The regulations in this part establish procedures and requirements for implementation of section 206 of the Energy Reorganization Act of 1974. That section requires any individual director or responsible officer of a firm constructing, owning, operating or supplying the components of any facility or activity which is licensed or otherwise regulated pursuant to the Atomic Energy Act of 1954, as amended, or the Energy Reorganization Act of 1974, who obtains information reasonably indicating: (a) That the facility, activity or basic component supplied to such facility or activity fails to comply with the Atomic Energy Act of 1954, as amended, or any applicable rule, regulation, order, or license of the Commission relating to substantial safety hazards or (b) that the facility, activity, or basic component supplied to such facility or activity contains defects, which could create a substantial safety hazard, to immediately notify the Commission of such failure to comply or such defect, unless he has actual knowledge that the Commission has been adequately informed of such defect or failure to comply.

(a) The regulations in this part apply, except as specifically provided otherwise in parts 31, 34, 35, 39, 40, 60, 61, 63, 70, or part 72 of this chapter, to:

(1) Each individual, partnership, corporation, or other entity applying for or holding a license or permit under the regulations in this chapter to possess, use, or transfer within the United States source material, byproduct material, special nuclear material, and/or spent fuel and high-level radioactive waste, or to construct, manufacture, possess, own, operate, or transfer within the United States, any production or utilization facility or independent spent fuel storage installation (ISFSI) or monitored retrievable storage installation (MRS); and each director and responsible officer of such a licensee;

(2) Each individual, corporation, partnership, or other entity doing business within the United States, and each director and responsible officer of such an organization, that constructs a production or utilization facility licensed for manufacture, construction, or operation under parts 50 or 52 of this chapter, an ISFSI for the storage of spent fuel licensed under part 72 of this chapter, an MRS for the storage of spent fuel or high-level radioactive waste under part 72 of this chapter, or a geologic repository for the disposal of high-level radioactive waste under part 60 or 63 of this chapter; or supplies basic components for a facility or activity licensed, other than for export, under parts 30, 40, 50, 52, 60, 61, 63, 70, 71, or part 72 of this chapter;

(3) Each individual, corporation, partnership, or other entity doing business within the United States, and each director and responsible officer of such an organization, applying for a design certification rule under part 52 of this chapter; or supplying basic components with respect to that design certification, and each individual, corporation, partnership, or other entity doing business within the United States, and each director and responsible officer of such an organization, whose application for design certification has been granted under part 52 of this chapter, or who has supplied or is supplying basic components with respect to that design certification;

(4) Each individual, corporation, partnership, or other entity doing business within the United States, and each director and responsible officer of such an organization, applying for or holding a standard design approval under part 52 of this chapter; or supplying basic components with respect to a standard design approval under part 52 of this chapter;

(b) For persons licensed to construct a facility under either a construction permit issued under § 50.23 of this chapter or a combined license under part 52 of this chapter (for the period of construction until the date that the Commission makes the finding under § 52.103(g) of this chapter), or to manufacture a facility under part 52 of this chapter, evaluation of potential defects and failures to comply and reporting of defects and failures to comply under § 50.55(e) of this chapter satisfies each person's evaluation, notification, and reporting obligation to report defects and failures to comply under this part and the responsibility of individual directors and responsible officers of these licensees to report defects under Section 206 of the Energy Reorganization Act of 1974.

(c) For persons licensed to operate a nuclear power plant under part 50 or part 52 of this chapter, evaluation of potential defects and appropriate reporting of defects under §§ 50.72, 50.73, or § 73.71 of this chapter, satisfies each person's evaluation, notification, and reporting obligation to report defects under this part, and the responsibility of individual directors and responsible officers of these licensees to report defects under Section 206 of the Energy Reorganization Act of 1974.

(d) Nothing in these regulations should be deemed to preclude either an individual, a manufacturer, or a supplier of a commercial grade item (as defined in § 21.3) not subject to the regulations in this part from reporting to the Commission, a known or suspected defect or failure to comply and, as authorized by law, the identity of anyone so reporting will be withheld from disclosure. NRC regional offices and headquarters will accept collect telephone calls from individuals who wish to speak to NRC representatives concerning nuclear safety-related problems. The location and telephone numbers of the four regions (answered during regular working hours), are listed in appendix D to part 20 of this chapter. The telephone number of the NRC Operations Center (answered 24 hours a day—including holidays) is (301) 816-5100.

(e) The regulations in this part apply in accordance with 10 CFR 76.60 to each individual, partnership, corporation, or other entity required to obtain a certificate of compliance or an approved compliance plan under part 76 of this chapter.

As used in this part:

Basic component. (1)(i) When applied to nuclear power plants licensed under 10 CFR part 50 or part 52 of this chapter, basic component means a structure, system, or component, or part thereof that affects its safety function necessary to assure:

(A) The integrity of the reactor coolant pressure boundary;

(B) The capability to shut down the reactor and maintain it in a safe-shutdown condition; or

(C) The capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures comparable to those referred to in §§ 50.34(a)(1), 50.67(b)(2), or 100.11 of this chapter, as applicable.

(ii) Basic components are items designed and manufactured under a quality assurance program complying with appendix B to part 50 of this chapter, or commercial grade items which have successfully completed the dedication process.

(2) When applied to standard design certifications under subpart C of part 52 of this chapter and standard design approvals under part 52 of this chapter, basic component means the design or procurement information approved or to be approved within the scope of the design certification or approval for a structure, system, or component, or part thereof, that affects its safety function necessary to assure:

(i) The integrity of the reactor coolant pressure boundary;

(ii) The capability to shut down the reactor and maintain it in a safe-shutdown condition; or

(iii) The capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures comparable to those referred to in §§ 50.34(a)(1), 50.67(b)(2), or 100.11 of this chapter, as applicable.

(3) When applied to other facilities and other activities licensed under 10 CFR parts 30, 40, 50 (other than nuclear power plants), 60, 61, 63, 70, 71, or 72 of this chapter, basic component means a structure, system, or component, or part thereof, that affects their safety function, that is directly procured by the licensee of a facility or activity subject to the regulations in this part and in which a defect or failure to comply with any applicable regulation in this chapter, order, or license issued by the Commission could create a substantial safety hazard.

(4) In all cases, basic component includes safety-related design, analysis, inspection, testing, fabrication, replacement of parts, or consulting services that are associated with the component hardware, design certification, design approval, or information in support of an early site permit application under part 52 of this chapter, whether these services are performed by the component supplier or others.

Commercial grade item. (1) When applied to nuclear power plants licensed pursuant to 10 CFR part 50, commercial grade item means a structure, system, or component, or part thereof that affects its safety function, that was not designed and manufactured as a basic component. Commercial grade items do not include items where the design and manufacturing process require in-process inspections and verifications to ensure that defects or failures to comply are identified and corrected (i.e., one or more critical characteristics of the item cannot be verified).

(2) When applied to facilities and activities licensed pursuant to 10 CFR parts 30, 40, 50 (other than nuclear power plants), 60, 61, 63, 70, 71, or 72, commercial grade item means an item that is:

(i) Not subject to design or specification requirements that are unique to those facilities or activities;

(ii) Used in applications other than those facilities or activities; and

(iii) To be ordered from the manufacturer/supplier on the basis of specifications set forth in the manufacturer's published product description (for example, a catalog).

Commission means the Nuclear Regulatory Commission or its duly authorized representatives.

Constructing or construction means the analysis, design, manufacture, fabrication, placement, erection, installation, modification, inspection, or testing of a facility or activity which is subject to the regulations in this part and consulting services related to the facility or activity that are safety related.

Critical characteristics. When applied to nuclear power plants licensed pursuant to 10 CFR part 50, critical characteristics are those important design, material, and performance characteristics of a commercial grade item that, once verified, will provide reasonable assurance that the item will perform its intended safety function.

Dedicating entity. When applied to nuclear power plants licensed pursuant to 10 CFR part 50, dedicating entity means the organization that performs the dedication process. Dedication may be performed by the manufacturer of the item, a third-party dedicating entity, or the licensee itself. The dedicating entity, pursuant to § 21.21(c) of this part, is responsible for identifying and evaluating deviations, reporting defects and failures to comply for the dedicated item, and maintaining auditable records of the dedication process.

Dedication. (1) When applied to nuclear power plants licensed pursuant to 10 CFR part 50, dedication is an acceptance process undertaken to provide reasonable assurance that a commercial grade item to be used as a basic component will perform its intended safety function and, in this respect, is deemed equivalent to an item designed and manufactured under a 10 CFR part 50, appendix B, quality assurance program. This assurance is achieved by identifying the critical characteristics of the item and verifying their acceptability by inspections, tests, or analyses performed by the purchaser or third-party dedicating entity after delivery, supplemented as necessary by one or more of the following: commercial grade surveys; product inspections or witness at holdpoints at the manufacturer's facility, and analysis of historical records for acceptable performance. In all cases, the dedication process must be conducted in accordance with the applicable provisions of 10 CFR part 50, appendix B. The process is considered complete when the item is designated for use as a basic component.

(2) When applied to facilities and activities licensed pursuant to 10 CFR parts 30, 40, 50 (other than nuclear power plants), 60, 61, 63, 70, 71, or 72, dedication occurs after receipt when that item is designated for use as a basic component.

Defect means:

(1) A deviation in a basic component delivered to a purchaser for use in a facility or an activity subject to the regulations in this part if, on the basis of an evaluation, the deviation could create a substantial safety hazard;

(2) The installation, use, or operation of a basic component containing a defect as defined in this section;

(3) A deviation in a portion of a facility subject to the early site permit, standard design certification, standard design approval, construction permit, combined license or manufacturing licensing requirements of part 50 or part 52 of this chapter, provided the deviation could, on the basis of an evaluation, create a substantial safety hazard and the portion of the facility containing the deviation has been offered to the purchaser for acceptance;

(4) A condition or circumstance involving a basic component that could contribute to the exceeding of a safety limit, as defined in the technical specifications of a license for operation issued under part 50 or part 52 of this chapter; or

(5) An error, omission or other circumstance in a design certification, or standard design approval that, on the basis of an evaluation, could create a substantial safety hazard.

Deviation means a departure from the technical requirements included in a procurement document, or specified in early site permit information, a standard design certification or standard design approval.

Director means an individual, appointed or elected according to law, who is authorized to manage and direct the affairs of a corporation, partnership or other entity. In the case of an individual proprietorship, director means the individual.

Discovery means the completion of the documentation first identifying the existence of a deviation or failure to comply potentially associated with a substantial safety hazard within the evaluation procedures discussed in § 21.21(a).

Evaluation means the process of determining whether a particular deviation could create a substantial hazard or determining whether a failure to comply is associated with a substantial safety hazard.

Notification means the telephonic communication to the NRC Operations Center or written transmittal of information to the NRC Document Control Desk.

Operating or operation means the operation of a facility or the conduct of a licensed activity which is subject to the regulations in this part and consulting services related to operations that are safety related.

Procurement document means a contract that defines the requirements which facilities or basic components must meet in order to be considered acceptable by the purchaser.

Responsible officer means the president, vice-president or other individual in the organization of a corporation, partnership, or other entity who is vested with executive authority over activities subject to this part.

Substantial safety hazard means a loss of safety function to the extent that there is a major reduction in the degree of protection provided to public health and safety for any facility or activity licensed or otherwise approved or regulated by the NRC, other than for export, under parts 30, 40, 50, 52, 60, 61, 63, 70, 71, or 72 of this chapter.

Supplying or supplies means contractually responsible for a basic component used or to be used in a facility or activity which is subject to the regulations in this part.

Except as specifically authorized by the Commission in writing, no interpretation of the meaning of the regulations in this part by any officer or employee of the Commission other than a written interpretation by the General Counsel will be recognized to be binding upon the Commission.

Except where otherwise specified in this part, written communications and reports concerning the regulations in this part must be addressed to the NRC's Document Control Desk, and sent by mail to the U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; by hand delivery to the NRC's offices at 11555 Rockville Pike, Rockville, Maryland; or, where practicable, by electronic submission, for example, Electronic Information Exchange, or CD-ROM. Electronic submissions must be made in a manner that enables the NRC to receive, read, authenticate, distribute, and archive the submission, and process and retrieve it a single page at a time. Detailed guidance on making electronic submissions can be obtained by visiting the NRC's Web site at http://www.nrc.gov/site-help/eie.html, by calling (301) 415-6030, by e-mail to EIE@nrc.gov, or by writing the Office of Information Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. The guidance discusses, among other topics, the formats the NRC can accept, the use of electronic signatures, and the treatment of nonpublic information. In the case of a licensee or permit holder, a copy of the communication must also be sent to the appropriate Regional Administrator at the address specified in appendix D to part 20 of this chapter.

(a)(1) Each individual, partnership, corporation, dedicating entity, or other entity subject to the regulations in this part shall post current copies of—

(i) The regulations in this part;

(ii) Section 206 of the Energy Reorganization Act of 1974; and

(iii) Procedures adopted pursuant to the regulations in this part.

(2) These documents must be posted in a conspicuous position on any premises within the United States where the activities subject to this part are conducted.

(b) If posting of the regulations in this part or the procedures adopted pursuant to the regulations in this part is not practicable, the licensee or firm subject to the regulations in this part may, in addition to posting section 206, post a notice which describes the regulations/procedures, including the name of the individual to whom reports may be made, and states where they may be examined.

(c) The effective date of this section has been deferred until January 6, 1978.

The Commission may, upon application of any interested person or upon its own initiative, grant such exemptions from the requirements of the regulations in this part as it determines are authorized by law and will not endanger life or property or the common defense and security and are otherwise in the public interest. Suppliers of commercial grade items are exempt from the provisions of this part to the extent that they supply commercial grade items.

(a) The Nuclear Regulatory Commission has submitted the information collection requirements contained in this part to the Office of Management and Budget (OMB) for approval as required by the Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. OMB has approved the information collection requirements contained in this part under control number 3150-0035.

(b) The approved information collection requirements contained in this part appear in §§ 21.7, 21.21 and 21.51.

(a) Each individual, corporation, partnership, dedicating entity, or other entity subject to the regulations in this part shall adopt appropriate procedures to—

(1) Evaluate deviations and failures to comply to identify defects and failures to comply associated with substantial safety hazards as soon as practicable, and, except as provided in paragraph (a)(2) of this section, in all cases within 60 days of discovery, in order to identify a reportable defect or failure to comply that could create a substantial safety hazard, were it to remain uncorrected, and

(2) Ensure that if an evaluation of an identified deviation or failure to comply potentially associated with a substantial safety hazard cannot be completed within 60 days from discovery of the deviation or failure to comply, an interim report is prepared and submitted to the Commission through a director or responsible officer or designated person as discussed in § 21.21(d)(5). The interim report should describe the deviation or failure to comply that is being evaluated and should also state when the evaluation will be completed. This interim report must be submitted in writing within 60 days of discovery of the deviation or failure to comply.

(3) Ensure that a director or responsible officer subject to the regulations of this part is informed as soon as practicable, and, in all cases, within the 5 working days after completion of the evaluation described in paragraphs (a)(1) or (a)(2) of this section if the manufacture, construction, or operation of a facility or activity, a basic component supplied for such facility or activity, or the design certification or design approval under part 52 of this chapter—

(i) Fails to comply with the Atomic Energy Act of 1954, as amended, or any applicable rule, regulation, order, or license of the Commission or standard design approval under part 52 of this chapter, relating to a substantial safety hazard, or

(ii) Contains a defect.

(b) If the deviation or failure to comply is discovered by a supplier of basic components, or services associated with basic components, and the supplier determines that it does not have the capability to perform the evaluation to determine if a defect exists, then the supplier must inform the purchasers or affected licensees within five working days of this determination so that the purchasers or affected licensees may evaluate the deviation or failure to comply, pursuant to § 21.21(a).

(c) A dedicating entity is responsible for—

(1) Identifying and evaluating deviations and reporting defects and failures to comply associated with substantial safety hazards for dedicated items; and

(2) Maintaining auditable records for the dedication process.

(d)(1) A director or responsible officer subject to the regulations of this part or a person designated under § 21.21(d)(5) must notify the Commission when he or she obtains information reasonably indicating a failure to comply or a defect affecting—

(i) The manufacture, construction or operation of a facility or an activity within the United States that is subject to the licensing requirements under parts 30, 40, 50, 52, 60, 61, 63, 70, 71, or 72 of this chapter and that is within his or her organization's responsibility; or

(ii) A basic component that is within his or her organization's responsibility and is supplied for a facility or an activity within the United States that is subject to the licensing, design certification, or approval requirements under parts 30, 40, 50, 52, 60, 61, 63, 70, 71, or 72 of this chapter.

(2) The notification to NRC of a failure to comply or of a defect under paragraph (d)(1) of this section and the evaluation of a failure to comply or a defect under paragraphs (a)(1) and (a)(2) of this section, are not required if the director or responsible officer has actual knowledge that the Commission has been notified in writing of the defect or the failure to comply.

(3) Notification required by paragraph (d)(1) of this section must be made as follows—

(i) Initial notification by facsimile, which is the preferred method of notification, to the NRC Operations Center at (301) 816-5151 or by telephone at (301) 816-5100 within two days following receipt of information by the director or responsible corporate officer under paragraph (a)(1) of this section, on the identification of a defect or a failure to comply. Verification that the facsimile has been received should be made by calling the NRC Operations Center. This paragraph does not apply to interim reports described in § 21.21(a)(2).

(ii) Written notification to the NRC at the address specified in § 21.5 within 30 days following receipt of information by the director or responsible corporate officer under paragraph (a)(3) of this section, on the identification of a defect or a failure to comply.

(4) The written report required by this paragraph shall include, but need not be limited to, the following information, to the extent known:

(i) Name and address of the individual or individuals informing the Commission.

(ii) Identification of the facility, the activity, or the basic component supplied for such facility or such activity within the United States which fails to comply or contains a defect.

(iii) Identification of the firm constructing the facility or supplying the basic component which fails to comply or contains a defect.

(iv) Nature of the defect or failure to comply and the safety hazard which is created or could be created by such defect or failure to comply.

(v) The date on which the information of such defect or failure to comply was obtained.

(vi) In the case of a basic component which contains a defect or fails to comply, the number and location of these components in use at, supplied for, being supplied for, or may be supplied for, manufactured, or being manufactured for one or more facilities or activities subject to the regulations in this part.

(vii) The corrective action which has been, is being, or will be taken; the name of the individual or organization responsible for the action; and the length of time that has been or will be taken to complete the action.

(viii) Any advice related to the defect or failure to comply about the facility, activity, or basic component that has been, is being, or will be given to purchasers or licensees.

(ix) In the case of an early site permit, the entities to whom an early site permit was transferred.

(5) The director or responsible officer may authorize an individual to provide the notification required by this paragraph, provided that, this shall not relieve the director or responsible officer of his or her responsibility under this paragraph.

(e) Individuals subject to this part may be required by the Commission to supply additional information related to a defect or failure to comply. Commission action to obtain additional information may be based on reports of defects from other reporting entities.

Each individual, corporation, partnership, dedicating entity, or other entity subject to the regulations in this part shall ensure that each procurement document for a facility, or a basic component issued by him, her or it on or after January 6, 1978, specifies, when applicable, that the provisions of 10 CFR part 21 apply.

Each individual, corporation, partnership, dedicating entity, or other entity subject to the regulations in this part shall permit the Commission to inspect records, premises, activities, and basic components as necessary to accomplish the purposes of this part.

(a) Each individual, corporation, partnership, dedicating entity, or other entity subject to the regulations in this part shall prepare and maintain records necessary to accomplish the purposes of this part, specifically—

(1) Retain evaluations of all deviations and failures to comply for a minimum of five years after the date of the evaluation;

(2) Suppliers of basic components must retain any notifications sent to purchasers and affected licensees for a minimum of five years after the date of the notification.

(3) Suppliers of basic components must retain a record of the purchasers of basic components for 10 years after delivery of the basic component or service associated with a basic component.

(4) Applicants for standard design certification under subpart B of part 52 of this chapter and others providing a design which is the subject of a design certification, during and following Commission adoption of a final design certification rule for that design, shall retain any notifications sent to purchasers and affected licensees for a minimum of 5 years after the date of the notification, and retain a record of the purchasers for 15 years after delivery of design which is the subject of the design certification rule or service associated with the design.

(5) Applicants for or holders of a standard design approval under subpart E of part 52 of this chapter and others providing a design which is the subject of a design approval shall retain any notifications sent to purchasers and affected licensees for a minimum of 5 years after the date of the notification, and retain a record of the purchasers for 15 years after delivery of the design which is the subject of the design approval or service associated with the design.

(b) Each individual, corporation, partnership, dedicating entity, or other entity subject to the regulations in this part shall permit the Commission the opportunity to inspect records pertaining to basic components that relate to the identification and evaluation of deviations, and the reporting of defects and failures to comply, including (but not limited to) any advice given to purchasers or licensees on the placement, erection, installation, operation, maintenance, modification, or inspection of a basic component.

(a) Any director or responsible officer of an entity (including dedicating entity) that is not otherwise subject to the deliberate misconduct provisions of this chapter but is subject to the regulations in this part who knowingly and consciously fails to provide the notice required as by § 21.21 shall be subject to a civil penalty equal to the amount provided by section 234 of the Atomic Energy Act of 1954, as amended.

(b) Any NRC licensee or applicant for a license (including an applicant for, or holder of, a permit), applicant for a design certification under part 52 of this chapter during the pendency of its application, applicant for a design certification after Commission adoption of a final design certification rule for that design, or applicant for or holder of a standard design approval under part 52 of this chapter subject to the regulations in this part who fails to provide the notice required by § 21.21, or otherwise fails to comply with the applicable requirements of this part shall be subject to a civil penalty as provided by Section 234 of the Atomic Energy Act of 1954, as amended.

(c) The dedicating entity, pursuant to § 21.21(c) of this part, is responsible for identifying and evaluating deviations, reporting defects and failures to comply for the dedicated item, and maintaining auditable records of the dedication process. NRC enforcement action can be taken for failure to identify and evaluate deviations, failure to report defects and failures to comply, or failure to maintain auditable records.

(a) Section 223 of the Atomic Energy Act of 1954, as amended, provides for criminal sanctions for willful violation of, attempted violation of, or conspiracy to violate, any regulation issued under sections 161b, 161i, or 161o of the Act. For purposes of section 223, all the regulations in part 21 are issued under one or more of sections 161b, 161i, or 161o, except for the sections listed in paragraph (b) of this section.

(b) The regulations in part 21 that are not issued under sections 161b, 161i, or 161o for the purposes of section 223 are as follows: §§ 21.1, 21.2, 21.3, 21.4 21.5, 21.7, 21.8, 21.61, and 21.62.

The regulations in this part establish procedures for granting, reinstating, extending, transferring, and terminating access authorizations of licensee personnel, licensee contractors or agents, and other persons (e.g., individuals involved in adjudicatory procedures as set forth in 10 CFR part 2, subpart I) who may require access to classified information.

The regulations in this part apply to licensees, certificate holders, and others who may require access to classified information related to a license, certificate, an application for a license or certificate, or other activities as the Commission may determine.

Access authorization means an administrative determination that an individual (including a consultant) who is employed by or an applicant for employment with the NRC, NRC contractors, agents, licensees and certificate holders, or other person designated by the Executive Director for Operations, is eligible for a security clearance for access to classified information.

Act means the Atomic Energy Act of 1954 (68 Stat. 919), as amended.

Certificate holder means a facility operating under the provisions of parts 71 or 76 of this chapter.

Classified information means either classified National Security Information, Restricted Data, or Formerly Restricted Data or any one of them. It is the generic term for information requiring protection in the interest of National Security whether classified under an Executive Order or the Atomic Energy Act.

Classified National Security Information means information that has been determined pursuant to E.O. 12958, as amended, or any predecessor order to require protection against unauthorized disclosure and that is so designated.

Cognizant Security Agency (CSA) means agencies of the Executive Branch that have been authorized by E.O. 12829 to establish an industrial security program for the purpose of safeguarding classified information under the jurisdiction of those agencies when disclosed or released to U.S. industry. These agencies are the Department of Defense, the Department of Energy, the Central Intelligence Agency, and the Nuclear Regulatory Commission. A facility has a single CSA which exercises primary authority for the protection of classified information at the facility. The CSA for the facility provides security representation for other government agencies with security interests at the facility. The Secretary of Defense has been designated as Executive Agent for the National Industrial Security Program.

Commission means the Nuclear Regulatory Commission or its duly authorized representatives.

“L” access authorization means an access authorization granted by the Commission that is normally based on a national agency check with a law and credit investigation (NACLC) or an access national agency check and inquiries investigation (ANACI) conducted by the Office of Personnel Management.

License means a license issued pursuant to 10 CFR parts 50, 52, 60, 63, 70, or 72.

Matter means documents or material.

National Security Information means information that has been determined pursuant to Executive Order 12958, as amended, or any predecessor order to require protection against unauthorized disclosure and that is so designated.

Need-to-know means a determination made by an authorized holder of classified information that a prospective recipient requires access to a specific classified information to perform or assist in a lawful and authorized governmental function under the cognizance of the Commission.

Person means (1) any individual, corporation, partnership, firm, association, trust, estate, public or private institution, group, government agency other than the Commission or the Department of Energy (DOE), except that the DOE shall be considered a person to the extent that its facilities are subject to the licensing and related regulatory authority of the Commission pursuant to section 202 of the Energy Reorganization Act of 1974 and sections 104, 105 and 202 of the Uranium Mill Tailings Radiation Control Act of 1978, any State or any political subdivision of, or any political entity within a State, any foreign government or nation or any political subdivision of any such government or nation, or other entity; and (2) any legal successor, representative, agent, or agency of the foregoing.

“Q” access authorization means an access authorization granted by the Commission normally based on a single scope background investigation conducted by the Office of Personnel Management, the Federal Bureau of Investigation, or other U.S. Government agency which conducts personnel security investigations.

Restricted Data means all data concerning design, manufacture or utilization of atomic weapons, the production of special nuclear material, or the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to section 142 of the Act.

Visit authorization letters (VAL) means a letter, generated by a licensee, certificate holder or other organization under the requirements of 10 CFR parts 25 and/or 95, verifying the need-to-know and access authorization of an individual from that organization who needs to visit another authorized facility for the purpose of exchanging or acquiring classified information related to the license.

Except as specifically authorized by the Commission in writing, no interpretation of the meaning of the regulations in this part by any officer or employee of the Commission other than a written interpretation by the General Counsel will be recognized to be binding upon the Commission.

(a) The Nuclear Regulatory Commission has submitted the information collection requirements contained in this part to the Office of Management and Budget (OMB) for approval as required by the Paperwork Reduction Act (44 U.S.C. 3501 et seq.). The NRC may not conduct or sponsor and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. OMB has approved the information collection requirements contained in this part under control number 3150-0046.

(b) The approved information collection requirements contained in this part appear in §§ 25.11, 25.17, 25.21, 25.23, 25.25, 25.27, 25.29, 25.31, 25.33, and 25.35.

(c) This part contains information collection requirements in addition to those approved under the control number specified in paragraph (a) of this section. These information collection requirements and the control numbers under which they are approved are as follows:

(1) In §§ 25.17(b), 25.21(c), 25.27(a), 25.29, and 25.31, NRC Form 237 is approved under control number 3150-0050.

(2) In §§ 25.17(c), 25.21(c), 25.27(b), 25.29, and 25.31, SF-86 is approved under control number 3206-0007.

(3) In § 25.21(b), NRC Form 354 is approved under control number 3150-0026.

(4) In § 25.33, NRC Form 136 is approved under control number 3150-0049.

(5) In § 25.35, NRC Form 277 is approved under control number 3150-0051.

Except where otherwise specified, communications and reports concerning the regulations in this part should be addressed to the Director, Division of Facilities and Security, Mail Stop T7-D57, and sent either by mail to the U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; by hand delivery to the NRC's offices at 11555 Rockville Pike, Rockville, Maryland; or, where practicable, by electronic submission, for example, Electronic Information Exchange, or CD-ROM. Electronic submissions must be made in a manner that enables the NRC to receive, read, authenticate, distribute, and archive the submission, and process and retrieve it a single page at a time. Detailed guidance on making electronic submissions can be obtained by visiting the NRC's Web site at http://www.nrc.gov/site-help/ e-submittals.html, by calling (301) 415-0439, by e-mail to EIE@nrc.gov, or by writing the Office of Information Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. The guidance discusses, among other topics, the formats the NRC can accept, the use of electronic signatures, and the treatment of nonpublic information.

The NRC may, upon application by any interested person or upon its own initiative, grant exemptions from the requirements of the regulations of this part, that are—

(a) Authorized by law, will not present an undue risk to the public health and safety, and are consistent with the common defense and security; or

(b) Coincidental with one or more of the following:

(1) An application of the regulation in the particular circumstances conflicts with other NRC rules or requirements;

(2) An application of the regulation in the particular circumstances would not serve the underlying purpose of the rule or is not necessary to achieve the underlying purpose of the rule;

(3) When compliance would result in undue hardship or other costs that significantly exceed those contemplated when the regulation was adopted, or that significantly exceed those incurred by others similarly situated;

(4) When the exemption would result in benefit to the common defense and security that compensates for any decrease in the security that may result from the grant of the exemption;

(5) When the exemption would provide only temporary relief from the applicable regulation and the licensee or applicant has made good faith efforts to comply with the regulation;

(6) When there is any other material circumstance present that was not considered when the regulation was adopted that would be in the public interest to grant an exemption. If this condition is relied on exclusively for satisfying paragraph (b) of this section, the exemption may not be granted until the Executive Director for Operations has consulted with the Commission.

(a) Each licensee or organization employing individuals approved for personnel security access authorization under this part, shall maintain records as prescribed within the part. These records are subject to review and inspection by CSA representatives during security reviews.

(b) Each record required by this part must be legible throughout the retention period specified by each Commission regulation. The record may be the original or a reproduced copy or a microform provided that the copy or microform is authenticated by authorized personnel and that the microform is capable of producing a clear copy throughout the required retention period. The record may also be stored in electronic media with the capability for producing legible, accurate, and complete records during the required retention period. Records such as letters, drawings, specifications, must include all pertinent information such as stamps, initials, and signatures. The licensee shall maintain adequate safeguards against tampering with and loss of records.

(a) A “Q” access authorization permits an individual access on a need-to-know basis to (1) Secret and Confidential Restricted Data and (2) Secret and Confidential National Security Information including intelligence information, CRYPTO (i.e., cryptographic information) or other classified communications security (COMSEC) information.

(b) An “L” access authorization permits an individual access on a need-to-know basis to Confidential Restricted Data and Secret and Confidential National Security Information other than the categories specifically included in paragraph (a) of this section. In addition, access to certain Confidential COMSEC information is permitted as authorized by a National Communications Security Committee waiver dated February 14, 1985.

(c) Each employee of the Commission is processed for one of the two levels of access authorization. Licensees and other persons will furnish National Security Information and/or Restricted Data to a Commission employee on official business when the employee has the appropriate level of NRC access authorization and need-to-know. Some individuals are permitted to begin NRC employment without an access authorization. However, no NRC employee shall be permitted access to any classified information until the appropriate level of access authorization has been granted to that employee by NRC.

(a) Access authorizations must be requested for licensee employees or other persons (e.g., 10 CFR part 2, subpart I) who need access to classified information in connection with activities under 10 CFR parts 50, 52, 54, 60, 63, 70, 72, or 76.

(b) The request must be submitted to the facility CSA. If the NRC is the CSA, the procedures in § 25.17 (c) and (d) will be followed. If the NRC is not the CSA, the request will be submitted to the CSA in accordance with procedures established by the CSA. The NRC will be notified of the request by a letter that includes the name, Social Security number and level of access authorization.

(c) The request must include a completed personnel security packet (see § 25.17(d)) and request form (NRC Form 237) signed by a licensee, licensee contractor official, or other authorized person.

(d)(1) Each personnel security packet submitted must include the following completed forms:

(i) Questionnaire for National Security Positions (SF-86, Parts 1 and 2) (Part 2 is to be completed by the applicant and placed in a sealed envelope which is to be forwarded to NRC unopened. No licensee, licensee contractor official, or other person at a facility is permitted to review Part 2 information);

(ii) Two standard fingerprint cards (FD-258);

(iii) Security Acknowledgment (NRC Form 176); and

(iv) Other related forms where specified in accompanying instructions (NRC Form 254).

(2) Only a Security Acknowledgment (NRC Form 176) need be completed by any person possessing an active access authorization, or who is being processed for an access authorization, by another Federal agency. The active or pending access authorization must be at an equivalent level to that required by the NRC and be based on an adequate investigation of not more than five years old.

(e) To avoid delays in processing requests for access authorizations, each security packet should be reviewed for completeness and correctness (including legibility of response on the forms) before submittal.

(f)(1) The Office of Personnel Management (OPM) bills NRC for the cost of each background investigation conducted in support of an application for access authorization. The combined cost of the OPM investigation and NRC's application processing overhead are recovered from the licensee through an authorization fee calculated with reference to current OPM personnel investigation billing rates {OPM rate + [(OPM rate × 31.7%), rounded to the nearest dollar] = NRC access authorization fee}. Updated OPM billing rates are published periodically in a Federal Investigations Notice (FIN) issued by OPM's Investigations Service. Copies of the current OPM billing schedule can be obtained by phoning the NRC's Personnel Security Branch, Division of Facilities and Security, Office of Administration at (301-415-7739). Any change in the NRC's access authorization fees will be applicable to each access authorization request received on or after the effective date of OPM's most recently published investigations billing schedule.

(2) Applications for access authorization or access authorization renewal processing that are submitted to the NRC for processing must be accompanied by a check or money order, payable to the U.S. Nuclear Regulatory Commission, representing the current cost for the processing of each “Q” and “L” access authorization, or renewal request. Applicants shall calculate the access authorization fee according to the stated formula {OPM rate + [(OPM rate × 31.7%), rounded to the nearest dollar] = NRC access authorization fee} and with reference to the table in appendix A to this part.

(3) Certain applications from individuals having current Federal access authorizations may be processed more expeditiously and at less cost, because the Commission, at its discretion, may decide to accept the certification of access authorization and investigative data from other Federal Government agencies that grant personnel access authorizations.

Each application for an access authorization or access authorization renewal must be submitted to the CSA. If the NRC is the CSA, the application and its accompanying fee must be submitted to the NRC Division of Facilities and Security. If necessary, the NRC Division of Facilities and Security may obtain approval from the appropriate Commission office exercising licensing or regulatory authority before processing the access authorization or access authorization renewal request. If the applicant is disapproved for processing, the NRC Division of Facilities and Security shall notify the submitter in writing and return the original application (security packet) and its accompanying fee.

(a) Following receipt by the CSA of the reports of the personnel security investigations, the record will be reviewed to determine that granting an access authorization or renewal of access authorization will not endanger the common defense and security and is clearly consistent with the national interest. If this determination is made, access authorization will be granted or renewed. If the NRC is the CSA, questions as to initial or continued eligibility will be determined in accordance with part 10 of chapter I. If another agency is the CSA, that agency will, under the requirements of the NISPOM, have established procedures at the facility to resolve questions as to initial or continued eligibility for access authorization. These questions will be determined in accordance with established CSA procedures already in effect for the facility.

(b) The CSA must be promptly notified of developments that bear on continued eligibility for access authorization throughout the period for which the authorization is active (e.g., persons who marry subsequent to the completion of a personnel security packet must report this change by submitting a completed NRC Form 354, “Data Report on Spouse” or equivalent CSA form).

(c)(1) Except as provided in paragraph (c)(2) of this section, an NRC “Q” access authorization must be renewed every five years from the date of issuance. Except as provided in paragraph (c)(2) of this section, an NRC “L” access authorization must be renewed every ten years from the date of issuance. An application for renewal must be submitted at least 120 days before the expiration of the five-year period for a “Q” access authorization and the ten-year period for an “L” access authorization, and must include:

(i) A statement by the licensee or other person that the individual continues to require access to classified National Security Information or Restricted Data; and

(ii) A personnel security packet as described in § 25.17(d).

(2) Renewal applications and the required paperwork are not required for individuals who have a current and active access authorization from another Federal agency and who are subject to a reinvestigation program by that agency that is determined by the NRC to meet the NRC's requirements. (The DOE Reinvestigation Program has been determined to meet the NRC's requirements.) For these individuals, the submission of the SF-86 by the licensee or other person to the other Government agency pursuant to their reinvestigation requirements will satisfy the NRC's renewal submission and paperwork requirements, even if less than five years have passed since the date of issuance or renewal of the NRC “Q” access authorization, or if less than 10 years have passed since the date of issuance or renewal of the NRC “L” access authorization. Any NRC access authorization continued in response to the provisions of this paragraph will, thereafter, not be due for renewal until the date set by the other Government agency for the next reinvestigation of the individual pursuant to the other agency's reinvestigation program. However, the period of time for the initial and each subsequent NRC “Q” renewal application to the NRC may not exceed seven years or, in the case of an NRC “L” renewal application, twelve years. Any individual who is subject to the reinvestigation program requirements of another Federal agency but, for administrative or other reasons, does not submit reinvestigation forms to that agency within seven years for a “Q” renewal or twelve years for an “L” renewal of the previous submission, shall submit a renewal application to the NRC using the forms prescribed in § 25.17(d) before the expiration of the seven-year period for a “Q” renewal or twelve-year period for an “L” renewal.

(3) If the NRC is not the CSA, reinvestigation program procedures and requirements will be set by the CSA.

The determination to grant or renew access authorization will be furnished in writing to the licensee or organization that initiated the request. Upon receipt of the notification of original grant of access authorization, the licensee or organization shall obtain, as a condition for grant of access authorization and access to classified information, an executed “Classified Information Nondisclosure Agreement” (SF-312) from the affected individual. The SF-312 is an agreement between the United States and an individual who is cleared for access to classified information. An employee issued an initial access authorization shall execute a SF-312 before being granted access to classified information. The licensee or other organization shall forward the executed SF-312 to the CSA for retention. If the employee refuses to execute the SF-312, the licensee or other organization shall deny the employee access to classified information and submit a report to the CSA. The SF-312 must be signed and dated by the employee and witnessed. The employee's and witness' signatures must bear the same date. The individual shall also be given a security orientation briefing in accordance with § 95.33 of this chapter. Records of access authorization grant and renewal notification must be maintained by the licensee or other organization for three years after the access authorization has been terminated by the CSA. This information may also be furnished to other representatives of the Commission, to licensees, contractors, or other Federal agencies. Notifications of access authorization will not be given in writing to the affected individual except:

(a) In those cases when the determination was made as a result of a Personnel Security Hearing or by a Personnel Security Review Panel ; or

(b) When the individual also is the official designated by the licensee or other organization to whom written NRC notifications are forwarded.

When a request for an individual's access authorization or renewal of an access authorization is withdrawn or canceled, the requestor shall notify the CSA immediately by telephone so that the single scope background investigation, national agency check with law and credit investigation, or other personnel security action may be discontinued. The requestor shall identify the full name and date of birth of the individual, the date of request, and the type of access authorization or access authorization renewal requested. The requestor shall confirm each telephone notification promptly in writing.

(a) In conjunction with a new request for access authorization (NRC Form 237 or CSA equivalent) for individuals whose cases were previously canceled, new fingerprint cards (FD-257) in duplicate and a new Security Acknowledgment (NRC Form 176), or CSA equivalent, must be furnished to the CSA along with the request.

(b) Additionally, if 90 days or more have elapsed since the date of the last Questionnaire for National Security Positions (SF-86), or CSA equivalent, the individual must complete a personnel security packet (see § 25.17(d)). The CSA, based on investigative or other needs, may require a complete personnel security packet in other cases as well. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required.

(a) An access authorization can be reinstated provided that:

(1) No more than 24 months has lapsed since the date of termination of the clearance;

(2) There has been no break in employment with the employer since the date of termination of the clearance;

(3) There is no known adverse information;

(4) The most recent investigation must not exceed 5 years (Top Secret, Q) or 10 years (Secret, L); and

(5) The most recent investigation must meet or exceed the scope of the investigation required for the level of access authorization that is to be reinstated or granted.

(b) An access authorization can be reinstated at the same, or lower, level by submission of a CSA-designated form to the CSA. The employee may not have access to classified information until receipt of written confirmation of reinstatement and an up-to-date personnel security packet will be furnished with the request for reinstatement of an access authorization. A new Security Acknowledgement will be obtained in all cases. Where personnel security packets are not required, a request for reinstatement must state the level of access authorization to be reinstated and the full name and date of birth of the individual to establish positive identification. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required.

(a) The NRC Division of Facilities and Security may, on request, extend the authorization of an individual who possesses an access authorization in connection with a particular employer or activity to permit access to classified information in connection with an assignment with another employer or activity.

(b) The NRC Division of Facilities and Security may, on request, transfer an access authorization when an individual's access authorization under one employer or activity is terminated, simultaneously with the individual being granted an access authorization for another employer or activity.

(c) Requests for an extension or transfer of an access authorization must state the full name of the person, date of birth, and level of access authorization. The Director, Division of Facilities and Security, may require a new personnel security packet (see § 25.17(c)) to be completed by the applicant. A fee, equal to the amount paid for an initial request, will be charged only if a new or updating investigation by the NRC is required.

(d) The date of an extension or transfer of access authorization may not be used to determine when a request for renewal of access authorization is required. Access authorization renewal requests must be timely submitted, in accordance with § 25.21(c).

(a) Access authorizations will be terminated when:

(1) An access authorization is no longer required;

(2) An individual is separated from the employment or the activity for which he or she obtained an access authorization for a period of 90 days or more; or

(3) An individual, pursuant to 10 CFR part 10 or other CSA-approved adjudicatory standards, is no longer eligible for an access authorization.

(b) A representative of the licensee or other organization that employs the individual whose access authorization will be terminated shall immediately notify the CSA when the circumstances noted in paragraph (a)(1) or (a)(2) of this section exist; inform the individual that his or her access authorization is being terminated, and the reason; and that he or she will be considered for reinstatement of an access authorization if he or she resumes work requiring the authorization.

(c) When an access authorization is to be terminated, a representative of the licensee or other organization shall conduct a security termination briefing of the individual involved, explain the Security Termination Statement (NRC Form 136 or CSA approved form) and have the individual complete the form. The representative shall promptly forward the original copy of the completed Security Termination Statement to CSA.

(a) The number of classified visits must be held to a minimum. The licensee, certificate holder, applicant for a standard design certification under part 52 of this chapter (including an applicant after the Commission has adopted a final standard design certification rule under part 52 of this chapter), or other facility, or an applicant for or holder of a standard design approval under part 52 of this chapter shall determine that the visit is necessary and that the purpose of the visit cannot be achieved without access to, or disclosure of, classified information. All classified visits require advance notification to, and approval of, the organization to be visited. In urgent cases, visit information may be furnished by telephone and confirmed in writing.

(b) Representatives of the Federal Government, when acting in their official capacities as inspectors, investigators, or auditors, may visit a licensee, certificate holder, or other facility without furnishing advanced notification, provided these representatives present appropriate Government credentials upon arrival. Normally, however, Federal representatives will provide advance notification in the form of an NRC Form 277, “Request for Visit or Access Approval,” with the “need-to-know” certified by the appropriate NRC office exercising licensing or regulatory authority and verification of an NRC access authorization by the Division of Facilities and Security.

(c) The licensee, certificate holder, or others shall include the following information on all Visit Authorization Letters (VAL) which they prepare.

(1) Visitor's name, address, and telephone number and certification of the level of the facility security clearance;

(2) Name, date and place of birth, and citizenship of the individual intending to visit;

(3) Certification of the proposed visitor's personnel clearance and any special access authorizations required for the visit;

(4) Name of person(s) to be visited;

(5) Purpose and sufficient justification for the visit to allow for a determination of the necessity of the visit; and

(6) Date or period during which the VAL is to be valid.

(d) Classified visits may be arranged for a 12 month period. The requesting facility shall notify all places honoring these visit arrangements of any change in the individual's status that will cause the visit request to be canceled before its normal termination date.

(e) The responsibility for determining need-to-know in connection with a classified visit rests with the individual who will disclose classified information during the visit. The licensee, certificate holder or other facility shall establish procedures to ensure positive identification of visitors before the disclosure of any classified information.

(a) An injunction or other court order may be obtained to prohibit a violation of any provision of:

(1) The Atomic Energy Act of 1954, as amended;

(2) Title II of the Energy Reorganization Act of 1974, as amended; or

(3) Any regulation or order issued under these Acts.

(b) National Security Information is protected under the requirements and sanctions of Executive Order 12958, as amended.

(a) Section 223 of the Atomic Energy Act of 1954, as amended, provides for criminal sanctions for willful violation of, attempted violation of, or conspiracy to violate, any regulation issued under sections 161b, 161i, or 161o of the Act. For purposes of section 223, all the regulations in part 25 are issued under one or more of sections 161b, 161i, or 161o, except for the sections listed in paragraph (b) of this section.

(b) The regulations in part 25 that are not issued under sections 161b, 161i, or 161o for the purposes of section 223 are as follows: §§ 25.1, 25.3, 25.5, 25.7, 25.8, 25.9, 25.11, 25.19, 25.25, 25.27, 25.29, 25.31, 25.37, and 25.39.