The Diablo Canyon nuclear plant: assessing the seismic risks of extended operation

By Edwin Lyman | August 15, 2022

The Diablo Canyon nuclear power plant in Central California. Photo credit: marya from San Luis Obispo, USA via Wikimedia Commons, CC BY 2.0 license Diablo Canyon nuclear power plant in Central California. Photo credit: marya from San Luis Obispo, USA via Wikimedia Commons, CC BY 2.0 license

In 2016, Pacific Gas & Electric (PG&E) announced a historic agreement with labor and environmental groups to shut down the two-unit Diablo Canyon nuclear plant in California by 2025 and replace its roughly 2,200 megawatts of electricity with low- and zero-carbon renewable energy, energy efficiency, and storage. Today, that agreement is in serious jeopardy after an academic study whose authors include staff from MIT’s partly industry-funded Center for Advanced Energy Systems,* combined with a sustained and vocal public relations campaign waged by Diablo Canyon supporters (including a Tik-Tok influencer), have succeeded in raising doubts about the viability of the power replacement plan. Growing concerns about climate change-related impacts on the reliability of the electrical grid have also prompted California governor Gavin Newsom to reconsider his position and seek to keep the plant open, at least in the short term. The US Energy Department’s Office of Nuclear Energy is also doing its part to keep Diablo Canyon open by relaxing the original financial qualification criteria and extending the application deadline by more than three months for its recently established Civil Nuclear Credit Program. This will make it possible for PG&E to apply for a first round of federal subsidies aimed at helping utilities keep nuclear power plants open.

Although there is some basis for the criticism that PG&E and the State of California are not acting quickly enough to ensure that enough carbon-free power will be available to replace all of Diablo Canyon’s output, the California Public Utilities Commission’s historic decision last year to procure 11,500 megawatts of clean energy resources by 2026, along with 4,000 megawatts of new capacity (mostly battery storage) added to the grid in the last year, should help address that concern. A recent analysis by Gridlab and Telos Energy also found that renewable energy could replace Diablo Canyon and supply 85 percent of California’s electricity by 2030, while keeping the power on for its 40 million residents—even under stressful conditions such as low hydropower generation,  retirements of fossil fuel-fired plants, and heatwaves similar to what caused rolling power outages in August 2020.

Nevertheless, the disagreement over the plant’s future has become a proxy for the larger debate over what role nuclear power should play in addressing climate change, given its safety and security risks. If PG&E’s original plan were to succeed, after all, it could undermine the nuclear advocates’ argument that nuclear power is an irreplaceable asset in all circumstances.

But if Diablo Canyon is to remain open beyond 2025, PG&E will have to address a number of difficult issues. First, the company will have to prepare a new 20-year license renewal application and submit it to the US Nuclear Regulatory Commission (NRC) before the expiration of Unit 1’s operating license in 2024. PG&E will also have to undertake extensive inspections and equipment upgrades that were indefinitely postponed after it made the decision to shut the plant, as discussed in a June 2022 meeting of the Diablo Canyon Independent Safety Committee. And finally, it must take a hard look at the vulnerability of the plant to earthquakes and consider the need to make seismic upgrades to minimize the risk to the public over the period of extended operation.

Conflicting information on the seismic question has been reported. A spokesperson for the California Public Utility Commission was quoted as saying that if PG&E were to resume the license renewal proceeding for the plant, it would need to make seismic upgrades. However, this statement is not consistent with the NRC’s current position. Following a review conducted in the aftermath of the 2011 Fukushima accident in Japan, the agency concluded that no seismic upgrades at Diablo Canyon or any other US nuclear plants were necessary, because the health and safety risks to the public were acceptable. Since the NRC has sole authority over the radiological safety aspects of Diablo Canyon, this means that the plant owner will not have to spend a penny to strengthen its seismic protection, no matter what the state of California wants.

Arguably, however, the NRC is not doing enough to reduce the risk that a severe earthquake could cause a Fukushima-like core meltdown and radiation release at Diablo Canyon (or, for that matter, other seismically vulnerable nuclear plants in the country). The agency, as part of its drive to transform into a more “risk-informed” regulator, cites the low calculated radiological risk to the public from nuclear plant accidents to justify not taking action to increase safety across a wide range of areas, including seismic protection. But there’s a major problem with this approach: Assessing the seismic risk involves understanding both the uncertainties associated with nuclear accidents and the even larger unknowns encountered in trying to predict earthquake behavior. These uncertainties raise doubts whether the seismic risks can be calculated with sufficient precision to support the NRC’s complacency.

Although other nuclear plants are also seismically vulnerable, according to current information, the potential peak ground motion that the Diablo Canyon site may experience from an earthquake occurring every 10,000 years on average is far higher than any other US plant. But it is also important to consider this value in relation to the seismic standard that the plant was designed and built to meet and that is used as the basis for inspection and regulatory enforcement.[1] Diablo Canyon’s seismic risk actually may be lower than some other US reactors because, given its location, it was originally designed with additional earthquake resistance. But that doesn’t mean it is safe enough. Serious questions persist about whether Diablo Canyon’s design basis and “current licensing basis” meet a high enough seismic standard to adequately protect the public.

This is an issue with a very long history, as detailed in a 2013 report by the Union of Concerned Scientists’ former nuclear safety director Dave Lochbaum. Since that report, considerable additional information has been released about Diablo Canyon’s seismic risks. A review of this new information clearly shows there are gaps in the seismic safety of Diablo Canyon that should be closed if the plant is going to continue to operate beyond 2025. If California decides to support license renewal, a portion of the “transition costs” that the Energy Department and the state may provide to PG&E to keep the plant operating should be allocated to reducing its vulnerability to earthquakes. The risk is not negligible, and the potential costs of an earthquake-induced accident could, by our estimate, cause more than 10,000 cancer deaths and over $100 billion in damages.

NRC requirements for protection against earthquakes. The NRC’s fundamental design criterion for protection of the current generation of nuclear power plants against earthquakes and other natural phenomena was first developed in the 1970s. The requirement is logical but challenging to meet: a nuclear plant applicant must design the “structures, systems, and components (SSCs) important to safety … to withstand the effects of natural phenomena such as earthquakes … without loss of capability to perform their safety functions.” To implement this requirement, the agency specified how to determine the “design-basis” natural hazards that reactors are required to withstand. For earthquakes, the NRC defines a design-basis earthquake, otherwise known as a “safe shutdown earthquake” (SSE), as “that earthquake which is based upon an evaluation of the maximum earthquake potential considering the regional and local geology and seismology and specific characteristics of local subsurface material. It is that earthquake which produces the maximum vibratory ground motion for which certain structures, systems, and components are designed to remain functional.” (Reactors licensed after 1997 use a somewhat different definition, as discussed below.)

Thus, the NRC requires reactor applicants to determine the characteristics of the safe shutdown earthquake, based on detailed seismological surveys and analyses, and then ensure that safety systems “remain functional” if such a quake occurs. In this case, functionality is defined as meeting the same relatively stringent requirements that must be met to protect against other design-basis accidents.[2]

Of course, it’s always possible that a nuclear plant will encounter an earthquake more severe than the largest one that has occurred historically or is projected to occur at its location. In 2011, both the Fukushima Daiichi plant in Japan and the North Anna plant in Virginia experienced the most severe earthquakes in their recorded history. Seismological forecasting is far from an exact science. The goal of seismic design today is to choose a safe shutdown earthquake so that the probability that it will be exceeded over the facility lifetime is low—and if a larger earthquake does occur, that there is sufficient safety margin to prevent a disaster from occurring. North Anna was able to withstand a beyond-design-basis earthquake without safety being challenged, and even at Fukushima, the tipping point that led to disaster was not direct structural damage from the earthquake but flooding from the earthquake-generated tsunami. Nevertheless, there will always be a residual risk that a sufficiently destructive earthquake will cause a reactor meltdown.

One significant flaw in the standard methodology for analyzing earthquake impacts on nuclear plants is that it only considers the mainshock, and not the potential for aftershocks that could cause cumulative damage and potentially compromise plant safety, even if the plant survived the mainshock. This also has ramifications for scenarios in which operator actions that could be disrupted by aftershocks are needed to mitigate damage from the mainshock. Ignoring aftershocks has been identified as a potentially significant non-conservatism in seismic analysis—a gap that becomes more problematic as the size of the foreshock increases, given that “in general, the larger the mainshock, the larger and more numerous the aftershocks, and the longer they will continue.” This is a particular concern for Diablo Canyon, considering its potential for large mainshocks.

Also at issue is how to address new information that emerges after a plant has already been built indicating that it is susceptible to larger earthquakes than were considered in the design—functionally rendering obsolete the safe shutdown earthquake documented in the plant’s license. Based on the principle that the plant should be able to shut down and remain safe after such a quake, one might expect as a matter of course that the seismic design basis would be revised, and the plant’s earthquake defenses strengthened accordingly.

But it can be costly or infeasible to extensively retrofit nuclear power plants to survive more powerful earthquakes. Diablo Canyon encountered this problem during construction in the 1970s, and in the last few decades new information and analyses have revealed that nearly every nuclear plant in the country faces more severe earthquakes than they were licensed to withstand. But the NRC’s response, then as now, has been to settle for weaker measures with smaller safety margins, or—if it considers the associated increase in meltdown risk to be acceptable—even none at all. This approach leaves a big question mark about whether Diablo Canyon (not to mention the rest of the operating US nuclear fleet) is sufficiently well-protected against earthquakes.

But, given its seismic environment, this concern remains most acute for Diablo Canyon.

The complicated history of Diablo Canyon’s seismic evaluations. One thing everyone can agree on is that the seismic issues at Diablo Canyon are very complex. As the NRC puts it:

[Diablo Canyon] has a unique and complex seismic design and licensing bases compared to other commercial nuclear power plants, in that it is composed of four seismic design response spectra used in the seismic design of Units 1 and 2 … Each spectrum is based on a different set of analysis assumptions … and different performance criteria.

In 1968, Diablo Canyon Unit 1 received a construction permit from the NRC’s pre-1975 predecessor, the Atomic Energy Commission, under a different set of standards than the NRC’s subsequent requirements described above.[3] Based on seismic studies, the safe-shutdown earthquake was taken to be one that could cause a peak ground acceleration of 0.4 times the acceleration of gravity (0.4g). But during construction of Unit 1, in 1973, a fault known as the Hosgri was discovered about three miles offshore from Diablo Canyon, and PG&E determined that an earthquake occurring on the Hosgri fault zone could cause a peak ground acceleration of 0.75 g—nearly twice the design-basis earthquake level originally estimated. Understandably, PG&E did not want to redefine the safe shutdown earthquake of the plant and retrofit the design to address this much greater hazard, given that construction was already underway.

In 1977, PG&E and the NRC reached an agreement on a special methodology, the Hosgri Evaluation, for addressing the new information.[4]

The Hosgri Evaluation methodology was not as conservative (that is, it provided smaller safety margins) than the earlier analyses. One major difference between the Hosgri Evaluation and the design-basis safe shutdown earthquake analysis: PG&E didn’t have to assume that an accident (such as a pipe break or fire) occurred concurrently with a Hosgri Earthquake.[5] In other words, the Hosgri Evaluation assumed that all non-seismic safety and fire protection measures would work perfectly during the earthquake. As a result, PG&E has not evaluated whether plant piping and other key safety components would be able to survive, for example, the combined loads of both a Hosgri Earthquake and a concurrent loss-of-coolant accident. Simply put, the public is not as well-protected from a Hosgri Earthquake affecting Diablo Canyon as it is from the less severe safe shutdown earthquake originally estimated.

Congress takes aim at the Nuclear Regulatory Commission: ‘It’s déjà vu all over again’

This was made abundantly clear when in 2011 PG&E proposed amending the Diablo Canyon license to redefine the SSE as the Hosgri Earthquake but later abandoned the request after some NRC staff opposed the amendment.[6]

Nevertheless, the NRC has allowed Diablo Canyon to keep operating without making seismic upgrades by accepting that the current licensing basis provides “reasonable assurance of adequate protection” of public health and safety—even though the Hosgri Evaluation methodology is a historical artifact that is inconsistent with the NRC’s fundamental general design criterion for earthquake protection.

The confusion regarding the actual identity of Diablo Canyon’s design-basis earthquake came to the fore when another fault—the Shoreline Fault—was discovered just off-shore of the plant site in 2008. Despite its proximity to the plant, PG&E showed that the ground motion at Diablo Canyon from an earthquake on the Shoreline Fault would be less than what the Hosgri fault might produce and argued that any impacts of a Shoreline earthquake would therefore be bounded by the impacts of a Hosgri earthquake. The NRC then agreed that no further actions were necessary.

An NRC inspector, Michael Peck, dissented, arguing that the discovery of the Shoreline Fault changed the Diablo Canyon seismic design-basis and SSE, and therefore the impacts of Shoreline Fault earthquakes should be analyzed using design-basis methodology. But NRC management rejected Peck’s argument, reaffirming that PG&E could analyze the Shoreline Fault using the less conservative Hosgri Evaluation assumptions. Ultimately, the NRC settled the issue as part of its process for reevaluating external hazards following the March 2011 Fukushima accident in Japan, again concluding that the seismic risk is acceptable.

Fukushima seismic reevaluations. The 2011 Fukushima Daiichi accident showed the world what can happen when a nuclear plant experiences a natural disaster more severe than it was designed to handle. In response to the accident, the NRC convened a task force to evaluate whether its nuclear safety requirements needed to be strengthened. In its report, the task force noted that “available seismic data and models show increased seismic hazard estimates for some operating nuclear power plant sites” and recommended that the NRC “order licensees to reevaluate the seismic and flooding hazards at their sites against current NRC requirements and guidance, and if necessary, update the design basis and SSCs important to safety to protect against the updated hazards.”

Although the NRC did accept part of the task force recommendation by directing all nuclear plants to “reevaluate the seismic and flooding hazards at their sites using present-day NRC requirements and guidance,” it did not adopt the task force’s proposed remedy: namely, that plants should update their design bases and harden their infrastructure to protect against reevaluated hazards that are more severe. Instead, the NRC made a weaker and more subjective request that licensees “identify actions that are planned to address plant-specific vulnerabilities associated with the reevaluated seismic and flooding hazard.” The agency did not clearly define what those words actually meant until 2019, when it adopted a policy that has effectively allowed nuclear plant licensees to do nothing to address hazards that exceeded their design bases.[7]

The main new requirement that the NRC imposed on reactor owners in response to Fukushima was the acquisition of additional emergency equipment, known as “FLEX” (or, formally, Diverse and Flexible Coping Strategies). This included portable generators and diesel-powered pumps that could be used to keep nuclear fuel from overheating in the event of a long-term loss of electrical power—the root cause of the Fukushima meltdowns. However, the NRC allowed this additional equipment to be less robustly protected against design-basis external hazards than the installed plant safety equipment. Even worse, the 2019 3-2 split decision by the NRC commissioners removed a proposed requirement that the FLEX equipment be protected even to that lower level against the reevaluated hazards that were being developed.

This is a huge problem. The hazard reevaluations revealed that most nuclear plants in the country faced floods and earthquakes greater than previously thought—meaning their design-basis protection levels are no longer compliant with the NRC’s original siting requirements.[8]

In the case of earthquakes, the reevaluations found that 33 nuclear plant sites—about half the fleet—faced seismic hazards greater than their design bases. However, the NRC later decided that the exceedances were “significant” for only 20 sites. For these sites, the agency required that a “seismic probabilistic risk assessment,” or SPRA, be performed. The assessment is a detailed calculation of the annual likelihoods that an earthquake could cause a reactor meltdown[9] and a containment failure or bypass that could rapidly lead to a large release of radioactivity.[10]

Diablo Canyon was among the plants with a reevaluated hazard significantly greater than the design basis safe shutdown earthquake and therefore had to submit a seismic probabilistic risk assessment for NRC review. But PG&E also determined that the reevaluated seismic hazard finalized in December 2015 (expressed as a “ground motion response spectrum,”) also exceeds the Hosgri Earthquake in two frequency ranges (see Figure 1).[11]

Figure 1: Comparison of Diablo Canyon post-Fukushima ground motion response spectrum with the Hosgri Earthquake spectrum (acceleration in “g’s” versus frequency in hertz)
Figure 1: Comparison of Diablo Canyon post-Fukushima ground motion response spectrum with the Hosgri Earthquake spectrum (acceleration in “g’s” versus frequency in hertz)

So PG&E could not argue that the earthquake defined by its post-Fukushima reevaluation was bounded by the Hosgri Evaluation and that, therefore, seismic modifications need not even be considered.

But are these new estimates significant for nuclear safety? According to PG&E, “no safety structures, systems and components required for safe shutdown are sensitive to ground motions at a frequency below 3 hertz,” so Diablo Canyon’s seismic vulnerability is not affected by the increased ground motion in this lower frequency range. However, at high frequencies, some components, such as electro-mechanical relays, could experience “chatter” as they are shaken, affecting critical safety equipment such as valves.[12] In this range, the 15-20 percent exceedance over the Hosgri ground motion could impact plant risk, although PG&E has asserted that “most relay chatter is acceptable …, is self-correcting, or can be recovered by operator action.”

Nevertheless, PG&E’s seismic probabilistic risk assessment, a rough indication of public risk, appears to show that the reevaluated hazard does increase the seismic core damage frequency.

Likelihood of earthquake-induced core damage at Diablo Canyon. The updated seismic probabilistic risk assessment PG&E conducted for Diablo Canyon was released in 2018.[13] The mean value from that assessment implies there is about a 1-in-35,000 chance per year on average that an earthquake will cause core damage in one of the units.

This seismic core damage frequency is roughly twice the value that PG&E had calculated earlier based on the original seismic hazard.[14] However, because of the complexity of these analyses, it is not clear if this increase is primarily due to the change in the seismic hazard or other modifications to the calculation.

Considering both reactors and an extended period of operation, a 1/35,000 per reactor-year risk translates into about a 1-in-800 chance on average that an earthquake would cause a core-melt accident at Diablo Canyon before it shuts down in 2045.[15] However, considering the uncertainties associated with the seismic hazard and the response of plant components, there is a five percent chance that the risk is more than 3.6 times larger.[16] This more conservative measure translates into a core damage risk of about 1-in-220 over 22 years, or about half a percent.

But the actual risk could be even higher. In its base case, PG&E assumed that following most earthquakes, plant workers would be able to carry out two manual actions from the Diablo Canyon FLEX program to prevent core damage. If no credit is given for these actions—a reasonable assumption given the challenges of a post-earthquake environment, including the aftershock potential—the seismic core damage frequency increases by nearly a factor of two, to nearly 1-in-100.

And accounting for other potential initiating events besides earthquakes—such as pipe breaks, internal fires, and floods— that could cause core damage, the estimate of the total core damage frequency rises above one percent.[17]

These estimates do not fully account for all the potential risks at Diablo Canyon. First, they assume that the two reactors are fully independent, which is not the case. In addition to having some shared safety equipment, Fukushima demonstrated that co-located reactors can influence each other, especially with respect to the operator actions needed to stabilize a damaged reactor. Thus, the likelihood that both reactors will experience core damage will be higher than the product of the likelihood of each reactor melting down independently.

Second, these estimates do not consider the potential that an accident will damage one or both of the spent fuel storage pools, which are outside of the reactor containment buildings. A severe earthquake could rupture a spent fuel pool liner and lead to a draindown of cooling water, which if not corrected could result in a zirconium fire and a large radiological release—potentially a much larger quantity of cesium-137 than in a reactor accident. A 2020 UCLA and PG&E analysis estimated that the likelihood of spent fuel becoming uncovered by cooling water  following an earthquake was about 70 percent of the seismic core damage risk for each reactor.[18]

The best way to reduce the risk of a spent fuel pool fire is to transfer most of the densely packed stored spent fuel in the pools to dry storage casks. If the Diablo Canyon units are decommissioned, this will be accomplished within several years after the units are shut down. But the NRC insists that the risks of densely packed spent fuel pool storage are acceptable and has refused to require licensees to expedite spent fuel transfer to dry casks. If the reactors continue to operate, PG&E will have no regulatory mandate to procure and load the additional dry casks needed to thin out the pools, prolonging the period at which the spent fuel pools will pose undue risks.

Despite the fairly high risk of core damage that PG&E’s seismic probabilistic risk assessment found, after reviewing the study the NRC took the position that the risks are acceptable and that “no modifications are warranted … because a potential cost-justified substantial safety improvement was not identified.” And indeed, even if seismic core damage risk were eliminated entirely, it would reduce the total core damage risk by only about 25 percent. Still, the seismic core damage risk is significant in absolute terms, and it is likely that measures to reduce seismic risk would also be helpful in reducing the risks of other types of accidents. Given the potential consequences of a severe earthquake, we think these risks are unacceptable and that seismic upgrades would be necessary should PG&E decide to pursue license renewal of Diablo Canyon.

Consequences of a severe accident at Diablo Canyon. What is at stake if there were a seismically induced core damage accident at Diablo Canyon? PG&E’s own 2015 Severe Accident Mitigation Alternatives (SAMA) analysis, which is required as part of nuclear plant license renewal applications, sheds some light on this question. In the most severe scenarios, the analysis considered—if the containment is breached early in the accident or bypassed due to a rupture of a coolant pipe outside of containment—up to 5,700 cancer fatalities within 50 miles would result, and the total economic cost (in 2015 dollars) would range from $12.2 billion to $33.4 billion ($15 billion to $41 billion in today’s dollars). The consequences of spent fuel pool accidents, which are not included in such analyses, could be even more extensive and costly.

The potential radiological consequences of severe accidents are strongly dependent on the meteorological conditions. The Severe Accident Mitigation Alternatives analysis presents the mean values of the consequences obtained over a large number of different weather sequences. But more conservative values[19] are arguably more appropriate for use in risk studies. Based on studies I have performed for other nuclear plants, the peak consequences could exceed 10,000 cancer deaths and $100 billion in damages. These impacts are high enough to warrant further action to reduce the likelihood of a severe accident should taxpayers and ratepayers subsidize continued operation of Diablo Canyon.

Potential modifications to reduce seismic risk. In PG&E’s initial 2009 license renewal environmental report and its 2015 revision, it evaluated a number of modifications to reduce the risk to the public from earthquakes. These included: reinforcing steam generator and reactor coolant system piping supports to prevent seismically induced steam generator failures that could cause core damage and  potentially breach the containment, at a cost of $84 million per unit in 2009 dollars (about $115 million today; and installation of a seismically qualified response system that would be capable of providing all the functions needed to prevent core damage in the event of a severe earthquake, at a cost of $160 million per unit in 2015 dollars (about $200 million today).

Congress torpedoes a Biden nominee and casts doubt on nuclear safety

But according to PG&E’s calculations (as based on a methodology originally developed by the Nuclear Energy Institute), the risk reduction that could be achieved would not justify the cost of either of these modifications, giving the company an excuse not to carry them out.[20]

Aside from questions about methodology, some of PG&E’s conclusions seem suspect in regard to logic. For example, the utility’s analysis points out that “a significant portion” of the seismically qualified response system design is addressed by elements of the Diablo Canyon FLEX strategy. This raises a question: Why does the response system costs so much, if most of the elements in that system are already present at the plant? In 2015, PG&E argued that “the existence of the FLEX strategies would not reduce the PG&E implementation costs of the [Severe Accident Mitigation Alternatives] because PG&E must purchase the equipment whether it is for FLEX or for the license renewal effort.”

But FLEX was bought and paid for several years ago and now represents a sunk cost. PG&E also points out that the actual cost of the seismically qualified response system could be higher because the FLEX equipment and strategies are not designed to cope with the damage from earthquakes greater than the so-called “safe shutdown earthquake.” But only the incremental upgrade costs—above and beyond the existing FLEX system—should be considered in the cost-benefit analysis. In any event, it would be prudent to upgrade the protection of the FLEX portable equipment so it could survive a beyond-design-basis earthquake that damages the installed plant equipment. This is the approach that France took in its response to the Fukushima accident.

In its 2019 review of the Diablo Canyon seismic probabilistic risk assessment, the NRC also identified upgrades that could potentially reduce the radiological risk to the public from an earthquake at Diablo Canyon. One of these would entail strengthening the containments—the reinforced concrete domes over the reactors—at the power plant. PG&E’s assessment determined that the four top seismic sequences causing core damage and early radiological release—representing nearly 40 percent of the risk of a large, “early” release of radiation—were due to failure of the containment’s concrete shell.

Another significant danger that the seismic probabilistic risk assessment identified results from scenarios in which a pipe rupture allows radioactive material from the core to bypass the containment and leak directly to the environment. The NRC identified a modification to address this problem—routing all discharges from containment penetrations through a seismically hardened structure where effluents would be sprayed with water to scrub and condense them.

In both these cases, the NRC claimed that the cost of fixing the problem would exceed the benefit. However, the analysis underlying the agency’s dismissal of seismic upgrades at Diablo Canyon is questionable.[21] In any event, if PG&E decides to reapply for a license renewal, it will have to update its Severe Accident Mitigation Alternatives analysis again. Significant changes have occurred since 2015 that could have a material impact on the results.[22] These changes would also affect the cost-benefit calculations that the NRC staff use to determine whether seismic backfits are justified, possibly leading to different results.

The cost of a seismic fix is not exorbitant. Regardless of the outcome of the dubious cost-benefit calculations, the price tag for the seismic modifications described above appears quite reasonable in absolute terms, even accounting for inflation—especially if PG&E is poised to receive hundreds of millions of dollars in federal and/or state subsidies. Although the NRC has taken a laissez-faire approach in response to the increased seismic risk documented at Diablo Canyon, the state of California does have the leverage to persuade PG&E to “voluntarily” make seismic upgrades at Diablo Canyon that could substantially reduce the risk to its population from a Fukushima-type accident. If California decides to support an extension to Diablo Canyon’s lifetime, the state should:

  • Convene an independent expert panel to make recommendations based on a review of the Diablo Canyon risk studies, the NRC’s technical basis for rejecting all seismic upgrades, and the updated cost of such upgrades.
  • Ensure that funds are allocated to expedite the transfer of spent fuel that has been out of the reactor for several years from Diablo Canyon’s storage pools to dry casks. This is a critical defense-in-depth measure that would greatly improve safety over the period of extended operation.
  • Fully resolve all other outstanding safety issues, including remediating the impacts of deferred maintenance identified by the Diablo Canyon Independent Safety Committee.

The Energy Department and the state of California should be concerned not only with PG&E’s bottom line but also with making sure that all reasonable measures are taken to reduce the risk of Diablo Canyon’s extended operation—whether or not the NRC requires them.


* Editor’s note: Jacopo Buongiorno, director of the MIT Center for Advanced Nuclear Energy, says Funds for CANES research projects can come from industry, government and sometimes donations from philanthropists, but for this project they used CANES discretionary funds which comes from the return on the CANES endowment.

[1] Its peak ground acceleration of 0.86 times the acceleration of Earth’s gravity (abbreviated as 0.86 g) is more than 60 percent greater than the second highest nuclear plant site, V.C. Summer in South Carolina. Although Diablo Canyon is among the 10 most seismically vulnerable plants in the US, it does not appear to be the one most at risk (based on the inherently uncertain risk calculations described above) even though it is located in the state with the most destructive earthquakes. Certain reactors in the Central and Eastern US may be more vulnerable—H.B. Robinson in South Carolina in particular—because they were designed to seismic standards that are now known to be inadequate in light of new information revealing that the seismicity in those regions was greater than originally thought.

[2] The requirements for so-called “safety-related” structures, systems, and components, including quality assurance, maintenance, and testing requirements, are intended to ensure they are highly reliable. With regard to seismic construction, the highest standards are known as Seismic Category I. The NRC details the criteria for Seismic Category I structures in its Standard Review Plan.

[3] A “design earthquake” with a peak ground acceleration of 0.2 g at 100 hertz (Hz) was chosen to represent the “maximum size earthquakes that can be expected to occur at [Diablo Canyon] during the life of the reactor,” based on contemporary seismic studies. To add safety margin, this value was (somewhat arbitrarily) multiplied by 2 to arrive at a 0.4 g “double design earthquake,” which was then taken as the design-basis earthquake. Subsequently, this value was equated to the SSE, and plant SSCs required to ensure plant safety following an SSE were designed to meet the highest seismic standard (then called Seismic Class 1).

[4] In doing so, the NRC took the position that the Hosgri Evaluation need not be considered to be part of Diablo Canyon’s design basis, but rather part of its “current licensing basis”—which the NRC defines as the set of requirements “applicable to a specific plant and a licensee’s written commitments for ensuring compliance with and operation within applicable NRC requirements and the plant-specific design basis (including all modifications and additions to such commitments over the life of the license) that are docketed and in effect.”

[5] This is arguably inconsistent with the NRC’s General Design Criterion 2, which stipulates that SSCs important to safety should consider “appropriate combinations of the effects of normal and accident conditions with the effects of the natural phenomena.”

[6] PG&E asserted that this would be a mere administrative change because the NRC had already in effect accepted the Hosgri Earthquake as the SSE. However, documents UCS obtained under FOIA revealed that NRC staff did not agree, pointing out that PG&E had identified a “vast tally” of examples where the methodologies and acceptance limits used in the evaluation of structures and components for the Hosgri Earthquake deviate from current standards, and therefore “the proposed amendment explicitly reduce[d] the accepted inherent margins in the design for [the] SSE” and as such was “unacceptable from technical and regulatory perspectives.” The situation is further complicated by the fact that Diablo Canyon was licensed before the current rules and standards for seismic design were promulgated. However, the position taken by the NRC staff in 2012, as revealed in the FOIA documents, was that if PG&E wanted to amend the license to establish the Hosgri Earthquake as the SSE it should conform to current evaluation standards and criteria.

[7] In the absence of NRC requirements, a number of nuclear plants, including Diablo Canyon, did voluntarily commit to making certain safety upgrades in response to the risks revealed in the seismic reevaluations. The modifications at Diablo Canyon were projected to have only a minimal (less than 5 percent) impact on risk. And in any event, the NRC cannot use its enforcement powers to ensure such voluntary actions are effectively implemented.

[8] In 10 CFR Part 100 Appendix A.

[9] The seismic “core damage frequency.”

[10] The seismic “large early release frequency.”

[11] At a frequency of 1-2 hertz and above around 25 hertz, with a peak acceleration of 0.86 g at 100 hertz compared to 0.75 g for the Hosgri Earthquake.

[12] Indeed, the loss of offsite power that both units of the North Anna plant experienced during the August 2011 earthquake was not caused by faults or gross damage to the electrical system but by spurious actuation of transformer relays caused by the high-frequency ground motion.

[13] PG&E estimated a point value of the seismic core damage frequency (SCDF) of 2.4×10-5 per reactor-year, and a mean value (over the uncertainty distribution) of 2.82×10-5 per reactor-year.

[14] The original calculation yielded a (point estimate) value of 1.45×10-5 per reactor-year.

[15] Estimating the cumulative risk of core damage by summing the point-estimate or mean annual core damage frequencies of different units and multiplying by a given time period only yields a very crude approximation, yet this approach is used by the NRC (see, for example, NUREG-2201 (2016). To get a better estimate, uncertainty distributions must be fully and rigorously taken into account.

[16] That is, the 95th percentile risk is 1.02×10-4 per unit.

[17] The point-value contribution of other accident initiators is about 7×10-5 per reactor-year: nearly three times the point value of the seismic risk. Thus, the total (point value) risk of core damage at the Diablo Canyon site over 22 years from other events would be about 1-in-300, and the total (point value) site risk including seismic events would be about 1-in-250 if FLEX credit is assumed for the seismic events, and 1-in-200 if FLEX credit is not assumed. The 95th percentile value of the total core damage frequency would be more than three times larger, for a risk over one percent.

[18] That is, 1.74×10-5 per year for each pool.

[19] That is, based on a 95th percentile calculation.

[20]  In any event the NRC does not have a requirement that licensees implement cost-justified Severe Accident Mitigation Alternatives as a condition for license renewal—a bad policy.

[21] First, the agency utilized older data from PG&E’s 2009 SAMA analysis, even though updated data was available from PG&E’s post-Fukushima seismic analyses and 2015 SAMA analysis. Second, it did not appear to have done any real calculations specific to Diablo Canyon, basing its conclusions on “NRC staff experience from SAMA analyses” and “engineering judgment.” And finally, the NRC only summed the risk over seven years of operation: the remaining operating life of the plant under its current license, which would underestimate the total risk reduction by a factor of three in the event that the license is renewed for 20 years.

[22] First, the NRC has increased the so-called value of a statistical life that it uses for cost-benefit analyses for the first time in decades, resulting in an increase in the factor used to convert radiation exposure to monetary cost by a factor of 2.6 compared to the value that PG&E used in its 2015 analysis, and will adjust that value for inflation and real income growth. Second, the seismic core damage frequency PG&E calculated in its 2018 seismic PRA is nearly twice as high as the value used in 2015. Third, the off-site, non-farm property values used to estimate the economic damages caused by radiological contamination from a nuclear accident have increased substantially since 2015—home prices in California have risen at three times the rate of inflation. On the other side, the cost of the mitigation measures will also increase due to inflation. On balance, however, the increases in the equivalent monetary benefits of avoiding a nuclear accident are likely to make additional seismic upgrades cost beneficial.


Together, we make the world safer.

The Bulletin elevates expert voices above the noise. But as an independent nonprofit organization, our operations depend on the support of readers like you. Help us continue to deliver quality journalism that holds leaders accountable. Your support of our work at any level is important. In return, we promise our coverage will be understandable, influential, vigilant, solution-oriented, and fair-minded. Together we can make a difference.

Get alerts about this thread
Notify of
Inline Feedbacks
View all comments


Receive Email