |
| Decommissioning | DC.1-DC.9 | Design for decommissioning through safety case | 9 principles |
| Contaminated Land | RL.1-RL.9 | Identification, characterisation, remediation, records | 9 principles |
Role in GDA and New Build
GDA (Generic Design Assessment) is ONR's pre-licensing assessment of new reactor designs, conducted before site selection. The SAPs are the primary assessment framework.
Completed GDA assessments: EPR (basis for HPC and SZC), AP1000, ABWR, UK HPR1000 (ongoing).
For Sizewell C: uses HPC EPR GDA outputs with site-specific assessments. The SAPs define what the site-specific safety case must demonstrate.
For SMR and AMR programme: GDA is expected to apply the SAPs to novel designs. The challenge is that many SAP principles assume large power reactor architecture (multiple barriers, active safety systems, established codes). ONR has signalled willingness to apply principles at the level of intent rather than literal compliance for genuinely novel designs.
NPS EN-7 (2025) is the planning policy that designates sites for nuclear development. The dual consent structure means planning permission (under the Planning Act 2008) and ONR's nuclear site licence work in parallel. The SAPs govern the ONR side.
The SAPs' numerical targets (particularly Targets 5-9 on individual and societal risk) set the quantified safety requirements that GDA must satisfy. A design achieving BSOs throughout faces minimal regulatory challenge on risk grounds.
Relationship to Licence Conditions
The 36 Licence Conditions (LCs) attached to every nuclear site licence create the legal obligation framework. The SAPs provide the content of what "adequate arrangements" (the standard phrase in most LCs) means in practice.
Key interfaces: - LC 14 (periodic safety review) - SAPs apply to the PSR assessment; typically 10-year cycle from commissioning - LC 15 (safety case) - the primary LC; the SAPs define what the safety case must contain and demonstrate - LC 19 (construction and installation) - engineering principles (ECS, EDR, ECE, EMC etc.) apply - LC 24 (operating rules) - EHF and operational principles apply - LC 28 (examination, inspection, maintenance, testing) - EMT, EMC, ECE principles apply
Source
Full canonical index at: ~/knowledge/sources/onr/safety-assessment-principles.md
PDF: https://www.onr.org.uk/media/pobf24xm/saps2014.pdf
ONR publication page: https://www.onr.org.uk/publications/regulatory-guidance/regulatory-assessment-and-permissioning/safety-assessment-principles-saps/2014/11/saps-2014/