Right-to-Repair Compliance for Hardware Startups: What Your Connected Device Company Must Provide Under New State Laws
New state right-to-repair laws in NY, CA, MN, and OR require hardware startups selling connected devices to provide parts, tools, firmware, and repair documentation to independent shops — for up to 7 years after discontinuation. Here is what your company must do before first shipment.
If you are building a connected consumer electronics device — an IoT product, a wearable, a smart home device, or anything with a chip that retails for more than $50 — and you plan to sell it nationally, you now face repair obligations you may not know about. Five states have enacted right-to-repair laws that require manufacturers to make parts, tools, diagnostic software, and repair documentation available to independent repair shops and consumers on fair and reasonable terms. California's law took effect July 1, 2024. Minnesota's took effect the same day. Oregon's took effect January 1, 2025. New York's has been in force since December 28, 2023. Enforcement is beginning, and the penalties for noncompliance are real.
For hardware startups planning a DTC launch, these mandates affect product design, supply chain, firmware architecture, and post-sale support obligations from day one. We work with hardware founders on the regulatory landscape that shapes connected device companies — from open-source license compliance to the broader contract terms that govern how products ship. This guide covers what each state law requires, which products and companies are covered versus exempt, how long your post-discontinuation obligations last, how these mandates interact with Magnuson-Moss warranty rules, whether DMCA §1201 exemptions apply to firmware locks on connected devices, and what practical compliance steps you should take before your first shipment.
Which State Right-to-Repair Laws Apply to Your Hardware Startup
Right-to-repair legislation has moved from advocacy concept to enacted law in multiple states over the past two years. The Federal Trade Commission signaled its concern in a 2021 report to Congress, Nixing the Fix, which found that manufacturers use a range of tactics — from restricting access to parts and diagnostics to software locks — to limit independent repair. That report laid the groundwork for state-level mandates, and the states have moved quickly.
Here is the current landscape as it applies to connected consumer electronics:
New York: Digital Fair Repair Act
New York was first. The Digital Fair Repair Act, codified at General Business Law § 399-nn, went into effect on December 28, 2023. It requires original equipment manufacturers of "digital electronic equipment" — defined as any product over $10 that depends on digital electronics to function — to make diagnostic and repair information available to independent repair providers and consumers on "fair and reasonable terms." For documents, that means at no charge. For parts and tools, it means offering them at the same cost as to authorized repair providers. The law covers products manufactured or sold in New York after July 1, 2023. Notable exemptions include motor vehicles, home appliances, medical devices, off-road equipment, farm equipment, and video game consoles. The New York Attorney General enforces the law and can seek restitution and civil penalties.
California: SB 244 (The Right to Repair Act)
California's SB 244, signed in October 2023, took effect on July 1, 2024. It covers consumer electronic devices and appliances with a wholesale price of $50 or more. Manufacturers must make repair guides, parts, and tools available to product owners, service and repair facilities, and service dealers. The law covers products sold within California as far back as July 2021. Video game consoles, alarm systems, and heavy equipment are exempt. Penalties escalate: up to $1,000 per day for the first violation, $2,000 per day for the second, and $5,000 per day for the third and subsequent violations. California's law is among the strongest because of its duration requirements — three years for products priced $50 to $99.99, and seven years for products priced $100 or more — both measured from the product's last manufacturing date.
Minnesota: Digital Fair Repair Act
Minnesota's law, codified at Minnesota Statutes § 325E.72, also took effect on July 1, 2024. It requires manufacturers to make documentation, parts, and tools for diagnosis, maintenance, or repair available to independent repair providers and product owners on fair and reasonable terms. The law covers equipment sold on or after July 1, 2021. Exemptions include motor vehicles, medical devices, off-road equipment, farm machinery, and video game consoles. The Minnesota Attorney General has authority to investigate and enforce violations.
Oregon: SB 1596 (First to Ban Parts Pairing)
Oregon's right-to-repair law, signed March 28, 2024, took effect January 1, 2025. It largely tracks California's requirements — manufacturers must provide guides, parts, and tools to product owners and repair facilities — but it goes further by banning "parts pairing," the practice of using software to serialize components so that a device only functions with manufacturer-validated replacement parts. The ban on parts pairing applies to covered devices manufactured after January 1, 2025. The law covers phones sold within the state since July 2021 and all other electronic devices sold since July 2015. Penalties begin in 2027. This is the provision that most directly affects connected device makers who use firmware-based component authentication.
Colorado and Other Emerging Laws
Colorado has enacted a right-to-repair law, but it covers agricultural equipment — not consumer electronics. However, at least 30 states have introduced or carried over right-to-repair legislation, and the trend is toward broader product coverage. For hardware startups selling nationally, the practical implication is clear: assume that every state you sell into will eventually impose repair obligations, and design for the most stringent requirements now.
What You Must Provide: Parts, Tools, Documentation, and Firmware
Despite state-by-state variation, the core obligations converge across all enacted laws. If your connected device is covered, you must make the following available to independent repair providers and consumers — not just your authorized repair network:
- Repair documentation. Schematics, repair manuals, diagnostic flowcharts, and instructions for disassembly and reassembly. Under New York's law, this must be provided at no charge. California and Minnesota require it on "fair and reasonable terms."
- Replacement parts. Components needed for repair must be offered at the same cost (or on terms no worse than) what you charge your authorized repair providers. If you sell replacement batteries to your authorized network at $15 each, you cannot charge an independent shop $40 for the same part.
- Tools. Any specialized tools required to disassemble, diagnose, or repair the device must be made available. This includes proprietary fixtures, diagnostic cables, and calibration equipment. The iFixit analysis of New York's law notes that becoming compliant requires manufacturers to take significant steps in building repair ecosystems and support.
- Firmware and diagnostic software. If your device relies on software for diagnostics — and most connected devices do — you must make that diagnostic software available. This includes firmware updates, diagnostic tools, and any software needed to complete a repair. This is the provision that creates the most tension for hardware startups whose devices may use firmware locks, cryptographic pairing, or cloud-based authentication to control component replacement.
The Oregon law's ban on parts pairing adds a new dimension: if your connected device uses software serialization to prevent third-party components from functioning — for example, requiring a replacement screen to be cryptographically validated before the device will recognize it — that practice is now prohibited for covered devices manufactured after January 1, 2025. Other states are expected to follow. If your product architecture depends on parts pairing for security, safety, or warranty enforcement, you need to evaluate whether those justifications will survive regulatory scrutiny.
How Long? Post-Discontinuation Obligations
One of the most consequential requirements for early-stage hardware companies is the duration of repair obligations after a product is discontinued. The California law sets the most demanding timeline: manufacturers must maintain parts, tools, and documentation availability for three years after the last manufacturing date for products with a wholesale price of $50 to $99.99, and for seven years for products priced at $100 or more. New York and Minnesota do not specify a fixed post-discontinuation period but require availability for as long as the manufacturer provides parts to its own authorized network.
For a hardware startup, this creates a real operational challenge. If you ship a $150 connected wearable in 2025 and discontinue it in 2027, you may need to maintain replacement parts inventory, tooling, and documentation for seven years — potentially through 2034. This obligation outlasts many early-stage companies' product lifecycles and even their corporate lifespans. Factor it into your supply chain planning, your component sourcing contracts, and your end-of-life product strategy before you ship. If you are using custom components with limited production runs, your parts availability timeline must account for these mandates.
Magnuson-Moss Interaction: What Your Warranty Cannot Require
Right-to-repair laws do not exist in isolation. They interact with the federal Magnuson-Moss Warranty Act, 15 U.S.C. §§ 2301–2312, which has governed consumer product warranties since 1975. The FTC, which enforces Magnuson-Moss, has been explicit that warranty terms cannot be used to restrict independent repair. Under 16 CFR § 700.10, a warrantor cannot condition warranty coverage on the use of only its authorized repair service or authorized parts unless it can demonstrate that the condition is necessary to protect against damage to the product. In July 2024, the FTC issued warnings to companies to stop warranty practices that harm consumers' right to repair, signaling active enforcement of the tying prohibition.
For hardware startups, this means your warranty terms cannot state that using an independent repair shop voids the warranty — unless you can prove that independent repair causes damage. The practical effect is that right-to-repair laws and Magnuson-Moss work in tandem: the state laws require you to provide parts and documentation, and the federal warranty law prohibits you from penalizing consumers who use them. Your warranty document should be reviewed by counsel to ensure it does not contain tying language that could trigger FTC enforcement.
This is particularly important for connected device makers who may be tempted to use firmware-based warranty enforcement — for example, flagging a device as "out of warranty" when a non-authorized repair is detected. That practice now carries both state right-to-repair liability and potential Magnuson-Moss exposure.
DMCA §1201 and Firmware Locks on Connected Devices
Many connected devices use firmware locks — cryptographic access controls that prevent unauthorized modification of device software. These locks serve legitimate purposes: protecting against malware, preventing safety-critical tampering, and securing proprietary IP. But they also function as barriers to repair, since a technician who needs to reset, recalibrate, or update device firmware after a component replacement may be unable to do so without circumventing the lock.
The Digital Millennium Copyright Act's §1201, codified at 17 U.S.C. § 1201, generally prohibits circumvention of technological access controls. However, the Copyright Office conducts a triennial rulemaking to grant exemptions. In its ninth triennial proceeding, completed in October 2024, the Librarian of Congress adopted over two dozen exemptions, including renewed and expanded exemptions for repair purposes. These exemptions permit circumvention of access controls on lawfully acquired devices for the purpose of diagnosis, maintenance, and repair.
The practical implication for hardware startups: if your device uses firmware locks to prevent repair, a technician may have a legal right under the §1201 repair exemption to circumvent those locks. You cannot rely on §1201 to enforce repair restrictions that state law now prohibits. If your device architecture depends on cryptographic firmware locks as the primary barrier to unauthorized repair, you should evaluate whether those locks serve a genuine security function that survives the repair exemptions — or whether they are functioning as an anti-repair mechanism that both state law and the DMCA exemptions now undermine.
Practical Compliance Steps Before First Shipment
If your hardware startup has not yet shipped, you have the opportunity to build compliance into your product architecture, supply chain, and support infrastructure from the beginning — which is far less expensive than retrofitting it after launch. Here is what we recommend:
- Map your product against each state law's coverage and exemptions. Identify every state you plan to sell into and determine whether your product is covered or exempt. If your device is a connected consumer electronic product priced above $50, assume it is covered in California, New York, Minnesota, and Oregon. If you sell nationally through DTC channels, all four laws likely apply simultaneously. Document your analysis.
- Design your firmware architecture to avoid parts pairing. If your product uses cryptographic component serialization to prevent third-party parts from functioning, evaluate whether that practice is necessary for safety or security — or whether it is a convenience mechanism that Oregon's ban (and likely future laws in other states) will prohibit. If security is the justification, document why. If it is not, remove it before launch.
- Build a parts supply plan that extends beyond product discontinuation. For products priced at $100 or more, plan for seven years of parts availability after the last manufacturing date. This means sourcing components with sufficient lifecycle, negotiating supplier agreements that guarantee continued availability, and budgeting for end-of-life inventory. If you are using custom components, verify that your supplier can fulfill small-quantity orders for years after volume production ends.
- Prepare repair documentation alongside product development. Schematics, diagnostic procedures, and disassembly guides should be created during product development — not retrofitted afterward. If your engineering team is already generating these materials internally, format them for external distribution. The marginal cost of producing consumer-facing repair documentation during development is minimal compared to recreating it years later.
- Make diagnostic software available through an open channel. If your device has a diagnostic mode, mobile app, or desktop tool used by your authorized repair network, plan to make that same tool available to independent shops. Consider whether your diagnostic software can be distributed without exposing trade secrets — if not, consult counsel on how to structure the access.
- Review your warranty terms for Magnuson-Moss compliance. Ensure your warranty does not condition coverage on the use of authorized repair services or parts unless you can demonstrate that the condition is necessary to prevent damage. Remove any "warranty void if repaired by unauthorized provider" language. The FTC has been actively warning companies about this practice.
- Evaluate whether firmware locks serve a legitimate security function. Document the security rationale for any cryptographic access controls. If the locks exist solely to channel repair through your authorized network, they are vulnerable to both state right-to-repair enforcement and DMCA §1201 repair exemptions. If they exist to prevent safety-critical tampering — for example, preventing unauthorized modification of a medical device or a product with electrical safety implications — document that analysis with technical specificity.
- Budget for ongoing compliance. Parts inventory, documentation maintenance, and diagnostic software support all carry costs that extend well beyond the product's commercial life. Build these costs into your product pricing and financial model from the outset.
Actionable Next Steps
If you are a hardware founder planning to ship a connected consumer device in 2026 or beyond, right-to-repair compliance is not a post-launch concern — it is a pre-shipment design constraint. Here is what we recommend you do, in order:
- Conduct a right-to-repair compliance audit before finalizing your product design. Map your product against California, New York, Minnesota, and Oregon requirements. Identify coverage, exemptions, duration obligations, and any parts-pairing or firmware-lock features that could create exposure.
- Build a multi-year parts and documentation supply plan. For products priced at $100 or more, plan for seven years of parts availability after discontinuation. Negotiate supplier agreements that guarantee this timeline. Budget for the carrying cost.
- Design firmware and diagnostic access for external repair providers. If your device uses cryptographic locks, parts pairing, or cloud-based component validation, evaluate whether those mechanisms survive regulatory scrutiny under Oregon's ban and the DMCA §1201 repair exemptions. If they do not, rearchitect before you ship.
- Review your warranty document with counsel. Ensure no tying language exists that could trigger Magnuson-Moss enforcement. Remove any provisions conditioning warranty coverage on authorized repair unless you can justify the restriction on safety grounds.
- Engage compliance counsel early. The cost of integrating right-to-repair compliance into your product development cycle is a fraction of the cost of retrofitting compliance after a state regulator sends an inquiry — or after the FTC flags your warranty terms. If you are building a connected device company, bring counsel into your product roadmap before the design freeze, not after the first enforcement letter.
Building a connected hardware product and unsure whether your design complies with new state right-to-repair laws? Our team helps hardware founders navigate parts availability mandates, firmware-lock compliance, warranty review, and pre-shipment regulatory audits.