Frequently Asked Questions

< Back to search page

What are the PA-DSS Expiry Dates?

FAQ Response

The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application to remain listed as “Acceptable for New Deployments” on the PCI SSC website.

PA-DSS expiry dates are as follows:

PA-DSS version

Expiry of application listing

1.0

28 October, 2013

2.0

28 October, 2016

3.0

28 October, 2019

3.1

28 October, 2019

3.2

28 October, 2022


After the Expiry Date, applications are listed as “Acceptable only for Pre-Existing Deployments.”  See FAQ #1195 for an explanation of the difference between an application which is “Acceptable for New Deployments” and one which is “Acceptable only for Pre-Existing Deployments.”

June 2016
Article Number 1275

Related Articles

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What is the Council’s guidance on the use of SHA-1?

What version of PCI DSS should I use?

Are PA-DSS applications considered valid if installed on an operating system that is not included in the payment application listing?

How does Triple DEA (TDEA) impact ASV Scan results?