Tech Companies Defeat Right to Repair Laws with Encryption

New York and California laws mandate parts access but exempt the encryption keys needed for independent repairs.

Apr. 15, 2026 at 3:23pm

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D macro illustration of a smartphone camera module and circuit board, with neon cyan and magenta lights illuminating the intricate hardware components, conceptually representing the technological barriers to independent device repair.Encryption walls built into modern electronics block independent repair access, despite legislative wins for the Right to Repair movement.NYC Today

Despite legislative wins for Right to Repair laws in New York and California, tech companies have found a new way to block independent repair shops by using encryption walls that require digital authorization from the manufacturer. While the laws mandate that companies provide parts, tools, and documentation, they do not force companies to hand over the passwords, security codes, or encryption keys needed to make those parts functional. This effectively guts the repair independence granted by the new laws, as modern devices rely on cloud-authenticated firmware that refuses to recognize replacement parts without the manufacturer's digital blessing.

Why it matters

The encryption wall transforms repair laws into 'theater,' as manufacturers can comply with the letter of the law by selling parts while ensuring those parts remain useless without their digital authorization. This leaves consumers unable to truly own their devices and reliant on manufacturers for repairs, even after legislative victories for the Right to Repair movement.

The details

New York's Digital Fair Repair Act took effect in July 2023, followed by California's broader version in July 2024. Both laws require manufacturers to provide parts, tools, and documentation to independent repair shops. However, the laws exempt companies from having to provide the passwords, security codes, or encryption keys needed to make those parts functional. This allows tech companies to embed cloud-authenticated firmware in safety-critical components, so that replacing a part like a phone's camera module will result in the device refusing to recognize it without manufacturer authorization.

  • The New York Digital Fair Repair Act took effect in July 2023.
  • The California Right to Repair law took effect in July 2024.

The players

TechNet

An industry group that warns repair access exposes encryption to hackers.

SecurePairs

Experts who counter that a vibrant repair market is a 'cyber imperative,' not a security risk.

Stanford Cyberlaw researchers

Researchers who argue that restricted repairs actually increase vulnerabilities by preventing security updates and independent research.

Got photos? Submit your photos here. ›

What they’re saying

“A vibrant and healthy market for repair isn't a cybersecurity risk. It's a cyber imperative.”

— SecurePairs experts

“The real security risk? Devices locked into manufacturer-controlled update cycles that leave consumers vulnerable when support ends.”

— Stanford Cyberlaw researchers

What’s next

The next legislative battle will determine whether consumers can truly own their devices or if they will remain indefinitely reliant on manufacturers for repairs.

The takeaway

Tech companies have found a way to undermine Right to Repair laws by using encryption walls that require digital authorization, effectively gutting the repair independence granted by the new legislation and leaving consumers unable to fully own their devices.