As private Small Modular Reactors evolve under the Shanti Act, nuclear security, regulatory depth and emergency preparedness must come first
India’s SHANTI Act (Sustainable Harnessing and Advancement of Nuclear Energy for Transforming India), enacted in December 2025 is undoubtedly an inflection point in diluting the state’s longstanding monopoly on nuclear power to fast-track clean energy goals. By replacing the Atomic Energy Act of 1962 and the Civil Liability for Nuclear Damage Act of 2010, it targets 100 GW of nuclear capacity by 2047 from the current 8.8 GW. It also prioritises indigenous small modular reactors (SMRs) for industrial and captive applications while enabling private Indian firms and joint ventures to build, own, and operate plants with up to 49% equity under central government majority control. Other major key reforms include granting statutory independence to the Atomic Energy Regulatory Board (AERB) and reserving state exclusivity over uranium enrichment, spent fuel reprocessing, and high-level waste.
At present only Russia has fully operational SMRs which have been commercial since 2020 and delivering power reliably to the remote Arctic region in extremely harsh environment. Several other countries like the US, China, Russia, Canada, and the UK are in advance stages aiming for operationalisation in the period 2030-2035. India plans to deploy indigenous SMRs by 2033, with a budget of INR 20,000 crore allocated in 2025-26 for at least five units under the Nuclear Energy Mission. India’s Union Budget 2026-27 extends basic customs duty exemptions on imports of goods required for nuclear power projects until 2035, broadening coverage to all nuclear plants regardless of capacity. The Bhabha Atomic Research Centre leads development of Bharat Small Modular Reactors (BSMR), targeting energy-intensive industries, remote areas, and repurposed fossil plants. Besides, India’s private sector is poised for a transformative role in SMR deployment with major firms including Adani Group, Reliance Industries, Tata Power, JSW Energy, Jindal Steel & Power and Hindalco having expressed interest in BSMR development and deployment.
Fail-safe security of SMRs assumes added significance in the Indian context due to the stressed internal security environment in many regions of the country. SMRs present distinct security challenges stemming from their compact size, factory-fabricated designs, and deployment in dispersed locations such as remote regions or industrial sites. They are also likely to be deployed for captive power at energy guzzling large data centers for artificial intelligence and global capability centers. Their smaller footprints and transportability increase sabotage risks, as reduced on-site security personnel compared to large reactors could undermine the security framework against coordinated attacks. Modular construction also heightens proliferation risks by potentially simplifying the unauthorized movement of nuclear materials, necessitating specialized safeguards beyond conventional methods. Additionally, SMRs’ reliance on advanced digital controls expands cyber-attack vulnerabilities, particularly through supply chain weaknesses during multi-vendor factory assembly, with remote or unmanned operations further raising the threat of hacking that could enable sabotage or theft.
Security measures for SMRs need to be predicated on “security by design” concept, integrating protective measures at the inception stage of development to counter physical, cyber and proliferation threats while keeping costs manageable. In the physical domain, threat assessments based on the design dictate a layered security system incorporating barriers, sensors, cameras, and response teams. These measures can be tested against modelling tools to assess any gaps to counter diverse threats. Vulnerability of dispersed SMRs can be further reduced by underground siting, hardened structures and minimal on-site fuel storage. Cyber security measures focus on extensive vendor oversight and monitoring during factory construction phase. SMRs should function on stand-alone digital networks and regular threat modelling to discern vulnerabilities in automated controls and monitoring through encrypted systems with built-in fail-safes and redundancy. India also needs to codify regulatory safeguards aligned with IAEA standards to include modular fuel handling, independent design verification and regulatory independence of AERB. While India’s SMR security roadmap is broadly aligned with global practices, it needs to catch up with the US and Canada in cyber‑security integration and regulatory modular safeguards, including fuel and waste management. India’s approach to cyber security is fragmented and it is still drafting SMR‑specific cyber protocols. India also lacks the practical experience of Russia which has already commercialised operational SMRs. Moreover, SMR-specific human resource needs to be trained to meet India’s deployment window of 2030–2035. In order to adhere to these timelines, pilot projects to match global benchmarks with full physical-cyber security integration and regulatory clarity need to be established by 2030.
