Cisco, IBM, and several major tech industry lobbying groups are pushing for new legislation in Colorado that would exclude "critical infrastructure" hardware from the state’s existing right-to-repair laws. The bill cleared a Colorado Senate committee this past Thursday.
Critics argue that the bill’s definition of "critical infrastructure" is dangerously vague and could be interpreted to cover almost any electronic device. This loophole effectively grants manufacturers the power to define how their equipment is used, potentially rendering the state’s landmark right-to-repair law toothless.
Right-to-repair advocate Louis Rossmann testified at the hearing, bluntly describing the bill as a "blank check" for manufacturers. He warned that as long as a manufacturer can prove a product was once purchased by the Pentagon or a federal agency, they could exempt entire product lines from repair obligations.
Industry Giants Accused of Using Security as a Pretext for Monopoly
Hardware manufacturers have long claimed that opening up repair access would compromise proprietary information and create security vulnerabilities. However, Andrew Brandt, a security researcher and co-founder of the non-profit Elect More Hackers, pushed back against these claims. He noted that because official repair support is often unavailable or prohibitively expensive, many businesses are forced to keep equipment running in insecure states, which actually increases the risk of cyberattacks.
Representatives from the Consumer Technology Association (CTA) and Cisco’s Joseph Lee defended the bill during the hearing. They emphasized that home routers are fundamentally different from infrastructure equipment that manages power grids or classified agency data, arguing that the latter requires stricter repair controls.
Cybersecurity expert Paul Roberts, however, believes these corporations are exploiting public anxiety over infrastructure resilience to protect their own profit margins. He pointed out that Cisco and IBM are attempting to use legislation to establish a de facto monopoly on the repair of enterprise-grade equipment, a move he argues has nothing to do with the actual cybersecurity threats facing the country.
The bill is now moving forward in the legislative process. If passed, it would represent a significant setback for the right-to-repair movement across the United States.
