Importance of Risk-Based Design

In this article:

1. Examples of why compliance alone is not sufficient

2. Risk-based design approach

3. Summary

When designing hazardous process plants, the focus is often on compliance with safety regulations. But does compliance alone guarantee a safe plant?

After many years in the process safety consultancy business, I have frequently experienced operators and engineering design teams asking whether certain safety analyses or safety barriers are a legal requirement for a plant. The underlying assumption is often: if it is not legally required, we don’t want to spend time and money on it.

However, in many industries, legal requirements are typically high-level and generic, with only a few specific stipulations for safety design. This does not mean that certain safety analyses or safety barriers can be disregarded simply because they are not explicitly mentioned in legislation or standards. In reality, it is always illegal to harm or kill people, pollute the environment, or destroy other people’s property. Therefore, the responsibility ultimately lies with the operator to ensure that the plant is not only compliant, but also genuinely safe.

Examples of why compliance alone is not sufficient

In the EU and in countries with EEA agreements, such as Switzerland, the SEVESO Directive is used to classify onshore plants as Major Accident Hazard (MAH) establishments and to determine whether they fall under the lower or upper tier. If a plant falls under either category, certain requirements apply, such as conducting risk assessments and providing safety documentation to authorities (e.g., Quantitative Risk Assessment (QRA)). Plants that do not fall under SEVESO classification are often not required to perform a QRA.

However, SEVESO classification is based solely on the hazardous inventories at the plant. For example, if a facility stores more than 5 tonnes of hydrogen, it is classified as an MAH establishment; at more than 50 tonnes, it becomes an upper-tier establishment. But anyone experienced in hydrogen safety knows that you don’t need 5 tonnes of hydrogen to cause a serious explosion. In fact, even less than 100 kg of hydrogen can, under certain circumstances, result in catastrophic explosions that affect areas outside the plant boundary. Clearly, SEVESO classification alone is not a sufficient basis for deciding whether a QRA is necessary.

By contrast, a plant storing more than 500 tonnes of methanol would also be classified as an MAH establishment. Yet, from a process safety design perspective, managing the risks associated with 500 tonnes of methanol is often simpler than dealing with just 100 kg of hydrogen.

There are many other examples:

• Ammonia installations: Plants not classified as MAH have experienced frequent ammonia releases from moderate storage or cooling systems. Such releases have often required evacuation of civilians in surrounding areas. Thus, even for non-MAH plants, assessing exposure to toxic ammonia is critical.

• Plastic recycling plants: Across Europe, several recycling plants have burned down, resulting in total losses. To my knowledge, these facilities complied with local fire safety building regulations. Yet, compliance alone did not prevent catastrophic fires, demonstrating the limits of prescriptive rules.

• Carbon Capture and Storage (CCS): CO₂ under pressure is not considered hazardous under SEVESO, meaning CCS projects often fall outside of its scope. This seems more of a political than a technical decision. While CO₂ is only mildly toxic, it can displace oxygen, creating asphyxiation risks. Releases can in some cases cause fatalities—risks that must be addressed in CCS facility design despite regulatory gaps.

These examples make it clear: compliance alone is insufficient. This is where the risk-based design approach comes into play.

Risk-Based Design

Risk-based design is about embedding the risk management process directly into the design process. The typical risk management cycle involves:

1. Hazard identification: Identify hazards, especially related to handling, storage, or processing of dangerous substances.

2. Risk assessment: Evaluate the likelihood and potential consequences of these hazards, often with tools such as QRA.

3. Risk evaluation: Compare risks against acceptance criteria or regulatory limits.

4. Risk control: Implement measures (engineering, administrative, or operational) to reduce risks to acceptable levels.

5. Emergency planning: Develop internal and external emergency preparedness and response protocols.

6. Implementation: Put risk reduction strategies into action, including training, communication, and system management.

7. Monitoring and review: Track effectiveness through inspections, performance indicators, and updates to address new hazards, knowledge, or operational changes.

This process is iterative and should be used as an active design tool - not just for compliance.

For large, complex plants, multiple safety analyses and deliverables will be required; for simpler plants, the scope may be smaller. Experience from similar facilities, industry best practices, and early hazard identification will guide requirements.

Key early-phase deliverables include:

• An HSE road map of required safety/environmental deliverables and compliance needs. This should be a live document, updated as the design matures.

• A safety strategy is considered a cornerstone in technical safety design. It links hazard identification, risk analyses, safety studies, and documented safety barriers. It further forms the basis for performance standards and functional safety specifications. Like the HSE road map, the safety strategy should start during concept design and be maintained throughout the project lifecycle.

It is important to stress that risk-based design is a supplement, not an alternative, to compliance.

Compliance sets the minimum baseline, while risk-based design provides the flexibility to apply additional measures where prescriptive codes and standards fall short.

This approach is especially critical in emerging industries such as Power-to-X (PtX) and CCS, where limited track records and few prescriptive standards exist. Risk-based design is equally effective in both mature and emerging industries but becomes essential in the latter, where standardization and accumulated experience are still lacking.

Finally, risk-based design must never be misused as a means to avoid prescriptive safety requirements. Unless explicitly allowed by the standard, bypassing safety barriers under the pretext of risk-based design is unacceptable. This practice, often called “reverse ALARP,” undermines the very purpose of risk management.

The above may seem cumbersome and expensive, but to quote the late Trevor Kletz: “If you think safety is expensive, try an accident.” There is simply no alternative for a responsible operator.

Summary

When designing process plants, regard compliance as the minimum requirement and apply a risk-based design approach on top of that. To kick-start the process:

1. Develop an HSE road map.

2. Perform an early hazard identification (to be repeated at different project stages).

3. Initiate and maintain a safety strategy.

4. Keep the HSE road map updated as the project progresses.

Only by combining compliance with a risk-based mindset can we ensure genuinely safe and reliable plant designs.