A controversial bill in Colorado that would have undone some repair protections in the state has failed. The bill had been the target of right-to-repair advocates, who saw it as a bellwether for how tech companies might try to undo repair legislation more broadly in the US.
Colorado’s landmark 2024 repair law, the Consumer Right to Repair Digital Electronic Equipment, went into effect in January 2026 and ensured access to tools and documentation people needed to modify and fix digital electronics such as phones, computers, and Wi-Fi routers. The new bill, SB26-090, would have carved out an exception to those repair protections for “critical infrastructure,” a loosely defined term that repair advocates worried could be applied to just about any technology.
SB26-090 was introduced during a Colorado Senate hearing on April 2 and supported by lobbying efforts from companies such as Cisco and IBM. It passed that hearing unanimously. The bill then passed in the Colorado Senate on April 16. On Monday evening, the bill was discussed in a long, delayed hearing in the Colorado House’s State, Civic, Military, and Veterans Affairs Committee. Dozens of supporters and detractors gave public comments. Finally, the bill was shot down in a 7 to 4 vote and classified as postponed indefinitely.
Danny Katz, executive director of the local nonprofit consumer advocacy group CoPIRG, says the battle was a group effort. Speaking against the bill were a cohort of repair advocates from organizations such as PIRG, Repair.org, iFixit, Consumer Reports, and local businesses and environmental groups like Blue Star Recyclers, Recycle Colorado, Environment Colorado, and GreenLatinos.
“While we were making progress at chipping away at the momentum for it, we had still been losing,” Katz wrote in an email to WIRED after the hearing. “So, we took nothing for granted, and I believe the incredible testimony from the broad range of cybersecurity experts, businesses, repair advocates, recyclers, and people who want the freedom to fix their stuff made a big difference.”
Supporters of the bill, backed by companies like Cisco, had pointed to the potential for cybersecurity risks as their motivation for altering the law’s language. If companies were required to make repair tools available to anyone, the theory goes, what’s to stop bad actors from using those tools to reverse engineer critical technology like internet routers? Withholding those tools, they posited, would make them less available to hackers who could misuse them. Advocates of the bill said that companies should be allowed to keep their secrets if it ensured security, though that argument starts to fall apart with a little scrutiny.
At one point in the hearing, Democrat Chad Clifford, a Colorado state representative and the House committee’s vice chair who was also a prime sponsor of the bill, pointed to what appeared to be a reference to Cloudflare’s very public use of a wall of lava lamps to help randomize internet encryption, citing that as an example of the need for sensitive systems to be inscrutable to be secure.
“I don’t know why anybody has to have lava lamps on a wall to keep the Chinese from getting into a network, but it’s what they came up with that worked,” Clifford said. “How they do that, I believe they should be able to keep it a secret, even in Colorado.”
The problem with that argument, as cybersecurity experts pointed out during the hearing, is that the vast majority of hacks are not carried out via replacement parts or by taking apart individual machines. They’re remote hacks, where the attacker makes changes in real time, and the people defending have to make changes on the fly without worrying about acquiring permission from the company that makes the equipment.
“There is no time,” cybersecurity expert and white hat hacker Billy Rios said during the hearing. “It doesn’t work that way.”
Besides the cybersecurity argument, the other point of contention was the economics of angering the big tech companies that have invested in the state.
“They’re not going to comply and give away the keys to their kingdom for the things that are securing billions of dollars of interest for their customers over the law that we passed,” Clifford said. “What they’re going to do is just not have commerce on those items here.”
That argument didn’t carry enough weight to change the vote in supporters’ favor. By the end of the hearing, it was clear that everyone was exhausted and not entirely clear on how exactly the new bill and amendments would pan out.
“What are we really trying to do here?” said Colorado Representative Naquetta Ricks in her “No” vote at the end of the hearing. “Are we protecting just one company, or are we looking at really critical infrastructure? I’m not convinced.”
Nathan Proctor, senior director of US PIRG’s Campaign for the Right to Repair, said he was relieved to see lawmakers understand that repair isn’t inherently dangerous. But he knows this isn’t over. He fully expects lobbyists to keep up the fight in Colorado and more broadly. He points to recent repair laws in other states like Iowa and to the increasing number of states considering repair legislation, readying up for the inevitable battles there, too.
“The fact of the matter is unfixable stuff is everywhere,” Proctor wrote. “This is a widespread problem, and it requires a widespread response.”
