A phased program with U.S. partner involvement front-loaded into regulatory dialogue, design integration, and training. The operational phase opens recurring advisory and audit work.
PAA strengthening, framework adoption, U.S. cooperation MoUs signed.
Security-by-design integration with AP1000 documentation, supplier vetting.
Site security operations, SOC stand-up, simulator commissioning, training cohorts.
Full-scope drills, regulator licensing milestones, operational handover.
Continuous improvement program, second-unit replication, lessons codified.
Six stages from diagnosis to operational readiness. Modular by design — engage at any stage; scale up or down based on project phase, risk profile, and timeline.
Risk diagnosis, security audit, identification of organizational and technical gaps.
Architecture of the protection system, procedures, training program, and security stack.
Personnel training, scenario exercises, executive and operational team preparation.
Deployment support, procedures, documentation, partner and vendor coordination.
Vendor certification across the full supply chain — clearance for tier-1, tier-2 and beyond.
Ongoing advisory, periodic exercises, procedure updates, response to emerging threats.
Five things that the architecture cannot wait on.
PAA receives full financial and personnel autonomy before the first construction license is issued.
Cyber and physical requirements embedded in AP1000 design documentation per IAEA-TECDOC-1527.
Formal cooperation agreements with EDF and U.S. operators covering build phase + first 5 years of operation.
The plant explicitly designated as NATO critical infrastructure, with corresponding doctrine and posture.
NRC-style Corrective Action Program to capture every near-miss, observation, and incident — and act on it.