Nuclear power plant operators, fuel cycle vendors, waste management platforms, and SMR developers operate under the most stringent compliance regime of any industry.
NRC 10 CFR Parts 20, 50, 71, 73, and 810 create overlapping obligations with criminal exposure. NERC CIP standards impose up to $1 million per day per violation. IAEA Safeguards discrepancies can trigger Board of Governors referrals.
And yet most NuclearTech SaaS vendors are still managing compliance deadlines in spreadsheets.
This article gives you 5 production-ready n8n workflows for NuclearTech SaaS vendors — covering NRC event notification, NERC CIP incident response, IAEA safeguards tracking, and DOE export control. All workflow JSON is importable directly into your n8n instance.
Who this is for
These workflows are designed for NuclearTech SaaS vendors — companies selling software to the nuclear industry:
| Customer Tier | Examples |
|---|---|
TIER_1_NUCLEAR_UTILITY |
Large nuclear power plant operators (PWR/BWR licensees) |
NUCLEAR_FUEL_CYCLE_SAAS |
Enrichment, fuel fabrication, reprocessing vendors |
NUCLEAR_WASTE_MANAGEMENT_VENDOR |
Radioactive waste disposal and LLW management platforms |
NUCLEAR_INSTRUMENTATION_SAAS |
I&C, SCADA, digital safety system vendors |
RADIATION_PROTECTION_SAAS |
Dosimetry, health physics, RP monitoring platforms |
NUCLEAR_DECOMMISSIONING_PLATFORM |
D&D project management SaaS |
SMALL_MODULAR_REACTOR_STARTUP |
SMR developers in NRC Part 52 pre-application phase |
Compliance flags injected at onboarding:
-
NRC_10CFR50_LICENSED— power reactor operating license under 10 CFR Part 50 -
NRC_DIGITAL_IACS_10CFR73_54— digital I&C systems subject to NRC cybersecurity order EA-14-166 -
NERC_CIP_REGISTERED_ENTITY— bulk electric system owner/operator/user under NERC CIP standards -
IAEA_SAFEGUARDS_APPLICABLE— Additional Protocol or Comprehensive Safeguards Agreement applicable -
DOE_10CFR810_EXPORT_CONTROLLED— sensitive nuclear technology requiring DOE specific authorization -
NRC_RADIOACTIVE_MATERIALS_LICENSE— Agreement State or NRC byproduct material license holder -
NRC_PART_71_CERTIFIED_PACKAGE— Type A/B radioactive material shipping package certification
Workflow 1 — NuclearTech Customer Onboarding & Compliance Drip
What it does: Classifies new customers by tier and compliance flags on signup. Sends three onboarding emails (Day 0, Day 3, Day 7) with tier-specific NRC/NERC CIP guidance. Day 0 email for NRC_DIGITAL_IACS customers explains the §73.54 cybersecurity plan implication of cloud-based automation. Day 0 for IAEA_SAFEGUARDS customers explains material accountancy data sovereignty under CSA Art.78.
Why it matters: Nuclear utilities procurement teams need to confirm your platform's compliance posture before contract signature. An automated onboarding drip that speaks their regulatory language (§50.72 clocks, NERC CIP audit evidence, IAEA CSA obligations) differentiates you from generic SaaS vendors who don't understand the nuclear compliance stack.
{
"name": "NuclearTech SaaS \u2014 Customer Onboarding Drip",
"nodes": [
{
"id": "w1n1",
"name": "Webhook \u2014 New Customer",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
0,
0
],
"parameters": {
"path": "nuclear-new-customer",
"responseMode": "responseNode"
}
},
{
"id": "w1n2",
"name": "Respond OK",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
200,
0
],
"parameters": {
"respondWith": "text",
"responseBody": "OK"
}
},
{
"id": "w1n3",
"name": "Set \u2014 Tier & Flags",
"type": "n8n-nodes-base.set",
"typeVersion": 3,
"position": [
400,
0
],
"parameters": {
"assignments": {
"assignments": [
{
"name": "customer_tier",
"value": "={{ $json.segment === 'utility' ? 'TIER_1_NUCLEAR_UTILITY' : $json.segment === 'fuel_cycle' ? 'NUCLEAR_FUEL_CYCLE_SAAS' : $json.segment === 'waste' ? 'NUCLEAR_WASTE_MANAGEMENT_VENDOR' : $json.segment === 'ic_systems' ? 'NUCLEAR_INSTRUMENTATION_SAAS' : $json.segment === 'rp' ? 'RADIATION_PROTECTION_SAAS' : $json.segment === 'decommission' ? 'NUCLEAR_DECOMMISSIONING_PLATFORM' : 'SMALL_MODULAR_REACTOR_STARTUP' }}",
"type": "string"
},
{
"name": "flag_nrc_50",
"value": "={{ $json.nrc_10cfr50_licensed === true }}",
"type": "boolean"
},
{
"name": "flag_iacs",
"value": "={{ $json.digital_iacs === true }}",
"type": "boolean"
},
{
"name": "flag_nerc_cip",
"value": "={{ $json.nerc_cip_registered === true }}",
"type": "boolean"
},
{
"name": "flag_iaea",
"value": "={{ $json.iaea_safeguards === true }}",
"type": "boolean"
},
{
"name": "flag_doe_810",
"value": "={{ $json.doe_10cfr810_export === true }}",
"type": "boolean"
},
{
"name": "contact_email",
"value": "={{ $json.contact_email }}",
"type": "string"
},
{
"name": "company_name",
"value": "={{ $json.company_name }}",
"type": "string"
}
]
}
}
},
{
"id": "w1n4",
"name": "Gmail \u2014 Day 0 Welcome",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
600,
0
],
"parameters": {
"sendTo": "={{ $json.contact_email }}",
"subject": "Welcome to FlowKit \u2014 Your NRC/NERC CIP compliance automation is ready",
"message": "Hi {{ $json.company_name }}, your FlowKit NuclearTech compliance suite is active. NRC \u00a750.72 1-hour clock, NERC CIP incident response, and IAEA safeguards tracker are configured. Setup guide follows in 3 days. FlowKit Team https://stripeai.gumroad.com"
}
},
{
"id": "w1n5",
"name": "Wait \u2014 3 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
800,
0
],
"parameters": {
"resume": "timeInterval",
"unit": "days",
"amount": 3
}
},
{
"id": "w1n6",
"name": "Gmail \u2014 Day 3 Integration Guide",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1000,
0
],
"parameters": {
"sendTo": "={{ $json.contact_email }}",
"subject": "FlowKit NuclearTech \u2014 Integration guide + NRC API endpoints",
"message": "Day 3: Connect your NRC event notification feed, NERC CIP monitoring API, and IAEA safeguards reporting endpoint. Fastest clock in your stack: NRC \u00a750.72(a)(1) emergency declaration = 1 hour to NRC Operations Center. See integration checklist attached."
}
},
{
"id": "w1n7",
"name": "Wait \u2014 4 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1200,
0
],
"parameters": {
"resume": "timeInterval",
"unit": "days",
"amount": 4
}
},
{
"id": "w1n8",
"name": "Gmail \u2014 Day 7 Activation",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1400,
0
],
"parameters": {
"sendTo": "={{ $json.contact_email }}",
"subject": "FlowKit NuclearTech \u2014 Incident pipeline now live",
"message": "Day 7: Your NRC event notification pipeline, NERC CIP incident response, and IAEA safeguards tracker are fully active. Any NRC reportable event triggers automated escalation within seconds."
}
},
{
"id": "w1n9",
"name": "Google Sheets \u2014 Log Onboarding",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
1600,
0
],
"parameters": {
"operation": "append",
"documentId": {
"__rl": true,
"mode": "id",
"value": "YOUR_SHEET_ID"
},
"sheetName": "Onboarding",
"columns": {
"mappingMode": "autoMapInputData"
}
}
}
],
"connections": {
"Webhook \u2014 New Customer": {
"main": [
[
{
"node": "Respond OK",
"type": "main",
"index": 0
},
{
"node": "Set \u2014 Tier & Flags",
"type": "main",
"index": 0
}
]
]
},
"Set \u2014 Tier & Flags": {
"main": [
[
{
"node": "Gmail \u2014 Day 0 Welcome",
"type": "main",
"index": 0
}
]
]
},
"Gmail \u2014 Day 0 Welcome": {
"main": [
[
{
"node": "Wait \u2014 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait \u2014 3 Days": {
"main": [
[
{
"node": "Gmail \u2014 Day 3 Integration Guide",
"type": "main",
"index": 0
}
]
]
},
"Gmail \u2014 Day 3 Integration Guide": {
"main": [
[
{
"node": "Wait \u2014 4 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait \u2014 4 Days": {
"main": [
[
{
"node": "Gmail \u2014 Day 7 Activation",
"type": "main",
"index": 0
}
]
]
},
"Gmail \u2014 Day 7 Activation": {
"main": [
[
{
"node": "Google Sheets \u2014 Log Onboarding",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 2 — NRC/NERC CIP/IAEA API Health Monitor
What it does: Polls 5 critical endpoints every 5 minutes using $getWorkflowStaticData to detect state transitions (UP→DOWN only, no repeat alerts). Each endpoint is annotated with its regulatory risk:
| Endpoint | Regulatory Annotation |
|---|---|
nrc_event_notification_api |
10 CFR §50.72 — 1h emergency clock source |
nerc_cip_monitoring_api |
CIP-008-6 incident response + CIP-007-6 patch management |
iaea_safeguards_api |
CSA Art.78 — material accountancy discrepancy risk |
radiation_monitoring_api |
10 CFR §20.2202 — immediate release notification |
dose_reporting_api |
10 CFR §20.2104 — annual occupational dose report |
Why it matters: If your NRC event notification API goes down, your customers cannot meet the 1-hour §50.72(a)(1) emergency reporting clock. That is a direct NRC enforcement action risk. The health monitor tells you before the clock runs.
{
"name": "NuclearTech \u2014 NRC/NERC CIP/IAEA API Health Monitor",
"nodes": [
{
"id": "w2n1",
"name": "Cron \u2014 Every 5 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
0,
0
],
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 5
}
]
}
}
},
{
"id": "w2n2",
"name": "HTTP \u2014 NRC Event Notification API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
200,
-200
],
"parameters": {
"url": "https://your-domain/nrc-event-notification-api/health",
"method": "GET",
"timeout": 8000
}
},
{
"id": "w2n3",
"name": "HTTP \u2014 NERC CIP Monitoring API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
200,
0
],
"parameters": {
"url": "https://your-domain/nerc-cip-monitoring-api/health",
"method": "GET",
"timeout": 8000
}
},
{
"id": "w2n4",
"name": "HTTP \u2014 IAEA Safeguards API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
200,
200
],
"parameters": {
"url": "https://your-domain/iaea-safeguards-api/health",
"method": "GET",
"timeout": 8000
}
},
{
"id": "w2n5",
"name": "HTTP \u2014 Radiation Monitoring API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
200,
400
],
"parameters": {
"url": "https://your-domain/radiation-monitoring-api/health",
"method": "GET",
"timeout": 8000
}
},
{
"id": "w2n6",
"name": "HTTP \u2014 Dose Reporting API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
200,
600
],
"parameters": {
"url": "https://your-domain/dose-reporting-api/health",
"method": "GET",
"timeout": 8000
}
},
{
"id": "w2n7",
"name": "Code \u2014 Classify Endpoint Status",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
600,
200
],
"parameters": {
"jsCode": "const endpoints = [\n { name: 'nrc_event_notification_api', regulatory: '10 CFR \u00a750.72 \u2014 1h emergency clock source', data: $(\"HTTP \u2014 NRC Event Notification API\").first().json },\n { name: 'nerc_cip_monitoring_api', regulatory: 'CIP-008-6 incident response + CIP-007-6 patch management', data: $(\"HTTP \u2014 NERC CIP Monitoring API\").first().json },\n { name: 'iaea_safeguards_api', regulatory: 'CSA Art.78 \u2014 material accountancy discrepancy risk', data: $(\"HTTP \u2014 IAEA Safeguards API\").first().json },\n { name: 'radiation_monitoring_api', regulatory: '10 CFR Part 20 \u00a720.2202 \u2014 immediate release notification', data: $(\"HTTP \u2014 Radiation Monitoring API\").first().json },\n { name: 'dose_reporting_api', regulatory: '10 CFR \u00a720.2104 \u2014 annual occupational dose report', data: $(\"HTTP \u2014 Dose Reporting API\").first().json }\n];\nconst prev = $getWorkflowStaticData('global');\nconst now = new Date().toISOString();\nconst alerts = [];\nfor (const ep of endpoints) {\n const status = ep.data?.status === 'ok' ? 'UP' : 'DOWN';\n const key = ep.name;\n if (status === 'DOWN' && prev[key] !== 'DOWN') {\n alerts.push({ endpoint: ep.name, status, regulatory: ep.regulatory, detected_at: now });\n }\n prev[key] = status;\n}\n$setWorkflowStaticData('global', prev);\nreturn alerts.length > 0 ? alerts.map(a => ({ json: a })) : [{ json: { all_ok: true } }];\n"
}
},
{
"id": "w2n8",
"name": "If \u2014 Any Endpoint Down",
"type": "n8n-nodes-base.if",
"typeVersion": 2,
"position": [
800,
200
],
"parameters": {
"conditions": {
"conditions": [
{
"leftValue": "={{ $json.all_ok }}",
"rightValue": true,
"operator": {
"type": "boolean",
"operation": "notEquals"
}
}
],
"combinator": "and"
}
}
},
{
"id": "w2n9",
"name": "Slack \u2014 #nuclear-ops Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1000,
100
],
"parameters": {
"channel": "#nuclear-ops",
"text": "={{ '\ud83d\udd34 NuclearTech API DOWN: ' + $json.endpoint + '\\nRegulatory risk: ' + $json.regulatory + '\\nDetected: ' + $json.detected_at }}"
}
},
{
"id": "w2n10",
"name": "Google Sheets \u2014 Log Incident",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
1000,
300
],
"parameters": {
"operation": "append",
"documentId": {
"__rl": true,
"mode": "id",
"value": "YOUR_SHEET_ID"
},
"sheetName": "API_Health",
"columns": {
"mappingMode": "autoMapInputData"
}
}
}
],
"connections": {
"Cron \u2014 Every 5 Minutes": {
"main": [
[
{
"node": "HTTP \u2014 NRC Event Notification API",
"type": "main",
"index": 0
},
{
"node": "HTTP \u2014 NERC CIP Monitoring API",
"type": "main",
"index": 0
},
{
"node": "HTTP \u2014 IAEA Safeguards API",
"type": "main",
"index": 0
},
{
"node": "HTTP \u2014 Radiation Monitoring API",
"type": "main",
"index": 0
},
{
"node": "HTTP \u2014 Dose Reporting API",
"type": "main",
"index": 0
}
]
]
},
"HTTP \u2014 NRC Event Notification API": {
"main": [
[
{
"node": "Code \u2014 Classify Endpoint Status",
"type": "main",
"index": 0
}
]
]
},
"Code \u2014 Classify Endpoint Status": {
"main": [
[
{
"node": "If \u2014 Any Endpoint Down",
"type": "main",
"index": 0
}
]
]
},
"If \u2014 Any Endpoint Down": {
"main": [
[
{
"node": "Slack \u2014 #nuclear-ops Alert",
"type": "main",
"index": 0
}
],
[]
]
},
"Slack \u2014 #nuclear-ops Alert": {
"main": [
[
{
"node": "Google Sheets \u2014 Log Incident",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 3 — NRC/DOE/NERC Compliance Deadline Tracker
What it does: Runs every weekday at 8 AM. Reads from a Google Sheet containing customer compliance deadlines. Classifies each as OVERDUE, CRITICAL (≤14 days), URGENT (≤30 days), WARNING (≤60 days), or NOTICE (≤90 days). Sends alerts to Slack #compliance-nuclear and Gmail to the deadline owner.
12 deadline types tracked:
| Deadline Type | Clock | Penalty |
|---|---|---|
NRC_10CFR50_72_IMMEDIATE_NOTIFICATION |
1 hour | NRC enforcement, license suspension risk |
NRC_10CFR50_73_LER_60DAY |
60 days | Civil penalty $100k+/day |
NRC_CYBERSECURITY_ANNUAL_ASSESSMENT |
Annual | NRC Order EA-14-166 deficiency finding |
NERC_CIP_ANNUAL_COMPLIANCE_FILING |
Annual | $1M/day per violation |
IAEA_SAFEGUARDS_QUARTERLY_REPORT |
30 days | CSA Art.78 Board of Governors referral |
DOE_10CFR810_AUTHORIZATION_RENEWAL |
Annual | DOE/DOJ criminal referral |
NRC_RADIOACTIVE_MATERIALS_LICENSE_RENEWAL |
120 days | Prohibited possession |
NRC_PART_71_CERTIFICATION_RENEWAL |
Annual | Prohibited transport |
NRC_ANNUAL_FINANCIAL_ASSURANCE |
Annual | Decommissioning fund deficiency |
NERC_CIP_MEDIUM_IMPACT_ANNUAL |
Annual | $25k-$1M per violation per day |
SOC2_TYPE2_RENEWAL |
Annual | Contract breach, procurement disqualification |
ANNUAL_PENTEST |
Annual | NRC §73.54 cybersecurity plan gap |
Fastest mandatory reporting clock: NRC_10CFR50_72_IMMEDIATE_NOTIFICATION — 1 hour from emergency class declaration to NRC Operations Center. This is a real-time operational obligation, not a compliance filing deadline.
{
"name": "NuclearTech \u2014 NRC/DOE/NERC Compliance Deadline Tracker",
"nodes": [
{
"id": "w3n1",
"name": "Cron \u2014 Weekdays 8 AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
0,
0
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1-5"
}
]
}
}
},
{
"id": "w3n2",
"name": "Google Sheets \u2014 Read Deadlines",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
200,
0
],
"parameters": {
"operation": "read",
"documentId": {
"__rl": true,
"mode": "id",
"value": "YOUR_SHEET_ID"
},
"sheetName": "NRC_Deadlines"
}
},
{
"id": "w3n3",
"name": "Code \u2014 Classify Urgency",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
400,
0
],
"parameters": {
"jsCode": "const DEADLINE_TYPES = {\n NRC_10CFR50_72_IMMEDIATE_NOTIFICATION: { label: 'NRC \u00a750.72(a)(1) Emergency Declaration', clock_hours: 1, penalty: 'NRC enforcement action \u2014 operating license suspension risk' },\n NRC_10CFR50_73_LER_60DAY: { label: 'NRC Licensee Event Report (LER)', clock_days: 60, penalty: '10 CFR \u00a750.73 \u2014 NRC enforcement, civil penalty $100k+/day' },\n NRC_CYBERSECURITY_ANNUAL_ASSESSMENT: { label: 'NRC 10 CFR \u00a773.54 Annual Cybersecurity Assessment', clock_days: 365, penalty: 'NRC Order EA-14-166 violation \u2014 cybersecurity plan deficiency finding' },\n NERC_CIP_ANNUAL_COMPLIANCE_FILING: { label: 'NERC CIP Annual Compliance Filing', clock_days: 365, penalty: 'NERC civil penalty up to $1M/day per violation' },\n IAEA_SAFEGUARDS_QUARTERLY_REPORT: { label: 'IAEA Safeguards Quarterly Inventory Report', clock_days: 30, penalty: 'CSA Art.78 discrepancy referral to IAEA Board of Governors' },\n DOE_10CFR810_AUTHORIZATION_RENEWAL: { label: 'DOE 10 CFR \u00a7810 Specific Authorization Renewal', clock_days: 365, penalty: 'Unauthorized nuclear technology export \u2014 DOE/DOJ criminal referral' },\n NRC_RADIOACTIVE_MATERIALS_LICENSE_RENEWAL: { label: 'NRC Radioactive Materials License Renewal', clock_days: 120, penalty: 'License expiration \u2014 prohibited possession of radioactive materials' },\n NRC_PART_71_CERTIFICATION_RENEWAL: { label: 'NRC 10 CFR Part 71 Package Certification', clock_days: 365, penalty: 'DOT PHMSA \u00a7173.7 violation \u2014 prohibited transport of radioactive materials' },\n NRC_ANNUAL_FINANCIAL_ASSURANCE: { label: 'NRC \u00a750.75 Decommissioning Funding Assurance', clock_days: 365, penalty: 'NRC enforcement \u2014 decommissioning fund deficiency finding' },\n NERC_CIP_MEDIUM_IMPACT_ANNUAL: { label: 'NERC CIP Medium Impact BES Cyber System Audit', clock_days: 365, penalty: 'NERC FAC-002 violation \u2014 $25k-$1M per violation per day' },\n SOC2_TYPE2_RENEWAL: { label: 'SOC 2 Type II Annual Renewal', clock_days: 365, penalty: 'Customer contract breach \u2014 procurement disqualification for nuclear utilities' },\n ANNUAL_PENTEST: { label: 'Annual Penetration Test', clock_days: 365, penalty: 'NRC \u00a773.54 cybersecurity plan gap \u2014 potential NRC inspection finding' }\n};\nconst today = new Date();\nconst results = [];\nfor (const row of $input.all()) {\n const d = row.json;\n const due = new Date(d.due_date);\n const daysLeft = Math.round((due - today) / 86400000);\n const dtype = DEADLINE_TYPES[d.deadline_type] || { label: d.deadline_type, penalty: 'Review required' };\n let urgency = 'OK';\n if (daysLeft < 0) urgency = 'OVERDUE';\n else if (daysLeft <= 14) urgency = 'CRITICAL';\n else if (daysLeft <= 30) urgency = 'URGENT';\n else if (daysLeft <= 60) urgency = 'WARNING';\n else if (daysLeft <= 90) urgency = 'NOTICE';\n if (urgency !== 'OK') results.push({ json: { ...d, ...dtype, days_left: daysLeft, urgency } });\n}\nreturn results.length > 0 ? results : [{ json: { all_clear: true } }];\n"
}
},
{
"id": "w3n4",
"name": "If \u2014 Action Required",
"type": "n8n-nodes-base.if",
"typeVersion": 2,
"position": [
600,
0
],
"parameters": {
"conditions": {
"conditions": [
{
"leftValue": "={{ $json.all_clear }}",
"rightValue": true,
"operator": {
"type": "boolean",
"operation": "notEquals"
}
}
],
"combinator": "and"
}
}
},
{
"id": "w3n5",
"name": "Slack \u2014 #compliance-nuclear",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
800,
0
],
"parameters": {
"channel": "#compliance-nuclear",
"text": "={{ '\u269b\ufe0f ' + $json.urgency + ' \u2014 ' + $json.label + '\\nDue: ' + $json.due_date + ' (' + $json.days_left + ' days)\\nAccount: ' + $json.account_name + '\\nPenalty: ' + $json.penalty }}"
}
},
{
"id": "w3n6",
"name": "Gmail \u2014 Compliance Owner",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
800,
200
],
"parameters": {
"sendTo": "={{ $json.owner_email }}",
"subject": "={{ '\u269b\ufe0f [' + $json.urgency + '] NRC/NERC Deadline: ' + $json.label + ' \u2014 ' + $json.days_left + ' days' }}",
"message": "={{ 'Deadline: ' + $json.label + '\\nDue: ' + $json.due_date + '\\nDays remaining: ' + $json.days_left + '\\nPenalty risk: ' + $json.penalty }}",
"additionalFields": {
"cc": "cco@your-company.com"
}
}
}
],
"connections": {
"Cron \u2014 Weekdays 8 AM": {
"main": [
[
{
"node": "Google Sheets \u2014 Read Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Google Sheets \u2014 Read Deadlines": {
"main": [
[
{
"node": "Code \u2014 Classify Urgency",
"type": "main",
"index": 0
}
]
]
},
"Code \u2014 Classify Urgency": {
"main": [
[
{
"node": "If \u2014 Action Required",
"type": "main",
"index": 0
}
]
]
},
"If \u2014 Action Required": {
"main": [
[
{
"node": "Slack \u2014 #compliance-nuclear",
"type": "main",
"index": 0
},
{
"node": "Gmail \u2014 Compliance Owner",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
Workflow 4 — NRC Event Notification + NERC CIP Incident Pipeline
What it does: Webhook receives incident reports from your monitoring systems. A Code node classifies 8 incident types, each with specific regulatory deadline, escalation recipients, Slack channel, and required action. Fires simultaneously to Slack incident bridge, Gmail escalation (named recipients + BCC CISO/Legal), and Google Sheets incident log.
8 incident types:
| Incident Type | Clock | Regulatory Basis |
|---|---|---|
NRC_10CFR50_72_IMMEDIATE_EMERGENCY |
1 hour | §50.72(a)(1)(i) — emergency class declaration |
NRC_10CFR50_72_FOUR_HOUR |
4 hours | §50.72(a)(2) — specific plant conditions |
NRC_10CFR50_72_EIGHT_HOUR |
8 hours | §50.72(b)(2) — safety system actuation |
NERC_CIP_CYBERSECURITY_INCIDENT |
35 days | CIP-008-6 R4 — E-ISAC notification |
RADIOACTIVE_MATERIAL_RELEASE |
4 hours | §20.2202 — release above 10x annual limit |
DOE_10CFR810_UNAUTHORIZED_EXPORT |
24 hours | §810.7 — unauthorized nuclear tech transfer |
IAEA_SAFEGUARDS_DISCREPANCY |
48 hours | CSA Art.78 — inventory discrepancy |
NRC_DIGITAL_IACS_CYBER_ATTACK |
1 hour | §73.54(b)(3) — digital I&C cyber attack |
Two fastest clocks: NRC_10CFR50_72_IMMEDIATE_EMERGENCY and NRC_DIGITAL_IACS_CYBER_ATTACK — both 1 hour. A 5-minute delay in incident classification could mean the difference between a timely report and a criminal NRC enforcement action.
{
"name": "NuclearTech \u2014 NRC Event Notification + NERC CIP Incident Pipeline",
"nodes": [
{
"id": "w4n1",
"name": "Webhook \u2014 Incident Trigger",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
0,
0
],
"parameters": {
"path": "nuclear-incident",
"responseMode": "responseNode"
}
},
{
"id": "w4n2",
"name": "Respond OK",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
200,
0
],
"parameters": {
"respondWith": "text",
"responseBody": "OK"
}
},
{
"id": "w4n3",
"name": "Code \u2014 Classify Incident",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
400,
0
],
"parameters": {
"jsCode": "const incidentMap = {\n NRC_10CFR50_72_IMMEDIATE_EMERGENCY: {\n label: 'NRC \u00a750.72(a)(1) Emergency Class Declaration',\n deadline_hours: 1,\n recipients: ['cco@your-company.com','vp_regulatory@your-company.com'],\n bcc: ['ciso@your-company.com','legal@your-company.com'],\n slack: '#nuclear-incident-bridge',\n action: 'Call NRC Operations Center at (301) 816-5100 within 1 hour. Activate emergency response organization. Document in plant log.',\n regulatory: '10 CFR \u00a750.72(a)(1)(i) \u2014 General Emergency, Site Area Emergency, Alert, or Unusual Event declaration'\n },\n NRC_10CFR50_72_FOUR_HOUR: {\n label: 'NRC \u00a750.72(a)(2) Four-Hour Notification',\n deadline_hours: 4,\n recipients: ['cco@your-company.com','vp_regulatory@your-company.com'],\n bcc: ['ciso@your-company.com'],\n slack: '#nuclear-compliance',\n action: 'Notify NRC Operations Center within 4 hours. Conditions: loss of safety function, major degradation, unexpected release.',\n regulatory: '10 CFR \u00a750.72(a)(2) \u2014 plant conditions listed in \u00a750.72(b)(2)'\n },\n NRC_10CFR50_72_EIGHT_HOUR: {\n label: 'NRC \u00a750.72(b)(2) Eight-Hour Notification',\n deadline_hours: 8,\n recipients: ['vp_regulatory@your-company.com'],\n bcc: ['ciso@your-company.com'],\n slack: '#nuclear-compliance',\n action: 'Notify NRC Operations Center within 8 hours. Safety system actuation, degraded conditions, security events.',\n regulatory: '10 CFR \u00a750.72(b)(2) \u2014 reportable conditions within 8 hours'\n },\n NERC_CIP_CYBERSECURITY_INCIDENT: {\n label: 'NERC CIP-008-6 Cybersecurity Incident',\n deadline_days: 35,\n recipients: ['ciso@your-company.com','cco@your-company.com'],\n bcc: ['legal@your-company.com'],\n slack: '#nerc-cip-incident',\n action: 'Submit NERC E-ISAC incident report within 35 days. Activate CIP-008-6 Cyber Security Incident Response Plan. Preserve all logs.',\n regulatory: 'NERC CIP-008-6 R4 \u2014 reportable Cyber Security Incident notification to E-ISAC'\n },\n RADIOACTIVE_MATERIAL_RELEASE: {\n label: 'Radioactive Material Release Above Threshold',\n deadline_hours: 4,\n recipients: ['cco@your-company.com','vp_regulatory@your-company.com'],\n bcc: ['ciso@your-company.com','legal@your-company.com'],\n slack: '#nuclear-incident-bridge',\n action: 'Notify NRC immediately if release exceeds 10x annual limit (\u00a720.2202). Notify within 24h if exceeds annual limit (\u00a720.2203). File written report within 30 days.',\n regulatory: '10 CFR \u00a720.2202 \u2014 immediate telephone notification to NRC Operations Center'\n },\n DOE_10CFR810_UNAUTHORIZED_EXPORT: {\n label: 'DOE 10 CFR \u00a7810 Unauthorized Nuclear Technology Transfer',\n deadline_hours: 24,\n recipients: ['legal@your-company.com','cco@your-company.com'],\n bcc: ['ciso@your-company.com'],\n slack: '#nuclear-compliance',\n action: 'Report to DOE Office of Nuclear Energy within 24h. Preserve all communications. Do not destroy records. Engage export control counsel immediately.',\n regulatory: '10 CFR \u00a7810.7 \u2014 notification of unauthorized nuclear technology transfer; DOE/DOJ criminal referral risk'\n },\n IAEA_SAFEGUARDS_DISCREPANCY: {\n label: 'IAEA Safeguards Material Accountancy Discrepancy',\n deadline_hours: 48,\n recipients: ['vp_regulatory@your-company.com','cco@your-company.com'],\n bcc: ['legal@your-company.com'],\n slack: '#nuclear-compliance',\n action: 'Report inventory discrepancy to NRC within 48h. Document all material balance records. Engage NRC regional office.',\n regulatory: 'IAEA CSA Art.78 \u2014 material accountancy discrepancy notification; Board of Governors referral risk'\n },\n NRC_DIGITAL_IACS_CYBER_ATTACK: {\n label: 'NRC \u00a773.54 Digital IACS Cyber Attack Detected',\n deadline_hours: 1,\n recipients: ['ciso@your-company.com','cco@your-company.com','vp_regulatory@your-company.com'],\n bcc: ['legal@your-company.com'],\n slack: '#nuclear-incident-bridge',\n action: 'Notify NRC immediately (within 1 hour). Activate cyber security incident response. Isolate affected IACS systems. Do not restore until NRC approval.',\n regulatory: '10 CFR \u00a773.54(b)(3) \u2014 cyber attack on digital safety/security I&C systems; NRC Order EA-14-166'\n }\n};\nconst type = $json.incident_type;\nconst config = incidentMap[type] || { label: type, deadline_hours: 24, recipients: ['cco@your-company.com'], bcc: [], slack: '#nuclear-compliance', action: 'Review and classify incident', regulatory: 'Unknown \u2014 classify before responding' };\nconst deadline = config.deadline_hours\n ? new Date(Date.now() + config.deadline_hours * 3600000).toISOString()\n : new Date(Date.now() + (config.deadline_days || 1) * 86400000).toISOString();\nreturn [{ json: {\n incident_type: type,\n ...config,\n deadline_iso: deadline,\n account_name: $json.account_name || 'Unknown',\n detected_at: new Date().toISOString(),\n severity: config.deadline_hours <= 1 ? 'CRITICAL' : config.deadline_hours <= 8 ? 'HIGH' : 'MEDIUM'\n}}];\n"
}
},
{
"id": "w4n4",
"name": "Slack \u2014 Incident Bridge",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
600,
-100
],
"parameters": {
"channel": "={{ $json.slack }}",
"text": "={{ '\u269b\ufe0f [' + $json.severity + '] NUCLEAR INCIDENT: ' + $json.label + '\\nAccount: ' + $json.account_name + '\\nDeadline: ' + $json.deadline_iso + '\\nRegulatory: ' + $json.regulatory + '\\nAction: ' + $json.action }}"
}
},
{
"id": "w4n5",
"name": "Gmail \u2014 Escalation",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
600,
100
],
"parameters": {
"sendTo": "={{ $json.recipients.join(',') }}",
"subject": "={{ '\u269b\ufe0f [' + $json.severity + '] NUCLEAR INCIDENT: ' + $json.label }}",
"message": "={{ 'Incident: ' + $json.label + '\\nAccount: ' + $json.account_name + '\\nDetected: ' + $json.detected_at + '\\nDeadline: ' + $json.deadline_iso + '\\nRegulatory: ' + $json.regulatory + '\\n\\nRequired action: ' + $json.action }}",
"additionalFields": {
"bcc": "={{ $json.bcc.join(',') }}"
}
}
},
{
"id": "w4n6",
"name": "Google Sheets \u2014 Log Incident",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
800,
0
],
"parameters": {
"operation": "append",
"documentId": {
"__rl": true,
"mode": "id",
"value": "YOUR_SHEET_ID"
},
"sheetName": "Incidents",
"columns": {
"mappingMode": "autoMapInputData"
}
}
}
],
"connections": {
"Webhook \u2014 Incident Trigger": {
"main": [
[
{
"node": "Respond OK",
"type": "main",
"index": 0
},
{
"node": "Code \u2014 Classify Incident",
"type": "main",
"index": 0
}
]
]
},
"Code \u2014 Classify Incident": {
"main": [
[
{
"node": "Slack \u2014 Incident Bridge",
"type": "main",
"index": 0
},
{
"node": "Gmail \u2014 Escalation",
"type": "main",
"index": 0
},
{
"node": "Google Sheets \u2014 Log Incident",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 5 — Weekly NuclearTech KPI Dashboard
What it does: Runs every Monday at 8 AM. Queries Postgres for weekly KPIs: nuclear utility accounts, SMR startup accounts, total MRR with WoW% (via $getWorkflowStaticData), open NRC incidents (7d), open NERC CIP incidents, open IAEA discrepancies, NRC deadlines in OVERDUE/CRITICAL, and DOE §810 incidents (30d). Sends HTML email to CEO + VP-Regulatory with BCC to CISO, plus Slack #weekly-kpi.
{
"name": "NuclearTech \u2014 Weekly KPI Dashboard",
"nodes": [
{
"id": "w5n1",
"name": "Cron \u2014 Monday 8 AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
0,
0
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "w5n2",
"name": "Postgres \u2014 KPI Query",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
200,
0
],
"parameters": {
"operation": "executeQuery",
"query": "SELECT\n COUNT(DISTINCT customer_id) FILTER (WHERE tier = 'TIER_1_NUCLEAR_UTILITY') AS utility_accounts,\n COUNT(DISTINCT customer_id) FILTER (WHERE tier = 'SMALL_MODULAR_REACTOR_STARTUP') AS smr_accounts,\n SUM(mrr_usd) AS total_mrr,\n COUNT(*) FILTER (WHERE status = 'open' AND incident_type LIKE 'NRC_%' AND created_at >= NOW() - INTERVAL '7 days') AS open_nrc_incidents_7d,\n COUNT(*) FILTER (WHERE status = 'open' AND incident_type LIKE 'NERC_%') AS open_nerc_cip_incidents,\n COUNT(*) FILTER (WHERE status = 'open' AND incident_type = 'IAEA_SAFEGUARDS_DISCREPANCY') AS open_iaea_discrepancies,\n COUNT(*) FILTER (WHERE urgency IN ('OVERDUE','CRITICAL') AND deadline_type LIKE 'NRC_%') AS nrc_deadlines_overdue_critical,\n COUNT(*) FILTER (WHERE incident_type = 'DOE_10CFR810_UNAUTHORIZED_EXPORT' AND created_at >= NOW() - INTERVAL '30 days') AS doe_810_incidents_30d\nFROM nuclear_kpi_view;\n"
}
},
{
"id": "w5n3",
"name": "Code \u2014 Build KPI Report",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
400,
0
],
"parameters": {
"jsCode": "const kpi = $input.first().json;\nconst prev = $getWorkflowStaticData('global');\nconst mrrWoW = prev.last_mrr ? ((kpi.total_mrr - prev.last_mrr) / prev.last_mrr * 100).toFixed(1) : 'N/A';\nprev.last_mrr = kpi.total_mrr;\n$setWorkflowStaticData('global', prev);\nconst html = `<h2>NuclearTech Weekly KPI \u2014 ${new Date().toDateString()}</h2>\n<table border='1' cellpadding='6' style='border-collapse:collapse'>\n<tr><th>Metric</th><th>Value</th></tr>\n<tr><td>Nuclear Utility Accounts</td><td>${kpi.utility_accounts}</td></tr>\n<tr><td>SMR Startup Accounts</td><td>${kpi.smr_accounts}</td></tr>\n<tr><td>Total MRR</td><td>$${Number(kpi.total_mrr).toLocaleString()}</td></tr>\n<tr><td>MRR WoW%</td><td>${mrrWoW}%</td></tr>\n<tr><td style='color:red'>Open NRC Incidents (7d)</td><td>${kpi.open_nrc_incidents_7d}</td></tr>\n<tr><td style='color:red'>Open NERC CIP Incidents</td><td>${kpi.open_nerc_cip_incidents}</td></tr>\n<tr><td style='color:red'>Open IAEA Discrepancies</td><td>${kpi.open_iaea_discrepancies}</td></tr>\n<tr><td>NRC Deadlines OVERDUE/CRITICAL</td><td>${kpi.nrc_deadlines_overdue_critical}</td></tr>\n<tr><td>DOE \u00a7810 Incidents (30d)</td><td>${kpi.doe_810_incidents_30d}</td></tr>\n</table>\n<p><a href='https://stripeai.gumroad.com'>FlowKit NuclearTech Compliance Suite</a></p>`;\nreturn [{ json: { html, kpi } }];\n"
}
},
{
"id": "w5n4",
"name": "Gmail \u2014 CEO + VP-Regulatory",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
600,
-100
],
"parameters": {
"sendTo": "ceo@your-company.com",
"subject": "={{ 'NuclearTech Weekly KPI \u2014 ' + $now.format('MMM D, YYYY') }}",
"message": "={{ $json.html }}",
"additionalFields": {
"cc": "vp_regulatory@your-company.com",
"bcc": "ciso@your-company.com"
}
}
},
{
"id": "w5n5",
"name": "Slack \u2014 #weekly-kpi",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
600,
100
],
"parameters": {
"channel": "#weekly-kpi",
"text": "={{ '\u269b\ufe0f NuclearTech KPI: MRR $' + $json.kpi.total_mrr + ' (' + $json.kpi.utility_accounts + ' utilities, ' + $json.kpi.smr_accounts + ' SMR startups) | Open NRC incidents: ' + $json.kpi.open_nrc_incidents_7d + ' | NERC CIP: ' + $json.kpi.open_nerc_cip_incidents + ' | IAEA discrepancies: ' + $json.kpi.open_iaea_discrepancies }}"
}
}
],
"connections": {
"Cron \u2014 Monday 8 AM": {
"main": [
[
{
"node": "Postgres \u2014 KPI Query",
"type": "main",
"index": 0
}
]
]
},
"Postgres \u2014 KPI Query": {
"main": [
[
{
"node": "Code \u2014 Build KPI Report",
"type": "main",
"index": 0
}
]
]
},
"Code \u2014 Build KPI Report": {
"main": [
[
{
"node": "Gmail \u2014 CEO + VP-Regulatory",
"type": "main",
"index": 0
},
{
"node": "Slack \u2014 #weekly-kpi",
"type": "main",
"index": 0
}
]
]
}
}
}
Why self-hosted n8n — the nuclear compliance argument
| Risk | Self-hosted n8n | Cloud iPaaS (Zapier/Make) |
|---|---|---|
| NRC §73.54 IACS cybersecurity | Runs inside plant network boundary — no internet egress, no NRC-required mitigation for cloud data communications pathway | Cloud service = "data communications pathway" under §73.54(b) requiring NRC-approved mitigation strategy |
| NERC CIP-007-6 patch management | Licensee controls update cadence — documented evidence for NERC audit | Vendor update cadence outside licensee control — CIP-007-6 patch management baseline gap |
| IAEA Safeguards material accountancy | Safeguards-relevant data stays in on-premise Postgres — no CSA Art.78 discrepancy risk | Material accountancy data in commercial cloud = potential Art.78 inventory discrepancy question at IAEA inspection |
| DOE 10 CFR §810 export control | Sensitive nuclear technology automation stays within US jurisdiction | Automation of export-controlled nuclear tech through commercial cloud = potential unauthorized assistance to foreign atomic energy activities |
| NRC Part 50 Appendix B QA program | Self-hosted instance = auditable artifact within QA program scope | Third-party cloud SaaS = additional validated system requiring NRC inspection documentation |
Buyer Q&A
Q: Does n8n satisfy NRC 10 CFR §73.54 cybersecurity plan requirements?
A: n8n itself is not NRC-approved. But self-hosted n8n running inside your plant network boundary — with no internet egress, versioned configuration, and access controls — avoids the "data communications pathway" classification that triggers §73.54(b) mitigation requirements for cloud-based tools. Your cybersecurity plan must document the tool and its controls either way.
Q: Can n8n workflows be part of our NERC CIP-007 patch management evidence?
A: Yes. n8n workflows versioned in Git provide a documented change management trail auditable against CIP-007-6 requirements. Self-hosted instances give you control over the patch timeline — unlike cloud SaaS where vendor updates occur outside your change management process.
Q: Does IAEA have jurisdiction over our SaaS vendor's automation tools?
A: IAEA Safeguards jurisdiction is over the State and licensee, not the software vendor. But if material accountancy data (inventory, transfers, waste weights) flows through a commercial cloud automation tool, that creates a chain-of-custody question at IAEA inspection. Keeping that data in on-premise n8n eliminates the question.
Q: What's the NRC §50.72 clock exactly — does n8n help with that?
A: §50.72(a)(1)(i) requires notification to the NRC Operations Center within 1 hour of declaring an emergency class. n8n's Workflow 4 incident pipeline fires within seconds of a trigger — it automates the call script preparation and escalation chain, so your emergency response coordinator has everything needed to make the NRC call in time. The human makes the call; n8n handles the paperwork and escalation routing.
Q: We're an SMR developer in pre-application — do these workflows apply?
A: Some do. The onboarding drip and KPI dashboard apply immediately. The NRC event notification pipeline becomes relevant at construction permit application stage. The IAEA safeguards tracker applies once your design includes safeguards-relevant material. Start with the deadline tracker for NRC Part 52 pre-application milestones — those have hard clocks too.
Get the full workflow bundle
All 5 workflows above, plus 10 additional n8n automation templates for SaaS vendors, are available at:
FlowKit n8n Automation Templates →
Individual templates: $12–$29. Bundle: $97 for all 15.
Have a specific NuclearTech compliance use case? Drop it in the comments — I read every one.
Top comments (0)