Spring 2025 PCI DSS compliance package available now

August 6, 2025: This post was updated to add the three newly added Regions, as well as the three new services.

Amazon Web Services (AWS) is pleased to announce that three additional AWS services and three additional AWS Regions have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification:

Newly added AWS services:

• Amazon Verified Permissions
• AWS B2B Data Interchange
• AWS Resource Explorer

Newly added AWS Regions:

• Asia Pacific – Thailand
• Asia Pacific – Malaysia
• Mexico – Central

This certification means that customers can use these services while maintaining PCI DSS compliance, enabling innovation without compromising security. The full list of services can be found on the AWS Services in Scope by Compliance Program page. The PCI DSS compliance package includes two key components:

• Attestation of Compliance (AOC) – demonstrates that AWS was successfully validated against the PCI DSS standard.
• AWS Responsibility Summary – provides guidance to help AWS customers understand their responsibility in developing and operating a highly secure environment on AWS for handling payment card data.

AWS was evaluated by Coalfire, a third-party Qualified Security Assessor (QSA).

This refreshed certification offers customers greater flexibility in deploying regulated workloads while reducing compliance overhead. Customers can access the PCI DSS reports through AWS Artifact. This self-service portal provides on-demand access to AWS compliance reports, streamlining audit processes.

To learn more about our PCI programs and other compliance and security programs, see the AWS Compliance Programs page. As always, we value your feedback and questions; reach out to the AWS Compliance team through the Compliance Support page.

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.