The Maeslant barrier is a storm surge barrier and a critical component of the Dutch coastal flood defense system. Its reliability is formally assessed through a Reliability and Availability (RA) analysis, which estimates the probability of non-closure during storm events. However, concerns have been raised regarding the completeness and transparency of this analysis, particularly the potential omission of relevant failure events. This thesis investigates whether a selected set of previously unaccounted for events can be systematically identified and quantified to improve the accuracy of the non-closure probability.

A three-stage methodology was developed. First, a structured inventory of unaccounted-for events was constructed using HAZOP, FMEA, What-If, and external event screening techniques, mapped across four analytical dimensions. Second, the list was filtered based on estimated occurrence probability and quantifiability, resulting in a shortlist of three events: epistemically uncertain events, non-stationary component degradation, and the unverified reliability of human interventions. Third, these events were quantified using structured expert judgment, research into time-dependent fault tree modeling, and human reliability assessment.

Results indicate that these unaccounted-for events can alter the estimated non-closure probability, either increasing it by an order of magnitude or reducing it by up to 50%. Moreover, the analysis revealed limitations in the current RA analysis, including outdated reliability assumptions, a fragmented integration of human interventions, and a lack of empirical data. These findings support the need for a more transparent and adaptable RA framework. The discussion highlights that while completeness in risk assessment is theoretically unattainable, similar to the limitations of physical laws, models should strive for an optimal balance between complexity, traceability, and applicability.

Recommendations include developing a centralized component lifecycle database, maintaining a registry of previously unaccounted-for events, formally integrating the OPSCHEP model into the fault tree structure, and adopting structured human reliability verification. These changes can improve the accuracy, transparency, and credibility of the Maeslant barrier’s non-closure probability and serve as a blueprint for other critical infrastructure systems.

A submerged floating tunnel (SFT) can be a promising solution for crossing a deep or wide waterway. This tunnel concept will consist of an immersed tube, either attached with anchor cables to the seabed or attached to pontoons floating on the water surface. The reliability of the tether-stabilized SFT is assessed in this research. A suitable target reliability is determined in order to design a full probabilistic SFT. Subsequently, a calibration of partial factors from Eurocode is performed. The robustness of the structure is also analyzed and improvements are suggested. Important failure mechanisms are defined as yielding and slackening of the tethers, longitudinal failure and transverse shear failure of the tube. A first-order reliability method (FORM) and a Monte Carlo simulation (MC) are performed for the limit state functions of these mechanisms. Design parameters are determined so that a target reliability index of 3.8 is met, because of consistency with Eurocode. Consequently, the design points from FORM are used to calculate partial factors for different loading types. The calculated factors and the general partial factors from Eurocode are compared. Slackening of the tethers proved to be the governing failure mechanism in this analysis. The resistance against slackening depends on the force equilibrium, whereas the resistance of the other mechanisms depends on structural strength. The influence factors from the FORM analysis indicated that permanent loading parameters were dominant, i.e.\ concrete density, water density and tube diameter. It was found that for the strength (STR) mechanisms, the factors from Eurocode result in an overly safe design of the SFT. The calculated partial factors for unfavorable permanent load and variable load are significantly lower than the corresponding general factors from Eurocode. For the equilibrium (EQU) case, Eurocode is not safe to be applied. The general partial factor for the unfavorable permanent loading is insufficient. The robustness of the structure is assessed by considering important scenarios. Excessive leakage has large consequences and will result in global structural failure. However, it has a low probability of occurrence. Mitigating measures are available to prevent failure due to leakage. Furthermore, an SFT will be constructed at a specific location. Wave conditions and geolocation need to be taken into account to reach an optimal design. At a depth of 30 meters, the impact of waves becomes insignificant. Lastly, failure of a single tether should not result in failure of adjacent tethers (i.e. progressive failure). A redundant system can be created by installing more or higher quality tethers. Consequently, when all four tethers of one element fail at the same time, this does not result in longitudinal failure. Overall, it was demonstrated that the reliability requirements of the SFT can be met in the design. Moreover, the design can be optimized by a full probabilistic calibration of partial factors.

Lately structural safety is an often discussed subject in The Netherlands. Recent collapses have made people question if our buildings are actually safe enough. Research shows that the individual probability of death due to structural failure is below the limit of 10-5 per year. However, it is unknown if every single building is safe enough as well. The main cause of structural failures are human errors (90% of the collapses). However, the Dutch Building Decree does not mention the unidentified accidental actions (the type the human errors belong to) as those an engineer has to take into account when designing the building structure. The Eurocode does mention unidentified accidental actions and states that for consequence class 3 buildings a risk assessment has to be done to check which accidental actions are hazardous and if the total risk to a building is acceptable. However, the Eurocode does not give a maximum value of an acceptable risk in their risk assessment method. So currently when engineers perform a risk assessment, they cannot verify whether the risks of accidental actions on their designed structure are acceptable according to the regulations. This thesis conducts research for a new method for performing a risk assessment in a quantitative way. First it investigates what the advantages and disadvantages of existing methods for performing a risk assessment are. It appears that the main step missing in existing methods is the verification, based on a quantified limit, whether the risks of accidental actions are acceptable. Based on the known methods, a new protocol for performing a risk assessment is proposed. This protocol includes a determined limit for the probability an accidental action occurs and causes a certain failure mechanism and consequence. This limit is based on the maximum probability the Eurocode gives for failures with a consequence indicated as consequence class 1, 2 and 3 (CC1, CC2 and CC3). By dividing the accidental actions that can occur and their failure mechanisms into the same consequence classes, the estimated probability and the limit of the Eurocode can be compared. In this way the known consequence classes from the Eurocode are used in another way than engineers are used to. Furthermore research on past structural failures has been investigated to establish whether it can be used to predict the probability a certain accidental action causes a CC1, CC2 or CC3 consequence. Not enough research is done to fully trust on these outcomes; in the protocol proposed in this thesis the engineer will have to estimate a part of the probabilities himself, with the help of a classification table. The principal advantage of performing a risk assessment on accidental actions in a quantitative way with a prescribed maximum probability per consequence class, is that it is made clear whether a building fulfills the requirements or not. This can be helpful for communication with other involved parties. However, it will never be 100% clear what the limit should be, because estimating the risks is based on the engineer’s estimations and outcomes may differ as they depend on the person performing the risk assessment. This means a hard line, below which the risks are acceptable and above the risks are considered too high, cannot be drawn. An area in between is needed in which it is up to the engineer and client to decide whether or not they find the risks acceptable.