January-February 2019 NPJ

36 NuclearPlantJournal.com Nuclear Plant Journal, January-February 2019 anticipates meeting at the staff level with the FAA on this subject again at the end of January 2019. B. Automobile The National Highway Traffic Safety Administration (NHTSA) regulates motor vehicle safety under National Traffic and Motor Vehicle Safety Act. 11 The NHTSA has published the Federal Motor Vehicle Safety Standards 12 on design, construction, performance, and durability requirements for motor vehicles and regulates automobile components, systems, and design features. The NHTSA has created a self- certification approach for demonstration of regulatory compliance, in which vehicle and equipment manufacturers certify that their products meet applicable standards. The NHTSA does not pre- approve new motor vehicles or new motor vehicle technologies. For example, in the case of Automated Driving Systems, the NHTSA uses its existing regulatory tools, including interpretations, exemptions, notice-and-comment rulemaking, and defects and enforcement authority. However, the NHTSA has published voluntary guidance 13 to help designers of these systems to analyze, identify, and resolve safety considerations prior to deployment using their own, industry, and other best practices. This voluntary guidance contains elements on the use of a digital I&C system, including performance of a hazard analysis for the Automated Driving Systems, design redundancies, and well-planned software development. The NHTSA regulation requires reporting of safety- related defects and non-compliance and allocating responsibility (between vehicle and equipment manufacturers) for recalling and remedying defects and non-compliance with the law. The NHTSA’s permitting approach has certain aspects that are comparable to the NRC’s, including establishment of high-level regulatory requirements and mandatory reporting of safety- related defects of components. The NRC is reviewing how certification of commercially available digital hardware and software by independent third parties with demonstrated expertise and experience can be leveraged in the NRC’s overall permitting approach. As previously mentioned, the NRC is currently evaluating whether the results of such third-party certifications may be relied on as one way to address key characteristicsofdevicesthatarededicated for safety applications under the NRC’s commercial grade dedication process. While the NHTSA’s self-certification approach aligns with the product-based nature of the automobile industry (where a single vehicle design can be certified for use and then mass-manufactured for sale), it is fundamentally inconsistent with the NRC’s overall permitting approach for nuclear power plants. The NRC will continue to engage with NHTSA to learn about modernizations of the administration’s regulatory permitting approach and is coordinating staff-level meetings in the near term. C. Medical Devices The U.S. Food and Drug Administration (FDA) regulates the sale of medical devices marketed in the United States under the Federal Food, Drug and Cosmetic Act and applicable regulations. 14 Medical devices are categorized into one of three classes, based on the degree of risk they present. Class I represents those that present the lowest risk to patients (e.g., hand-held instruments), and Class III represents those that present the highest risk to patients (e.g., implantable pacemakers). Depending on the device classification, the applicant provides the appropriate premarket submission under the portions of the law that are applicable to that device. The FDA also publishes voluntary guidance, including guidance on the use of voluntary consensus standards. 15 A device manufacturer may choose to rely on applicable consensus standards 16 or address issues relevant to permitting in another manner. The use of consensus standards generally only satisfies a portion of a premarket submission. For digital or software-based medical devices, the FDA specifies that in addition to device testing, device manufacturers should conduct appropriate analyses and reviews to avoid errors that may affect operational safety. The premarket submission must include an analysis that identifies the hazards associated with the device, the method of control (hardware or software), the safeguards incorporated, and the identified level of concern. Some aspects of the medical device permitting approach are similar to the NRC’s process, including providing high-level regulatory requirements and endorsement of consensus standards as one way to meet requirements. However, the FDA’s process provides a more graded approach for the demonstration of safety and regulatory compliance based on risk. In addition, the performance and evaluation of a hazard analysis has a significant role in the FDA’s regulatory process. This risk-informed and hazard analysis-focused approach could be incorporated into the NRC’s digital I&C regulatory framework. Currently, the NRC is working to risk-inform practices in the NRC’s permitting approach for digital I&C. 17 Although current NRC requirements (e.g., IEEE Std. 603-1991) require the identification of hazards, the NRC staff continues to review hazard analysis methods, such as those required by FDA, for incorporation into the NRC’s regulatory guidance for digital I&C. NRC’s Strategic Plan for Permitting the Use of Digital I&C in Safety Applications 18 As part of the agency’s digital I&C integrated action plan strategic review, the NRC has identified several activities that take into consideration the challenges and potential impediments that may be unique to specific digital I&C applicants. The NRC plans to complete a strategic assessment to identify significant structural changes to the regulations and accompanying guidance that take a performance-based, risk-informed, and graded approach. This effort will also Other Industries'... ( Continued from page 35)