Canada Gazette, Part I, Volume 156, Number 46: Nuclear Security Regulations, 2023

November 12, 2022

Statutory authority
Nuclear Safety and Control Act

Sponsoring agency
Canadian Nuclear Safety Commission

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the Regulations.)

Executive summary

Issues: Security threats, operational experience and technological advancements have evolved dramatically since the existing Nuclear Security Regulations (NSR) were implemented. The NSR must therefore be amended to continue to meet their objectives. The NSR need to be modernized to align with current international recommendations, guidance and best practices and current Government of Canada directives and policies to ensure that nuclear facilities in Canada continue to mitigate physical, cyber and insider threats in the modern and evolving threat and risk environment. Further, modernization of the NSR is necessary for the Canadian Nuclear Safety Commission (CNSC) to uphold the commitments made in the Canadian Small Modular Reactor (SMR) Roadmap (SMR Roadmap) and in A Call to Action: A Canadian Roadmap for Small Modular Reactors (SMR Action Plan) [PDF] to amend prescriptive requirements that pose a potential barrier to SMR development and deployment in Canada.

Description: The CNSC is proposing to repeal the existing NSR and replace them with the Nuclear Safety Regulations, 2023 (proposed NSR 2023). The proposed NSR 2023 would implement performance-based regulations and include new requirements for cybersecurity and the protection of sensitive information, as well as update security clearance requirements to address new threats and risks. The proposed NSR 2023 would address and incorporate international peer-reviewed suggestions from the International Atomic Energy Agency experts, and would be aligned with international security recommendations, guidance, and best practices. Further, the structure of the proposed NSR 2023 would be revised to improve the readability and clarity of the Regulations.

Rationale: The NSR are a key regulatory instrument for the security of nuclear materials, nuclear facilities and nuclear substances in Canada. New security threats and risks, technologies, and international recommendations, guidance and best practices must be accounted for in the CNSC’s nuclear security regulatory framework. In addition, the CNSC should move to performance-based regulations where appropriate in alignment with the Cabinet Directive on Regulation and the Policy on Regulatory Development, as well as the commitments made in the SMR Roadmap and SMR Action Plan (PDF).

The CNSC performed extensive public consultation for this regulatory proposal. The CNSC posted several discussion papers for public consultation and held multiple information sessions with industry, members of the public and other federal and provincial government departments and organizations. The CNSC also hosted workshops with industry on the proposed changes and to get information on monetized costs and benefits. The feedback received from all these sessions was used to inform and revise the CNSC’s regulatory proposal. The regulatory development also determined that regulatory action was needed in the modern threat and risk environment. The significance of the proposed changes and restructuring led the CNSC to determine that the repeal and replacement of the existing NSR with this regulatory instrument would be the most appropriate action to take to achieve the CNSC’s policy objectives.

The largest monetized cost impact item was attributed to the proposed requirements for cybersecurity and the protection of sensitive information with a total present value cost of $13.35 million. Conversely, the largest monetized benefit (cost savings) item was the security clearance validity period, which has a net present value benefit of $6.59 million. The main benefit to Canadians from this regulatory proposal is in the form of the reduced health, safety and environmental threats and risks due to potential security incidents at nuclear facilities and/or involving nuclear substances. Overall, the monetized impacts show a net cost of $13.34 million for this proposal, however, the benefits would outweigh the costs if all the benefits could reasonably be quantified. A detailed cost-benefit analysis report (CBA report) is available as part of this regulatory proposal.

The proposed changes would improve alignment with international regulatory regimes and address findings from international reviews of Canada’s nuclear security regime.

Issues

The existing Nuclear Security Regulations (NSR or the Regulations) were substantially amended in 2006. Since then, security threats, operational experience and technological advancements have evolved dramatically. In addition, the existing NSR need to be modernized to align with current international recommendations, guidance, and best practices. There are a number of issues and key drivers behind repealing and replacing the existing NSR.

The NSR are overly prescriptive

A number of requirements in the existing NSR require the same prescriptive level of security for all high security sites. For example, the existing NSR establish specific requirements for security barriers. This prevents licensees and proponents from using new security technologies or innovative practices that meet or exceed the regulatory objective to delay potential adversaries. In addition, the Regulations do not differentiate between large and small nuclear reactors and do not take into consideration a risk-informed approach to address potential security threats and risks or different technologies, sizes, locations, and alternative approaches to preventing theft and sabotage.

Advancements and innovations in nuclear technology, as well as in technologies and methods for physical protection and cybersecurity, are expanding the range of measures and approaches through which licensees can design and operate their nuclear facilities to meet nuclear security regulatory requirements. Furthermore, these advancements and innovations offer opportunities for licensees and proponents to design nuclear facilities and/or implement concepts of operation that could potentially effectively eliminate vulnerabilities licensees would otherwise have to consider in the design of the nuclear security systems of their respective facilities.

Evolving threat environment and cybersecurity threats

Potential threats to nuclear infrastructure have continued to evolve since the existing NSR were last substantially amended in 2006. One of the fastest-growing threats to critical infrastructure in Canada, including to nuclear facilities, is cyber attacks. The existing NSR do not include any provision for cybersecurity or for the protection of digital information. Another new threat is the use of unmanned aerial systems by potential adversaries that present new security challenges for nuclear facilities. The existing NSR do not contain provisions to monitor new and evolving threats such as these.

International recommendations, guidance, and best practices

In October 2015, the International Physical Protection Advisory Service (IPPAS) of the International Atomic Energy Agency (IAEA) conducted a mission to review the nuclear security regime and regulatory framework in Canada. The mission was performed by a team of international security experts who compared Canada’s practices to IAEA nuclear security recommendations and guidance as well as other relevant international instruments. The mission report contained 3 recommendationsfootnote 1 and 30 suggestionsfootnote 2 to enhance the nuclear security regime in Canada. Certain findings focused on improving the CNSC’s nuclear security regulatory framework and suggested better alignment with important international nuclear security fundamental principles and recommendations (e.g. nuclear security culture, interface between nuclear material accountancy and control [NMAC] and nuclear security, protection of sensitive information in physical and digital media, two-person rule in the Central Alarm Station). The NSR do not contain explicit requirements for security culture, interface of safety, security and safeguards, or the protection of sensitive information.

Changes to Government of Canada security clearance standards

The existing NSR reference the (ARCHIVED) Personnel Security Standard, published by the Treasury Board of Canada Secretariat (TBS) in 1994, as the standard for examining the trustworthiness and reliability of individuals who require access to sensitive information and assets. The Standard was superseded by the Standard on Security Screening in 2014. The consequence of not updating the new security standard in the existing NSR may pose unreasonable risk to the protection of sensitive information, assets and to nuclear facilities and nuclear substances. For example, the existing NSR do not prescribe financial inquiry (credit check) for individuals with unescorted access to vital areas. These individuals may pose a security risk because of financial pressure or their history of poor financial responsibility. While the status of an individual’s financial situation may not affect their ability to do a job, financial obligations or pressures could pose a security risk.

Use of private security guards at nuclear facilities

There is considerable variation in training and licensing requirements across the country and a lack of oversight for the use of private security personnel. Some jurisdictions have no legislation, policy or guideline on the use of private security. The inconsistency in regulatory practices raises concerns on the use of private security services at nuclear facilities. Several issues have been mentioned in the Public Safety Canada 2015 study, titled (ARCHIVED) The Use of Private Security Services for Policing, such as the potential for criminal activity, the infiltration of private security by organized crime groups, the exploitation of security officers through low wages, and corruption in security guard training schemes. The lack of interfaces with provincial private security regulations is an area for improvement in the security regulatory framework. The existing NSR do not contain any baseline requirements on the training and qualifications for private security guards or “in-house” security personnel at nuclear facilities.

Other issues

Certain definitions in the existing NSR, such as the definitions for weapons, explosive substances and firearms are not aligned with the Criminal Code definitions. Definitions such as sabotage and security monitoring room are not aligned with the IAEA Nuclear Security Glossary (PDF). In addition, the current layout of the existing NSR can make it challenging to determine which requirements apply to nuclear material and which apply to a specific facility. For example, requirements that apply to Category III nuclear material are found in both Part 1 and Part 2 of the existing NSR. Further, Schedule 2 of the existing NSR contains a list of organizations that have changed names or do not exist anymore. Schedule 2 is outdated and does not include any specific types of nuclear facilities and, as a result, it cannot be applied to new applicants or other nuclear facilities.

Background

The Nuclear Safety and Control Act (NSCA or the “Act”) establishes the CNSC authority to set regulatory requirements for all nuclear-related activities in Canada. Under the Act, the CNSC regulates the use of nuclear energy and materials to protect the health, safety and security of Canadians and the environment, to implement Canada’s international commitments on the peaceful use of nuclear energy, and to disseminate objective, scientific, technical and regulatory information to the public. A key part of the CNSC’s mission is to regulate the security of nuclear material, nuclear substances, nuclear facilities, prescribed equipment and prescribed information.

The existing NSR apply to nuclear facilities that process, use or store Category I, II or III nuclear material, including nuclear power plants, as set out in Schedule 1 of the existing NSR. They also apply to facilities such as nuclear fuel fabrication facilities and nuclear substance processing facilities listed under Schedule 2 of the existing NSR, as well as proponents of new nuclear facilities. The existing NSR are divided into two parts. Part 1 sets security-related requirements and general obligations for licence applications submitted in accordance with the Act. It also includes information about security requirements for “high-security sites” (HSS), as defined in the Regulations. Part 2 provides security-related requirements for the licensing and operation of nuclear fuel and processing facilities that are listed in Schedule 2 of the Regulations.

The last major revision of the existing NSR was completed in 2006. These amendments incorporated the results of domestic and international analysis and recommendations that were driven by the significant change to the security context following the terrorist attacks on the United States (U.S.) on September 11, 2001.

This regulatory proposal is associated with significant new federal government activities with respect to the Canadian Small Modular Reactor (SMR) Roadmap Steering Committee.footnote 3 This Steering Committee identified, in its report titled SMR Roadmap, that “the current regulations would require SMRs to incorporate security infrastructure comparable to today’s full-scale nuclear power plants.” One of the priority recommendations from that report is for the CNSC to revise the NSR to remove prescriptive requirements and cover high-level principles. The SMR Roadmap also recommended that the NSR provide for the application of a graded approach based on risk-informed criteria. The follow-up to the SMR Roadmap, the SMR Action Plan, was released in December 2020. It further underlined the importance of removing prescriptive requirements from the NSR as highlighted in action CNSC01 “Nuclear Security” and CNSC02 “Regulatory Efficiency.” As part of the SMR Action Plan, the Minister of Natural Resources detailed in the Message from the Minister the importance of SMR technology to Canada’s plan to achieve a net-zero economyfootnote 4 by 2050.

In Budget 2022, the Government of Canada committed to supporting SMR development and deployment in Canada by providing $120.6 million over five years, starting in 2022–2023, and $0.5 million ongoing. This funding includes

The proposed NSR 2023 would support the Government of Canada’s commitments related to SMR development and deployment.

Objective

The policy goals for repealing and replacing the existing NSR include

Description

The key elements of this regulatory proposal are summarized below.

Move towards a more performance-based approach

The proposed NSR 2023 would include performance-based requirements where practical. The performance-based requirements would include, but not be limited to, the application of traditional barriers/physical protection systems, the use of on-site and/or off-site armed response forces, the defence against design basis threat (DBT)footnote 5 sabotage events, the use of alternative measures, such as engineered systems and novel concepts of operation, safety- and security-by-design containment systems, or any combination thereof. The proposed NSR 2023 would establish the performance-based requirements and objectives, and these performance objectives would be applied to licensees and other affected stakeholders using a risk-informed approach, commensurate with the risk and complexity of the licensed activity.

Inclusion of new requirements for threat and risk assessment

The proposed NSR 2023 would require nuclear facilities to

Inclusion of new requirements for cybersecurity and for the protection of sensitive information

The proposed NSR 2023 would require nuclear facilities to

In addition, the proposed NSR 2023 would require applicants and licensees to identify sensitive information in physical or digital form and to be protected against the threats identified in the licensee’s TRA throughout the lifecycle of the information. This new requirement would apply to computer-based systems and components used for processing, storing and transmitting sensitive information.

Better alignment with international recommendations, guidance and best practices

The proposed NSR 2023 would include new requirements to

Update for new security clearance screening standard

The proposed NSR 2023 would update the security screening standard for facility access clearance to include new requirements similar to those in the Treasury Board of Canada Secretariat (TBS) Standard on Security Screening for site access status, site access clearance and enhanced security screening. In particular, credit checks would be required for individuals with enhanced site access clearance. In addition, the site access status and site access clearance validity would expand from 5 to 10 years to align with the Standard on Security Screening.

Use of private security services at nuclear facilities

Under the proposed NSR 2023, licensees would be required to ensure that security guards (non-nuclear security officers) are equipped, qualified and trained in accordance with provincial regulations. Licensees would also be required to develop and maintain procedures and instructions for these security guards.

Introduce and revise definitions and terminology

The proposed NSR 2023 would update and clarify certain definitions. For example

Simplified layout

To enhance clarity and expectations for licensees,

Consequential amendments

Consequential amendments to the Class I Nuclear Facilities Regulations, Nuclear Substances and Radiation Devices Regulations, Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission), and Packaging and Transport of Nuclear Substances Regulations, 2015 would be made so that they reference the proposed NSR 2023 accurately and so the language used in the administrative monetary penalties (AMPs) reflects modern regulatory practices. In addition, the consequential amendments to the Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission) would include new AMPs for the new requirements in the proposed NSR 2023. Examples of the proposed new AMPs include those related to cybersecurity, the protection of sensitive information, and security culture for all nuclear facilities, as well as AMPs related to threat and risk assessments, nuclear substance monitoring, and private security guards for non-HSS.

Regulatory development

Consultation

Since 2016, the CNSC has undertaken significant and continuous consultation with stakeholders. In 2016 and 2017, consultation workshops were held with nuclear industry representatives to obtain early input on potential improvements to the Regulations based on new security technologies, new and evolving threats, new SMR possibilities, and the industry’s operating experience with the existing NSR. In 2019, the CNSC co-hosted a workshop alongside the World Institute of Nuclear Security (WINS) for HSS representatives to explore modernization options for the security requirements for preventing potential sabotage events. In the meantime, the CNSC has been working with international counterparts to understand the evolving global security context and challenges. During these years, informed by comments and input, the CNSC has been developing proposed amendments, comparing options, and making evidence-based decisions about the Regulations. In 2021, the CNSC embarked on broader consultation with all stakeholders on its regulatory proposals. A detailed breakdown of the CNSC’s consultation for this regulatory proposal is discussed below.

Early consultation (2016–2020)

The CNSC held three consultation workshops, in 2016 and 2017, with industry stakeholders to obtain preliminary input on potential amendments to the existing NSR. The stakeholders who attended the workshops were those directly responsible for implementing security measures at nuclear facilities or responsible for the security of nuclear material. The workshops included three different participant groups:

In December 2017, the CNSC released a stakeholder workshop report, which summarized the feedback received from the workshop participants. The CNSC also received feedback on the existing NSR through two discussion papers: in 2014, DIS-14-02, Modernizing the CNSC’s Regulations, and in 2016, DIS-16-04, Small Modular Reactors: Regulatory Strategy, Approaches and Challenges. DIS-14-02 was posted on the CNSC website on November 17, 2014, for an initial 120-day consultation period, which was then extended to May 29, 2015, at the request of stakeholders. Following the consultation period, the comments received were posted for additional feedback in June and July 2015. DIS-16-04 was posted on the CNSC website for 120 days from May to September 2016, and the comments received were posted for additional feedback in November and December 2016. A summary of the comments received from stakeholders, as well as the CNSC’s responses to those comments, was published in What We Heard Report – DIS-14-02 and in What We Heard Report – DIS-16-04, respectively.

2021 Consultation

In 2021, the CNSC issued two more discussion papers related to modernizing the nuclear security regulatory framework: DIS-21-02, Proposals to Amend the Nuclear Security Regulations, and DIS-21-03, Cyber Security and the Protection of Digital Information. DIS-21-02, published for 90 days on the e-consultation platform Let’s Talk Nuclear Safetyfootnote 6 from April to July 2021, describes the CNSC’s proposed regulatory changes to areas such as physical protection (prevention of theft and sabotage), cybersecurity and the protection of nuclear security information, as well as security culture and the impact on NMAC, to name a few. DIS-21-03, published for 90 days on Let’s Talk Nuclear Safety from July to October 2021, added more details on the proposed revisions for regulating cybersecurity and the protection of digital information. From these two discussion papers, a total of 242 comments were received.

The CNSC hosted two information sessions with environmental non-governmental organizations (ENGOs) and members of the public on April 13, 2021, to inform participants about the regulatory amendment project, the past consultation and research that informed the CNSC’s proposals, as well as how to comment on the discussion papers and participate in the stakeholder workshops that occurred following these information sessions. From April to September 2021, CNSC held a series of consultation sessions with over 150 participants from the public, ENGOs, industry, Government of Canada departments and agencies, and representatives from various provincial governments. These sessions included a walkthrough of the regulatory amendment process, highlighted specific proposed amendments to the NSR, and the rationale behind the changes. Overall, in 2021, the CNSC received comments from 37 unique stakeholders totalling over 500 comments. The CNSC summarized all stakeholder comments and the CNSC’s path forward on the regulatory proposals in the What We Heard Report: DIS-21-02 and DIS-21-03. Stakeholders support most of the proposed amendments to the existing NSR. Their principal concerns touched on the proposals for performance-based regulations, including those for the protection against theft and sabotage, new cybersecurity and protection of sensitive information provisions, and the cost of performing security screenings. Additional details on these concerns are presented below.

Performance-based regulations

There was strong support from industry stakeholders for performance-based requirements that have clear performance-based objectives as well as for alternative approaches to protect against theft and sabotage. However, industry stakeholders requested clarity on what the CNSC would consider sufficient in meeting nuclear safety objectives. Certain industry stakeholders emphasized that considerations ought to be different between large nuclear power plants and small nuclear facilities, the latter having smaller inventories of nuclear materials. The public and ENGOs cautioned that the proposed NSR 2023 must ensure that current levels of security are maintained or strengthened, and that the application of nuclear security should be at the same level, regardless of the geographic location or technology used in that facility (e.g. urban versus remote locations).

In consideration of the concerns above, it should be noted that the implementation of any performance-based requirement needs to be approved by the CNSC. Applicants and licensees would be required to demonstrate that they would be able to achieve specific and measurable objectives or outcomes. The proposed NSR 2023 would continue to ensure the continuity of Canada’s robust nuclear security regime, while affording licensees and applicants greater flexibility in demonstrating how they can meet nuclear security regulatory requirements. The CNSC would provide further guidance on how to meet performance-based requirements in its regulatory documents (REGDOCs).

Cybersecurity threats and cybersecurity in TRAs

Cybersecurity requirements are currently found in the licencefootnote 7 of each HSS. The CNSC requires HSS to follow the Canadian Standards Association (CSA) standard N290.7 Cyber security for nuclear power plants and small reactors facilities via licence conditionsfootnote 8 and cites this standard as guidance for other nuclear facilities. Representatives from research reactors, SMRs and other nuclear substance processing facilities expressed the need for a risk-informed approach to requirements for cybersecurity. Although the research reactor licensees supported the risk-informed approach to cybersecurity, they also raised concerns regarding the use of the risk-informed approach, as they thought it was unclear how CSA N290.7 could be applied to less risky licensed activities.

Representatives from HSS voiced concerns over costs to implement the new 2021 version of the CSA N290.7 standard. However, it should be noted that these costs will be borne by the licensee regardless of the requirements in the proposed NSR 2023, as the previous version of that standard is already a requirement for HSS through the licence conditions for those facilities.

Stakeholders from all groups, though most strongly those from the SMR vendors and designers, the research reactors, and the fuel cycle licensees, questioned the need to submit revisions to the TRA on an annual basis. The CNSC then clarified that the proposal would require the TRA be reviewed by the licensee every year, but revised only if there is a change. There was general agreement among industry stakeholders to include cyber threats in the TRA, and to have requirements to protect against cyber threats, as some HSS were already doing this. Licensees from all groups and SMR vendors and designers, however, expressed a need for more guidance on how to assess cyber threats and how to integrate them into the TRA.

Industry stakeholders recommended the use of a risk-informed approach to determine the systems that provide or impact the safety, security, emergency preparedness and safeguards that would be included in the licensee’s TRA. Industry stakeholders noted that the program elements set out in the CSA N290.7 standard are suitable in general, and certain industry stakeholders sought the use of the risk-informed approach, which would allow licensees of facilities with Category III nuclear material the flexibility to propose alternative methods, approaches and security measures. However, industry stakeholders also requested that the CNSC provide further guidance as to how CSA N290.7 could be applied for these facilities.

The CNSC intends to provide guidance regarding TRAs and the application of the risk-informed approach for cybersecurity considerations in its regulatory documents (REGDOCs).

Protection of sensitive information

Most licensees agreed with CNSC’s proposed lifecycle approach for the protection of sensitive information, though some expressed concerns over the proposed increase in scope of information to be protected and found the definition of sensitive information to be overly broad. Most licensees already use risk-informed information classification schemes, and generally agreed that classifying and marking information is necessary to adequately handle and protect information. However, some expressed concerns that the proposed classification schemefootnote 9 would be difficult to align with their existing classification schemes, could potentially lead to over-classifying information, and that implementing multiple sensitivity levels would be overly burdensome in achieving the regulatory objective.

The CNSC would clarify requirements and develop guidance on how to identify and protect sensitive information, in its regulatory documents.

Security clearance screening standard

Industry stakeholders expressed concerns with expanding the need to conduct financial and security checks for all employees, as opposed to applying the standard based on the level of responsibility for individual roles. There were also concerns about the accessibility of technology used to conduct fingerprinting, as some have faced challenges with collecting employees’ fingerprints.

The CNSC recognizes that employers have experienced issues with fingerprinting due to COVID-19 restrictions and the lack of technology availability. As a result, CNSC has changed the proposal to not require finger printing as part of the law enforcement inquiry (criminal record name check). Based on the feedback received during consultation, the proposal related to credit checks was also changed so that the credit checks would be mandatory only for individuals with an enhanced security site access clearance, based on a risk-informed approach.

Canada Gazette, Part I, prepublication

In order to provide the regulated community, members of the public, and Indigenous groups with the appropriate time for a detailed and comprehensive review and verification of the proposed NSR 2023 and its associated Regulatory Impact Analysis Statement (RIAS), and to better facilitate the feedback and comments from all stakeholders, the CNSC is proposing a 60-day consultation period.

Modern treaty obligations and Indigenous engagement and consultation

The initial assessment examined the geographical scope and subject matter of the initiative in relation to modern treaties in effect and did not identify any potential modern treaty implications. Although no clear linkages or impacts on Modern Treaty Partners have been identified as a result of the proposed NSR 2023, Crown-Indigenous Relations and Northern Affairs Canada (CIRNAC) advised to include all modern treaty holders in CNSC’s engagement strategy where there is the potential for nuclear projects to be proposed. CIRNAC provided a list of modern treaty partners to reach out to, which includes the regions of the Northwest Territories, Nunavut, Yukon, Labrador and Northern Quebec. CNSC contacted modern treaty partners in these regions with information on the proposed NSR 2023 and offered to provide more information should there be interest.

Instrument choice

The CNSC determined that repealing and replacing the Regulations was the most effective and appropriate instrument. Three alternatives to this regulatory option were considered as part of this project, as detailed below.

1. Status quo

The alternative of maintaining the status quo was rejected.

The threats and risks faced by nuclear facilities in Canada have changed significantly since the NSR entered into force and were last amended in 2006. New technologies and measures to protect nuclear facilities, nuclear material and nuclear substances have also been developed since that time. The risk to Canadians and the environment continues to increase over time, as past threats faced by Canadian nuclear facilities evolve and new countermeasures, counter technologies or other security measures are not able to be properly considered and deployed.

SMR technology is an emerging technology that is an important component of Canada’s net-zero initiatives announced in the Message from the Minister, given by the Minister of Natural Resources in 2021, and in Budget 2022. Without new SMRs, nuclear power generating will be severely limited in its contribution to decarbonization initiatives. Amendments to improve the efficiency and clarity of the prescriptive requirements in the existing NSR were identified as a priority in Pillar 2: Policy, legislation and regulation of the SMR Roadmap. The action to amend the existing NSR is SMR Roadmap recommendation 22 with the resulting commitment from the CNSC to amend the existing NSR captured in actions CNSC01 and CNSC02 of the SMR Action Plan.

2. Licence conditions

The alternative of adding the new security requirements to individual licences as licence conditions was rejected. Since most of the requirements are common to all nuclear facilities or at least a subset of facilities (i.e. HSS), rather than repeating the same requirements in each and every licence as licence conditions, it is more effective to capture these as a minimum set of generic requirements in regulation. However, the CNSC recognizes that licence conditions can be an effective way of prescribing certain regulatory requirements, including facility-specific requirements when needed.

3. Voluntary compliance

The alternative of voluntary compliance was rejected. Voluntary compliance, whether through the use of the CNSC’s regulatory guidance documentsfootnote 10 (REGDOCs) or via other programs proposed by licensees, implies that there is some discretion on the part of the licensee with respect to the implementation of nuclear security measures. This could potentially leave Canadian nuclear facilities vulnerable to physical and cyber threats. Voluntary compliance includes the possibility of licensees applying differing security measures or standards in terms of the level of security, which could lead to inconsistencies on how the security threats and risks are addressed across licensees. Voluntary compliance also does not provide the Canadian public or the international community with the assurance that adequate nuclear security protection measures have been taken to address threats to Canadian nuclear facilities, nuclear materials and nuclear substances.

Repeal and replace the NSR

After considering the non-regulatory options, the CNSC proceeded to consider amending the NSR or repealing and replacing the NSR. There would be a significant number of proposed changes to the NSR, including significant changes to the overall structure of the NSR. Due to this, it would not be practical or feasible for the regulated community or the public to review and understand the existing NSR alongside the regulations amending the NSR. Therefore, a repeal and replacement of the NSR is the most effective option and the option chosen for this regulatory proposal.

Incorporation by reference

The proposed NSR 2023 would incorporate the Treasury Board of Canada Secretariat Standard on Security Screening, as amended from time to time. Site access clearances and enhanced site access clearances would be granted to personnel working at the nuclear facilities based on the criteria in this standard. Using incorporation by reference of this standard would ensure that security clearances at nuclear facilities are issued based on the most up-to-date federal government security screening standards. For more information, please refer to the subsection titled “Changes to Government of Canada security clearance standards” under the “Issues” section.

Regulatory analysis

Benefits and costs

The requirements of the proposed NSR 2023 would enhance safety and security around nuclear sites and reduce the risk of catastrophic incidents that could damage the health of Canadians, the environment, or cause economic damages due to power outages. Since incidents and accidents at nuclear sites are extremely rare, the reduction in risk cannot be quantified. Additional benefits related to the proposed performance-based measures and security screening that have been monetized would result in a total present value benefit of $7.4 million.

The total present value cost associated with the proposed security enhancements would be $20.8 million, with the majority of costs related to cybersecurity provisions ($13.3 million) and CNSC compliance activities ($2.7 million).

While the monetized impacts of the proposed NSR 2023 would result in a net present value cost of $13.3 million, the non-monetized benefits associated with the reduced risk of incidents are expected to be far greater than the estimated costs.

A detailed CBA report for this regulatory proposal can be obtained by contacting the CNSC with the contact information at the end of this RIAS.

CBA methodology

The CBA for this regulatory proposal compared the incremental impacts between a baseline scenario and a regulatory scenario according to the Policy on Cost-Benefit Analysis. The baseline scenario shows the costs and benefits expected without the proposed NSR 2023 as described in the status quo option in the “Instrument choice” section. The regulatory scenario describes the expected incremental impacts of the proposed NSR 2023.

Monetized impacts are calculated using the International Standard Cost Model Manual (SCM) (PDF) from the Organisation for Economic Co-operation and Development (OECD). This is an internationally recognized methodology for determining and calculating the monetized effects of government regulation on business. For this CBA, the CNSC used the SCM to calculate both the compliance costs and the administrative burden costs for the regulatory proposal.

The proposed NSR 2023 would impact five high-security site licensees covering 13 sites as well as eight Class IAfootnote 11 and Class IBfootnote 12 licensees covering 11 sites, which include research reactors, nuclear fuel fabrication facilities and nuclear substances processing facilities that are non-high-security sites (non-HSS). Further, three organizations that transport nuclear material would be impacted to a more limited extent by the proposed requirements for transport security exercises.

At the time of this regulatory proposal, there are no SMRs in operation or under construction in Canada. However, over the 10-year time frame of analysis, there are several potential SMR projects that may be realized. In support of this, four organizations with interest in SMR technologies (Ontario Power Generation, Bruce Power, New Brunswick Power, and Canadian Nuclear Laboratories) provided cost-benefit data in support of SMRs.

The data used in this CBA were obtained via consultation with stakeholders. When needed, remaining data for labour costs were obtained from Statistics Canada.footnote 13

The CNSC identified certain elements of licensee operations that would be affected by this regulatory proposal, including

Present value totals are in 2021 Canadian dollars, discounted to 2022 using a rate of 7% over a 10-year time period (2023–2032) as directed by the Policy on Cost-Benefit Analysis. Discount rates of 0%, 3%, 5%, and 10% were used as part of the sensitivity analysis for this regulatory proposal.

Consultation on the CBA

The CNSC hosted workshops with affected stakeholders to determine the operational impacts (costs and benefits) of the various elements of the regulatory proposal. The CNSC took an iterative approach to these workshops and conducted the workshops in multiple phases:

These workshops included representatives from HSS, SMR proponents, and non-HSS. Industry representatives submitted their preliminary monetization data in advance, which was later discussed at the September workshop. Following the workshop, industry revised the monetization data based on CNSC feedback and submitted the revised data. This revised data was reviewed by the CNSC and compared with internal cost information where available (i.e. contracts for TRAs, costs for security clearances or equipment costs related to cybersecurity) to obtain the final monetization data.

The qualitative benefits were determined based on information from CNSC subject matter experts and benchmarking against international recommendations and best practices.

Costs

The estimated total incremental present value cost of the proposed NSR 2023 would be $20.8 million. Costs are grouped according to the main themes of the proposed amendments that would impose cost impacts on regulated parties. These themes are as follows:

The proposed change to the central alarm station would not impose any incremental costs on licensees (HSS only) since they generally already perform this requirement and may propose alternatives to meet the performance objective without incurring additional costs.

The monetized impacts for these themes (except for CNSC compliance activities) are in the form of changes to licensees’ internal processes/programs/procedures, the purchase/upgrades and maintenance/repair of equipment (hardware and/or software), and labour costs for staff performing the new duties required in the proposed NSR 2023.

CNSC compliance activities are due to the CNSC being a cost-recovery organization under the Canadian Nuclear Safety Commission Cost Recovery Fees Regulations, and as such, the costs carried by the CNSC from compliance activities (e.g. inspections and desktop reviews) are billed back to the licensees. To verify compliance with the proposed NSR 2023, the CNSC would perform more inspections and reviews of the security programs and measures, and thus charge more cost recovery fees to the regulated community.

Stakeholders indicated that the first year for SMR deployment would be 2028. Thus, the data related to SMRs would be considered in the time period of 2028–2032.

Benefits

The primary benefit to Canadians from this regulatory proposal would be the reduction in risk of nuclear security incidents that is derived from enhanced nuclear security. This reduction in risk cannot be quantified in a practical fashion and must therefore be treated qualitatively. The prevention of damages to nuclear facilities that cause radioactive releases (from physical, cyber or insider threats) and the prevention of the theft of nuclear materials and nuclear substances would result in reduced health and safety risks to Canadians and the environment.

In addition, there is the reduced risk of economic damage due to power outages, such as lost revenue for power-generating utilities, recovery costs related to nuclear security incidents, increased electricity costs and possible electricity or radioisotope shortages should certain nuclear facilities be offline for an extended period due to a security incident.

The types of nuclear security incidents targeted in this proposal are extremely rare in Canada and globally. However, when incidents do occur, their impacts are significant and far-reaching, as shown in the following examples:

The monetized benefits of this regulatory proposal primarily revolve around cost savings from the proposed performance-based requirements ($0.83 million), which allow for the regulated parties to propose their own means to achieve the regulatory objective, as well as the proposed changes for the validity of site access clearance from 5 years to 10 years under the TBS Standard on Security Screening ($6.59 million). These cost savings are estimated to result in a total present value benefit of $7.42 million.

A further benefit from this regulatory proposal is in regard to SMR development and deployment in Canada. Removing the prescriptive requirements in the NSR would reduce regulatory obstacles to SMR development and is an important part of a broad initiative to promote SMR deployment in Canada. In addition, this regulatory proposal would fulfill one of the CNSC commitments identified in the SMR Action Plan on the modernization of the existing NSR.

Overall, while the monetized impacts show a net cost for this regulatory proposal, the benefits are expected to outweigh the quantitative costs if all the benefits could reasonably be quantified.

Impacts of the consequential amendments

The proposed NSR 2023 would include new administrative monetary penalties (AMPs) [e.g. for cybersecurity violations], which would be handled via the processes and procedures already implemented by licensees and by the CNSC. Therefore, cost impacts for the consequential amendments to the Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission) are expected to be minimal. No impacts are expected with the consequential amendments to the Class I Nuclear Facilities Regulations, the Nuclear Substances and Radiation Devices Regulations, and the Packaging and Transport of Nuclear Substances Regulations, 2015.

Cost-benefit statement
Table 1: Monetized costs
Impacted stakeholder Description of cost 2023 2028 2032 Total (PV) Annualized value
Industry Cybersecurity and information protection $1,869,849 $1,240,294 $1,005,863 $13,346,906 $1,900,299
CNSC compliance activities $364,518 $259,896 $198,274 $2,739,437 $390,034
Security exercises $41,723 $189,121 $156,000 $1,139,827 $162,286
Nuclear substance monitoring $110,969 $79,119 $67,985 $841,584 $119,823
Safety, security and safeguards interface $267,970 $107,721 $143,146 $773,708 $110,159
Security culture $81,240 $94,664 $72,219 $735,410 $104,706
Threat and risk assessment $48,121 $34,310 $135,190 $623,556 $88,780
Security guard qualification and training $58,479 $41,694 $90,199 $564,723 $80,404
All stakeholders Total costs $2,842,868 $2,046,821 $1,868,876 $20,765,152 $2,956,490
Table 2: Monetized benefits
Impacted stakeholder Description of benefit 2023 2028 2032 Total (PV) Annualized value
Industry Performance-based requirements $0 $189,346 $144,451 $830,702 $118,273
Security clearance validity period $873,114 $639,974 $417,064 $6,593,390 $938,750
All stakeholders Total benefits $873,114 $829,320 $561,515 $7,424,092 $1,057,023
Table 3: Summary of monetized costs and benefits
Impacts 2023 2028 2032 Total (PV) Annualized value
Total costs $2,842,868 $2,046,821 $1,868,876 $20,765,152 $2,956,490
Total benefits $873,114 $829,320 $561,515 $7,424,092 $1,057,023
NET IMPACT ($1,969,754) ($1,217,501) ($1,307,361) ($13,341,060) ($1,899,467)
Sensitivity analysis

As seen in the CBA, the costs carried by industry in relation to cybersecurity and the protection of sensitive information are the biggest contributor of overall monetized costs, at about 64% of the total costs. This is significantly more than the second-highest cost related to CNSC compliance activities, which stands at approximately 13% of the total costs. Similarly for the benefits, the changes to the security screening requirements make up approximately 89% of the total quantitative benefits. Increasing each of these cost or benefit items by 25%, 50%, 75% and 100%, while holding all other items constant, results in a net present value cost as low as $6.7 million or as high as $26.7 million, as shown in Table 4 below. This variance covers a wide range of potential effects of the main items on the overall net present value cost. The central scenario is also shown in Table 4 for reference.

Table 4: Net present value results from univariate sensitivity analysis
Sensitivity analysis of main cost-benefit items on net present value costs Central scenario 25% Increase 50% Increase 75% Increase 100% Increase
Cybersecurity and information protection $13,341,060 $16,677,787 $20,020,359 $23,357,086 $26,693,812
CNSC compliance activities $13,341,060 $14,025,919 $14,710,779 $15,395,638 $16,080,497
Security clearance validity period $13,341,060 $11,692,713 $10,044,365 $8,396,018 $6,747,670

It was also seen that neither the net present value, nor the annualized averages were overly sensitive to variations in the discount rate, for the selected discount rates of 0%, 3%, 5%, 7% (baseline), and 10%. The effect of the change in discount rate on the net present value and annualized averages is shown in Table 5 below.

Table 5: Net present value results from discount rate sensitivity analysis
Discount rate (%) Net present value costs Annualized averages
0.0 $19,316,067 $1,931,601
3.0 $16,351,706 $1,916,913
5.0 $14,732,354 $1,907,901
7.0 $13,341,102 $1,899,467
10.0 $11,599,804 $1,887,809

The complete sensitivity analysis is found in the CBA report.

Distributional analysis

The new requirements in the proposed NSR 2023 for TRAs, security exercises, and nuclear substance monitoring would be applied to the non-HSS, while those provisions already apply to HSS in the existing NSR. While cybersecurity is not an explicit requirement in the existing NSR, all HSS have implemented the standard CSA N290.7, Cyber security for nuclear power plants and small reactor facilities as per the requirements of the licence conditions for those facilities.footnote 19 However, non-HSS had not implemented the requirements of that standard under the existing NSR. Thus, several of the new provisions in the proposed NSR 2023 would have a proportionately higher impact on the non-HSS when compared to HSS as shown in Table 6 below.footnote 20

Table 6: Breakdown of the costs per stakeholder group
Stakeholder group Net present value costs Annualized averages
Multi-unit nuclear power plant (HSS) $5,863,706 $834,992
Class IB nuclear substance processing facilities (non-HSS) $3,469,986 $494,126
Fuel fabrication facilities (non-HSS) $3,226,412 $459,441
Research reactors (academic institutions) [non-HSS] $501,539 $71,419
Single-unit power plants and Canadian Nuclear Laboratory (CNL) facilities (HSS) $350,826 $49,958
Transport organizations $160,366 $22,836
SMR $(231,776) $(33,005)

As seen in Table 6 above, multi-unit nuclear power plants would see the greatest overall monetized cost increases, mainly due to the proposed requirements for upgraded cybersecurity and the protection of sensitive information provisions. The non-HSS would see proportionately higher monetized costs, due to the aforementioned new requirements related to threat and risk assessments, private security guards,footnote 21 security exercises, and nuclear substance monitoring for those facilities.

Nevertheless, the non-HSS would also see a large, monetized benefit from the proposed changes to the security screening requirements. There would not be a requirement for the enhanced (5-year) site access clearances since all personnel at non-HSS would transition to a 10-year security screening validity.

The complete distributional analysis for this regulatory proposal is found in the CBA report.

Small business lens

Analysis under the small business lens concluded that the proposed NSR 2023 would not impact Canadian small businesses.

One-for-one rule

This regulatory proposal would repeal an existing regulatory title (the existing NSR) and replace it with a new regulatory title (NSR 2023). The new regulatory title would impose new administrative burden on applicants and licensees to demonstrate compliance with the new regulatory requirements, such as cybersecurity and the protection of information for all licensees, and new TRAs and security exercises for non-HSS licensees. Administrative burden related to this regulatory proposal would encompass reporting/submitting information/documentation to the CNSC to demonstrate compliance, notification to the CNSC for certain activities (e.g. security exercises), meetings with internal/external stakeholders, copying/filing information, such as for new TRAs, and assisting CNSC with compliance verification activities, such as inspections.

Overall, the annualized administrative cost is estimated at $16,169 (2012 Canadian dollars, a 7% discount rate, and a 2012 present value base year) and the annualized administrative costs per business is found to be $438.

Administrative burden was discussed and considered during the cost-benefit workshops with licensees in June-October 2021, and industry stakeholders included their estimates of administrative burden in their submissions to the CNSC. The CNSC reviewed these submissions and provided additional guidance and clarification to licensees on the specific costs for which administrative burden applies as defined by the Red Tape Reduction Act and as calculated per the Red Tape Reduction Regulations. Licensees revised their submissions related to administrative burden, which later informed the administrative burden calculations performed by CNSC.

Regulatory cooperation and alignment

This regulatory proposal is not related to a work plan or commitment under a formal regulatory cooperation forum.

Alignment with international regulatory regimes

Several of the objectives of this regulatory proposal are to align the NSR 2023 with international requirements and best practices. These include

The proposed NSR 2023 would reflect the current security requirements in the IAEA CPPNM and align with international standards. The CPPNM established measures related to the prevention, detection, and punishment of offences pertaining to nuclear material. It is the only international legally binding convention related to the physical protection of nuclear material, and was signed, by Canada, on March 3, 1980.

An Amendment to the CPPNM came into force on May 8, 2016. This increased the scope of the CPPNM to encompass physical protection requirements for nuclear facilities and nuclear material in domestic use, storage and transport. It expanded upon the scope of offences identified in the CPPNM (e.g. theft of nuclear material) and also introduced new offences, such as smuggling nuclear material and sabotaging nuclear facilities. As part of the Amendment, states, including Canada, are required to prevent and combat offences and to minimize the radiological consequences of sabotage. The proposed NSR 2023 ensure that Canada continues to fulfill its international obligations for the security of nuclear and radioactive materials.

Canada would be addressing several recommendations and suggestions from the 2015 IPPAS report in this regulatory proposal. In total, five amendments are directly linked to the IPPAS mission findings to (1) improve nuclear security culture; (2) improve the protection of sensitive information; (3) enhance the interface between safeguards, security and safety; (4) conduct transport security drills and exercises at nuclear facilities; and (5) implement the two-person rule in the central alarm station. In addition, the CNSC would address the suggestions from the 2019 IRRS peer review mission to strengthen safety and security interfaces.

Assessment of aligned jurisdictions

The CNSC undertook an assessment of similarly capable and aligned jurisdictions with the broad objective of identifying areas of commonality and alignment. The results of that assessment include

The CNSC recognizes the importance of regulatory cooperation and will continue to engage with similarly capable and politically aligned jurisdictions.

Coordination with orders of government

The CNSC has engaged relevant provincial partners in order to gather feedback and perspectives on the impact of the proposed regulatory changes on the implementation of provincial public safety regulations. In support of this, CNSC held a workshop with provincial government departments and agencies on June 23, 2021, to inform them of the CNSC’s regulatory proposals and obtain feedback. In total, four provincial government organizations attended this workshop. However, the proposed NSR 2023 are strictly within the federal domain.

Strategic environmental assessment

In accordance with the Cabinet Directive on the Environmental Assessment of Policy, Plan and Program Proposals, a preliminary scan concluded that a strategic environmental assessment is not required.

Gender-based analysis plus

No gender-based analysis plus (GBA+) impacts have been identified for this proposal.

Implementation, compliance and enforcement, and service standards

Implementation

The coming into force date of the proposed NSR 2023 would be on the day upon which they are registered, with the exception of the security requirements for HSS, which would come into force one year following the registration of the proposed NSR 2023, and the security requirements for non-HSS, which would come into force two years following the registration of the proposed NSR 2023.

CNSC will work with licensees to coordinate implementation of the proposed NSR 2023. This will also include working with stakeholders, Indigenous peoples and the public to finalize the nuclear security series of the REGDOCs. The CNSC’s e-consultation platform for public consultation allows stakeholders, Indigenous peoples and the public to provide comments. CNSC will use the information gathered to collaborate with licensees and to inform the final REGDOCs before the Commission approves them for publication.

Compliance and enforcement

The proposed NSR 2023 would be enforced in accordance with the CNSC’s existing enforcement policy. CNSC inspectors regularly verify that licensees are complying with the NSCA and its regulations. If a licensee is found to be non-compliant with the proposed NSR 2023, the CNSC would use a graded enforcement approach to implement corrective measures. Additional information on the CNSC’s graded enforcement strategy is found in CNSC REGDOC-3.5.3, Regulatory Fundamentals.

Contact

Dana Beaton
Director General
Regulatory Policy Directorate
Canadian Nuclear Safety Commission
280 Slater Street
P.O. Box 1046, Station B
Ottawa, Ontario
K1P 5S9
Telephone: 613‑219‑0959
Email: consultation@cnsc-ccsn.gc.ca

PROPOSED REGULATORY TEXT

Notice is given that the Canadian Nuclear Safety Commission, under subsection 44(1)footnote a of the Nuclear Safety and Control Act footnote b and subject to the approval of the Governor in Council, proposes to make the annexed Nuclear Security Regulations, 2023.

Interested persons may make representations concerning the proposed Regulations within 60 days after the date of publication of this notice. They are strongly encouraged to use the online commenting feature that is available on the Canada Gazette website but if they use email, mail or any other means, the representations should cite the Canada Gazette, Part I, and the date of publication of this notice, and be sent to Dana Beaton, Director General, Regulatory Policy Directorate, Canadian Nuclear Safety Commission, 280 Slater Street, P.O. Box 1046, Station B, Ottawa, Ontario K1P 5S9 (tel: 613‑219‑0959, email: consultation@cnsc-ccsn.gc.ca).

Ottawa, November 4, 2022

Wendy Nixon
Assistant Clerk of the Privy Council

TABLE OF PROVISIONS

Nuclear Security Regulations, 2023

Definitions

1 Definitions

PART 1

General Provisions

Application

2 Application

Licence Application

3 Required information

Security Requirements

General Requirements

4 Updated nuclear security plan

5 Threat and risk assessment

6 Effective intervention

7 Training program — behaviour of personnel

8 Security culture

9 Security interfaces

10 Compensatory measures

11 Compromise of access control system

12 Security guards

13 Arrangements with off-site response force

14 Alarm monitoring

15 Security exercise

Cybersecurity and Protection of Information

16 Cybersecurity program

17 Protection of sensitive information

18 Identity verification, clearance or authorization

Security Obligations Relating to Nuclear Substances

19 Category I nuclear material

20 Category II nuclear material

21 Category III nuclear material

22 Area for nuclear substances

Site Access Status

23 Site access status

24 Site access status — equivalent

25 Factors

26 List of persons

27 Revocation

Access Control

Access to Nuclear Facility

28 Requirements

29 Removal of nuclear substances

30 Detection of unauthorized removal

31 Entry of land vehicles

Searches

32 Sign regarding searches

33 Search or screening on leaving

34 Exception – search

PART 2

High-security Sites

Application

35 Application

Licence Application

36 Information in application

Design Basis Threat

37 Design basis threat

38 Nuclear security system

Nuclear Security Officers

39 Number and duties

40 Equipment

41 Training, competency and qualifications

42 Record — firearms

Security Requirements

43 On-site nuclear response force

44 Arrangements with off-site response force

45 Requirements for other off-site response force

46 Contingency plan

47 Security drill and exercise program

48 Security drill

49 Security exercise

Central Alarm Station

50 Central alarm station

51 Secondary alarm station

Clearances

Site Access Clearance

52 Site access clearance

53 Deemed site access clearance

Enhanced Security Clearance

54 Enhanced security clearance

55 Deemed site access clearance

Clearance Assessment, List and Revocation

56 Factors

57 List of persons

58 Revocation

Security Personnel
Nuclear Security Officer, Nuclear Security Support Person and Central Alarm Station Operator

59 Authorization — nuclear security officer

60 Authorization — nuclear security support person

61 Requirements for authorization

62 Deemed authorizations

63 Central alarm station operator

64 List of authorized persons

Nuclear Security Support Person With Escort

65 Authorization

Nuclear Security Measures

Power Supply

66 Uninterrupted power supply

Protected Area

67 Perimeter — physical barriers

68 Unobstructed area

69 Vehicle barrier

70 Nuclear security measures

Inner Area

71 Structure or physical barrier

72 Nuclear security measures

Vital Area

73 Identification of vital areas

74 Physical barrier

75 Nuclear security measures

Authorizations to Enter Protected, Inner and Vital Areas

Protected Area

76 Authorization to enter protected area

77 Authorization — with escort

78 Record of authorized persons

Inner Area

79 Authorization to enter inner area

80 Deemed authorization — protected area

81 Authorization — with escort

82 Record of authorized persons

Vital Area

83 Authorization to enter vital area

84 Record of authorized persons

Revocation

85 Revocation

Access Control

Prohibition on Permitting Access

86 Protected, inner or vital area

Protected Area

87 Identity verification

88 Unauthorized persons

89 Access with escort

90 Vehicle portals

91 Weapons, explosive substances and threat items

92 Removal of nuclear material

93 Prohibited activities

Inner Area

94 Requirement — two authorized persons

95 Unauthorized persons

96 Access with escort

97 Land vehicle

98 Weapons, explosive substances and threat items

99 Means of entry or exit

100 Removal of nuclear material

101 Prohibited activities

Vital Area

102 Unauthorized persons

103 Verification and recording of identity

104 Land vehicle

105 Weapons, explosive substances and threat items

106 Removal of nuclear material

107 Prohibited activities

Exception

108 Inspector

Searches

109 Sign regarding searches

110 Search

111 Exception to search requirement

112 Prohibition

PART 3

Licence to Transport

113 Application

114 Exemption

115 Transport security plan

116 Security exercise

PART 4

Consequential Amendments, Transitional Provisions, Repeal and Coming into Force

Consequential Amendments

117 Class I Nuclear Facilities Regulations

118 Nuclear Substances and Radiation Devices Regulations

119 Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission)

120 Packaging and Transport of Nuclear Substances Regulations, 2015

Transitional Provisions

122 Definition of former Regulations

123 Nuclear facility

124 Repeal

Coming Into Force

125 Registration

SCHEDULE

Nuclear Security Regulations, 2023

Definitions

Definitions

1 The definitions in this section apply in these Regulations.

Act
means the Nuclear Safety and Control Act. (Loi)
Category I nuclear material
means a nuclear substance listed in column 1 of the schedule that is in the form set out in column 2 and the quantity set out in column 3. (matière nucléaire de catégorie I)
Category II nuclear material
means a nuclear substance listed in column 1 of the schedule that is in the form set out in column 2 and the quantity set out in column 4. (matière nucléaire de catégorie II)
Category III nuclear material
means a nuclear substance listed in column 1 of the schedule that is in the form set out in column 2 and the quantity set out in column 5. (matière nucléaire de catégorie III)
central alarm station operator
means a person who has the authorization referred to in subsection 63(1). (opérateur du poste central d’alarme)
design basis threat
means a threat identified by the Commission under subsection 37(1) in respect of a high-security site. (menace de référence)
direct visual surveillance
means direct and continuous observation by a person who is physically present at the place that is under observation or observing remotely. (surveillance visuelle directe)
effective intervention
means an intervention that is timely and powerful enough to prevent sabotage or the unauthorized removal of nuclear substances. (défense efficace)
enhanced security clearance
means a clearance granted based on a security screening that is equivalent to a security screening for Top Secret clearance under the Standard on Security Screening. (autorisation de sécurité approfondie)
explosive substance
has the same meaning as in section 2 of the Criminal Code. (substance explosive)
firearm
has the same meaning as in section 2 of the Criminal Code. (arme à feu)
high-security site
means a nuclear facility referred to in subsection 2(1) where Category I or II nuclear material is produced, processed, used or stored. (site à sécurité élevée)
inner area
means an area that is within a protected area and meets the requirements of sections 71 and 72. (zone intérieure)
licensee
means,
  • (a) in Part 1, a person who is licensed to carry on an activity described in any of paragraphs 26(a), (b), (e) or (f) of the Act in relation to Category I, II or III nuclear material or a nuclear facility referred to in subsection 2(1);
  • (b) in this section and in Part 2, a person who is licensed to carry on an activity described in any of paragraphs 26(a), (b), (e) or (f) of the Act in relation to a high-security site; and
  • (c) in Part 3, a person who is licensed to transport Category I, II or III nuclear material. (titulaire de permis)
limited access area
means a clearly demarcated area that surrounds a nuclear facility and to which the licensee controls access. (zone à accès limité)
nuclear material accountancy activities
means activities to record the quantities and locations at a nuclear facility of Category I, II or III nuclear material and any changes in those quantities and locations. (activités de comptabilité des matières nucléaires)
nuclear security measure
means a physical security or cybersecurity measure intended to deter, detect, delay or respond to a threat to a nuclear facility, nuclear substances or the confidentiality, integrity and availability of sensitive information. (mesure de sécurité nucléaire)
nuclear security officer
means a person who has the authorization referred to in subsection 59(1). (agent de sécurité nucléaire)
nuclear security support person
means a person, other than a nuclear security officer or central alarm station operator, whose duties and responsibilities in relation to a high-security site include any of the following:
  • (a) the design, implementation, maintenance or repair of a nuclear security system, measure or device;
  • (b) the control, maintenance or repair of firearms and related equipment;
  • (c) the control, maintenance or repair of access control systems;
  • (d) the assessment, denial, revocation or granting of security clearances or authorizations;
  • (e) the monitoring of threats that may affect the site; and
  • (f) training related to any of the activities referred to in paragraphs (a) to (e). (préposé à la sécurité nucléaire)
nuclear security system
means an integrated set of nuclear security measures at a nuclear facility. (système de sécurité nucléaire)
off-site response force
means a local, regional, provincial or federal police force, a Canadian Forces unit or a force that meets the requirements of section 45, or any combination of such forces or units, whose members are not stationed at a nuclear facility. (force d’intervention externe)
on-site nuclear response force
means
  • (a) a team of nuclear security officers who are permanently stationed at a high-security site; or
  • (b) a local, regional, provincial or federal police force or a Canadian Forces unit, or any combination of such forces or units,
    • (i) whose services the licensee has retained,
    • (ii) whose members are permanently stationed at a high-security site, and
    • (iii) whose members are equipped with firearms, trained and qualified to use firearms and authorized to carry firearms in Canada. (force d’intervention nucléaire interne)
physical barrier
means a fence, wall or similar impediment that controls access to the area that it encloses and delays unauthorized access to that area. (barrière physique)
prescribed information
means information prescribed by section 21 of the General Nuclear Safety and Control Regulations. (renseignements réglementés)
protected area
means an area that is surrounded by physical barriers that meet the requirements of section 67 and whose perimeter is equipped with nuclear security measures that meet the requirements of that section. (zone protégée)
sabotage
means any deliberate act or omission directed against a nuclear facility or nuclear substances that are in use, storage or transport that
  • (a) endangers or could endanger the health or safety of any person; or
  • (b) results or could result in contamination of the environment. (sabotage)
security exercise
means a test of elements of the contingency plan and nuclear security measures and, in the case of a security exercise referred to in subsection 116(1), of multiple security measures. (exercice de sécurité)
security guard
means a person who carries out duties related to the security of a nuclear facility referred to in subsection 2(1) that is not a high-security site, such as direct visual surveillance of the facility and the protection of persons and property. (garde de sécurité)
security personnel
means the nuclear security officers, nuclear security support persons and central alarm station operators of a nuclear facility and their supervisors. (personnel de sécurité)
sensitive information
means information — including prescribed information — in any form, including software, whose unauthorized disclosure, modification or destruction or to which denial of access could compromise nuclear security. (renseignements de nature délicate)
site access clearance
means a clearance granted based on a security screening equivalent to a security screening for site access clearance under the Standard on Security Screening. (autorisation d’accès au site)
site access status
means a clearance granted based on a security screening equivalent to a security screening for site access status under the Standard on Security Screening. (cote d’accès au site)
Standard on Security Screening
means the document entitled Standard on Security Screening published by the Treasury Board Secretariat, as amended from time to time. (Norme sur le filtrage de sécurité)
threat and risk assessment
means an assessment that
  • (a) identifies threats that could, including through sabotage or the unauthorized removal of nuclear substances or sensitive information, compromise the security of a nuclear facility, its personnel or its operations or exploit vulnerabilities in its nuclear security measures or, in the case of the transport of Category I, II or III nuclear material, compromise the security of sensitive information or the nuclear material; and
  • (b) evaluates the adequacy and effectiveness of an existing or proposed nuclear security system, or existing or proposed nuclear security measures, designed to protect against those threats. (évaluation de la menace et du risque)
threat item
means
  • (a) an object, other than a match or pocket lighter, that is fabricated with combustible materials and could be used to inflict burn injuries on individuals or cause fire damage to property, or any component of such an object;
  • (b) a component of a weapon or explosive device; and
  • (c) any other item that could pose a threat to the security of a nuclear facility. (article dangereux)
vehicle portal
means a means of entry or exit, situated between the interior and exterior barriers surrounding a protected area, whose sides are enclosed and that consists of two movable barriers separated by a space sufficiently large to accommodate land vehicles. (sas pour véhicule)
vital area
means an area inside a protected area and containing equipment, systems, structures, components or nuclear substances whose sabotage could pose an unreasonable risk to the environment, or to the health or safety of persons, arising from exposure to radiation. (zone vitale)
weapon
has the same meaning as in section 2 of the Criminal Code. (arme)

PART 1

General Provisions

Application

Application

2 (1) This Part applies in respect of Category I, II and III nuclear material and in respect of the following nuclear facilities:

High-security site

(2) If the provisions of both this part and Part 2 apply in respect of a high-security site, the provisions of Part 2 prevail to the extent of any inconsistency.

Licence Application

Required information

3 An application for a licence in respect of Category I, II or III nuclear material or a nuclear facility referred to in subsection 2(1), other than a transport licence, must contain, in addition to the information required by section 3 of the Nuclear Substances and Radiation Devices Regulations or sections 3 to 8 of the Class I Nuclear Facilities Regulations, as applicable,

Security Requirements

General Requirements

Updated nuclear security plan

4 (1) The licensee must review the nuclear security plan at least once per year and update it to reflect any changes to the information that it is required to contain.

Submission to Commission

(2) The licensee must submit the updated nuclear security plan to the Commission on request of the Commission and before the end of the following periods:

Threat and risk assessment

5 (1) A licensee must conduct, at least once every five years, a threat and risk assessment specific to a nuclear facility at which it carries on licensed activities.

Update

(2) The licensee must update the threat and risk assessment at least once per year and after any security incident occurs that affects the nuclear facility or the licensee becomes aware of a new threat or a change in any threat that is identified in the assessment.

Modifications to nuclear security system

(3) The licensee must, before the next day on which it submits a nuclear security plan under subsection 4(2), make the modifications to its nuclear security system that are necessary to counter any threat identified in the threat and risk assessment.

Record

(4) The licensee must keep a record of the results of each threat and risk assessment.

Submission to Commission

(5) A licensee must submit the record to the Commission, together with a statement describing the modifications that were made and actions that were taken as a result of the assessment, within 60 days after the day on which the assessment is completed.

Effective intervention

6 A licensee must implement nuclear security measures that ensure an effective intervention, taking into account any threat identified in the threat and risk assessment.

Training program — behaviour of personnel

7 A licensee must develop and implement a training program to ensure that its supervisors are trained to recognize and report suspicious or undesirable changes in the behaviour of personnel, including contractors, that could pose a threat to security at a nuclear facility at which it carries on licensed activities.

Security culture

8 (1) A licensee must implement measures to promote and support security culture.

Record

(2) The licensee must keep a record of the measures that it implements.

Security interfaces

9 (1) A licensee must, to the extent possible, ensure that

Process to coordinate measures

(2) The licensee must establish, implement and maintain a process for

Record

(3) The licensee must keep a record that sets out the process.

Compensatory measures

10 (1) If the nuclear security system or nuclear security measures for a nuclear facility at which a licensee carries on licensed activities become degraded or inoperative, the licensee must immediately implement compensatory measures that are as effective as the system or measures were before they became degraded or inoperative.

Records

(2) A licensee must keep a record that sets out the processes for implementing the compensatory measures and a record indicating each instance in which a compensatory measure is implemented.

Compromise of access control system

11 When a licensee becomes aware that any device or code that is part of an access control system has become degraded or inoperative or has been compromised in any other way, including by loss, theft or unauthorized transfer, the licensee must

Security guards

12 (1) A licensee must ensure that any security guards at a nuclear facility at which it carries on licensed activities are trained to carry out the duties assigned to them and are competent and qualified to do so.

Record

(2) The licensee must keep a record of the training that it provides to each of the security guards and proof of their qualifications to carry out their assigned duties.

Arrangements with off-site response force

13 (1) A licensee must make written arrangements with an off-site response force that is capable of making, at a nuclear facility at which the licensee carries on licensed activities, an effective intervention against any threat identified in the threat and risk assessment and whose members are equipped with firearms, authorized to carry firearms in Canada and trained and qualified to use them.

Provisions in arrangements

(2) The arrangements must provide for

Arrangements signed

(3) The arrangements must be signed by the licensee and the off-site response force.

Alarm monitoring

14 (1) A licensee must have alarm monitoring capability or make arrangements with an alarm monitoring service.

Alarm monitoring service

(2) An alarm monitoring service with which the licensee has made arrangements must notify the licensee and the off-site response force immediately when it receives an alarm signal from the nuclear facility.

Security exercise

15 (1) A licensee must, in cooperation with the off-site response force, at least once every five years, conduct a security exercise that tests

Notice to Commission

(2) The licensee must notify the Commission in writing of its intent to conduct a security exercise at least four months before the date of the exercise.

Record

(3) Each time the licensee conducts a security exercise, it must create a record that contains

Corrective action plan

(4) If a corrective action referred to in paragraph (3)(c) involves a phased approach, the licensee must create a corrective action plan that sets out

Corrective actions

(5) The licensee must implement the corrective actions and, if applicable, must do so according to the timetable referred to in paragraph (4)(c).

Submission to Commission

(6) The licensee must, within 90 days after the day on which the security exercise is completed, submit to the Commission the record referred to in subsection (3) together with the corrective action plan, if any.

Exception

(7) The requirements of this section do not apply in respect of a high-security site.

Cybersecurity and Protection of Information

Cybersecurity program

16 (1) A licensee must implement and maintain the cybersecurity program referred to in subparagraph 3(a)(v) for a nuclear facility at which it carries on licensed activities.

Protection against cybersecurity threats

(2) A licensee must protect the computer systems and electronic components of the nuclear facility against cybersecurity threats that are identified in the threat and risk assessment if those systems or components being compromised could adversely affect

Protection of sensitive information

17 (1) A licensee must implement and keep updated nuclear security measures to protect the confidentiality, integrity and availability of sensitive information against the threats that are identified in the threat and risk assessment.

Access to sensitive information

(2) A licensee must not permit a person to access sensitive information unless the person must access it in order to perform their duties.

Identity verification, clearance or authorization

18 A licensee must implement measures to protect information that is collected, used, retained or disclosed for the purposes of identity verification or in relation to a site access status, a clearance or an authorization from loss or theft and from unauthorized access, use, disclosure, duplication or alteration.

Security Obligations Relating to Nuclear Substances

Category I nuclear material

19 A licensee must produce, process, use or store Category I nuclear material in an inner area.

Category II nuclear material

20 A licensee must produce, process, use or store Category II nuclear material in a protected area.

Category III nuclear material

21 A licensee must produce, process, use or store Category III nuclear material in

Area for nuclear substances

22 (1) A licensee must produce, process, use and store nuclear substances in an area within a nuclear facility that is under the control and direct visual surveillance of the licensee or designed and constructed to prevent persons from gaining unauthorized access to those substances.

Nuclear security measures

(2) The licensee must ensure that the area is equipped with nuclear security measures that

Site Access Status

Site access status

23 (1) A person must not enter or remain in a nuclear facility unless they

Information to verify

(2) Before granting a site access status to a person, a licensee must verify the following documents and information in respect of the person:

Term

(3) A site access status may be granted for any term not exceeding 10 years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Site access status — equivalent

24 (1) For the purposes of these Regulations, a person is deemed to have been granted a site access status by a licensee if, rather than granting a site access status, the licensee accepts any of the following statuses or clearances in respect of the person:

Record

(2) A licensee that accepts a status or clearance under subsection (1) must keep a record that indicates how it verified that the person has the status or clearance.

Factors

25 A licensee may grant a site access status to a person only if, after considering the documents and information obtained under subsection 23(2), it determines that the person does not pose an unreasonable risk to the health or safety of persons or the security of the nuclear facility.

List of persons

26 (1) A licensee must establish and keep a list of the persons who have a site access status.

List to be provided

(2) A licensee must, on request, provide the list to the Commission or to an inspector designated under section 29 of the Act.

Revocation

27 (1) A licensee must revoke a person’s site access status if

Commission to be notified

(2) The licensee must notify the Commission in writing of any revocation made under paragraph (1)(a) within five working days after the day on which the site access status is revoked.

Access Control

Access to Nuclear Facility

Requirements

28 (1) A licensee must ensure that every person who enters or remains in a nuclear facility at which it carries on licensed activities is permitted to do so under subsection 23(1).

Identity verification

(2) The licensee must ensure that the identity of a person entering the nuclear facility is verified

Removal of nuclear substances

29 A licensee must ensure that nuclear substances are not removed from a nuclear facility at which it carries on licensed activities except in accordance with a licence.

Detection of unauthorized removal

30 (1) If a licensee detects the unauthorized removal of nuclear substances from a nuclear facility at which it carries on licensed activities, it must

Record

(2) The licensee must keep a record that sets out the process by which it will ensure that any unauthorized removal of nuclear substances from the facility is dealt with in accordance with subsection (1).

Entry of land vehicles

31 A licensee must not permit a land vehicle to enter a nuclear facility unless

Searches

Sign regarding searches

32 (1) A licensee must post, at the entrance to a nuclear facility that is not a high-security site, a sign that is visible to any person who is about to enter the facility that states, in English and French, that the licensee must not

High-security site

(2) A licensee must post, at the entrance to a high-security site, a sign that is visible to any person who is about to enter the facility that states, in English and French, that the licensee must not

Search or screening on leaving

33 (1) Subject to section 34, a licensee must not permit any person to leave a nuclear facility unless, on leaving the facility, the person and everything in their possession, including any land vehicle,

Conduct of search or screening

(2) The search or screening must be

Exception – search

34 (1) The search requirement set out in paragraph 33(1)(b) does not apply in respect of a person whose identity as a nuclear security officer or a member of an on-site nuclear response force has been verified in accordance with subsection 28(2) and who requires emergency egress from a high-security site for the purposes of carrying out their duties.

Exception — search or screening

(2) The requirement for a search or screening set out in subsection 33(1) does not apply in respect of a person who satisfactorily establishes, through the provision of identification or other evidence, that they are a member of an off-site response force, peace officer or member of another external emergency response force and who requires, as verified by a person authorized by the licensee to do so, emergency egress from a nuclear facility for the purposes of carrying out their duties.

PART 2

High-security Sites

Application

Application

35 This Part applies in respect of high-security sites.

Licence Application

Information in application

36 In addition to meeting the requirements of paragraph 3(a), the nuclear security plan in an application for a license must contain

Design Basis Threat

Design basis threat

37 (1) The Commission must identify any threat involving any person or group that may have the capability, motivation and intent to attempt the following acts in respect of a high-security site:

Commission informs licensees

(2) The Commission must inform each licensee of the design basis threats that are applicable to the high-security site at which the licensee carries on licensed activities.

Nuclear security system

38 (1) A licensee must design the nuclear security system taking into account the design basis threats and any other threat identified in a threat and risk assessment, evaluate the ability of the system to respond to those threats and make modifications to the system as necessary.

Nuclear security measures

(2) The licensee must implement nuclear security measures that ensure an effective intervention, taking into account the design basis threats and any other threat identified in the threat and risk assessment.

Record

(3) The licensee must keep a record that sets out the process it has put in place to design the nuclear security system and modify the system.

Nuclear Security Officers

Number and duties

39 (1) A licensee must have available at all times at a nuclear facility at which it carries on licensed activities a sufficient number of nuclear security officers to

Record

(2) The licensee must keep a record of the duties and responsibilities of its nuclear security officers and give a copy of the record to each of them.

Equipment

40 A licensee must provide the nuclear security officers with the necessary equipment, devices and apparel to permit them to perform the duties referred to in section 39.

Training, competency and qualifications

41 (1) A licensee must ensure that a nuclear security officer does not carry out duties or responsibilities unless they have received initial training and any relevant follow-up training in respect of the duties or responsibilities and are competent and qualified to carry them out.

Follow-up training

(2) The licensee must ensure that each of its nuclear security officers receives follow-up training to inform them of any change in

Record

(3) The licensee must keep a record of the training received by each of its nuclear security officers.

Record — firearms

42 The licensee must keep a record that indicates the name of each of its nuclear security officers whose duties and responsibilities require them to be equipped with a firearm and whether they are a member of the on-site nuclear response force and whether they are authorized to carry firearms in Canada and trained and qualified to use them.

Security Requirements

On-site nuclear response force

43 (1) Subject to subsection (4), the licensee must maintain an on-site nuclear response force that, in combination with the nuclear security measures for the facility, is capable of making an effective intervention taking into account the design basis threats and any other threat identified in the threat and risk assessment.

Equipment

(2) The licensee must provide nuclear security officers who are members of the on-site nuclear response force with the necessary equipment, devices and apparel to permit them to make an effective intervention, taking into account the design basis threats and any other threat identified in the threat and risk assessment.

Firearms

(3) The licensee must ensure that the nuclear security officers who are members of its on-site nuclear response force are authorized to carry firearms in Canada and are trained and qualified to use them.

Exception

(4) The licensee is not required to maintain an on-site nuclear response force in accordance with subsection (1) if it

Arrangements with off-site response force

44 In addition to meeting the requirements of subsection 13(2), the arrangements with the off-site response force must provide for

Requirements for other off-site response force

45 The licensee may use an off-site response force other than a local, regional, provincial or federal police force or Canadian Forces unit or combination of such forces or units only if the force that it uses is capable of making an effective intervention at the nuclear facility, taking into account the design basis threats and any other threat identified by a threat and risk assessment and consists of persons who are authorized to carry firearms in Canada and trained and qualified to use them.

Contingency plan

46 A licensee must develop and maintain a contingency plan to ensure that an effective intervention can be made, taking into account the design basis threats and any other threat identified by a threat and risk assessment.

Security drill and exercise program

47 (1) A licensee must implement a security drill and exercise program that

Update

(2) The licensee must update the program after each security exercise taking into account the results of the evaluations carried out after the security exercise and security drills that have taken place since the previous security exercise.

Security drill

48 (1) A licensee must conduct a security drill at least once every 30 days to test the operation of one or more elements of the contingency plan or nuclear security measures and the readiness of its security personnel.

Record

(2) Each time it conducts a security drill, the licensee must create a record that contains

Security exercise

49 (1) A licensee must, in cooperation with the off-site response force, conduct a security exercise at least once every two years that tests

Notice to Commission

(2) The licensee must notify the Commission in writing of its intent to conduct a security exercise at least four months before the date of the exercise.

Record

(3) Each time it conducts a security exercise, the licensee must create a record that contains

Corrective action plan

(4) If a corrective action referred to in paragraph 3(c) involves a phased approach, the licensee must create a corrective action plan that sets out

Corrective actions

(5) The licensee must implement the corrective actions and, if applicable, must do so according to the timetable referred to in paragraph (4)(c).

Submission to Commission

(6) The licensee must, within 90 days after the day on which the security exercise is completed, submit to the Commission the record referred to in subsection (3) together with the corrective action plan, if any.

Central Alarm Station

Central alarm station

50 (1) A licensee must ensure that the nuclear security measures referred to in paragraphs 67(2)(a), 70(1)(a), 72(1)(a) and 75(1)(a) are monitored from a central alarm station.

Requirements

(2) The central alarm station must

Access

(3) A licensee must not permit a person to enter the central alarm station unless the person must enter it to perform their duties and either is a member of security personnel or is authorized by the licensee to do so.

Definition of hand-held tool

(4) For the purposes of paragraph (2)(b), hand-held tool means an electric or manual portable tool that could be used to defeat a nuclear security system or nuclear security measure and includes a bolt cutter, pliers, a saw, a thermic lance and a cutting torch.

Secondary alarm station

51 A licensee must establish a secondary alarm station that is

Clearances

Site Access Clearance

Site access clearance

52 (1) A person must not enter or remain in a high-security site unless they

Information to verify

(2) Before granting a site access clearance to a person, a licensee must verify the following documents and information in respect of the person:

Term

(3) A site access clearance may be granted for any term not exceeding ten years and must be subject to any terms and conditions necessary to minimize the risk to the security of the high-security site.

Deemed site access clearance

53 (1) For the purposes of these Regulations, a person is deemed to have been granted a site access clearance by a licensee if, rather than granting a site access clearance, the licensee accepts any of the following clearances in respect of the person:

Record

(2) A licensee that accepts a status or clearance under subsection (1) must keep a record that indicates how it verified that the person has the status or clearance.

Enhanced Security Clearance

Enhanced security clearance

54 (1) A licensee must not permit a person employed by or otherwise under contract to them to carry out duties or responsibilities of security personnel or related to nuclear security intelligence unless the person has an enhanced security clearance granted by the licensee.

Information to verify

(2) Before granting an enhanced security clearance to a person, a licensee must obtain the information referred to in subsection 52(2), as well as the results of a credit check on the person.

Term

(3) An enhanced security clearance may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Clearance — equivalent

(4) For the purposes of these Regulations, a person is deemed to have been granted an enhanced security clearance by a licensee if, rather than granting that clearance, the licensee accepts a Top Secret clearance granted under the Standard on Security Screening in respect of the person.

Deemed site access clearance

55 A person to whom a licensee has granted an enhanced security clearance is deemed also to have been granted a site access clearance by that licensee.

Clearance Assessment, List and Revocation

Factors

56 A licensee may grant a site access clearance or enhanced security clearance to a person only if it determines that the person does not pose an unreasonable risk to the health or safety of persons or the security of the nuclear facility, considering the information obtained under subsection 52(2) or subsection 54(2) and taking the following factors into account:

List of persons

57 (1) A licensee must establish and keep a list of the persons who have a site access clearance and those who have an enhanced security clearance.

List to be provided

(2) A licensee must, on request, provide the list to the Commission or to a person who is designated as an inspector under section 29 of the Act.

Revocation

58 (1) A licensee must revoke a person’s site access clearance or enhanced security clearance if

Commission to be notified

(2) The licensee must notify the Commission in writing of any revocation made under paragraph (1)(a) within five working days after the revocation.

Security Personnel
Nuclear Security Officer, Nuclear Security Support Person and Central Alarm Station Operator

Authorization — nuclear security officer

59 (1) A person must not act as a nuclear security officer without the written authorization of the licensee.

Initial training

(2) Before granting the authorization to a person, the licensee must ensure that the person has received initial training in relation to the following topics, as relevant to the duties and responsibilities of nuclear security officers at the high-security site for which the authorization is to be issued, and has been evaluated on their knowledge of these topics:

Assessment

(3) No earlier than 30 days before granting the authorization to a person, the licensee must assess the person’s knowledge of the relevant security duties and responsibilities and their ability to carry them out.

Follow-up training

(4) Before granting the authorization to a person who has previously been granted one, the licensee must ensure that the person has received any follow-up training that is relevant to the duties and responsibilities of its nuclear security officers.

Authorization — nuclear security support person

60 A person must not act as a nuclear security support person without the written authorization of the licensee.

Requirements for authorization

61 (1) Before granting the authorization referred to in subsection 59(1) or section 60 to a person, the licensee must ensure that the person has an enhanced security clearance granted by the licensee and must obtain from the person

Period of validity

(2) The authorization may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Copy of information and documents

(3) A licensee must give to a person for whom an authorization referred to in subsection (1) has been sought, at the person’s request, a copy of any information or documents relating to the authorization that are in the licensee’s possession that were submitted to the licensee by or on behalf of the person.

Deemed authorizations

62 (1) A person to whom a licensee has granted an authorization under subsection 59(1) or section 60 is deemed also to have been granted, in respect of the same high-security site for which the authorization is granted, an authorization to enter a protected area under section 76 and an authorization to enter an inner area under section 79.

Authorization — central alarm station operator

(2) A person to whom a licensee has granted an authorization under subsection 59(1) and who has completed the training referred to in subsection 63(3) is deemed also to have been granted an authorization to act as a central alarm station operator under subsection 63(1) in respect of the same high-security site while they are on duty in the central alarm station.

Central alarm station operator

63 (1) A person must not act as a central alarm station operator without the written authorization of the licensee.

Clearance and documents

(2) Before issuing the authorization referred to in subsection (1), the licensee must ensure that the person has an enhanced security clearance granted by the licensee and must obtain from the person the following documents:

Training

(3) The licensee must also ensure that the person has received training related to the following topics:

Period of validity

(4) An authorization referred to in subsection (1) may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the facility.

List of authorized persons

64 (1) A licensee must establish and keep a list of the persons who have an authorization under subsection 59(1) or section 60 or 63.

List to be provided

(2) The licensee must, on request, provide the list to the Commission or to a person who is designated as an inspector under section 29 of the Act.

Nuclear Security Support Person With Escort

Authorization

65 (1) A person who does not have the authorization referred to in section 60 may act as a nuclear security support person and enter a protected area and an inner area if they do so for the purpose of performing duties required by the licensee, have the written authorization of the licensee and are escorted at all times

Required information

(2) The licensee must, before granting an authorization under subsection (1), obtain the following information:

Condition

(3) The authorization must be subject to the condition that the person in respect of whom it is granted must be escorted in accordance with subsection (1).

Nuclear Security Measures

Power Supply

Uninterrupted power supply

66 A high-security site must be equipped with devices that, in the event of the loss of power, maintain an uninterrupted power supply for a period sufficient to allow for an alternate continuous power supply to be implemented for all nuclear security measures that require a power supply and are described in the nuclear security plan.

Protected Area

Perimeter — physical barriers

67 (1) A protected area must be enclosed by at least two physical barriers, including one interior barrier at the perimeter of the protected area and one exterior barrier that encloses the interior barrier.

Perimeter — nuclear security measures

(2) The perimeter of the protected area must

Design, construction and implementation

(3) The physical barriers must be designed and constructed and the other nuclear security measures must be designed and implemented to

Continuous physical barrier

(4) Permanent security facilities such as guard posts and vehicle portals may join with the exterior and interior physical barriers provided that a continuous barrier is maintained.

Means of entry or exit

(5) Each gate, door, window or other means of entry or exit in a physical barrier must be constructed so that it can be closed and securely locked to resist unauthorized entry.

Closed and locked

(6) The means of entry or exit must be kept closed and locked except when persons or land vehicles are entering or exiting the protected area under the direct visual surveillance of a nuclear security officer.

Unobstructed area

68 (1) The physical barriers that enclose a protected area must be separated by an unobstructed area at least 5 m wide that is free from any structures, equipment or other obstructions that could be used to penetrate, breach or surmount the physical barrier or to restrict observation of the area.

Requirements

(2) The unobstructed area must be

Vehicle barrier

69 The exterior barrier referred to in subsection 67(1) must be surrounded by an additional barrier that is designed to protect against the forced entry of land vehicles and, if the protected area is adjacent to a body of water, vessels into the protected area.

Nuclear security measures

70 (1) A protected area must be

Access control system

(2) A protected area must be equipped with an access control system that is

Inner Area

Structure or physical barrier

71 (1) Each inner area must be totally enclosed by a structure or physical barrier that is

Closed and locked

(2) Each gate, door, window or other means of entry or exit in the structure or barrier that encloses an inner area must be kept closed and locked with a device that, from outside the structure or barrier, can only be unlocked by two persons authorized under section 79 using two different means of access control at the same time.

Nuclear security measures

72 (1) Each inner area must be

Access control system

(2) Each inner area must be equipped with an access control system that is

Vital Area

Identification of vital areas

73 A licensee must establish a process to identify the vital areas and keep a record that sets out that process.

Physical barrier

74 (1) Each vital area must be enclosed by a physical barrier.

Means of entry or exit

(2) Each gate, door, window or other means of entry or exit in a physical barrier must be constructed so that it can be closed and securely locked to resist unauthorized entry.

Closed and locked

(3) The means of entry or exit must be kept closed and locked except when persons are entering or exiting the protected area under the direct visual surveillance of a nuclear security officer.

Nuclear security measures

75 (1) Each vital area must be

Access control system

(2) Each vital area must be equipped with an access control system that is

Authorizations to Enter Protected, Inner and Vital Areas

Protected Area

Authorization to enter protected area

76 (1) A person must not enter a protected area unless they have a site access clearance and the written authorization of the licensee.

Identification report

(2) A licensee must, before granting an authorization to enter a protected area to a person, ensure that the person has a site access clearance and prepare an identification report that contains the following information and documents:

Period of validity

(3) An authorization to enter a protected area may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Copy of information and documents

(4) The licensee must give to a person who has sought an authorization to enter a protected area, on the person’s request, a copy of any information or documents referred to in subsection (2) that the licensee possesses.

Authorization — with escort

77 (1) Despite subsection 76(1), a person may enter a protected area if they have an authorization granted by the licensee under subsection (2) and are escorted in accordance with the conditions of the authorization.

Requirements

(2) A licensee may grant an authorization to enter a protected area to a person without ensuring that the person has a site access clearance or preparing the identification report referred to in subsection 76(2) if

Record of authorized persons

78 (1) A licensee must

Record to be provided to Commission

(2) A licensee must, on request, provide the record to the Commission or to a person who is designated as an inspector under section 29 of the Act.

Inner Area

Authorization to enter inner area

79 (1) A person must not enter an inner area unless they have the written authorization of the licensee.

Enhanced security clearance required

(2) The licensee must not grant a person an authorization to enter an inner area unless the person has an enhanced security clearance.

Period of validity

(3) An authorization to enter an inner area may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Copy of information and documents

(4) A licensee must give to a person who has sought an authorization referred to in subsection (1), at the person’s request, a copy of any information or documents relating to the authorization that are in the licensee’s possession that were submitted to the licensee by or on behalf of the person.

Deemed authorization — protected area

80 A person to whom a licensee has granted an authorization under section 79 is deemed also to have been granted an authorization to enter a protected area.

Authorization — with escort

81 (1) Despite subsection 79(1), a person may enter an inner area if they do so for the purpose of performing duties required by the licensee, have the written authorization of the licensee and are escorted at all times within the inner area by two persons, each of whom has an authorization granted under section 79 and at least one of whom is a nuclear security officer.

Required information

(2) A licensee must, before issuing an authorization referred to in subsection (1), obtain the following information:

Condition

(3) The authorization must be subject to the condition that the person in respect of which it is granted must be escorted in accordance with subsection (1).

Record of authorized persons

82 (1) A licensee must

Record to be provided to Commission

(2) A licensee must, on request, provide the record to the Commission or to a person who is designated as an inspector under section 29 of the Act.

Vital Area

Authorization to enter vital area

83 (1) A person must not enter a vital area unless they have the written authorization of the licensee.

Enhanced security clearance

(2) The licensee must not grant a person an authorization to enter a vital area unless the person has an enhanced security clearance.

Period of validity

(3) An authorization to enter a vital area may be granted for any term not exceeding five years and must be subject to any terms and conditions necessary to minimize the risk to the security of the nuclear facility.

Copy of information and documents

(4) A licensee must give to a person for whom an authorization referred to in subsection (1) has been sought, at the person’s request, a copy of any information or documents relating to the authorization that are in the licensee’s possession that were submitted to the licensee by or on behalf of the person.

Record of authorized persons

84 (1) A licensee must

Record to be provided to Commission

(2) A licensee must, on request, provide the record to the Commission or to a person who is designated as an inspector under section 29 of the Act.

Revocation

Revocation

85 (1) A licensee must revoke an authorization granted under this Part to a person if

Commission to be notified

(2) The licensee must notify the Commission in writing of any revocation made under paragraph (1)(a) within five working days after the revocation.

Access Control

Prohibition on Permitting Access

Protected, inner or vital area

86 Except as otherwise provided in this Part, a licensee must not permit any person to enter or remain in a protected area, an inner area or a vital area unless the person is a member of an off-site response force, peace officer or member of another external emergency response force who requires access to that area for the purpose of carrying out their duties.

Protected Area

Identity verification

87 The identity of a person entering a protected area must be verified

Unauthorized persons

88 (1) A licensee must not permit an unauthorized person to enter or remain in a protected area.

Reporting unauthorized person

(2) If a person observes anyone in a protected area who they believe, on reasonable grounds, is not authorized to be in the area, they must immediately report that fact to a nuclear security officer.

Access with escort

89 A licensee must not permit a person who has an authorization granted under section 65 or 77 to enter or remain in a protected area unless the person is escorted in accordance with section 65 or 77, as the case may be.

Vehicle portals

90 (1) A licensee must ensure that vehicle portals are used for the entry and exit of land vehicles into and from a protected area.

Gates not open

(2) The gates of a vehicle portal must not be open at the same time, except if required in the event of an emergency.

Measures when gates open

(3) If both gates of a vehicle portal are open at the same time, the vehicle portal must be either

Operational requirement

(4) A licensee must not permit a land vehicle to enter a protected area unless there is an operational requirement for it to be there.

Weapons, explosive substances and threat items

91 A licensee must ensure that weapons, explosive substances and threat items are not taken into a protected area unless they are under the control of a nuclear security officer or a member of an on-site nuclear response force or off-site response force.

Removal of nuclear material

92 A licensee must ensure that Category I, II or III nuclear material is not removed from a protected area except in accordance with a licence.

Prohibited activities

93 A person must not

Inner Area

Requirement — two authorized persons

94 No person who is authorized under section 79 to enter an inner area may do so unless at least one other person who is also authorized to enter it does so at the same time and remains in a place where they are visible to the person.

Unauthorized persons

95 (1) A licensee must not permit an unauthorized person to enter or remain in an inner area.

Reporting unauthorized person

(2) If a person observes anyone in an inner area who they believe, on reasonable grounds, is not authorized to be in the area, they must immediately report that fact to a nuclear security officer.

Access with escort

96 A licensee must not permit a person who has an authorization granted under section 65 or 81 to enter or remain in the inner area unless the person is escorted in accordance with section 65 or 81, as the case may be.

Land vehicle

97 A licensee must not permit a land vehicle to enter an inner area unless there is an operational requirement for it to be there.

Weapons, explosive substances and threat items

98 A licensee must ensure that weapons, explosive substances and threat items are not taken into an inner area unless they are under the control of a nuclear security officer or a member of an on-site nuclear response force or an off-site response force.

Means of entry or exit

99 (1) A licensee must not permit a gate, door, window or other means of entry or exit in the structure or barrier that encloses an inner area to be unlocked, opened or kept open unless

Unlocked from outside

(2) A licensee must not permit a gate, door, window or other means of entry or exit in the structure or barrier that encloses an inner area to be unlocked from the outside unless it is unlocked by two persons who are authorized to enter the inner area under section 79, at least one of whom is a nuclear security officer.

Removal of nuclear material

100 A licensee must ensure that Category I, II or III nuclear material is not removed from an inner area except in accordance with a licence.

Prohibited activities

101 A person must not

Vital Area

Unauthorized persons

102 (1) A licensee must not permit a person to enter or remain in a vital area without the written authorization of the licensee.

(2) If a person observes anyone in a vital area who they believe, on reasonable grounds, is not authorized to be in the area, they must immediately report that fact to a nuclear security officer.

Verification and recording of identity

103 The identity of any person entering a vital area must be verified by a system that records the identity of the person.

Land vehicle

104 A licensee must not permit a land vehicle to enter a vital area unless there is an operational requirement for it to be there.

Weapons, explosive substances and threat items

105 A licensee must ensure that weapons, explosive substances and threat items are not taken into a vital area unless they are under the control of a nuclear security officer or a member of an on-site nuclear response force or an off-site response force.

Removal of nuclear material

106 A licensee must ensure that Category I, II or III nuclear material is not removed from a vital area without the authorization of the licensee.

Prohibited activities

107 A person must not

Exception

Inspector

108 Subsections 76(1), 79(1) 83(1), 88(1), 95(1), and 102(1) do not apply to or in respect of an inspector who has a clearance issued under the Standard on Security Screening and is designated under section 29 of the Act to carry out inspections at a high-security site or a person chosen under section 33 of the Act to accompany them.

Searches

Sign regarding searches

109 A licensee must post, at the entrance to each protected area and inner area, a sign that is visible to any person who is about to enter the area that states, in English and French, that the licensee must not permit any person to

Search

110 (1) Subject to section 111, a licensee must not permit any person to enter or leave a protected area or an inner area unless

Weapons, explosive substances or threat items

(2) A licensee that has reasonable grounds to suspect that a person who is in a protected area or an inner area has in their possession weapons, explosive substances or threat items that are not under the control of a nuclear security officer or a member of an on-site nuclear response force or off-site response force or has in their possession Category I, II or III nuclear material without the authorization of the licensee must not permit the person to remain in that area unless the person and everything in their possession, including any land vehicle, are searched by a nuclear security officer for the weapons, explosive substances, threat items or nuclear material.

Conduct of search

(3) A search of a person conducted under this section must be

Search of land vehicle

(4) A search of a land vehicle conducted under this section must take place in a vehicle portal.

Exception to search requirement

111 (1) The requirement for a search set out in subsection 110(1) or (2) does not apply in respect of a nuclear security officer whose identity has been verified in accordance with section 87 and who, for the purposes of carrying out their duties, is entering a protected area or inner area on foot or requires emergency access to or egress from a nuclear facility, as the case may be.

Emergencies

(2) The requirement for a search set out in subsection 110(1) or (2) does not apply in respect of a person who satisfactorily establishes, through the provision of identification or other evidence, that they are a member of an off-site response force, peace officer or member of another external emergency response force and who requires, as verified by a nuclear security officer, emergency access to or egress from a protected area or inner area, as the case may be, for the purpose of carrying out their duties, if they are escorted

Prohibition

112 A person who refuses to submit to a search to which they are subject under section 110 must not enter or leave a protected area or inner area.

PART 3

Licence to Transport

Application

113 This Part applies in respect of the transport of Category I, II or III nuclear material.

Exemption

114 (1) A person may, without a licence to carry on that activity, transport Category I, II or III nuclear material within an area in which the material is required by sections 19 to 21 to be produced, processed, used or stored.

Non-derogation

(2) For greater certainty, the exemption established in subsection (1) relates only to the activity specified in that subsection and does not derogate from the licence requirement imposed by section 26 of the Act in relation to other activities.

Transport security plan

115 An application for a licence to transport Category I, II or III nuclear material must contain, in addition to the other information required by section 7 of the Packaging and Transport of Nuclear Substances Regulations, 2015, a transport security plan that includes

Security exercise

116 (1) The licensee must conduct security exercises in accordance with its transport security plan, and in any event at least once every five years.

Record

(2) Each time it conducts a security exercise, the licensee must create a record that contains

Corrective action plan

(3) If a corrective action referred to in paragraph 2(c) involves a phased approach, the licensee must create a corrective action plan that sets out

Corrective actions

(4) The licensee must implement the corrective actions referred to in paragraph (2)(c) and, if applicable, must do so according to the timetable referred to in paragraph (3)(c).

Submission to Commission

(5) The licensee must, within 90 days after the day on which the security exercise is completed, submit to the Commission the record referred to in subsection (2) together with the corrective action plan, if any.

PART 4

Consequential Amendments, Transitional Provisions, Repeal and Coming into Force

Consequential Amendments

Class I Nuclear Facilities Regulations

117 Paragraph 3(i) of the Class I Nuclear Facilities Regulations footnote 22 is replaced by the following:

Nuclear Substances and Radiation Devices Regulations

118 Subparagraph 3(1)(n)(ii) of the Nuclear Substances and Radiation Devices Regulations footnote 23 is replaced by the following:

Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission)

119 Part 9 of the schedule to the Administrative Monetary Penalties Regulations (Canadian Nuclear Safety Commission) footnote 24 is replaced by:

PART 9

Nuclear Security Regulations, 2023
Item

Column 1

Provision

Column 2

Short-form Description

Column 3

Category

1 4(1) Failure to review and update nuclear security plan at the specified interval B
2 4(2) Failure to submit updated nuclear security plan to Commission within prescribed time B
3 5(1) Failure to conduct threat and risk assessment at the specified interval B
4 5(2) Failure to update threat and risk assessment at the specified interval B
5 5(3) Failure to make necessary modifications to the nuclear security system in the prescribed time B
6 5(4) Failure to keep record of results of each threat and risk assessment A
7 5(5) Failure to submit record of threat and risk assessment and statement describing modifications and actions to the Commission within the prescribed period B
8 6 Failure to implement nuclear security measures that ensure effective intervention B
9 7 Failure to develop and implement training program B
10 8(1) Failure to implement measures to promote and support security culture B
11 8(2) Failure to maintain record of measures implemented to promote and support security culture A
12 9(1) Failure to ensure that measures and activities are designed and implemented as required and ensure that measures do not compromise the environment, the health or safety of persons or security of the facility B
13 9(2) Failure to establish, implement and maintain the required process regarding conflicts and coordination B
14 9(3) Failure to keep a record setting out the process A
15 10(1) Failure to immediately implement required compensatory measures when nuclear security system or measures are degraded or inoperative B
16 10(2) Failure to keep record setting out process for implementing compensatory measures and record indicating implementation of compensatory measures A
17 11(a) Failure to immediately replace or restore functioning of degraded, inoperative or compromised device or code A
18 11(b) Failure to determine how device or code became degraded, inoperative or compromised A
19 12(1) Failure to ensure security guards are trained, competent and qualified B
20 12(2) Failure to keep the required record of security guard training and proof of their qualifications A
21 13(1) Failure to make written arrangements with an off-site response force capable of making an effective intervention at nuclear facility and that meets firearms requirements B
22 13(2) Failure to include specified provisions in arrangements with off-site response force B
23 13(3) Failure to have arrangements signed as required A
24 14(1) Failure to have alarm monitoring capacity or make arrangements with an alarm monitoring service B
25 14(2) Failure of alarm monitoring service to immediately notify the licensee and off-site response force on receipt of an alarm signal B
26 15(1) Failure to conduct a security exercise testing the prescribed elements at the specified interval B
27 15(2) Failure to notify Commission in writing within prescribed time of intent to conduct security exercise A
28 15(3) Failure to create a record containing the required information each time a security exercise is conducted A
29 15(4) Failure to create a corrective action plan setting out the required information B
30 15(5) Failure to implement corrective actions B
31 15(6) Failure to submit the record and any corrective action plan to the Commission within the prescribed period A
32 16(1) Failure to implement and maintain the cybersecurity program C
33 16(2) Failure to protect computer systems against cybersecurity threats as required B
34 17(1) Failure to implement and keep updated nuclear security measures to protect the confidentiality, integrity and availability of sensitive information as required B
35 17(2) Permitting person to access sensitive information who does not require access in order to perform their duties B
36 18 Failure to implement measures to protect information for identity verification and regarding site access status, clearances and authorizations as required B
37 19 Failure to produce, process, use, or store Category I nuclear material in an inner area C
38 20 Failure to produce, process, use or store Category II nuclear material in a protected area C
39 21 Failure to produce, process, use or store Category III nuclear material in a protected area or an area that meets prescribed requirements B
40 22(1) Failure to produce, process, use or store nuclear substances in an area under control and direct visual surveillance or designed and constructed to prevent unauthorized access B
41 22(2)(a) Failure to ensure that area where nuclear substances are produced, processed, used or stored is equipped with measures that permit access only to authorized persons B
42 22(2)(b) Failure to ensure that area where nuclear substances are produced, processed, used or stored is equipped with measures that detect intrusion B
43 22(2)(c) Failure to ensure that area where nuclear substances are produced, processed, used or stored is equipped with measures that detect tampering or attempted tampering B
44 22(2)(d) Failure to ensure that area where nuclear substances are produced, processed, used or stored is equipped with measures that set off a continuous alarm signal when intrusion, tampering or attempted tampering is detected B
45 22(2)(e) Failure to ensure that area where nuclear substances are produced, processed, used or stored is equipped with the required measures to detect unauthorized removal of nuclear substances B
46 23(1) Entering or remaining in a nuclear facility without site access status and while unescorted or unauthorized B
47 23(2)(a) to (d) Failure to verify identification, criminal record check, personal history or information relating to trustworthiness before granting site access status B
48 23(3) Granting of site access status for a term exceeding 10 years or not subject to necessary terms and conditions B
49 24(2) Failure to keep a record indicating how status or clearance was verified A
50 25 Granting a site access status to a person who poses an undue risk to health or safety of persons or security of the nuclear facility B
51 26(1) Failure to establish and keep list of persons with site access status A
52 26(2) Failure to provide the list of persons with site access status to the Commission or an inspector A
53 27(1)(a) Failure to revoke site access status of a person who poses or could pose an unreasonable risk to health or safety of persons or security of the nuclear facility B
54 27(1)(b) Failure to revoke site access status of a person who is no longer employed by or under contract to the licensee B
55 27(1)(c) Failure to revoke site access status of person whose duties or functions are completed, suspended or otherwise terminated B
56 27(1)(d) Failure to revoke the site access status of a person who no longer requires it to perform their duties B
57 27(1)(e) Failure to revoke the site access status of a person who provided false or misleading information B
58 27(2) Failure to notify the Commission of revocation of site access status within prescribed time A
59 28(1) Failure to ensure that every person who enters or remains in nuclear facility is authorized to do so B
60 28(2) Failure to ensure that identity of person entering nuclear facility is verified as required B
61 29 Failure to ensure nuclear substances not removed from nuclear facility except in accordance with licence B
62 30(1)(a) Failure to determine the reason for unauthorized removal of nuclear substances from the nuclear facility A
63 30(1)(b) Failure to immediately assess and respond to the unauthorized removal of nuclear substances B
64 30(2) Failure to keep a record setting out process regarding unauthorized removal of nuclear substances A
65 31 Permitting a land vehicle to enter a nuclear facility without operational requirement and search and if used by an unauthorized person B
66 32(1) Failure to post required sign at entrance to nuclear facility that is not a high-security site B
67 32(2) Failure to post required sign at entrance to high-security site B
68 33(1)(a) Permitting a person to leave a nuclear facility that is not a high-security site without searching or screening them and their possessions B
69 33(1)(b) Permitting a person to leave a high-security site without searching them and their possessions B
70 33(2) Failure to conduct search or screening in accordance with requirements B
71 38(1) Failure to design the nuclear security system taking into account the specified threats, evaluate that system or modify the system as necessary B
72 38(2) Failure to implement nuclear security measures taking into account the specified threats B
73 38(3) Failure to maintain record that sets out process for design of nuclear security system A
74 39(1) Failure to provide sufficient number of nuclear security officers to carry on the specified activities C
75 39(2) Failure to keep record of duties and responsibilities of nuclear security officers and to give a copy of record to nuclear security officer A
76 40 Failure to provide nuclear security officers with necessary equipment, devices and apparel B
77 41(1) Failure to ensure nuclear security officer only carries out duties or responsibilities for which they are trained, competent and qualified B
78 41(2) Failure to ensure nuclear security officer receives follow-up training B
79 41(3) Failure to keep record of training received by each nuclear security officer B
80 42 Failure to keep record of names of nuclear security officers A
81 43(1) Failure to maintain on-site nuclear response force capable of making an effective intervention as required C
82 43(2) Failure to provide members of on-site response force with necessary equipment, devices and apparel C
83 43(3) Failure to ensure that nuclear security officers in the on-site nuclear response force are qualified and authorized to carry firearms in Canada and trained to use them C
84 43(4)(a) Failure to implement the required nuclear security measures if there is no on-site nuclear response force C
85 43(4)(b) Failure to ensure that the off-site response force meets the specified requirements if there is no on-site nuclear response force B
86 43(4)(c) Failure to provide notice in writing to the Commission of intent not to have an on-site nuclear response force and a description of the required measures within the prescribed time B
87 44 Failure to include the specified provisions in arrangements with off-site response force B
88 45 Failure to use an off-site response force capable of making an effective intervention and consisting of persons with the required training, qualifications and authorization B
89 46 Failure to develop and maintain a contingency plan to ensure an effective intervention taking into account the specified threats B
90 47(1) Failure to implement the required security drill and exercise program B
91 47(2) Failure to update the security drill and exercise program each time a security exercise is conducted B
92 48(1) Failure to conduct security drill at the specified interval B
93 48(2) Failure to create the required record each time a security drill is conducted B
94 49(1) Failure to conduct a security exercise as required at the specified interval B
95 49(2) Failure to notify the Commission within the prescribed time of intent to conduct a security exercise B
96 49(3) Failure to create a record containing the required information each time a security exercise is conducted B
97 49(4) Failure to create a corrective action plan setting out the required information B
98 49(5) Failure to implement corrective actions B
99 49(6) Failure to submit the record and any corrective action plan to the Commission within the prescribed period A
100 50(1) Failure to ensure that specified nuclear security measures are monitored from a central alarm station B
101 50(2)(a) Central alarm station not located outside of an inner area or vital area B
102 50(2)(b) Central alarm station not designed, constructed and situated as required B
103 50(2)(c) Central alarm station not attended at all times by central alarm station operator B
104 50(2)(d) Central alarm station not attended by at least two central alarm station operators and not equipped with required independent measures B
105 50(2)(e) Central alarm station not located and equipped as required with respect to alarm signals B
106 50(2)(f) Central alarm station not equipped with required devices B
107 50(3) Permitting unauthorized person to enter the central alarm station who need not enter to perform their duties B
108 51(a) Failure to establish secondary alarm station located separately from the central alarm station B
109 51(b) Failure to establish secondary alarm station that is designed and equipped as required B
110 52(1) Entering or remaining in a high-security site without site access clearance and while unescorted or unauthorized to enter or remain there B
111 52(2)(a) to (e) Failure to verify identification, criminal record check, personal history, information relating to trustworthiness or security assessment before granting site access clearance C
112 52(3) Granting of site access clearance for a term exceeding 10 years or not subject to necessary terms and conditions B
113 53(2) Failure to keep a record indicating how status or clearance was verified A
114 54(1) Permitting a person who does not have enhanced security clearance to carry out duties or functions of security personnel or related to nuclear security intelligence B
115 54(2) Failure to obtain required information before granting enhanced security clearance to a person B
116 54(3) Granting of enhanced security clearance for a term exceeding five years or not subject to necessary terms and conditions B
117 56 Granting a site access clearance or enhanced security clearance to a person who poses an unreasonable risk to health or safety of persons or security of the nuclear facility C
118 57(1) Failure to establish or keep list of persons with site access clearance and with enhanced security clearance B
119 57(2) Failure to provide list of persons with site access clearance and with enhanced security clearance to the Commission or an inspector B
120 58(1)(a) Failure to revoke clearance of a person who poses or could pose unreasonable risk to health or safety of persons or security of the facility B
121 58(1)(b) Failure to revoke clearance of a person who is no longer employed by or under contract to the licensee B
122 58(1)(c) Failure to revoke clearance of a person whose duties or functions have been complete, suspended or otherwise terminated B
123 58(1)(d) Failure to revoke clearance of a person who no longer requires it to perform their duties B
124 58(1)(e) Failure to revoke clearance of a person who provided false or misleading information B
125 58(2) Failure to notify the Commission in writing of revocation of a clearance within prescribed time B
126 59(1) Acting as nuclear security officer without written authorization B
127 59(2) Failure to ensure person has received initial training and has been evaluated before being granted nuclear security officer authorization B
128 59(3) Failure to assess, within the prescribed period, person’s knowledge of security duties and responsibilities and ability to carry them out B
129 59(4) Failure to ensure nuclear security officer has received follow-up training as required before authorization is granted again B
130 60 Acting as nuclear security support person without the written authorization B
131 61(1) Failure to ensure person has enhanced security clearance and obtain required documents before person is granted authorization to act as nuclear security officer or nuclear security support person B
132 61(2) Granting of nuclear security officer or nuclear security support person authorization for a term exceeding five years or not subject to necessary terms and conditions B
133 61(3) Failure to give person copy of requested information or documents A
134 63(1) Acting as central alarm station operator without written authorization B
135 63(2) Failure to ensure person has enhanced security clearance and obtain required documents before person is granted authorization to act as central alarm station operator B
136 63(3) Failure to ensure person has received the required training before person is granted central alarm station operator authorization B
137 63(4) Granting a central alarm station operator authorization for a term exceeding five years or not subject to necessary terms and conditions B
138 64(1) Failure to establish or keep a list of persons authorized to act as nuclear security officers, nuclear security support persons and central alarm station operators B
139 64(2) Failure to provide the list of persons authorized to act as nuclear security officers, nuclear security support persons and central alarm station operators to the Commission or an inspector B
140 65(1) Acting as nuclear security support person without required authorization and escort B
141 65(2) Failure to obtain required information before issuing an authorization to act as a nuclear security support person B
142 65(3) Failure to include required conditions in authorization to act as a nuclear security support person B
143 66 Failure to provide uninterrupted power supply for required nuclear security measures B
144 67(1) Failure to enclose protected area with the required physical barriers B
145 67(2)(a)(i) Failure to equip protected area perimeter with nuclear security measures to detect intrusion or attempted intrusion that are designed and installed as required B
146 67(2)(a)(ii) Failure to equip protected area perimeter with nuclear security measures that detect tampering or attempted tampering as required B
147 67(2)(a)(iii) Failure to equip protected area perimeter with nuclear security measures that set off the required alarm signal B
148 67(2)(a)(iv) Failure to equip protected area perimeter with nuclear security measures that facilitate immediate assessment of an alarm by a nuclear security officer B
149 67(2)(b) Failure to keep protected area perimeter under direct visual surveillance of a nuclear security officer equipped with the required devices B
150 67(3) Failure to design and construct physical barriers and design and implement nuclear security measures at protected area perimeter as required B
151 67(5) Failure to construct means of entry or exit that can be closed and locked B
152 67(6) Failure to keep means of entry or exit closed and locked unless under direct visual surveillance of nuclear security officer B
153 68(1) Failure to maintain specified unobstructed area between physical barriers B
154 68(2)(a) Failure to illuminate unobstructed area in the prescribed manner B
155 68(2)(b) Failure to equip unobstructed area with devices or technology to permit observation and assessment of the cause of an alarm B
156 69 Failure to surround exterior barrier with the required additional barrier B
157 70(1)(a)(i) Failure to equip protected area with nuclear security measures to detect intrusion or attempted intrusion that are designed and installed as required B
158 70(1)(a)(ii) Failure to equip protected area with nuclear security measures that detect tampering or attempted tampering as required B
159 70(1)(a)(iii) Failure to equip protected area with nuclear security measures that set off the required alarm signal B
160 70(1)(a)(iv) Failure to equip protected area perimeter with nuclear security measures that facilitate immediate assessment of an alarm by a nuclear security officer B
161 70(1)(a)(v) Failure to equip protected area with measures that detect the unauthorized removal of Category I, II or III nuclear material B
162 70(1)(b) Failure to keep protected area perimeter under direct visual surveillance of a nuclear security officer equipped with the required devices B
163 70(2)(a) Failure to equip protected area with access control system that meets requirements B
164 70(2)(b) Failure to monitor access control system to detect and assess attempts to tamper B
165 71(1) Failure to enclose inner area with a structure or barrier that meets requirements B
166 71(2) Failure to keep means of entry or exit closed and locked with device that can only be unlocked by two authorized persons each using different means of access control B
167 72(1)(a)(i) Failure to equip inner area with the required nuclear security measures to detect intrusion and unauthorized movement B
168 72(1)(a)(ii) Failure to equip inner area with nuclear security measures that detect tampering or attempted tampering as required B
169 72(1)(a)(iii) Failure to equip inner area with nuclear security measures that set off the required alarm signals B
170 72(1)(a)(iv) Failure to equip inner area with nuclear security measures that facilitate immediate assessment of an alarm B
171 72(1)(a)(v) Failure to equip inner area with nuclear security measures that detect the unauthorized removal of Category I, II or III nuclear material B
172 72(1)(b) Failure to keep inner area under direct visual surveillance of a nuclear security officer equipped with the required devices B
173 72(2)(a) Failure to equip inner area with access control system that meets requirements B
174 72(2)(b) Failure to monitor access control system to detect and assess attempts to tamper B
175 73 Failure to establish process to identify vital areas and keep the required record B
176 74(1) Failure to enclose vital area with a physical barrier B
177 74(2) Failure to construct means of entry or exit that can be closed and locked B
178 74(3) Failure to keep means of entry or exit closed and locked unless under direct visual surveillance of nuclear security officer B
179 75(1)(a)(i) Failure to equip vital area with nuclear security measures to detect intrusion and unauthorized movement B
180 75(1)(a)(ii) Failure to equip vital area with nuclear security measures that detect tampering or attempted tampering as required B
181 75(1)(a)(iii) Failure to equip vital area with nuclear security measures that set off the required alarm signal B
182 75(1)(a)(iv) Failure to equip vital area with nuclear security measures that facilitate immediate assessment of an alarm signal B
183 75(1)(a)(v) Failure to equip inner area with measures that detect the unauthorized removal of Category I, II or III nuclear material B
184 75(1)(b) Failure to keep vital area under direct visual surveillance of a nuclear security officer equipped with the required devices B
185 75(2)(a) Failure to equip vital area with access control system that meets requirements B
186 75(2)(b) Failure to monitor vital area access control system to detect and assess attempts to tamper B
187 76(1) Entering protected area without site access clearance and written authorization B
188 76(2) Failure to prepare an identification report containing the required information and documents B
189 76(3) Granting of authorization to enter a protected area for a term exceeding five years or not subject to necessary terms and conditions B
190 76(4) Failure to give person copy of requested information or documents B
191 77(1) Entering an inner area without required authorization and escort B
192 77(2) Granting an authorization to enter protected area without proof of name and address and identification and without condition that person be escorted B
193 78(1)(a) Failure to keep a record of the name of person authorized to enter protected area B
194 78(1)(b) Failure to retain the record of name of each person authorized to enter a protected area for the prescribed period A
195 78(1)(c) Failure to make copy of record of name of each person authorized to enter protected area available to nuclear security officers A
196 78(2) Failure to provide record of names of persons authorized to enter protected area available to the Commission or an inspector B
197 79(1) Entering inner area without written authorization B
198 79(2) Granting a person who does not have enhanced security clearance an authorization to enter an inner area B
199 79(3) Granting of authorization to enter an inner area for a term exceeding five years or not subject to necessary terms and conditions B
200 79(4) Failure to give person copy of requested information or documents B
201 81(1) Entering an inner area without required authorization and escort B
202 81(2) Failure to obtain required information prior to issuing an authorization to enter inner area C
203 81(3) Failure to include required condition in authorization to enter inner area B
204 82(1)(a) Failure to keep a record of the name of each person authorized to enter each inner area B
205 82(1)(b) Failure to retain the record of names of persons authorized to enter inner area for the prescribed period B
206 82(1)(c) Failure to make copy of record of names of persons authorized to enter inner area available to nuclear security officers B
207 82(2) Failure to provide record of names of persons authorized to enter inner area available to the Commission or an inspector B
208 83(1) Entering a vital area without written authorization B
209 83(2) Failure to ensure person has enhanced security clearance before granting authorization to enter a vital area B
210 83(3) Granting of authorization to enter a vital area for a term exceeding five years or not subject to necessary terms and conditions B
211 83(4) Failure to give person copy of requested information or documents B
212 84(1)(a) Failure to keep a record of the name of each person authorized to enter each inner area B
213 84(1)(b) Failure to retain the record of names of persons authorized to enter each vital area for the prescribed period B
214 84(1)(c) Failure to make copy of record of names of persons authorized to enter each vital area available to nuclear security officers B
215 84(2) Failure to provide record of names of persons authorized to enter vital area available to the Commission or an inspector B
216 85(1)(a) Failure to revoke authorization of a person who poses or could pose unreasonable risk to health or safety of persons or security of the facility B
217 85(1)(b) Failure to revoke authorization of a person who is no longer employed by or under contract to the licensee B
218 85(1)(c) Failure to revoke authorization of a person whose duties or functions have been completed, suspended or otherwise terminated B
219 85(1)(d) Failure to revoke authorization of a person who no longer requires it to perform their duties B
220 85(1)(e) Failure to revoke authorization of a person who provided false or misleading information B
221 85(2) Failure to notify the Commission in writing of revocation of authorization within specified time B
222 87 Failure to verify identity of person entering protected area as required C
223 88(1) Permitting unauthorized person to enter or remain in protected area B
224 88(2) Failure to immediately report unauthorized person in protected area to nuclear security officer B
225 89 Permitting unescorted person to enter or remain in protected area B
226 90(1) Failure to confine entry and exit of land vehicles to vehicle portals C
227 90(2) Failure to ensure that gates of vehicle portal are not both open at the same time B
228 90(3) Failure to attend vehicle portal or equip with required measures while both gates are open B
229 90(4) Permitting land vehicle to enter protected area without operational requirement B
230 91 Failure to ensure that weapons, explosive substances and threat items only enter protected area under the control of an authorized person B
231 92 Failure to ensure Category I, II or III nuclear material is only removed from protected area in accordance with a licence B
232 93(a) Taking weapons, explosive substances or threat items into protected area other than under the control of an authorized person B
233 93(b) Removing Category I, II or III nuclear material from protected area without authorization of licensee B
234 94 Entering and remaining in an inner area without another authorized person as required B
235 95(1) Permitting an unauthorized person to enter or remain in an inner area B
236 95(2) Failure to immediately report unauthorized person in inner area to nuclear security officer B
237 96 Permitting unescorted person to enter or remain in inner area B
238 97 Permitting land vehicle to enter inner area without operational requirement B
239 98 Failure to ensure that weapons, explosive substances and threat items only enter inner area under the control of an authorized person B
240 99(1)(a) Permitting means of entry or exit into inner area to be unlocked, opened or kept open longer than required B
241 99(1)(b) Permitting means of entry or exit into inner area to be unlocked, opened or kept open without direct visual surveillance of a nuclear security officer B
242 99(2) Permitting the means of entry or exit in structure or barrier enclosing an inner area to be unlocked by unauthorized persons B
243 100 Failure to ensure that Category I, II or III nuclear material is only removed from inner area in accordance with a licence B
244 101(a) Taking weapons, explosive substances or threat items into inner area other than under the control of an authorized person B
245 101(b) Removing Category I, II or III nuclear material from protected area without authorization of licensee B
246 102(1) Permitting an unauthorized person to enter or remain in a vital area C
247 102(2) Failure to immediately report unauthorized person in vital area to nuclear security officer B
248 103 Failure to verify identity of authorized person entering vital area as required B
249 104 Permitting land vehicle to enter vital area without operational requirement B
250 105 Failure to ensure that weapons, explosive substances and threat items only enter vital area under the control of an authorized person B
251 106 Failure to ensure that Category I, II or III nuclear material is not removed from vital area without authorization of licensee B
252 107(a) Taking weapons, explosive substances or threat items into vital area other than under the control of an authorized person B
253 107(b) Removing Category I, II or III nuclear material from protected area without authorization of licensee B
254 109 Failure to post required sign at entrance to protected area or inner area A
255 110(1) Permitting a person to enter or leave a protected area or an inner area without searching them and their possessions B
256 110(2) Permitting a person to remain in protected area or inner area without searching them and their possessions if reasonable grounds to suspect person possesses unauthorized object B
257 110(3) Failure to conduct search in accordance with requirements B
258 110(4) Failure to conduct search of a land vehicle entering or leaving a protected area in a vehicle portal B
259 112 Entering or leaving protected area or inner area after refusing search B
260 116(1) Failure to conduct a security exercise as required at the specified interval B
261 116(2) Failure to create a record containing the required information each time a security exercise is conducted B
262 116(3) Failure to create a corrective action plan setting out the required information B
263 116(4) Failure to implement corrective actions B
264 116(5) Failure to submit the record and any corrective action plan to the Commission within the prescribed period A

Packaging and Transport of Nuclear Substances Regulations, 2015

120 Paragraph 6(1)(a) of the Packaging and Transport of Nuclear Substances Regulations, 2015 footnote 25 is replaced by the following:

121 Paragraph 7(b) of the Regulations is replaced by the following:

Transitional Provisions

Definition of former Regulations

122 For the purposes of section 123, former Regulations means the Nuclear Security Regulations as they read immediately before the day on which these Regulations come into force.

Nuclear facility

123 (1) The former Regulations continue to apply

Existing authorization or clearance

(2) If a person has been granted a clearance or issued an authorization under the former Regulations, that clearance or authorization remains valid until the expiry of the term for which it was granted or issued, and during that term the person may continue to access any area or information and carry out any duties and responsibilities that the clearance or authorization permitted them to access or carry out under the former Regulations.

Site access security clearance

(3) If a person has been granted a site access security clearance under the former Regulations that is valid on the day on which these Regulations come into force and that, to maintain the person’s access to the nuclear facility, must be replaced by a site access status granted under the Regulations, the licensee that granted the clearance may, before the term of the clearance expires, extend the term of the clearance to any term not exceeding 10 years.

Repeal

124 The Nuclear Security Regulations footnote 26 are repealed.

Coming Into Force

Registration

125 These Regulations come into force on the day on which they are registered.

SCHEDULE

(Section 1)

Category I, II and III Nuclear Material
Item

Column 1

Nuclear Substance

Column 2

Form

Column 3

Quantity
(Category I) table g1 note 1

Column 4

Quantity
(Category II) table g1 note 1

Column 5

Quantity
(Category III) table g1 note 1 table g1 note 5

1 Plutonium table g1 note 2 Unirradiated table g1 note 3 2 kg or more Less than 2 kg, but more than 500 g 500 g or less, but more than 15 g
2 Uranium 235 Unirradiated table g1 note 3  — uranium enriched to 20% 235U or more 5 kg or more Less than 5 kg, but more than 1 kg 1 kg or less, but more than 15 g
3 Uranium 235 Unirradiated table g1 note 3  — uranium enriched to 10% 235U or more, but less than 20% 235U N/A 10 kg or more Less than 10 kg, but more than 1 kg
4 Uranium 235 Unirradiated table g1 note 3  — uranium enriched above natural, but less than 10% 235U N/A N/A 10 kg or more
5 Uranium 233 Unirradiated table g1 note 3 2 kg or more Less than 2 kg, but more than 500 g 500 g or less, but more than 15 g
6 Fuel consisting of depleted or natural uranium, thorium or low-enriched fuel (less than 10% fissile content) table g1 note 4 Irradiated N/A More than 500 g of plutonium 500 g or less, but more than 15 g of plutonium

Table g1 note(s)

Table g1 note 1

The quantities listed refer to the aggregate of each kind of nuclear substance located at a facility, excluding the following (which are considered separate quantities):

  • (a) any quantity of the nuclear substance that is not within 1 000 m of another quantity of the nuclear substance; and
  • (b) any quantity of the nuclear substance that is located in a locked building or a similarly resistant structure.

Return to table g1 note 1 referrer

Table g1 note 2

All plutonium except that with isotopic concentration exceeding 80% in plutonium 238.

Return to table g1 note 2 referrer

Table g1 note 3

Material not irradiated in a reactor or material irradiated in a reactor but with a radiation level equal to or less than 1 Gy/h at 1 m unshielded.

Return to table g1 note 3 referrer

Table g1 note 4

Other fuel that by virtue of its original fissile content is classified as Category I or II before irradiation may be reduced one category level while the radiation level from the fuel exceeds 1 Gy/h at 1 m unshielded, if the Commission is provided with written confirmation of the radiation level.

Return to table g1 note 4 referrer

Table g1 note 5

NOTE: Quantities less than the quantities set out in column 5 for Category III nuclear material and any quantities of natural uranium, depleted uranium and thorium should be protected at least in accordance with the requirements of paragraphs 12(1)(c), (g), (h) and (j) of the General Nuclear Safety and Control Regulations.

Return to table g1 note 5 referrer

Terms of use and Privacy notice

Terms of use

It is your responsibility to ensure that the comments you provide do not:

  • contain personal information
  • contain protected or classified information of the Government of Canada
  • express or incite discrimination on the basis of race, sex, religion, sexual orientation or against any other group protected under the Canadian Human Rights Act or the Canadian Charter of Rights and Freedoms
  • contain hateful, defamatory, or obscene language
  • contain threatening, violent, intimidating or harassing language
  • contain language contrary to any federal, provincial or territorial laws of Canada
  • constitute impersonation, advertising or spam
  • encourage or incite any criminal activity
  • contain a language other than English or French
  • otherwise violate this notice

The federal institution managing the proposed regulatory change retains the right to review and remove personal information, hate speech, or other information deemed inappropriate for public posting as listed above.

Confidential Business Information should only be posted in the specific Confidential Business Information text box. In general, Confidential Business Information includes information that (i) is not publicly available, (ii) is treated in a confidential manner by the person to whose business the information relates, and (iii) has actual or potential economic value to the person or their competitors because it is not publicly available and whose disclosure would result in financial loss to the person or a material gain to their competitors. Comments that you provide in the Confidential Business Information section that satisfy this description will not be made publicly available. The federal institution managing the proposed regulatory change retains the right to post the comment publicly if it is not deemed to be Confidential Business Information.

Your comments will be posted on the Canada Gazette website for public review. However, you have the right to submit your comments anonymously. If you choose to remain anonymous, your comments will be made public and attributed to an anonymous individual. No other information about you will be made publicly available.

Comments will remain posted on the Canada Gazette website for at least 10 years.

Please note that public email is not secure, if the attachment you wish to send contains sensitive information, please contact the departmental email to discuss ways in which you can transmit sensitive information.

Privacy notice

The information you provide is collected under the authority of the Financial Administration Act, the Department of Public Works and Government Services Act, the Canada–United States–Mexico Agreement Implementation Act,and applicable regulators’ enabling statutes for the purpose of collecting comments related to the proposed regulatory changes. Your comments and documents are collected for the purpose of increasing transparency in the regulatory process and making Government more accessible to Canadians.

Personal information submitted is collected, used, disclosed, retained, and protected from unauthorized persons and/or agencies pursuant to the provisions of the Privacy Act and the Privacy Regulations. Individual names that are submitted will not be posted online but will be kept for contact if needed. The names of organizations that submit comments will be posted online.

Submitted information, including personal information, will be accessible to Public Services and Procurement Canada, who is responsible for the Canada Gazette webpage, and the federal institution managing the proposed regulatory change.

You have the right of access to and correction of your personal information. To seek access or correction of your personal information, contact the Access to Information and Privacy (ATIP) Office of the federal institution managing the proposed regulatory change.

You have the right to file a complaint to the Privacy Commission of Canada regarding any federal institution’s handling of your personal information.

The personal information provided is included in Personal Information Bank PSU 938 Outreach Activities. Individuals requesting access to their personal information under the Privacy Act should submit their request to the appropriate regulator with sufficient information for that federal institution to retrieve their personal information. For individuals who choose to submit comments anonymously, requests for their information may not be reasonably retrievable by the government institution.