First of all, legislation doesn’t die, it just becomes BAU. PCI is still a pain for most, but as a race, us Humans are fickle creatures who like our topics and news to be current, so the latest and greatest will always be at the top of the agenda.
PCI on the other hand has a few cards left to play, first we see the move from 1.1 to 1.2, and although the content is still uncertain, it is likley to include calrifications of “what they actually meant” and additions. Aside from the revisions now and future to the PCI-DSS, PA-DSS, and other relevant standards are likeley to appear to help ensure that those organisations we entrust with our data, do the minimum to keep hold of it.
of course, we have seen some clarifications and “movement” on the existing standard, as well as finally, some teeth being displayed by the PCI through fines.
In my view, PCI is by no means dead, or even old news, its just part of the legislative landscape that is a part of business today, not to be ignored.