NRC Enforcement: The Federal Record of Nuclear Safety Violations

When a nuclear licensee breaks a safety requirement—a missed surveillance test, a degraded emergency-diesel generator, a falsified record, a security lapse—the Nuclear Regulatory Commission does not merely note it. It issues a Notice of Violation, levies a civil penalty, or signs an order, and it writes the action down. That record, roughly 1,800 enforcement actions, is the federal ledger of nuclear-safety accountability: who broke what rule, how serious the regulator judged it, and what the government did in response.

This article covers what the NRC enforcement dataset is and how the agency's mandate frames it; the 1974 split of the Atomic Energy Commission that created the NRC and the independence that defines it; the graded enforcement policy and the severity levels that rank traditional violations; the Reactor Oversight Process and its color-coded findings—green, white, yellow, red—that govern how the agency oversees operating reactors; the escalated actions and orders the NRC reserves for the most serious cases; how the accidents at Three Mile Island in 1979 and Fukushima in 2011 reshaped the framework; how the enforcement table joins to the reactor inventory through the facility and licensee; a Python workflow that pulls the NRC's published enforcement-action dataset from nrc.gov and tallies it by type, by year, and by licensee; and the caveats—the small denominator, the document-centric grain, and the difference between a finding and a penalty—that any analyst must hold in mind before drawing conclusions.

What the dataset is

The NRC enforcement record is the agency's account of the formal actions it takes when a licensee fails to meet a regulatory requirement. The NRC licenses and regulates the civilian use of nuclear material in the United States—commercial power reactors, research and test reactors, and the medical, industrial, and academic users of radioactive materials—and when one of those licensees violates an NRC requirement, the agency responds with one of a handful of instruments: a Notice of Violation (NOV), the workhorse document that formally cites a violation and demands a written response; a civil penalty, a monetary fine proposed for more significant or willful violations; and an order, the most serious instrument, used to modify, suspend, or revoke a license or to compel specific action (including the Confirmatory Action Letter, which memorializes commitments a licensee has agreed to). The dataset is that body of actions: roughly 1,800 enforcement actions, published through the NRC website and the agency's public document system.

In our database this record is stored as the table nrc_enforcement, with the grain of one row per enforcement action keyed to the action and the licensee. A single facility that draws repeated regulatory attention over the years contributes multiple rows, one per action. The columns capture who was cited, what kind of action it was, when, against which requirement, and with what severity:

action_id           -- enforcement action identifier (EA number)
licensee_name       -- the licensed entity cited (operator / company)
facility_name       -- the plant, site, or facility involved
action_type         -- Notice of Violation, Civil Penalty, or Order
action_date         -- date the action was issued
cited_requirement   -- the 10 CFR section / license condition violated
severity_level      -- traditional severity level (I most severe .. IV)
rop_color           -- Reactor Oversight Process finding color, if applicable
                    --   (green, white, yellow, red in rising significance)
civil_penalty_amt   -- proposed civil penalty in dollars, if any
willful             -- whether the violation involved willfulness
identification      -- self-identified by licensee vs. NRC-identified

The licensee_name and facility_name are the load-bearing keys. Because a single corporate licensee may operate several reactor sites, and a single site may host more than one reactor unit, the licensee identifies the legal party the NRC holds accountable while the facility anchors the action to a physical plant—the join that ties an enforcement action to the reactor inventory. The action_type distinguishes the three instruments: the routine Notice of Violation that cites a violation without a fine, the civil penalty that attaches a dollar amount, and the order that can reshape or end a license. The two severity columns—severity_level for traditional violations and rop_color for findings under the Reactor Oversight Process—are the substantive payload: they are what turn a row from a bare event into a graded judgment of how much a given failure mattered to public health and safety.

What it is and the NRC regulatory frame

The Nuclear Regulatory Commission was created by the Energy Reorganization Act of 1974, which abolished the Atomic Energy Commission and split its functions. The old AEC had been asked to do two things that were in tension: to promote the development of civilian nuclear power and to regulate its safety. Congress concluded that a single agency could not credibly do both, and so it separated them. The promotional and weapons-program functions went to what became the Department of Energy; the regulatory function went to a new, independent body—the NRC, which began operations in 1975. That independence is the defining structural fact about the agency and about this dataset: the NRC is led by a five-member commission, no more than three of whom may belong to the same political party, and its safety judgments are meant to be insulated from the energy-development mission that the AEC's critics believed had compromised the old regulator.

The NRC's authority rests on the Atomic Energy Act of 1954, as amended, which makes the possession and use of nuclear material a licensed privilege rather than a right. Everything the NRC regulates—a commercial power reactor, a university research reactor, a hospital using radioactive isotopes, a company that radiographs welds with a sealed source—does so under a license that carries conditions, and the agency's detailed requirements are codified in Title 10 of the Code of Federal Regulations. Part 50 and Part 52 govern the licensing of power reactors; Part 20 sets standards for radiation protection; Part 73 covers physical security; Part 26 governs fitness for duty. When the enforcement record cites a violation, it is almost always a citation of a specific 10 CFR section or a license condition derived from it.

The NRC enforces those requirements through a resident-inspector model that distinguishes it from most regulators. At every operating commercial power reactor site the agency stations resident inspectors—federal staff who work on site full time, observe operations, review records, and accompany the licensee's own staff—supplemented by region-based specialist inspectors and headquarters reviews. This continuous, on-site presence is why the violations the NRC records are not the product of an occasional audit but of sustained observation, and it shapes the data: a finding in nrc_enforcement typically reflects something an inspector watched happen, traced through the licensee's records, or confirmed through follow-up, not a paperwork discrepancy discovered at a distance.

The graded enforcement policy and severity levels

The NRC does not treat all violations alike. Its Enforcement Policy is explicitly graded: the agency calibrates its response to the safety or security significance of the violation, to whether the violation was willful, and to whether the licensee identified and corrected the problem itself. The same physical lapse can draw a routine citation or an escalated penalty depending on those factors, and understanding the grading is essential to reading the dataset, because the severity columns are the products of that policy.

For violations handled under the traditional enforcement process—which covers material licensees, security and willfulness matters, and other issues not captured by the reactor oversight scheme—the NRC assigns a severity level, conventionally numbered from Severity Level I, the most significant, down through Severity Level IV, the least. A Severity Level I or II violation reflects a matter of substantial safety, security, or regulatory significance and ordinarily draws a civil penalty; a Severity Level IV violation is a violation of more than minor concern that, if left uncorrected, could become a greater problem but does not on its own warrant a fine. The lowest tier of all—issues of minor significance—the agency may dispose of without a formal Notice of Violation at all. The severity assigned is therefore the single most informative field for ranking traditional violations by how much they mattered.

Two cross-cutting factors push an action up or down the scale. The first is willfulness: a violation that was deliberate, or that reflected careless disregard for requirements—a falsified record, a knowingly bypassed safety system—is treated far more seriously than an equivalent failure that was inadvertent, because willfulness strikes at the regulatory relationship that the licensing system depends on. The second is identification and correction: the agency's policy gives meaningful credit to a licensee that finds a problem on its own, reports it, and fixes it promptly, and conversely treats NRC-identified, uncorrected problems more harshly. This is why the willful and identification fields matter as much as the severity itself: two violations of the same requirement can sit at very different points on the enforcement scale because one was self-disclosed and corrected while the other was caught by an inspector and left to fester.

The Reactor Oversight Process and color-coded findings

For the operating commercial power reactors that dominate public attention, the NRC oversees day-to-day performance not through severity levels but through the Reactor Oversight Process (ROP), a risk-informed, performance-based framework the agency adopted around 2000 to make its oversight more objective, more predictable, and more focused on what actually matters to safety. The ROP is built around cornerstones of safety—initiating events, mitigating systems, barrier integrity, emergency preparedness, occupational and public radiation safety, and security—and it assesses performance through inspection findings and through a set of performance indicators that licensees report.

The heart of the ROP, and the source of the rop_color field, is the significance determination process, which assigns each inspection finding a color according to its safety or security significance. The colors run, in increasing significance, green, white, yellow, and red. A green finding is of very low safety significance—a deviation worth correcting but not worth alarm; a white finding is of low to moderate significance; a yellow finding is of substantial significance; and a red finding is of high significance, indicating a serious degradation in a plant's ability to protect the public. The colors are not merely descriptive labels. They feed the Action Matrix, which translates a plant's accumulated findings and performance indicators into a defined level of regulatory response: a plant in the licensee-response column with all-green performance is left largely to its own corrective-action program, while a plant that accumulates white, yellow, or red findings moves into progressively more intensive NRC inspection and oversight, up to the multiple- or repetitive-degraded column that can precede a shutdown order.

The relationship between an ROP color and a traditional enforcement action is the subtlety most analysts miss. Many ROP findings are documented as non-cited violations or are dispositioned through the assessment process without a classic civil penalty, because the ROP is designed to drive corrective action through graduated oversight rather than through fines. As a result, the color-coded findings and the traditional Notices of Violation and penalties are two partly overlapping streams: the most safety-significant reactor findings show up as yellow or red colors and may or may not carry a monetary penalty, while willful or security violations are handled through the traditional severity-level process even at a reactor. Reading the dataset well means recognizing that severity_level and rop_color describe different oversight tracks, and that the absence of a civil penalty on a row does not mean the underlying finding was trivial.

Escalated actions and orders

Most of the enforcement record consists of Notices of Violation that close with the licensee's corrective action. But the dataset's most consequential rows are the escalated actions—the civil penalties and the orders the agency reserves for the cases where ordinary citation is not enough. A civil penalty attaches a dollar figure to a violation, calculated under the Enforcement Policy from a base amount tied to the severity and adjusted for the licensee's identification, correction, and enforcement history. The penalty is significant less for its size—the statutory ceilings are modest relative to the cost of operating a reactor—than for what it signals: that the agency judged the violation serious or willful enough to require a sanction beyond a demand for correction.

The order is the apex instrument. Through an order the NRC can modify a license to impose new requirements, suspend a license, or revoke it outright—the regulatory equivalent of pulling a plant off the grid or shutting a materials user down. Orders also include the Confirmatory Action Letter, a document that records commitments a licensee has agreed to take, and orders prohibiting an individual from any licensed activity, which the NRC uses against people—not just companies—who commit deliberate violations such as falsifying records or willfully defeating safety systems. The existence of these individual orders is a distinctive feature of nuclear enforcement: the framework reaches the reactor operator who falsifies a logbook as well as the corporation that employs him. Because orders are rare and severe, a single order in the dataset carries far more weight than a Notice of Violation, and any ranking of licensees that simply counts actions without weighting by severity will badly understate the importance of the handful of orders the record contains.

Three Mile Island, Fukushima, and the shaping of the framework

The shape of NRC enforcement cannot be understood apart from the accidents that forced the agency to remake it. The Three Mile Island accident of March 1979—a partial meltdown of Unit 2 at the plant near Harrisburg, Pennsylvania, triggered by a stuck relief valve compounded by operators who misread the situation—was the most serious accident in the history of US commercial nuclear power. Although it released only a small amount of radiation and caused no documented deaths, it was a profound institutional shock. It exposed weaknesses in operator training, in control-room design, in emergency preparedness, and in the regulator's own posture, and the post-accident investigations drove a sweeping overhaul: stronger emergency-planning requirements, the creation of the industry's own self-policing institute, and a sharper, more skeptical NRC inspection and enforcement program. Much of the modern enforcement apparatus—the seriousness with which the agency treats operator performance, emergency preparedness, and the candor of licensees—traces to the lessons of Three Mile Island.

The Fukushima Daiichi accident of March 2011 in Japan, in which a tsunami knocked out cooling at multiple reactors and led to core damage and hydrogen explosions, was the second great inflection. It was not a US event, but the NRC treated it as a direct warning about beyond-design-basis external events—natural hazards larger than a plant was originally built to withstand—and the loss of the ultimate heat sink and station power. The agency's response, developed through a post-Fukushima task force, imposed new requirements on US licensees: portable emergency equipment to maintain cooling when normal and backup power fail, reevaluation of seismic and flooding hazards against current science, and hardened venting and spent-fuel-pool monitoring. For the enforcement record, Fukushima widened the aperture of what inspectors scrutinize and what licensees can be cited for, pulling external-hazard preparedness and the new mitigation strategies into the body of requirements whose violation the dataset captures. Three Mile Island taught the program to distrust complacency about operations; Fukushima taught it to distrust complacency about nature.

Joining to the reactor inventory

The enforcement table is most valuable not in isolation but joined to the physical inventory of nuclear facilities, and the licensee and facility fields are what make that join possible. The NRC publishes and maintains a list of operating and decommissioning power reactors with their licensees, sites, reactor types, and locations, and the broader federal energy data ecosystem carries the same plants in the power-generation inventory. Joining nrc_enforcement to that inventory by facility is what lets an analyst interpret an enforcement action in context—to attach a violation to a plant of known reactor type, vintage, capacity, and location, and to normalize action counts against the population of reactors rather than reading a raw tally.

That normalization matters because the denominator is small and shrinking. The United States operates on the order of ninety-odd commercial power reactors at roughly five dozen sites, a fleet that has slowly contracted as older units retire and few new ones come online. An apparent rise or fall in enforcement actions over time can therefore reflect changes in the size of the fleet, in the mix of operating versus decommissioning plants, and in the NRC's own enforcement posture, as much as any change in how safely the plants are run. Anchoring each action to a facility—and through the facility to the inventory's capacity, age, and operating status—is what converts the enforcement record from an undifferentiated stream of events into a per-plant, per-reactor-year picture that can be compared across the fleet and across time.

The licensee join supports the complementary, corporate view. Because a handful of large operating companies own and run most of the US fleet, grouping actions by licensee reveals whether enforcement concentrates in particular operators or is spread across the industry—though here too the analyst must weight by severity and normalize by the number of reactors each operator runs, since the largest fleets will naturally accumulate the most actions for the simple reason that they have the most plants. The most informative licensee metric is not raw action count but the rate of escalated actions—civil penalties and orders—per reactor-year of operation.

Analytical uses

A national, facility-resolved, date-stamped record of nuclear-safety enforcement supports a distinctive set of analyses, provided each is built on the right denominator and the right severity weighting.

Trend in enforcement over time is the most immediate use. Because each action carries a date and a type, an analyst can chart the volume of Notices of Violation, civil penalties, and orders by year and ask whether enforcement is rising or falling—then, by joining to the inventory, ask whether any change tracks the contraction of the fleet, the maturation of the Reactor Oversight Process, or a genuine shift in plant performance. The escalated-action series—the count of yellow and red findings, civil penalties, and orders—is the more meaningful signal than the raw total, because it filters out the routine green-level activity that the ROP is designed to handle quietly.

Which plants and licensees draw enforcement exploits the facility and licensee fields. Ranking sites by their accumulated findings, and especially by their escalated actions per reactor-year, surfaces the plants whose oversight has intensified and, through the ROP Action Matrix, those that have moved into heightened regulatory response. Severity and willfulness patterns exploit the severity columns and the willfulness flag—distinguishing the predominantly low-significance, self-identified, promptly corrected findings that make up the bulk of the record from the rare, high-significance, willful, or NRC-identified actions that signal a deeper problem. Finally, requirement-level analysis exploits the cited 10 CFR section to show where violations cluster—maintenance and surveillance, emergency preparedness, radiation protection, security, fitness for duty—and how those clusters shift after events like Fukushima reweight what inspectors look for.

Python workflow: enforcement actions from the NRC's public data

The script below pulls the NRC's published register of significant enforcement actions—the downloadable enforcement-action dataset on nrc.gov, which presents each escalated action once with its action type, licensee, severity, and date—classifies each by action type, and computes the core tallies: actions by type, actions per year, and licensees ranked by action count. No API key is required for this public download. The underlying enforcement letters live in ADAMS, the agency's Agencywide Documents Access and Management System; with Web-Based ADAMS retired in favor of the registered ADAMS Public Search (APS) API, the published dataset is the right programmatic backbone for a clean, deduplicated action register, and any production use should validate its column names against the dataset's companion data dictionary.

import io
import requests, pandas as pd
from collections import Counter

# NRC enforcement actions are published as a public dataset on nrc.gov.
# The agency posts a downloadable register of significant ("escalated")
# enforcement actions -- Notices of Violation, civil penalties, and
# orders -- with a companion data dictionary, and links the underlying
# letters in ADAMS, the NRC's public document system. No API key is
# required for this public download; ADAMS itself now sits behind the
# registered ADAMS Public Search (APS) API, so the published dataset is
# the right programmatic backbone for a clean, deduplicated action list.
DATASET = "https://www.nrc.gov/reading-rm/doc-collections/datasets/enforcement-actions.xls"


def load_actions(url=DATASET):
    # The register downloads as a single spreadsheet, one row per action.
    r = requests.get(url, timeout=120)
    r.raise_for_status()
    df = pd.read_excel(io.BytesIO(r.content))
    # Normalize column names so lookups are case- and spacing-insensitive.
    df.columns = [str(c).strip().lower().replace(" ", "_") for c in df.columns]
    return df


def _find(cols, *needles):
    # Return the first column whose name contains all of the needles.
    for c in cols:
        u = c.upper()
        if all(n.upper() in u for n in needles):
            return c
    return None


def _classify(text):
    # Map an action-type / title field to a coarse enforcement action type.
    t = (text or "").upper()
    if "CIVIL PENALTY" in t or "CIVIL PENALTIES" in t:
        return "Civil Penalty"
    if "CONFIRMATORY" in t:
        return "Confirmatory Action Letter"
    if "ORDER" in t:
        return "Order"
    if "NOTICE OF VIOLATION" in t or "NOV" in t:
        return "Notice of Violation"
    return "Other"


def analyze(url=DATASET):
    df = load_actions(url)
    if df.empty:
        print("No enforcement actions returned.")
        return

    # Discover the working columns; the register's headers vary by release.
    type_col = (_find(df.columns, "ACTION", "TYPE")
                or _find(df.columns, "TYPE")
                or _find(df.columns, "SUBJECT"))
    date_col = (_find(df.columns, "ACTION", "DATE")
                or _find(df.columns, "ISSUE", "DATE")
                or _find(df.columns, "DATE"))
    lic_col = (_find(df.columns, "LICENSEE")
               or _find(df.columns, "FACILITY")
               or _find(df.columns, "NAME"))

    df["type"] = df[type_col].map(_classify) if type_col else "Other"
    df["year"] = (pd.to_datetime(df[date_col], errors="coerce").dt.year
                  if date_col else pd.NA)

    # --- Actions by type --------------------------------------------------
    by_type = Counter(df["type"])
    print("Enforcement actions by type:")
    for kind, n in by_type.most_common():
        print(f"  {kind:<28} {n:>6,}")

    # --- Actions by year --------------------------------------------------
    if date_col:
        yearly = df.dropna(subset=["year"]).groupby("year").size()
        print("\nActions per year (recent):")
        for yr, n in yearly.tail(8).items():
            print(f"  {int(yr)}: {n:,}")

    # --- Licensees ranked by action count --------------------------------
    if lic_col:
        ranked = (df[df[lic_col].astype(bool)]
                  .groupby(lic_col).size()
                  .sort_values(ascending=False))
        print("\nTop licensees by enforcement action count:")
        for name, n in ranked.head(10).items():
            print(f"  {n:>4,}  {name}")
    return df


analyze()

Two practical notes apply. First, the classification in the script is deliberately coarse—it reads the action type from the dataset's type field, which is a reliable first pass but should be cross-checked against the structured fields the NRC maintains. A rigorous analysis should key on the enforcement-action (EA) number that uniquely identifies each action, attach the severity level and any ROP color from the action letter itself, and confirm that a single action—which can generate several documents in ADAMS such as the proposed-penalty letter, the licensee's response, and the final determination—is counted once rather than several times. Second, for any serious quantitative work the published enforcement-action dataset and the annual enforcement-program reports on nrc.gov are the authoritative register: they present each action once, with its EA number, licensee, severity, and disposition, and they are the right backbone to which the ADAMS documents and the reactor inventory should be joined.

Limitations and analytical caveats

The NRC enforcement record is the most authoritative public account of nuclear-safety accountability in the United States, but it carries structural limitations that an analyst must internalize before drawing conclusions from it.

The denominator is small, so counts are noisy. Unlike a mine-safety or food-safety enforcement record with millions of rows, the nuclear enforcement dataset is small—on the order of 1,800 actions—because the regulated universe of power reactors is small and because the program emphasizes corrective action over volume of citations. A single high-significance event at one plant can dominate a year's totals, and apparent trends can turn on a handful of actions. Statistical claims that would be robust across millions of citations are fragile here; the data rewards careful case-level reading more than it rewards aggregate inference, and every rate should be reported with its small denominator in plain view.

The grain is document-centric, and findings are not penalties.A single enforcement action can generate several documents over its life—an inspection report, a proposed-penalty letter, the licensee's reply, a final order—so a naive document count overstates the number of distinct actions. And the absence of a civil penalty on a row does not mean the underlying issue was minor: the Reactor Oversight Process is designed to drive most findings, including significant ones, through graduated oversight rather than fines. Counting only penalized actions, or treating every document as an action, will both mislead. The unit that matters is the distinct enforcement action, identified by its EA number and weighted by its severity, not the count of paper it produced.

Enforcement measures the regulator as much as the regulated.The number and severity of actions reflect not only how the plants behaved but how the NRC chose to oversee them. The adoption of the Reactor Oversight Process around 2000, the post-Fukushima requirements after 2011, and shifts in the agency's enforcement posture all change what gets cited and how it is graded, independent of any change in plant safety. A decline in actions can mean plants are running better, that the fleet has shrunk, or that the agency's approach has evolved—and the data alone cannot distinguish these. Treating the enforcement count as a pure thermometer of nuclear safety, rather than as the joint product of plant performance and regulatory practice, over-reads what the dataset can bear.

Held with these caveats in mind, the nrc_enforcement table is a uniquely valuable resource: a facility-resolved, date-stamped, severity-graded record of every formal step the federal government has taken when a nuclear licensee fell short of the requirements that stand between a reactor and the public—the accountability ledger of an industry that, more than any other, is judged not by how often it fails but by how seriously the government treats each failure that it does.