In a significant victory for the right-to-repair movement, a bill that would have undone key protections in Colorado’s landmark repair law has been defeated. The measure, known as SB26-090, was introduced earlier this year with the backing of major technology companies such as Cisco and IBM. It sought to create a broad exemption for “critical infrastructure,” a term that critics argued was dangerously vague and could be used to exclude virtually any device from repair requirements. After a prolonged and heated hearing on Monday evening, the Colorado House’s State, Civic, Military, and Veterans Affairs Committee voted 7-4 to postpone the bill indefinitely, effectively killing it.

Background: Colorado’s Landmark Repair Law

Colorado’s Consumer Right to Repair Digital Electronic Equipment, enacted in 2024 and effective January 2026, was one of the most comprehensive repair laws in the United States. It required manufacturers of digital electronics—such as smartphones, laptops, tablets, and Wi-Fi routers—to provide consumers and independent repair shops with access to the tools, parts, and documentation needed to fix their devices. The law was hailed by environmental groups, small businesses, and consumer advocates as a major step toward reducing electronic waste and empowering consumers to repair their own property.

The right-to-repair movement has gained momentum across the country in recent years, with several states passing similar legislation. Proponents argue that manufacturers have long used proprietary designs, software locks, and limited access to repair resources to force consumers into expensive replacements or authorized repair networks. This practice, they say, contributes to the growing problem of electronic waste—the world’s fastest-growing waste stream—and undermines consumer choice.

Opponents, typically large tech companies, contend that allowing unrestricted access to proprietary diagnostic tools and components could compromise security and intellectual property. They warn that malicious actors might exploit repair tools to reverse-engineer critical systems, leaving networks vulnerable to hacks. This tension between the right to repair and cybersecurity concerns has become a central battleground in state legislatures.

The Failed Bill: SB26-090

SB26-090 was introduced on April 2, 2025, in the Colorado Senate and passed unanimously in committee the same day. It later cleared the full Senate on April 16 with bipartisan support. The bill’s primary sponsors argued that it was necessary to protect “critical infrastructure” from potential security breaches. Under its language, companies that could demonstrate that their products were used in critical infrastructure systems—such as power grids, water treatment plants, or telecommunications networks—would be exempt from sharing repair information with third parties.

Critics quickly pointed out that the term “critical infrastructure” had not been clearly defined in the bill. They feared it could be expanded by companies to include any device connected to a network, such as a home router or even a smart thermostat, thus eviscerating the original law. “This bill would have blown a massive hole in Colorado’s right-to-repair law,” said Danny Katz, executive director of the local consumer advocacy group CoPIRG, which led the opposition. “It was a Trojan horse designed to undo the progress we’ve made.”

The bill’s proponents, including Representative Chad Clifford, a Democrat who served as vice chair of the House committee, emphasized the need to balance repair access with security. During the hearing, Clifford cited the example of Cloudflare’s famous wall of lava lamps—a physical randomness generator used to secure internet encryption—as evidence that some security measures must remain secret to be effective. “I don’t know why anybody has to have lava lamps on a wall to keep the Chinese from getting into a network, but it’s what they came up with that worked,” Clifford said. “How they do that, I believe they should be able to keep it a secret, even in Colorado.”

Cybersecurity Arguments Under Scrutiny

However, cybersecurity experts who testified against the bill challenged the notion that repair access poses a significant threat. Billy Rios, a well-known white-hat hacker and cybersecurity professional, dismissed the idea that repair tools could be easily weaponized. “There is no time,” Rios said during the hearing, emphasizing that real-world attacks are almost always remote and occur in real time. Defenders of critical networks need to patch vulnerabilities immediately, without waiting for manufacturer approval. “It doesn’t work that way,” he added.

Others pointed out that the overwhelming majority of cyberattacks do not involve physical access to devices or replacement parts. Instead, attackers exploit software flaws, phishing campaigns, and other remote vectors. By restricting repair access, companies might actually increase security risks by forcing consumers and businesses to rely on obsolete, unpatched devices—or to perform unregulated repairs themselves without proper documentation.

The economic argument also played a role. Some supporters of the bill warned that large technology companies might pull their products from Colorado rather than comply with the repair law. Representative Clifford suggested that companies would “just not have commerce on those items here.” But opponents countered that such threats were empty: Colorado is a significant market, and corporate backlash rarely materializes in practice. Indeed, after similar repair laws in New York and Minnesota, no major tech companies withdrew from those states.

A Broad Coalition Fights Back

The defeat of SB26-090 was the result of coordinated opposition from a wide range of stakeholders. In addition to coPIRG and national organizations like the U.S. Public Interest Research Group (PIRG), Repair.org, iFixit, and Consumer Reports, local groups such as Blue Star Recyclers, Recycle Colorado, Environment Colorado, and GreenLatinos joined the fight. Small repair businesses and individual citizens also testified, sharing stories of how the existing law had already improved their ability to fix devices.

“While we were making progress at chipping away at the momentum for it, we had still been losing,” Katz wrote in an email after the hearing. “So, we took nothing for granted, and I believe the incredible testimony from the broad range of cybersecurity experts, businesses, repair advocates, recyclers, and people who want the freedom to fix their stuff made a big difference.”

The mood in the hearing room was tense, with dozens of people lining up to speak. By the end, the committee’s members appeared weary and uncertain. Representative Naquetta Ricks, a Democrat, summed up the confusion when she cast her no vote: “What are we really trying to do here? Are we protecting just one company, or are we looking at really critical infrastructure? I’m not convinced.”

National Implications and the Road Ahead

The failure of Colorado’s SB26-090 is a bellwether for the right-to-repair movement nationwide. Similar bills have been introduced in other states, often with identical language targeting “critical infrastructure” exemptions. The tech industry’s lobbying efforts have intensified as repair laws gain traction. In the past year alone, Iowa enacted a broad repair law, and more than a dozen other states have introduced legislation.

Nathan Proctor, senior director of US PIRG’s Campaign for the Right to Repair, expressed relief but acknowledged that the fight is far from over. “The fact of the matter is, unfixable stuff is everywhere,” Proctor said. “This is a widespread problem, and it requires a widespread response.” He expects lobbyists to continue pushing for exemptions in Colorado and elsewhere, potentially with refined definitions that are harder to challenge.

For now, repair advocates in Colorado are celebrating a hard-won victory. But they remain vigilant. The original fix-it law remains intact, and manufacturers of digital electronics must continue to provide repair resources. Environmental groups note that enabling repairs is crucial for reducing the 50 million tons of electronic waste generated globally each year. Small businesses that rely on repair income have gained a lifeline. And consumers—at least in Colorado—retain the right to fix their own devices without corporate interference.

The battle has also highlighted deeper issues about who controls technology after purchase. As devices become more integrated into every aspect of life—from smart meters to connected vehicles—the right to repair becomes not just a consumer issue but one with implications for national security, economic fairness, and sustainability. Colorado’s rejection of the “critical infrastructure” carve-out sends a clear signal that broad exemptions cannot be easily sold to lawmakers once the public and experts weigh in.

Within the tech industry, the outcome has prompted renewed discussion about voluntary cooperation. Some companies, such as Apple and Samsung, have started expanding their repair programs in response to regulatory pressure. However, critics argue that these programs often remain limited and costly, failing to provide the same access as independent repair. The Colorado defeat may accelerate efforts to craft federal repair legislation, though that prospect remains uncertain given the polarized political landscape.

In the immediate term, repair advocates will closely monitor other states where similar bills are pending. They are also preparing for possible amendments to Colorado’s existing law, as opponents may try to introduce narrower exemptions. The coalition that stopped SB26-090—spanning environmental, consumer, and cybersecurity groups—plans to stay active. “We’ve shown that when we unite, we can win,” Katz said. “But we can’t rest. The tech industry has deep pockets and they won’t give up. Neither will we.”

The Colorado House committee’s vote on Monday evening did more than kill a single bill; it affirmed that the right to repair is a principle worth defending. For the thousands of Coloradans who spoke up, the result was a reminder that grassroots advocacy can still triumph over well-funded lobbying. As one attendee put it after the hearing, “Freedom to fix is not just about saving money—it’s about owning what you buy.” And for now, in Colorado, that principle stands firm.

This story originally appeared on wired.com.

Source: Ars Technica News