Yes. PCI DSS still requires you to complete SAQs, apply updates, secure your network, and follow card-handling rules. HMS removes separate PCI fees and gives you tools and support, but you remain responsible for how your own environment handles card data.