If I'm using Recurly, does my business need to be PCI compliant?

A merchant must always be PCI compliant if they accept credit card payments online (even if the card is entered on another site). If using HPP, Recurly's recommendation is to complete SAQ A. If using HPP or Recurly.js (v4), Recurly's recommendation is to complete SAQ A. If you are using Recurly.js (any version earlier than v4), Recurly's recommendation is to complete SAQ A-EP.

If card data passes through a merchant's servers, Recurly recommends SAQ C or SAQ D. A merchant's bank will have the ultimate say for PCI compliance documentation and assessment requirements.