The nuclear power stations planned for Heysham II and Torness will each have twin 660 MW(e) Advanced Gas-cooled Reactors (AGR) based on the design of those which have been operating at Hinkley Point 'B' and Hunterston 'B' since 1976. This paper has described the way in which the shutdown and cooling systems for the Heysham II and Torness AGRs have been selected in order to meet current UK safety requirements. Fault tree analyses have been used to identify the credible fault sequences, the probabilities of which have been calculated. By this means the relative importance of the various protective systems has been established and redundancy and reliability requirements identified. This systematic approach has led to a balanced design giving protection over the complete spectrum of fault sequences. Current safety requirements for thermal reactors in the UK and particular requirements in the design of the Heysham II and Torness reactors are discussed.