Which SAQ would you select for a merchant using a validated P2PE solution?

When a merchant uses a validated Point-to-Point Encryption (P2PE) solution, cardholder data is encrypted at the moment of capture and remains encrypted until it reaches the processor. Because the data never touches the merchant’s internal systems, the assessment focuses on how the P2PE solution is implemented, validated, and maintained, rather than on the merchant’s own network security. This scenario matches the SAQ that is specifically designed for merchants using a validated P2PE solution, ensuring the questions align with the controls and responsibilities tied to that encryption approach and vendor validation. The other SAQs assume different data flow or outsourcing configurations where card data might enter the merchant’s environment in some form, so they don’t fit a fully P2PE-enabled setup.