Title 10, Code of Federal Regulations, Part 21, Reporting of Defects and Noncompliance, is one of the foundational regulatory obligations in the U.S. nuclear supply chain. It requires anyone who supplies basic components to NRC-licensed facilities to evaluate deviations that could create a substantial safety hazard and report those defects or failures to comply to both the NRC and affected purchasers. The regulation is not limited to reactor operators. Any firm that supplies basic components, hardware, software, services, to U.S. nuclear facilities falls within its scope, regardless of where the firm is located. Failure to comply with 10 CFR 21 reporting requirements carries civil penalty exposure and potential license action.

01

Who 10 CFR 21 applies to

10 CFR 21 applies to each individual, corporation, partnership, or other entity that is subject to NRC regulations and that supplies basic components. This covers: NRC licensees, holders of construction permits, holders of early site permits, holders of combined licenses, and, critically, suppliers of basic components to any of the above, even if the supplier itself holds no NRC license. A supplier of safety-related valves, software performing a safety function, or services affecting the quality of a basic component is subject to 10 CFR 21 if those items are supplied to a U.S. nuclear facility subject to NRC jurisdiction.

Applicability must be flowed down: 10 CFR 21 applicability is typically established via procurement documents. When a purchaser places a nuclear purchase order that references 10 CFR 21 or identifies the items as basic components, the supplier is obligated to post the required regulatory notice and maintain a 10 CFR 21 program. Suppliers who receive such purchase orders without a 10 CFR 21 program in place are in immediate noncompliance.

02

Basic components and the evaluation obligation

A basic component under 10 CFR 21 is a structure, system, or component, or part thereof, that affects the safety of a nuclear power plant and that is designed and manufactured as a safety-related item. This includes software used in safety systems. The regulation requires evaluation of deviations, departures from technical requirements in approved design documents, to determine whether the deviation could create a substantial safety hazard. Not all deviations are reportable; only those where evaluation concludes a substantial safety hazard could exist, or where evaluation cannot be completed within the regulatory timeline, trigger the reporting obligation.

The evaluation is a documented, technical determination. It must consider the safety function of the component, the nature and extent of the deviation, and whether the deviation could affect the component's ability to perform its safety function. The evaluation must be performed by a responsible officer or designated individual with appropriate technical knowledge.

03

Evaluation and reporting timelines

10 CFR 21 establishes specific timelines. Upon identifying a deviation, an initial evaluation must begin promptly. If the evaluation cannot be completed within 60 days of identifying the deviation, an interim report must be submitted to the NRC. If the evaluation concludes that a defect exists, that the deviation could create a substantial safety hazard if the basic component were installed or operated, a report to the NRC must be submitted within 30 days of that conclusion. Simultaneous notification to purchasers and affected licensees who have received the defective component is required.

The 30-day clock runs from the date of conclusion, not from the date the deviation was first identified. This makes rigorous, documented evaluation management critical, evaluations that drag on without a documented conclusion can create timeline compliance problems even when no defect ultimately exists.

04

Program requirements for suppliers

Suppliers subject to 10 CFR 21 must maintain a written program that describes how deviations will be identified, evaluated, and reported. The program must be adopted by formal management action. Required posting of the regulation or a summary at locations where personnel perform safety-related activities is mandatory. Training requirements ensure that relevant personnel understand how to identify potential deviations and escalate them for evaluation. The 10 CFR 21 program must be included in internal audits and is routinely reviewed during customer source inspections and surveillance audits.

Integration with the nonconformance management and corrective action program is essential. Most 10 CFR 21 evaluations originate as nonconformances, the nonconformance disposition process should include a formal 10 CFR 21 screening step for any basic component deviation to ensure the evaluation obligation is recognised and tracked.

Forged Operations embeds 10 CFR 21 screening into the nonconformance workflow, every NCR for a basic component is automatically flagged for 10 CFR 21 evaluation, timelines are tracked, and evaluation records are retained in the QA system. AI surfaces deviations that meet reporting thresholds before they become overdue notifications.

Book a demo Learn more →

Related terms

10 CFR 50 Appendix B NQA-1 Nonconformance Management Corrective Action Program Procurement & Supplier QA

References

  1. U.S. Nuclear Regulatory Commission. 10 CFR Part 21 — Reporting of Defects and Noncompliance. Code of Federal Regulations, Title 10.
  2. U.S. NRC. NUREG-1854: NRC Staff Guidance for Implementing 10 CFR Part 21. Washington, DC: NRC.
  3. ASME NQA-1-2022, Requirement 16 — Corrective Action. New York: ASME, 2022.