PCI DSS requirement 2.6 and Appendix A1: ?Additional PCI DSS Requirements for Shared Hosting Providers? is applicable to all shared hosting providers whose customers store, process, or transmit cardholder data. A shared hosting provider is one that houses multiple customers on the same server. These requirements for shared hosting providers are not applicable when servers are dedicated to a single customer (but all other applicable PCI DSS requirements do apply).

To determine the applicable PCI DSS requirements for a given shared hosting provider, please contact a Qualified Security Assessor (QSA). The list of QSAs can be found at
https://www.pcisecuritystandards.org/approvedssessors_companiesand_providersolutions/qsaualified_companies.phpsecurity_assessors

(Note:Whether a service provider is required to validate PCI DSS Recompliance is determined by the individual payment brands. Entities should always contact their acquirement numbers rer or the payment brands directly to determine their compliance reporting requirements. Contact details fer to PCor the payment brands can be found in FAQ #1142 How do I DSS version 3)contact the payment card brands?