Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1

AndyC 4 June 2026

From 3 June to 20 July, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI Data Security Standard (PCI DSS) v4.0.

Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1

Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1

From 3 June to 20 July, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI Data Security Standard (PCI DSS) v4.0.1 during a six-week request for comments (RFC) period.    

The RFC will be available through the PCI SSC Portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information. 

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC Portal and received within the defined RFC period.  

Background on the PCI Data Security Standard (PCI DSS) v4.0.1

PCI SSC is beginning the next iteration of PCI DSS by soliciting industry feedback on the current version PCI DSS v4.0.1, to help shape the future of the standard.

This RFC represents the opportunity for our stakeholders to share insights into how PCI DSS is being implemented, with a focus on strengths and opportunities, as we plan for the standard’s evolution.

Through this RFC, stakeholders are encouraged to include specific feedback about PCI DSS evolution opportunities that can support future technology and AI innovation.

 Access the PCI SSC Portal and Provide Comments

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

What do you feel about this?

More Stories

Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization

Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization

AndyC 9 June 2026
The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd

The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd

AndyC 3 June 2026
Coffee with the Council Podcast: Nominate Now for the Global Executive Assessor Roundtable (GEAR)

Coffee with the Council Podcast: Nominate Now for the Global Executive Assessor Roundtable (GEAR)

AndyC 2 June 2026
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week

Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week

AndyC 26 May 2026
PCI SSC Publishes PCI PTS HSM v5.0

PCI SSC Publishes PCI PTS HSM v5.0

AndyC 26 May 2026
Request for Comments: PCI Secure Software Lifecycle Standard v2.0

Request for Comments: PCI Secure Software Lifecycle Standard v2.0

AndyC 26 May 2026

You may have missed

Sophos Workspace Protection update

AndyC 10 June 2026

Sophos Workspace Protection update

AndyC 10 June 2026

Sophos Workspace Protection update

AndyC 10 June 2026

Sophos Workspace Protection update

AndyC 10 June 2026

Sophos Workspace Protection update

AndyC 10 June 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.