New Legislation Targets Software Abandonment
Legislation in Massachusetts and New York would require connected product makers to say how long they will support software. Also: BMW’s new “logo screw” complicates repairs.
Contents:
+ BMW’s “logo screw” patent puts brand protection over public repair.
+ Congress introduces federal Fair Repair Act: If You Own It You Can Fix It
+ DHS Declares Un-fixable, End of Life Hardware A Security Crisis
+ Trump officials tell manufacturers to stop hiding behind the Clean Air Act
+ Report calls out costs of automakers lock down of vehicle data
+ First Circuit judge calls for compromise over Massachusetts telematics repair lawMassachusetts is asking a simple question that the tech industry has spent years dodging: When will this thing I bought stop working?
Two bills introduced in January in the state House and Senate are aimed at forcing companies to disclose end-of-life timelines for software-supported products.
The bills, dubbed“An Act Relative To Consumer Electronic Devices” (HD 5563 and SD 3606) will create new rules for the makers of personal electronics when it comes to supporting- and patching the software that runs the devices. That includes requirements that manufacturers:
Disclose a minimum guaranteed support timeframe to consumers before they purchase an electronic devices, informing would-be owners of the period for which they will provide security and software updates.
Notify consumers when their devices are nearing the end of life and provide guidance on how to handle the device’s end of life.
Inform customers about features that will be lost as a result of the end of life declaration as well as potential vulnerabilities and security risks that may arise after software support ends.
The proposed legislation follows the introduction of a similar bill, S8507, the “connected consumer product end of life disclosure act” in the New York State Senate in September by Senator Patricia Fahey.
When Your Product Has an Expiration Date, You Shouldn’t Have to Guess It
As we have reported before: the current “Wild West” marketplace for software-powered devices empowers companies to sell you a “smart” device with no meaningful disclosure about how long it will receive security updates, cloud access, or even basic functionality. The hardware may be engineered to function for decades. The software? That can vanish overnight - like Amazon’s Halo Rise smart alarm clock, which sold for $140 but was “bricked” by the online retail giant just 9 months after being introduced. Servers get shut off. Logins stop working. Features disappear. What’s left is a perfectly functional piece of plastic headed for the landfill.
The Massachusetts proposal tackles the quiet risk behind this cycle: end-of-life software isn’t just inconvenient. It’s a security hazard. Unsupported devices become easy targets. They linger on home and business networks long after patches stop coming. The result isn’t just waste—it’s exposure.
“Our daily lives have become intertwined with smart devices,” state Representative Dave Rogers told WIRED. “Once a company decides it will no longer provide software updates for those devices, they become ticking time bombs for hackers to exploit. We must ensure consumers are given the tools to understand their devices and the risks, before they purchase them.”
The proposed legislation would set much-needed guardrails for smart device makers: requiring manufacturers to disclose minimum support timelines and clarify what happens when support ends. That shifts power, giving consumers and public agencies the ability to factor software lifespan into purchasing decisions. It also introduces something tech companies have skillfully avoided: accountability.
This is the missing transparency in the right-to-repair conversation. You can’t meaningfully “repair” a device if its core functionality depends on a server someone else controls—and that server can disappear without warning. You don’t own a product with a kill switch. You’re leasing permission.
The proposed legislation follows a model law introduced in March by Consumer Reports, (Fight to Repair parent organization) Secure Resilient Future Foundation, PIRG and the Center for Democracy and Technology.
“Almost everybody has a story about some device that they love that suddenly stopped working the way they thought it would or has just straight up died,” Stacey Higginbotham, a policy fellow at Consumer Reports told Wired. “Your product is now connected to a manufacturer by this software tether that dictates how it’s going to perform.”
Lawmakers pushing similar disclosure rules nationally are recognizing that the market won’t fix this on its own. Companies are incentivized to shorten lifecycles. Shorter support windows mean more upgrades. More upgrades mean more revenue. The costs—e-waste, security vulnerabilities, consumer frustration—are externalized.
Requiring clear end-of-life disclosures doesn’t ban innovation. It doesn’t freeze companies in place. It simply forces them to tell the truth at the point of sale: this product will be supported for X years. After that, here’s what happens.
That clarity changes everything. It creates competition around longevity. It rewards companies willing to stand behind their products. And it exposes those building disposable tech ecosystems propped up by vague promises.
The fight here isn’t about nostalgia for old gadgets. It’s about informed consent in a software-defined world. If a device’s brain lives in the cloud, the lifespan of that cloud connection is part of the product.
Massachusetts is stepping into a gap that’s been quietly costing consumers for years. The question now is whether other states—and Congress—are ready to follow. Because “smart” shouldn’t mean temporary.
Other News
BMW’s “logo screw” patent puts brand protection over public repair.
Boing Boing spotlights a BMW patent for a logo-shaped fastener—hardware designed less to hold parts together than to keep people out. It’s a small story with big symbolism: companies don’t always need laws to block repair; they can engineer friction directly into the object. Specialized screws mean specialized tools, and specialized tools create a barrier that pushes DIYers and independent shops out of the room. The piece frames it as the latest episode in a familiar escalation: when consumers demand repair access, manufacturers respond with new ways to make repair inconvenient, expensive, or “unauthorized.” Patents like this also normalize the idea that preventing repair is a legitimate innovation goal, rather than an anti-competitive tactic. Even if most drivers never touch a screwdriver, the downstream effects land on everyone: longer waits, higher bills, and fewer local repair options. And once a design pattern becomes industry-common, it’s hard to undo—because the barrier isn’t only a screw, it’s the ecosystem built around it (tools, parts, policies, dealer exclusivity). The future of repair can be killed by a thousand tiny “clever” decisions. (Read more at BoingBoing)
Congress introduces federal Fair Repair Act declaring “if you bought it, you should be allowed to fix it.”
A new bipartisan push—the Fair Repair Act—aims to turn “right to repair” from a patchwork of state fights into a national baseline. In a statement on February 5th, Representatives Joe Morelle (D, NY-25) and Marie Gluesenkamp Perez (D, WA-03), and Senator Ben Ray Luján (D, NM) introduced the Fair Repair Act, legislation authored by Morelle that guarantees consumers and small businesses a right to repair their own products by requiring manufacturers to make diagnostic repair information, parts, and tools readily available. “It’s just common sense, when you buy something, you should be able to fix it,” said Congressman Joe Morelle. “Our bill, the Fair Repair Act, makes repairs more affordable and puts power back in the hands of consumers, not big corporations.”
The press release leans hard into planned obsolescence as the real tax here: design + policy choices that shrink your choices on purpose. It also points to environmental stakes—more repair means fewer devices dumped—and cites estimates that repair access could save households hundreds per year and add up to tens of billions nationally (a big claim, but a useful organizing number in a debate that’s often intentionally abstract). The subtext: this is a direct challenge to the business model where control of repair is control of revenue, data, and the product’s lifespan. (Read more at House.gov)
DHS Declares Un-fixable, End of Life Hardware A Security Crisis
The federal government is officially done tolerating zombie tech.
The Cybersecurity and Infrastructure Security Agency (CISA) just gave agencies a hard deadline: one year to identify and remove end-of-life (EOL) devices from their networks. No more indefinite extensions. No more “we’ll get to it next quarter.” If a device no longer receives security updates from its manufacturer, it has to go.
This isn’t bureaucratic housekeeping. EOL hardware is a known entry point for attackers — unsupported routers, firewalls, and appliances quietly running critical systems with no patches and no safety net. In an era of relentless ransomware and nation-state probing, that’s not just sloppy. It’s dangerous.
Under the new directive, agencies must inventory exposed devices, assess risk, and either replace or isolate anything that can’t be secured. CISA is pushing for visibility first — you can’t defend what you don’t know you have — and then real accountability.
The message is clear: legacy convenience can’t outweigh national security. Federal networks are sprawling and complex, and this won’t be painless. But the cost of inaction is higher.
For agencies — and frankly, for private companies watching closely — the clock just started ticking. (Read more at The Record)
Trump officials claim a right-to-repair win for farmers—by telling manufacturers to stop hiding behind the Clean Air Act.
A Newsweek opinion piece, authored by EPA Administrator Lee Zeldin, Agriculture Secretary Brooke Rollins, and SBA Administrator Kelly Loeffler, marks the clearest declaration yet of the Trump administration’s support for a right to repair. The piece follows a public statement by U.S. Environmental Protection Agency (EPA) Administrator Lee Zeldin on February 5th “reaffirming American farmers and equipment owners’ right to repair the farm and other nonroad diesel equipment they own.” The EPA clarified that the Clean Air Act “does not prevent them from making essential repair tools or software available to all Americans.” In the Newsweek article, the authors assert that repair lockouts threaten food security when equipment downtime hits planting and harvest. Manufacturers have long leaned on emissions “anti-tampering” provisions as a justification for limiting access to tools and software, forcing farmers into authorized dealers and higher costs. They cite a striking farmer-support figure (95%) and frame the guidance as a cost-cutting move—asserting potential savings, faster repairs in the field, and fewer incentives to cling to older, higher-polluting equipment simply because it’s fixable.
The EPA statement is the latest in a series of calls by lawmakers and repair advocates about violations of the federal Clean Air Act and agricultural equipment dealers thwarting owners’ ability to repair their farm equipment.
In 2024, U.S. Senator Elizabeth Warren wrote that John Deere “appears to be evading its responsibilities under the Clean Air Act to grant customers the right to repair their own agricultural equipment.” That is costing farmers an estimated $4.2 billion annually “causing them to miss key crop windows on which their businesses and livelihoods rely,” Warren wrote, according to a copy of the letter shared with Fight To Repair Newsletter. (Read more on Newsweek)
Report calls out costs of automakers lock down of vehicle data.
A new report by US PIRG warns that original manufacturers’ (OEMs) control over owner-generated data is giving auto dealers and authorized repair providers a competitive advantages over independent repair providers. That tech-fueled transformation could fundamentally alter auto repairs, PIRG found.
Manufacturers are cutting out independent repair by using proprietary wireless data to proactively identify vehicle issues before they develop, steering upcoming repairs to authorized dealerships. The lack of telematic repair data makes diagnosing and fixing issues harder for independent providers, while dealerships are even conducting some repairs remotely using telematic access.
Modern vehicles are sliding into the same trap as smartphones: you “own” hardware, but software gates what you’re allowed to do with it, a post by iFixit argues. iFixit describes the automotive ecosystem as a kind of rigged app store—with vehicle owners’ access to features, diagnostics, and even basic functionality restricted, monetized, or revoked depending on the manufacturer’s terms.
And, as Collision Repair notes: the changes, coupled with workforce shortages, increased training costs, and customer expectations shaped by insurer timelines are straining the collision repair industry and punishing independent repair shops that lack access to proprietary automaker systems. Skilled techs don’t matter if they are blocked by parts pairing, locked modules, or required calibrations tied to OEM systems. If right-to-repair policy doesn’t keep pace, “quality” risks becoming a euphemism for “authorized”—and that’s a market design choice, not a consumer safety inevitability. (Read more at PIRG, iFixit and Collision Repair News)
First Circuit judge calls for compromise over Massachusetts telematics repair law
Speaking of automobile repair… a federal appeals court judge appeared skeptical about aspects of the ongoing dispute surrounding Massachusetts’ five year-old vehicle data/telematics access law, part of the state’s broader automotive right to repair. The case follows a victory in federal court last year, after a judge ruled that Massachusetts voter-passed law did not violate Federal auto safety regulations.
The key issue is over vehicle owners’ access to vehicle-generated data and diagnostic pathways that independent repairers argue are necessary to compete, and automakers argue raise security and safety risks if opened improperly. According to the write-up, the court’s questioning suggested discomfort with rigid positions and encouraged a negotiated resolution—hinting that a technical compromise might be more realistic than sweeping win/lose outcomes.
That “middle” matters, because telematics is where modern repair power lives: remote diagnostics, feature control, and data flows that can be architected to include independent access—or to exclude it by design. The piece underscores how courts increasingly have to weigh cybersecurity realities without letting “security” become a universal veto. If the appellate process pushes parties toward settlement or narrower guardrails, it could shape how other states write data-access rules: not just “open it,” but “open it safely, with enforceable standards,” so repair doesn’t die behind abstract fear. (Read more at JD Supra)