A bill proposing an exemption to Colorado’s “right to repair” laws for “critical infrastructure” failed to pass its first committee in the House after clearing the Senate.

Senate Bill 090 would have exempted information technology equipment considered “critical infrastructure” — defined by the federal government as physical and information systems and assets essential to the functioning of the United States — from the state’s consumer right-to-repair law passed in 2024.

Federal law includes 16 categories of critical infrastructure, including transportation systems, communications and information technology, financial services, and water and wastewater systems.

“Right to repair” generally refers to the idea that consumers should have the ability to repair their own devices and appliances rather than rely on the manufacturer.

Colorado passed such a law in 2022, requiring manufacturers of electric wheelchairs to provide the parts, tools, and manuals necessary for owners and shops to repair the devices. The following year, the state passed a similar law for agricultural equipment, such as tractors, trailers, and combines.

“Colorado is a leader and continues to be a leader in right to repair law,” sponsor Sen. Marc Snyder, D-Colorado Springs, told his colleagues on the Senate floor.

According to Snyder, every other state with right-to-repair legislation similar to Colorado’s 2024 law includes an exemption for critical infrastructure. What Senate Bill 090 does that those laws don’t, however, is give the Attorney General authority to determine whether to grant an exemption request.

Under the bill, the Attorney General’s Office would have been responsible for considering whether the IT equipment qualifies as critical infrastructure and whether it is sold in a retail setting or through a business-to-business or business-to-government contract.

The bill passed on a 23-13 vote in the Senate, with 11 Democrats and two Republicans opposed.

In the House State, Civic, Military and Veterans Affairs Committee, sponsor Reps. Chad Clifford, D-Greenwood Village, told members he has long supported “right to repair” legislation but that certain exemptions are necessary to mitigate security risks.

“I do not like this fight, I have not enjoyed it, but I do think that this is urgent,” he said. “I don’t think it can wait. I think it is something that we must tend to.”

Clifford said he and his cosponsor, Rep. Anthony Hartsook, R-Parker, are not trying to create loopholes for certain industries, nor are they trying to “kill” the efforts of Rep. Brianna Titone, D-Arvada, who sponsored all three of the state’s previous right-to-repair policies.

Hartsook, who worked on critical infrastructure projects at the Pentagon and United States Northern Command in Colorado Springs, argued that, in the wrong hands, repair instructions could easily become instructions for reverse-engineering the state’s most crucial infrastructure systems.

“If somebody can gain access and get in there, then foreign entities, adverse actors, people that want to cause harm — whether it’s to the state, to a business, or anyone else — can do that through reverse-engineering, and it’s not that hard to do,” he said. “The repair of these systems has to be done in a controlled and very tightly managed manner.”

Opponents of the measure argued the bill’s definition of critical infrastructure is too broad, opening up the possibility for a wide variety of industries to seek exemptions.

“The same router used at a water department or a power plant is the same one used at Kohl’s and Barnes and Noble,” said Jake Blough, a retired information technology repairman. “It’s the same servers. They don’t manufacture a different server or different storage system for different uses.”

Under the bill, Blough argued, the IT department at an elementary school would not be able to repair its own servers just because it happens to be the same server that runs accounting at a power plant.

“Obfuscation is not reliable security,” said Alicia Seidle of the Open Source Hardware Association. “It is a false pretense to claim that repair tools are a security risk.”

Committee members voted, 7-4, against the bill.