Office for Nuclear Regulation

Key regulatory considerations for the application of blockchain technology in the nuclear sector

March 2023

ONR Innovation Hub

ONR has developed an Innovation Hub to help enable the proportionate regulation of innovation in the nuclear sector where it is in the interest of society and beneficial to the industry's safety and security. Our approach to regulating innovation includes providing advice to licensees, dutyholders and requesting parties, and their supply chains, on potential innovations for application in the nuclear sector.

This report provides a summary of an engagement between ONR, a licensee and an organisation in their supply chain to explore the regulatory aspects of the use of blockchain technology in a UK nuclear context. The report should not be regarded as a full examination or as official ONR guidance and is not intended to identify all the risks associated with the technology or potential applications. ONR welcomes feedback on these key considerations to help us identify other areas to explore and continue our iterative learning process. Please email contact@onr.gov.uk if you have any comments or queries.

What is blockchain?

The term distributed ledger technology (DLT) is the umbrella term for technologies that seek to store, synchronise and maintain digital records across a network of computing centres. Blockchain is perhaps the best-known example of a DLT. Blockchain packs digital records into data container structures known as 'blocks'. These blocks are appended to the end of a chain of other blocks in chronological order, with each block containing a link of the preceding block, ensuring that a clear and irrefutable chronology is established and maintained [1] .

A number of DLT designs are available, the main types being:

DLT has reported benefits that include:

Aim of engagement and problem statement

The aim of this engagement was for ONR and a nuclear site licensee to have an early discussion on the regulation of blockchain technology. The licensee provided the following problem statement prior to ONR considering the technology and offering the advice in this report.

The licensee is looking to use blockchain technology to boost transparency and trust in the exchange of nuclear material records and cybersecurity posture of software. The anticipated benefit of using this technology is to enable the efficient sharing of information in a continuously verifiable and instantly auditable manner to key stakeholders. This is not possible with existing technologies due to security silos that focus on locking up data, high costs to integrate supply chain data, and lack of visibility and trust. Solving this would be beneficial because it would boost waste throughput by enabling faster and more confident decisions, give greater visibility of software risk, and reduce time to implement mitigations.

The licensee explained potential applications of blockchain technology and provided reference material [4], which ONR has used in conjunction with other sources [1], [2] and [3] to form the views expressed in this report.

Applicability of existing regulatory approach

The UK nuclear regulatory framework is goal-based and non-prescriptive. Currently there is no established good practice guidance specific to the nuclear sector covering the use of blockchain technology. There is also no specific UK regulatory regime to explicitly regulate DLT technologies such as blockchain. The National Cyber Security Centre (NCSC) have produced a white paper [5] setting out their position on DLT, with the intention helping potential users to determine whether the use of a distributed ledger is appropriate for their application.

Following engagement with the licensee and their supply chain organisation, ONR has determined that existing ONR guidance is suitable for the regulation of applications of this technology in the short and medium term. The need for specific and tailored guidance may be considered necessary at a later date.

Important regulatory considerations

During this engagement, the following regulatory considerations have been identified.

Risk management

System development

As with any software system, the application of blockchain requires a rigour commensurate with the risks. For example, clear requirements specifications can help overcome reported challenges associated with maintaining clear data ownership and dealing with limited flexibility in implementing design changes. It is noted that increasing the complexity of the DLT system is likely to increase vulnerabilities to cyber-attack.

Information management

Interfaces with legacy systems

Risk reduction through a phased approach


References

  1. S. Daley, "What Is Blockchain Technology? How Does It Work?," Built In, 2022. [Online]
  2. T. K. Sharma, "Permissioned And Permissionless Blockchains: A Comprehensive Guide," Blockchain Council, 3 November 2022. [Online]
  3. A. Ayyub and M. M. Afzal, "Confidentiality in Blockchain," International Journal of Engineering Science Invention, vol. 7, no. 1, pp. 50-52, 11 January 2018.
  4. Digital Catapult, "Harnessing the power of distributed ledger technology," 7 July 2022. [Online]
  5. National Cyber Security Centre, "Distributed ledger technology - The nature and applications of distributed ledger technology," 30 April 2021. [Online]
  6. "UK Statutory Instruments 2003 No. 403 - PART 4 - Regulation 22 - Duties of persons with sensitive nuclear information," Legislation.gov.uk, 26 February 2003. [Online]

Downloadable version of this report

Key regulatory considerations for the application of blockchain technology in the nuclear sector - March 2023