A controversial bill in Colorado that would have undone some repair protections in the state has failed. The bill, known as SB26-090, had been the target of right-to-repair advocates, who saw it as a bellwether for how tech companies might try to undo repair legislation more broadly in the United States. After months of lobbying and debate, the Colorado House's State, Civic, Military, and Veterans Affairs Committee voted 7 to 4 to postpone the bill indefinitely, effectively killing it for this legislative session.
Background: Colorado’s Right-to-Repair Law
Colorado’s landmark 2024 repair law, the Consumer Right to Repair Digital Electronic Equipment, went into effect in January 2026. The law was a significant victory for consumer advocates, ensuring that manufacturers of digital electronics such as phones, computers, and Wi-Fi routers provide access to the tools, parts, and documentation needed for individuals and independent repair shops to fix their own devices. The law was part of a broader wave of right-to-repair legislation across the country, driven by concerns over planned obsolescence, e-waste, and the high cost of authorized repairs.
The proposed SB26-090 would have carved out an exception to these repair protections for what it termed “critical infrastructure.” The term was loosely defined, sparking fears among advocates that it could be applied to virtually any technology—from home routers to medical devices—effectively gutting the original law. Critics argued that the bill’s vague language would allow large corporations to exempt their products from repair requirements on the grounds of national security or public safety.
Legislative Journey and Corporate Support
SB26-090 was introduced during a Colorado Senate hearing on April 2 and quickly garnered support from influential tech companies. Lobbying efforts from firms such as Cisco and IBM were instrumental in advancing the bill. It passed the Senate committee hearing unanimously and then the full Colorado Senate on April 16 without significant opposition. However, the bill faced a much tougher road in the House.
On Monday evening, the bill was discussed in a long-delayed hearing before the House’s State, Civic, Military, and Veterans Affairs Committee. Dozens of supporters and detractors gave public comments, including cybersecurity experts, environmental groups, business owners, and consumer advocates. The hearing lasted several hours, reflecting the intense interest and high stakes involved.
Danny Katz, executive director of the local nonprofit consumer advocacy group CoPIRG, described the battle as a group effort. “While we were making progress at chipping away at the momentum for it, we had still been losing,” Katz wrote in an email after the hearing. “So, we took nothing for granted, and I believe the incredible testimony from the broad range of cybersecurity experts, businesses, repair advocates, recyclers, and people who want the freedom to fix their stuff made a big difference.”
The coalition speaking against the bill included organizations such as PIRG, Repair.org, iFixit, Consumer Reports, and local businesses and environmental groups like Blue Star Recyclers, Recycle Colorado, Environment Colorado, and GreenLatinos. Their united front helped turn the tide.
Cybersecurity Arguments Under Scrutiny
Supporters of the bill, backed by companies like Cisco, pointed to cybersecurity risks as their primary motivation. The argument was that if manufacturers were required to make repair tools and documentation available to anyone, malicious actors could use those resources to reverse-engineer critical technology—such as internet routers or industrial control systems—and exploit vulnerabilities. Withholding repair resources, they claimed, would reduce the attack surface for hackers.
However, cybersecurity experts who testified at the hearing dismantled this reasoning. Billy Rios, a well-known white-hat hacker and cybersecurity professional, stated bluntly: “There is no time. It doesn’t work that way.” He explained that the vast majority of cyberattacks are carried out remotely, through software exploits or phishing, and do not involve physical access to devices. The notion that repair tools would lead to increased hacking risk was, in his view, a red herring.
During the hearing, Democrat Chad Clifford, a Colorado state representative and House committee vice chair who also sponsored the bill, offered an unusual example to support the security argument. He referenced Cloudflare’s famous use of a wall of lava lamps to help randomize internet encryption, suggesting that such systems should remain secret to ensure security. “I don’t know why anybody has to have lava lamps on a wall to keep the Chinese from getting into a network, but it’s what they came up with that worked,” Clifford said. “How they do that, I believe they should be able to keep it a secret, even in Colorado.”
Cybersecurity experts responded that physical security measures like lava lamps are not relevant to repair rights. The tools needed for repair—such as schematics, diagnostic software, and replacement parts—are not the same as proprietary security algorithms. Moreover, security through obscurity is widely considered a flawed strategy; true security relies on transparency, peer review, and rapid patching.
Economic Threats and Political Dynamics
Beyond cybersecurity, the bill’s advocates raised economic concerns. They argued that large tech companies might choose to stop selling certain products in Colorado if forced to comply with the right-to-repair law. Representative Clifford warned: “They’re not going to comply and give away the keys to their kingdom for the things that are securing billions of dollars of interest for their customers over the law that we passed. What they’re going to do is just not have commerce on those items here.”
This threat of corporate withdrawal has been a recurring tactic in right-to-repair battles nationwide. However, opponents pointed out that similar predictions of economic doomsday have not materialized in other states with repair laws. They also noted that the right-to-repair movement is built on principles of consumer choice, environmental sustainability, and economic freedom—values that resonate across party lines.
At the end of the hearing, Representative Naquetta Ricks expressed the skepticism that ultimately led to the bill’s defeat. “What are we really trying to do here?” she asked during her no vote. “Are we protecting just one company, or are we looking at really critical infrastructure? I’m not convinced.” Her words captured the core tension: the vague definition of “critical infrastructure” could be exploited by any company wanting to escape repair obligations.
National Implications
Nathan Proctor, senior director of US PIRG’s Campaign for the Right to Repair, said he was relieved to see lawmakers understand that repair is not inherently dangerous. But he acknowledged that this fight is far from over. Lobbyists are expected to continue pushing similar exemptions in other states and at the federal level. The Colorado failure may embolden opponents, but it also provides a blueprint for advocates to defend existing laws.
Recent developments in the right-to-repair landscape include new laws in Iowa and other states, as well as growing interest in repair-friendly policies among consumers and small businesses. The movement has gained traction as devices become increasingly difficult to repair, leading to mountains of e-waste and high costs for consumers. The COVID-19 pandemic also highlighted the need for local repair capacity when supply chains were disrupted.
“The fact of the matter is, unfixable stuff is everywhere,” Proctor wrote. “This is a widespread problem, and it requires a widespread response.” The Colorado vote demonstrates that a broad coalition of stakeholders—from environmentalists to cybersecurity experts to small repair shop owners—can successfully oppose well-funded corporate lobbying campaigns.
The defeat of SB26-090 is a significant milestone for the right-to-repair movement, but it does not end the debate. As technology evolves and more devices become connected, the tension between security and repairability will continue to shape policy. For now, Colorado consumers retain the right to fix their own electronics, and advocates are preparing for the next battle.
Source: Ars Technica News