Frequently Asked Questions

< Back to search page

What are the PA-DSS Expiry Dates?

FAQ Response

The Expiry Date for PA-DSS Validated Payment Applications is the date by which a vendor must have the application reassessed against the current PA-DSS requirements in order for the application to remain listed as “Acceptable for New Deployments” on the PCI SSC website.

PA-DSS expiry dates are as follows:

PA-DSS version

Expiry of application listing

1.0

28 October, 2013

2.0

28 October, 2016

3.0

28 October, 2019

3.1

28 October, 2019

3.2

28 October, 2022


After the Expiry Date, applications are listed as “Acceptable only for Pre-Existing Deployments.”  See FAQ #1195 for an explanation of the difference between an application which is “Acceptable for New Deployments” and one which is “Acceptable only for Pre-Existing Deployments.”

June 2016
Article Number 1275

Related Articles

If a merchant develops an application that runs on a consumer’s device (e.g. smartphone, tablet, or laptop) that is used to accept payment card data, what are the merchant’s obligations regarding PCI DSS and PA-DSS for that application?

What is the Council’s guidance on the use of SHA-1?

How does use of an expired PTS device affect my PCI DSS compliance?

Does PCI DSS, PA-DSS, or PTS apply to ATMs?

What is the difference between a Validated Payment Application which is shown on the PCI SSC website as “Acceptable for New Deployments” and one which is shown as “Acceptable only for Pre-Existing Deployments”?