Colorado Right-to-Repair Fight Turns to ‘Critical Infrastructure’ Exemption

A rollback fight is opening on right to repair

Colorado’s landmark right-to-repair law is facing a new challenge, and the argument for rolling it back is being framed around national security and critical infrastructure. According to a report from 404 Media, lobbyists tied to major technology companies including Cisco and IBM are supporting legislation that would exempt hardware from the state’s existing repair requirements if that hardware is considered part of “critical infrastructure.”

The problem, critics say, is that the definition is broad enough to swallow much of the law. If manufacturers can effectively decide that a product line qualifies because it is used somewhere inside a critical facility, a major portion of covered hardware could be removed from the right-to-repair framework.

That is why advocates are treating the measure as more than a technical amendment. They see it as a retroactive rollback of one of the most significant right-to-repair wins in the United States, achieved after years of legislative battles over who controls repair tools, parts, diagnostic software, and service documentation.

The core dispute is over who gets to claim exemption

The source report quotes repair advocate Louis Rossmann warning that the bill relies on a vague standard that could let manufacturers self-designate products as exempt. His examples illustrate the concern: if a laptop maker sells devices to the Pentagon, or a networking company sells even low-cost hardware into a federal building, those products could potentially be shielded from repair obligations under an expansive reading.

In other words, the conflict is not simply about dams, power plants, or military systems. It is about whether “critical infrastructure” becomes a policy shortcut broad enough to cover ordinary commercial hardware once it enters the orbit of government, utilities, data centers, or other sensitive environments.

That ambiguity matters because right-to-repair laws are meant to change the default power relationship between manufacturers and device owners. If exemptions are written too broadly, the practical result is not a narrow security safeguard. It is a restoration of manufacturer control.

Security arguments are cutting both ways

Manufacturers have long argued that greater repair access creates cybersecurity risks by exposing proprietary information or enabling tampering. The source report notes that this has been a staple of anti-repair lobbying for roughly a decade. But critics of the Colorado measure say the security story does not hold up cleanly in practice.

Security researcher Andrew Brandt, quoted in the report, argues that restricting repair can leave organizations stuck running broken or outdated hardware in unsafe states because they cannot wait for an official vendor fix or cannot afford replacement. Under that view, broader repair access can improve security by letting problems be addressed faster rather than preserving vendor gatekeeping.

This is one of the most important fault lines in the modern repair debate. Manufacturers often equate centralized control with security. Repair advocates counter that delayed fixes, unsupported equipment, and limited access to tools can create their own vulnerabilities. The disagreement is not about whether security matters. It is about whether security is genuinely being protected or strategically invoked.

Data centers and the politics of infrastructure

The report suggests that the push behind the legislation is closely tied to enterprise hardware makers and the expanding role of data centers in the U.S. economy. That context is revealing. As demand for compute infrastructure grows, the category of hardware that can plausibly be linked to “critical infrastructure” also grows.

That creates a political opportunity for large vendors. By tying right-to-repair restrictions to infrastructure protection, they can reposition a commercial control issue as a public-safety issue. The framing is powerful because lawmakers are understandably cautious when bills mention national security, utilities, or critical digital systems.

But powerful framing can also hide expansive consequences. If the exception becomes the rule, then the Colorado law may remain on the books while losing much of its force in the product categories that matter most.

A bigger signal for US repair policy

The Colorado fight matters beyond the state. Right to repair has advanced through a patchwork of state-level laws, and those victories are now entering a second phase. The first battle was whether such laws could pass at all. The next battle is whether they survive once industry groups return with narrower, more politically resilient arguments for exemption.

The “critical infrastructure” strategy is particularly significant because it can be adapted elsewhere. If it works in Colorado, it offers a template other states could follow when trying to carve enterprise and institutional hardware out of repair rules. That would shift the movement’s center of gravity back toward consumers while preserving strong manufacturer control in higher-value commercial markets.

The source report does not suggest the debate is settled. The legislation had passed through a Colorado state senate committee, but the broader legislative outcome remained open. What is already clear is that right to repair is no longer only a fight over tractors, phones, or consumer electronics. It is now colliding directly with the politics of infrastructure, cybersecurity, and industrial power.

For repair advocates, that raises the stakes. The question is no longer simply whether people can fix the products they own. It is whether one of the movement’s core achievements can be narrowed by a definition broad enough to put much of modern hardware back behind the manufacturer’s wall.

This article is based on reporting by 404 Media. Read the original article.