This bill creates a limited exemption from Colorado’s right-to-repair law (the “Consumer Repair Bill of Rights Act”) for certain types of information technology (IT) equipment.
Key Provisions:
Exemption Criteria: Manufacturers of IT equipment can be exempt from repair requirements if the equipment:
Qualifies as critical infrastructure under federal definitions (e.g., cybersecurity, national defense).
Is sold only through business-to-business (B2B) or business-to-government (B2G) channels (not general retail).
Could pose a security risk if its parts, software, or repair tools were widely distributed.
Attorney General Oversight:
The Attorney General may create rules for how manufacturers request this exemption.
The bill reaffirms the Attorney General’s authority to act in litigation on behalf of the state or its people.
Impact: This bill limits right-to-repair access for sensitive IT systems, balancing repair rights with cybersecurity and national security concerns. It ensures that general repair rights do not override protections for critical or sensitive technologies.
Summary
The bill establishes an exemption from Colorado's Consumer
Repair Bill of Rights Act (Act) for information technology equipment if the equipment meets certain criteria, such as whether:
•
The equipment qualifies as critical infrastructure, as defined by federal law;
•
The equipment is sold in a retail setting or only through business-to-business or business-to-government transactions; and
•
Dissemination of the parts, documentation, embedded software, firmware, or tools required for the equipment would pose a security risk.
The attorney general may adopt rules for manufacturers of
information technology equipment to submit requests for an exemption from the Act.
The bill clarifies the attorney general's responsibility regarding
litigation on behalf of the state of Colorado or on behalf of the people of the state of Colorado.
