Any merchant or service provider handling payment card data must comply with PCI DSS. The level of compliance effort depends on transaction volume (Level 1 merchants process over 6 million transactions annually). GDPR and CCPA apply to consumer data collection. SOC 2 is increasingly expected by business partners. E-commerce platforms also face requirements around accessibility (ADA compliance) and consumer protection regulations.