PCI DSS v4.0 Release Postponed until March 2022

25. June 2021

Affected businesses and QSA organizations are eagerly awaiting the release of the final version 4.0 of the PCI Data Security Standard (PCI DSS). The PCI Security Standards Council (PCI SSC) now announced that the release will not be in Q4 2021 as previously planned. The PCI Council cites March 2022 as the new release date.

According to the Council, the reason for the postponement is the decision to grant an additional RFC (Request for Comments) phase for the PCI DSS v4.0 validation documents. These documents include, for example, the SAQs (Self-Assessment Questionnaires), ROC templates (Report on Compliance) and the PCI DSS Glossary.

Since the revised version is expected to include a number of significant changes and innovations to the standard, the PCI Council is simultaneously announcing that Participating Organizations, QSA organizations, and ASVs will receive a preview version of the standard as early as January 2022, before it is released to the public. These stakeholders will therefore have the opportunity and some extra time to familiarize themselves with the new standard before it will be released in March 2022.

Despite the postponed publication, a sufficient transition period of 18 months is still provided for affected companies to review the changes and adjust processes and systems accordingly. This phase will begin once all PCI DSS v4.0 documents have been published.


Our experienced PCI auditors Jan Kemper and Vinzent Ratermann also provided a closer look at the developments in a webinar on 24.08.2021. Here you can find the recording with their views.

Do you have any questions or need assistance with your PCI compliance project? Contact us, we'll be happy to help.

Also interesting:

A5: BSI Publishes New Audit Framework for Trustworthy AI

A5: BSI Publishes New Audit Framework for Trustworthy AI

The German Federal Office for Information Security (BSI) has published the Community Draft of the AI Audit and Assurance Assessment Architecture (A5) (currently available in German only), thus starting the consultation phase. A5 is intended to create a standardized...

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

Categories

Categories