On May 28, 2024, Colorado Governor Jared Polis signed into law the “Consumer Right to Repair Digital Electronic Equipment” bill (HB24-1121). The legislation expands the state’s 2023 right to repair law, which currently applies to agricultural equipment and powered wheelchairs. Generally, the law will broaden the ability of consumers to repair their own electronic devices themselves or at independent repair providers and restrict manufacturers, absent certain exceptions, from using “parts pairing” or certain software authentication processes that might frustrate independent repairs. The expanded right to repair law takes effect January 1, 2026.
The expanded law requires original equipment manufacturers (OEMs) of digital electronic equipment to make any parts, tools, documentation, or software — either used with a device or required for device maintenance, repairs or diagnoses — available to independent repair providers or the owner of the electronic equipment under fair and reasonable terms and costs. “Fair and reasonable terms and costs” for digital electronic equipment means costs and terms “that are equivalent to the most favorable costs and terms that the manufacturer offers to an authorized repair provider and costs that are no greater than the manufacturer’s suggested retail price.” The terms must further be equivalent to the methods and timely delivery that an authorized repair provider would receive.
The law only applies to digital electronic equipment manufactured for the first time and first sold or used in Colorado on or after July 1, 2021. A digital electronic product is one that depends “in whole or in part, on digital electronics embedded in or attached to the product” for it to work as intended. This means the bill applies to products like cell phones, laptops, and tablets as well as household appliances. However, the bill does not apply to certain types of electronic equipment, including:
- Motor vehicles
- Medical devices other than powered wheelchairs
- Certain industrial equipment including utility, mining, and forestry equipment
- Electric vehicle charging infrastructure equipment
- Safety communications equipment
- Fire alarm systems
- Certain construction and energy-related equipment
- Routers or all-in-one devices delivering internet, video and voice services
- Video game consoles
The law also contains certain compliance exceptions. For example, the law does not require OEMs to divulge trade secrets or distribute a product’s source code. Further, the law does not require an OEM to license any intellectual property rights to independent repair providers unless such licensing is “necessary for providing services.” The OEMs additionally do not have to make available any special information that would disable privacy or anti-theft security measures that the device owners have set for the digital equipment.
Parts Pairing Provision
The expanded Colorado law includes a “parts pairing” provision. The law defines parts pairing as a “manufacturer’s practice of using software to identify component parts through a unique identifier.” Generally, when OEMs practice parts pairing, they use software to limit the replacement parts that can be used with a device, guaranteeing a level of security and quality. For example, a mobile device maker may require an authorized replacement part for a screen or battery. This then makes certain types of independent repairs unavailable or limits the functionality of the device using the unauthorized replacement part. The new Colorado parts pairing rules apply to all digital electronic equipment manufactured for the first time and sold or used in the state after January 1, 2026.
Under the provision, manufacturers cannot use parts pairing to:
- Prevent an independent repair provider or owner from installing or enabling an otherwise functional replacement part;
- Reduce the functionality or performance of digital electronic equipment; or
- Cause digital electronic equipment to display misleading alerts or warnings about unidentified parts.
However, this provision does not prohibit a manufacturer from using parts pairing for “standalone biometric components used for authentication purposes in digital electronic equipment.”
The Right to Repair Generally
The right to repair movement is growing, particularly for digital electronics, as more states have either introduced right to repair bills or passed legislation in the past year governing such rights. Right to repair advocates assert that this movement can save consumers money, increase competition within repair markets and help the fight against climate change by conserving energy and minimizing e-waste. However, critics say the movement is interfering with practices meant to protect consumer privacy and enhance cybersecurity controls, or ensure the legitimate protection of the manufacturers IP, and will ultimately result in higher costs resulting from supply chain disruptions, changes in business practices and potential IP theft.
Since New York passed the first state right to repair law in late 2022, other states have followed suit. In 2024, Oregon and Minnesota passed their own right to repair laws (and California passed a repair law in 2023 covering certain electronic or appliance products). Oregon’s law, like Colorado’s, includes a provision prohibiting parts pairing. The right to repair movement is also active in Europe, as the EU is finalizing its own updated right to repair rules that would require manufacturers to provide spare parts and tools to independent repair providers at a reasonable price.
With the passage of these new laws, device manufacturers should be mindful of compliance requirements and the effective dates of each state’s law and the types of device exceptions in each law. With more states considering such laws, manufacturers of digital devices should not only examine existing authorized repair programs (and how to expand them to independent repair shops and device owners going the DIY repair route) but also look at IP protection strategies to ensure any shared documentation or repair software that must be disclosed under fair and reasonable terms does not include sensitive IP that is beyond the scope of the requested repairs and that any contractual terms surrounding the repair are compliant yet adequate to cover additional concerns over privacy, security, or piracy.