Passive nuclear safety is a safety feature of a nuclear reactor that does not require operator actions or electronic feedback in order to shut down safely in the event of a particular type of emergency (usually overheating resulting from a loss of coolant or loss of coolant flow). Such reactors tend to rely more on the engineering of components such that their predicted behaviour according to known laws of physics would slow, rather than accelerate, the nuclear reaction in such circumstances. This is in contrast to some older reactor designs, where the natural tendency for the reaction was to accelerate rapidly from increased temperatures, such that either electronic feedback or operator triggered intervention was necessary to prevent damage to the reactor.

Terming a reactor 'passively safe' is more a description of the strategy used in maintaining a degree of safety, than it is a description of the level of safety. Whether a reactor employing passive safety systems is to be considered safe or dangerous will depend on the criteria used to evaluate the safety level. This said, modern reactor designs have focused on increasing the amount of passive safety, and thus most passively-safe designs incorporate both active and passive safety systems, making them substantially safer than older installations. They can be said to be "relatively safe" compared to previous designs.

Reactor vendors like to call their new generation reactors 'passively safe' but this term is sometimes confused with 'inherently safe' in the public perception. It is very important to understand that there are no 'passively safe' reactors or 'passively safe' systems, only 'passively safe' components of safety systems exist. Safety systems are used to maintain control of the plant if it goes outside normal conditions in case of anticipated operational occurrences or accidents, while the control systems are used to operate the plant under normal conditions. Sometimes a system combines both features. Passive safety refers to safety system components, whereas inherent safety refers to control system process regardless of the presence or absence of safety specific subsystems.

As an example of a safety system with 'passively safe' components, let us consider the containment of a nuclear reactor. 'Passively safe' components are the concrete walls and the steel liner, but in order to fulfil its mission active systems have to operate, e.g. valves to ensure the closure of the piping leading outside the containment, feedback of reactor status to external instrumentation and control (I&C) both of which may require external power to function.

The International Atomic Energy Agency (IAEA) classifies the degree of "passive safety" of components from category A to D depending on what the system does not make use of:

1. no moving working fluid
2. no moving mechanical part
3. no signal inputs of 'intelligence'
4. no external power input or forces

In category A (1+2+3+4) is the fuel cladding using none of these: It is always closed and keeps the fuel and the fission products inside and is not open before arriving at the reprocessing plant. In category B (2+3+4) is the surge line, which connects the hot leg with the pressurizer and helps to control the pressure in the primary loop of a PWR and uses a moving working fluid when fulfilling its mission. In category C (3+4) is the accumulator, which does not need signal input of 'intelligence' or external power. Once the pressure in the primary circuit drops below the set point of the spring loaded accumulator valves, the valves open and water is injected into the primary circuit by compressed nitrogen. In category D (4 only) is the SCRAM which utilizes moving working fluids, moving mechanical parts and signal inputs of 'intelligence' but not external power or forces: the control rods drop driven by gravity once they have been released from their magnetic clamp. But nuclear safety engineering is never that simple: Once released the rod may not fulfil its mission: It may get stuck due to earthquake conditions or due to deformed core structures. This shows that though it is a passively safe system and has been properly actuated, it may not fulfil its mission. Nuclear engineers have taken this into consideration: Typically only a part of the rods dropped are necessary to shut down the reactor. Samples of safety systems with passive safety components can be found in almost all nuclear power stations: the containment, hydro-accumulators in PWRs or pressure suppression systems in BWRs.

In most texts on 'passively safe' components in next generation reactors, the key issue is that no pumps are needed to fulfil the mission of a safety system and that all active components (generally I&C and valves) of the systems work with the electric power from batteries.

IAEA explicitly uses the following caveat:

... passivity is not synonymous with reliability or availability, even less with assured adequacy of the safety feature, though several factors potentially adverse to performance can be more easily counteracted through passive design (public perception). On the other hand active designs employing variable controls permit much more precise accomplishment of safety functions; this may be particularly desirable under accident management conditions.

Nuclear reactor response properties such as Temperature coefficient of reactivity and Void coefficient of reactivity usually refer to the thermodynamic and phase-change response of the neutron moderator heat transfer process respectively. Reactors whose heat transfer process has the operational property of a negative void coefficient of reactivity are said to possess an inherent safety process feature. An operational failure mode could potentially alter the process to render such a reactor unsafe.

Reactors could be fitted with a hydraulic safety system component that increases the inflow pressure of coolant (esp. water) in response to increased outflow pressure of the moderator and coolant without control system intervention. Such reactors would be described as fitted with such a passive safety component that could - if so designed - render in a reactor a negative void coefficient of reactivity, regardless of the operational property of the reactor in which it is fitted. The feature would only work if it responded faster than an emerging (steam) void and the reactor components could sustain the increased coolant pressure. A reactor fitted with both safety features - if designed to constructively interact - is an example of a safety interlock. Rarer operational failure modes could render both such safety features useless and detract from the overall relative safety of the reactor.