Colorado's Senate Business, Labor, and Technology committee unanimously advanced bill SB26-090 on Friday, which would exempt information technology equipment for critical infrastructure from the state's consumer right-to-repair laws. The measure modifies a 2024 law effective this year, drawing support from tech firms like Cisco and IBM amid opposition from repair advocates. The bill now heads to full Senate and House votes, possibly next week.
On Friday, the Colorado Senate Business, Labor, and Technology committee voted unanimously to advance SB26-090, titled Exempt Critical Infrastructure from Right to Repair. The bill seeks to modify the Consumer Right to Repair Digital Electronic Equipment Act, passed in 2024 and effective January 2026, by exempting IT equipment intended for critical infrastructure, such as servers and routers. Tech manufacturers Cisco and IBM back the legislation, citing cybersecurity and intellectual property concerns for enterprise products. An IBM spokesperson stated, “IBM supports right-to-repair policies that empower consumers while protecting cybersecurity, intellectual property, and critical infrastructure.” A Cisco representative told the hearing, “Cisco supports SB-90. While it appreciates the arguments offered in favor of the right to repair, not all digital technology devices are equal.” Given the critical and often sensitive nature of enterprise-level products, any legislation should be clearly scoped to consumer devices.” Repair advocates from groups like CoPIRG, the Repair Association, and iFixit opposed the bill, criticizing its vague definitions of “information technology” and “critical infrastructure.” Danny Katz of CoPIRG said, “It leaves it up to the manufacturers to determine which items they will need to provide repair tools and parts to owners and independent repairers.” Nathan Proctor of Pirg called the terms “as cynical as you can possibly be,” arguing they broadly cover internet-related tech. Gay Gordon-Byrne of the Repair Association noted, “The definition of critical infrastructure is completely inadequate.” iFixit CEO Kyle Wiens added, “There’s a general principle in cybersecurity that obscurity is not security.” The bill requires votes in the full Senate and House before becoming law, with potential action as early as next week.
