Right to Repair for businesses in Colorado

On January 1, 2026, businesses across Colorado will get access to what they need to fix their electronics themselves, and so will the repair providers that they trust to perform those repairs. This will help cut costs, expand options and extend the life of electronics from computers to servers.  

“Business to business” repair is part of a broader Right to Repair movement that Colorado is leading thanks to a suite of policies passed over the last three years. 

Some opponents have claimed that fixing large scale computing equipment poses risks. I visited the office of a repair company that services some of the largest businesses in Colorado to learn more.

What do businesses need to repair?

In short, everything. 

Depending on the size of the business, businesses may use cell phones, tablets, computers, refrigerators and many of the same electronic devices and appliances that an average person has in their homes. 

Larger businesses also have electronics that are unlikely to be in your house – especially servers and networking hardware that stores information and runs many of the systems and programs we rely on day-to-day. 

Even the best made equipment needs repair. Typical repairs include replacing memory chips, PCI cards and batteries, fixing fans (servers run hot) and pieces that might have snapped, and even reapplying thermal paste. 

Why do businesses need a Right to Repair law to fix their stuff?

As more of our products are electronic and software-driven, we need specific materials to fix them when they break. 

For example, if you have a server with a busted fan, even if you find a replacement fan and pop it in, the server needs to recognize that the new fan has been installed. This could require installing a firmware update, or entering a password, which manufacturers can withhold. Without these materials, you would be forced to use their “designated” repair technicians who have the necessary materials.  

By limiting repair options, the cost of repair goes up because there is less competition. It can also take longer to get repairs done as you wait for a limited number of “designated” technicians to come help you.  

Right to Repair laws require manufacturers to give businesses that own their equipment the same access to parts, tools, schematics and firmware that they give to the manufacturers’ designated repair technicians. 

This gives businesses more options – they can use the manufacturers recommended repair technicians or go with an in-house technician or independent repairer.

The goal of right to repair is to improve choices in the market. 

Is it secure to have independent technicians repair equipment like servers?

The short answer is yes. 

In March, I visited a company that offers business repair services in Colorado to understand how the repair process works. 

Note – I am not naturally inclined to fix my own stuff and I don’t regularly talk about firmware with my friends. I’m also a kid of the 90’s and remember numerous films where someone plugged something into the back of a computer and then downloaded the super secret information stored there in 1 minute flat before escaping out the fire escape. 

So I had a lot of questions around how we could possibly keep sensitive data secure while also allowing repairs. 

Here’s what I learned.

First – many of the companies that can perform “independent” repairs are also the companies that offer “authorized” repairs. For most equipment manufacturers, they contract out to companies in different cities to be their “designated” repair technicians – they don’t have hundreds of repair employees on their own payroll. 

So, these manufacturers are already giving repair access to hundreds of people who aren’t their employees. 

Second – any business with sensitive data on equipment like servers has their own security process – they don’t relinquish on-site security protocols to equipment manufacturers. 

Right to Repair doesn’t change the fact that a good business will require security clearances and background checks of ANYONE who comes near their servers, whether you are an “authorized” repairer from the manufacturer or an independent technician or an in-house employee. 

These processes are so thorough that a technician I spoke with joked that one security check turned up a Blockbuster Video late fee. Another said they have to provide their credit report and credit score to get security clearance. 

In addition, while any repair technicians are on-site, they are monitored with security escorts, video camera surveillance and even oversight from a central security computer when they are logged into the server – often with a unique identifying name and password, used only for repair, that limits their access in the system. 

Third – touching a server doesn’t give you the data stored on it. 

The security experts must have seen the same 90’s hacker movies I saw and, thankfully, have designed much better security systems. In the real world, you can’t just plug into a server and steal everything.

Think of each server as speaking a language. If you don’t know how to speak the language, you won’t understand what’s being said and you won’t be able to communicate. 

Data is encrypted, which means that even if you had access to the hardware, it doesn’t mean that you can communicate with it — like trying to talk to someone in English who understands only Spanish.

And remember, you only have access to the server because the company knows you are there, did a background check on you, gave you an escort to the server and is monitoring what you are accessing from another computer. 

Fourth – the materials you need to  repair something are completely different from what is used to rewire or hack something.

This is where the manufacturer comes back into the picture. 

Even though the company bought the server from the manufacturer and owns it, without Right to Repair protections, the manufacturer can retain control over that server, and charge high fees for repairing it. 

That’s because the manufacturer designed the “language” that the server uses. So even if a repair technician pops out the fan and replaces it with a new fan, the server needs to speak to the new fan. 

This is where the password or firmware is so important. It allows the repairer to ensure the fan and the server speak the same language and operate together.

Firmware is digital code – code that allows a server and fan to speak to each other for example – and doesn’t allow a nefarious repair technician to access any other parts of the server. 

Firmware, or embedded code, is not source code. While the two are related, there are significant differences between them.

Source code is instructions written in a human-legible programming language that tell a machine what to do. Anyone who can read the source code could modify it to change its function.

Manufacturers closely guard source code – they should. You don’t need it to repair things, and they don’t even give that code to their authorized repair technicians.

They provide firmware or passwords that only do one thing, such as verifying the new fan is functioning well so the server can boot back up. 

Translating the 1’s and 0’s that form specific firmware, that performs a specific function, back into source code is nearly impossible, which is why every major company sends out embedded code regularly to phones, laptops, servers, and other connected products. You have likely experienced this  when your electronic device is asking to reboot after a firmware update. 

Because Right to Repair legislation only mandates access to the embedded code required for diagnosis, maintenance or repair, and not the uncompiled source code behind it, there is no additional risk of source code leaking just by allowing more repair options.

Fifth – Right to Repair only requires that the companies that bought equipment, and any independent repair technicians that they work with, have the same access as the manufacturer’s “designated” repairer.      

For example, a motherboard is a complicated component inside many electronics. Schematics are important to help a repairer diagnose a problem with a motherboard. According to the repair technicians I spoke with, without the schematics, it can take a lot longer, and involve a lot of trial and error, to find and fix a problem. 

Some manufacturers argue that providing schematics will allow a nefarious repair person (who again was background checked, escorted by security and is monitored via a computer) to unravel the secrets of the server and hack it. 

If there are schematics that manufacturers don’t provide their “designated” repair technicians, then they don’t need to provide it to anyone else. 

If they trust the hundreds of mostly independent “designated” repairers with a schematic, then they’ll need to provide it to other repairers. 

Right to Repair gives businesses more repair options without impacting security

Data security is important. Too many companies have leaked important and sensitive information about nearly every one of us. 

Breaking the hold that equipment manufacturers have on fixing their products does not increase the risk of breaches. 

• Companies have a set of security protocols in place, no matter who the repair technicians are.
• Servers and networks are monitored when a repair technician is granted access.
• Granting repair access does not grant access to broader systems.
• Digital repair tools like firmware and repair passwords only allow for specifically designed repair functions and do not give broader access to a system.
• Manufacturers are already giving hundreds of repair technicians access to their repair tools – many who don’t work for the manufacturer.

Right to Repair ensures companies can actually choose who they want to fix their equipment. More options creates competition, which reduces costs and improves service. 

Colorado’s businesses have a lot to look forward to on January 1, 2026.