The PCI DSS standard is published and maintained by the PCI Security Standards Council (SSC). Changes to the standard follow a 24-month lifecycle with five stages.

The lifecycle ensures a gradual and phased use of new versions of the standard without invalidating current implementations of PCI DSS or putting any organization out of compliance the moment the changes are published.

PCI DSS version 1.2 was released on October 1^st, 2008 and was announced as effective from the 31^st of December, 2008.

PCI DSS version 1.2 is currently in its first stage, which started on October 1^st, 2008 and will last until the June 30^th, 2009. Stage one allows ample time for the market for assessment and implementation of the standard requirements.

On July 1^st, 2009 PCI DSS version 1.2 will begin its second stage. The second stage will last between 10 to 12 months and allows time for providing feedbacks to the PCI SSC about the latest version of the PCI DSS standard. During this stage the council will communicate the process of how to submit feedbacks with all stakeholders.

During the third stage, approximated in 8 months, the council will compile feedbacks from multiple sources. The council will communicate and discuss with all stakeholders relevant to PCI DSS and will evaluate all feedbacks. At the end of this stage, the council will propose changes for the next version of PCI DSS, and will issue a preliminary draft for review.