A controversial bill in Colorado aimed at undoing repair protections within the state has been defeated. Advocates for the right to repair had focused on the bill, perceiving it as a sign of how technology companies might seek to weaken repair legislation more broadly across the United States.
The state’s significant 2024 repair law, referred to as the Consumer Right to Repair Digital Electronic Equipment, came into effect in January 2026, ensuring individuals have access to the tools and documentation necessary to repair digital devices such as smartphones, computers, and Wi-Fi routers. The proposed SB26-090 bill aimed to introduce an exception for “critical infrastructure,” a term that is vaguely defined and raised concerns among repair advocates.
Introduced during a Colorado Senate hearing on April 2, SB26-090 gained backing from companies including Cisco and IBM and was unanimously passed in that hearing. It subsequently passed the Colorado Senate on April 16. However, during an extensive hearing in the Colorado House’s State, Civic, Military, and Veterans Affairs Committee, the bill was ultimately stopped with a 7 to 4 vote.
Danny Katz, executive director of CoPIRG, remarked on the collaborative effort to fight the bill, which included repair advocates from groups such as PIRG, Repair.org, iFixit, Consumer Reports, along with local businesses and environmental organizations.
“While we were making headway in reducing its momentum, we were still facing losses,” Katz stated in an email. He attributed the significant impact to the diverse testimonies from cybersecurity specialists, businesses, repair advocates, recyclers, and others.
Supporters of the bill, backed by firms like Cisco, pointed to possible cybersecurity threats as justifications for modifications to the law. They contended that granting repair tools to all individuals could enable malicious entities to reverse engineer essential technology. However, opponents argued that this logic was flawed, pointing out that most hacks occur remotely, rather than through physical interference.
During the hearing, Democrat Chad Clifford, a state representative from Colorado, emphasized Cloudflare’s use of a lava lamp wall for internet encryption, advocating for the necessity of keeping sensitive systems confidential for security purposes. He remarked, “How they accomplish that, in my opinion, should remain a secret, even in Colorado.” Nevertheless, cybersecurity experts highlighted that the majority of cyber attacks result from remote actions, not physical modifications.