Counterfeit, fraudulent, and suspect items (CFSIs) are items that have been misrepresented — in terms of their identity, origin, material composition, or performance — and that could, if installed in a safety-related application, fail to perform their intended function. The nuclear industry has documented CFSI events involving fasteners, electrical components, valves, and structural materials. The regulatory and industry response is a set of procurement, supplier, and receiving controls designed to detect and exclude these items before they reach the plant. NRC Information Notice 89-70 and NRC Bulletin 2012-01 establish the regulatory context. 10 CFR 21 governs reporting obligations when a CFSI constitutes a defect with a substantial safety hazard.

01

Counterfeit, fraudulent, and suspect: what the terms mean

Counterfeit items are those deliberately manufactured or altered to misrepresent their identity or performance. The intent to deceive is definitional. Examples include re-marked components (a lower-grade part with a higher-grade part number stamped on it), items with falsified certification markings, and reproductions of branded parts made without authorisation and without meeting the original specifications.

Fraudulent items are those accompanied by falsified documentation. The item itself may be genuine, but the traceability documents, test reports, certificates of conformance, or material certifications have been fabricated or altered. Fraudulent documentation is particularly dangerous because it passes initial document review and may not be discovered until physical testing or installation reveals a discrepancy.

Suspect items are those that exhibit anomalies or characteristics that raise doubt about their authenticity or conformance, but where counterfeiting or fraud has not been confirmed. A suspect item triggers the same controls as a confirmed counterfeit: segregation, evaluation, and notification, until the question is resolved.

The distinction matters for 10 CFR 21: A confirmed counterfeit or fraudulent item that could cause a substantial safety hazard triggers mandatory reporting to the NRC and notification to purchasers and installers. A suspect item that is evaluated and found to be genuine does not. The classification drives the regulatory response, so organisations must have clear criteria for moving an item from suspect to confirmed.

02

Where CFSIs enter the supply chain

CFSIs enter nuclear supply chains through several well-documented pathways. Grey market procurement — purchasing from distributors or brokers who are not the original equipment manufacturer or their authorised distributors — is the most common. Grey market sources often acquire overstock, surplus, or end-of-life inventory, which may include items that were removed from service, items that failed quality inspection elsewhere, or items that have been re-marked to extend shelf life or change the apparent specification.

Spot buys for hard-to-source or obsolete components are particularly vulnerable. When a component is discontinued, the pressure to find an available substitute creates conditions where normal supplier qualification controls may be relaxed. Long supply chains with multiple tiers of subcontractors also increase CFSI risk: the original manufacturer may have adequate controls, but distributors and sub-tier suppliers may not.

Electronic and digital components carry elevated CFSI risk. Counterfeit semiconductors and passive components are extensively documented in both defence and nuclear supply chains. Unlike mechanical components, electronic counterfeits may be difficult to detect through visual inspection alone and may pass initial functional testing but fail under demanding service conditions.

03

Detection and prevention controls

Effective CFSI prevention starts at procurement, not receiving. Purchasing from qualified suppliers on an approved supplier list, requiring traceability to the original equipment manufacturer, and applying enhanced scrutiny to spot buys and grey market sources reduces the likelihood of CFSIs reaching the receiving dock in the first place.

Receiving inspection is the last systematic control point before items enter the facility. Enhanced receiving inspection for CFSI-susceptible items includes physical and dimensional inspection against applicable specifications, documentation review to verify traceability back to the manufacturer, material verification using positive material identification (PMI), spectroscopy, or hardness testing where material composition is a critical characteristic, and comparison against known-good examples where available.

Supplier surveillance — periodic audits and source verification of key suppliers — provides visibility into the controls upstream of receiving. For suppliers providing items with high CFSI potential, surveillance should specifically assess how the supplier controls its own supply chain and how it screens items from its sub-tier sources.

Industry reporting networks, including the NRC event notification system, IAEA ITDB reporting, and industry-specific CFSI alerts, provide advance warning of known CFSI events. Organisations should have a process for reviewing these alerts and assessing whether affected items are present in their inventory or installed in their facility.

04

Regulatory requirements and reporting

NRC Information Notice 89-70 (1989) was one of the first formal NRC communications alerting the industry to counterfeit and fraudulently marketed items in nuclear supply chains. It established the expectation that licensees have controls to detect and exclude these items. NRC Bulletin 2012-01 required addressees to describe their programs for preventing, detecting, and reporting the procurement and use of counterfeit and fraudulently marketed items, and to confirm that suspect items identified through industry alerts were evaluated and addressed.

When a CFSI is identified that constitutes a defect — a deviation from applicable requirements that could create a substantial safety hazard — 10 CFR 21 reporting obligations are triggered. The organisation that discovers the defect must notify the NRC and all purchasers and installers of the affected item within the timeframes specified in 10 CFR 21. This obligation applies to suppliers as well as licensees: a distributor who discovers that items they have sold are counterfeit has a 10 CFR 21 reporting obligation regardless of whether they are a licensed facility.

Forged Operations tracks supplier qualifications, receiving inspection records, and CFSI alerts in one system. When an industry alert is issued for a part number in your inventory, AI flags the affected items and generates the evaluation workflow automatically.

Book a demo Learn more →

Related terms

Commercial Grade Dedication Supplier Qualification 10 CFR 21 Procurement & Supplier QA

References

  1. U.S. Nuclear Regulatory Commission. NRC Information Notice 89-70: Deficiencies in the Control of Counterfeit and Fraudulently Marketed Items. Washington, D.C.: NRC, 1989.
  2. U.S. Nuclear Regulatory Commission. 10 CFR Part 21: Reporting of Defects and Noncompliance. Washington, D.C.: NRC.
  3. International Organization for Standardization. ISO 19443:2018 — Quality Management Systems: Specific Requirements for Organizations in the Supply Chain of the Nuclear Energy Sector, §8.1.3 — Prevention of Counterfeit and Fraudulent Parts. Geneva: ISO, 2018.