Colorado’s Anti-Repair Bill Dies

A controversial bill in Colorado that sought to weaken existing repair protections has officially failed. The legislation had become a flashpoint for right-to-repair advocates, who viewed it as a potential template for how tech companies might attempt to roll back repair rights across the country.

Colorado’s landmark 2024 repair law, the Consumer Right to Repair Digital Electronic Equipment, took effect in January 2026. It guarantees access to the tools and documentation necessary for people to modify and fix digital electronics, including phones, computers, and Wi-Fi routers. The proposed bill, SB26-090, would have created an exemption to those protections for what it called “critical infrastructure.” Critics argued that term was so loosely defined it could be applied to nearly any piece of technology.

SB26-090 was introduced during a Colorado Senate hearing on April 2, backed by lobbying from companies such as Cisco and IBM. It passed that hearing unanimously. The bill then cleared the Colorado Senate on April 16. On Monday evening, after a lengthy and delayed hearing in the Colorado House’s State, Civic, Military, and Veterans Affairs Committee, the bill was defeated in a 7 to 4 vote and classified as postponed indefinitely. Dozens of supporters and detractors had offered public testimony.

Danny Katz, executive director of the local nonprofit consumer advocacy group CoPIRG, described the victory as a group effort. Opposing the bill was a coalition of repair advocates from organizations including PIRG, Repair.org, iFixit, Consumer Reports, and local businesses and environmental groups like Blue Star Recyclers, Recycle Colorado, Environment Colorado, and GreenLatinos.

“While we were making progress at chipping away at the momentum for it, we had still been losing,” Katz wrote in an email to WIRED after the hearing. “So, we took nothing for granted, and I believe the incredible testimony from the broad range of cybersecurity experts, businesses, repair advocates, recyclers, and people who want the freedom to fix their stuff made a big difference.”

Supporters of the bill, backed by companies like Cisco, argued that cybersecurity risks justified altering the law. Their reasoning was that if companies were forced to make repair tools available to anyone, bad actors could use those tools to reverse engineer critical technology like internet routers. Withholding those tools, they claimed, would keep them out of the hands of hackers. Advocates of the bill said companies should be allowed to keep their secrets to ensure security, though that argument weakens under scrutiny.

During the hearing, Democrat Chad Clifford, a Colorado state representative and the House committee’s vice chair who was also a prime sponsor of the bill, pointed to Cloudflare’s well-known use of a wall of lava lamps to help randomize internet encryption. He cited that as an example of why sensitive systems need to remain inscrutable to be secure.

“I don’t know why anybody has to have lava lamps on a wall to keep the Chinese from getting into a network, but it’s what they came up with that worked,” Clifford said. “How they do that, I believe they should be able to keep it a secret, even in Colorado.”

The flaw in that argument, as cybersecurity experts pointed out during the hearing, is that the vast majority of hacks are not carried out via replacement parts or by disassembling individual machines. They are remote hacks, where attackers make changes in real time, and defenders must respond on the fly without waiting for permission from the equipment manufacturer.