Interested in views on this aspect, as well as exploring how PCI might be clarified into the future as the real-world of card processing busness sectors is exposed more fully to PCI over time.

In the context of connected entity (vs 12.10), who has to provide PCI compliance evidence:
Any entity (such as a service provider or merchant) connecting to a PCI-related system/application?
Or the customer for whom this processing is performed?

Consider when a service provider is providing white-label services, on behalf of say 6 customers, to tens of thousands of third parties, some of whom are merchants, some of whom are other service providers, some are Acquirers and some are banks/financial institutions who are not Card Scheme Members?

The case of a handful of customers is easy to manage.

The case for tracking compliance among thousands of third parties, with whom the white-label provider has no contract, is way more difficult to manage, logistically and commercially (e.g. No contract = no enforceability)

I think you ultimately have to take the approach that the card companies did and rely on the parties you do have contracts with to make sure that the parties that they contract with are in compliance and so on.

To do this, you will have to make sure that your contracts require PCI DSS compliance for your third parties.

I agree in theory.
In practice, this business environment predates PCI and it transpires that has no contracted requirements regarding credit card account numbers.
None.

So it sort falls through the PCI net, in oh so many ways.

There is some attention being paid to this now - I expect some outcomes in 24-36 months.

Lyal