How many digits of a Visa card number can vendors disclose on receipts?

As per PCI, the first 6 (BIN) and the last 4 can be shown, others should be masked:

From an official 2008 PDF: PCI Data Storage Do’s and Don’ts:

Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is displayed. The first six and last four digits are the maximum number of digits that may be displayed.

PAN is Primary Account Number

So as far as compliance goes, the data terminal used to print the receipt is compliant.

Just remember that sensitive does not mean secret. The card number is "sensitive" because it can be used to initiate financial transactions, but it is not secret. Only the PIN code is.

Earlier, the full number was written down on the receipt, like the full account number is written on a check. As online businesses use only VISA card numbers without validation, banks realized that the risk of fraud was too high and chose to partially hide the information on the receipt. But the full card number is known (or at least accessible) to almost any employee of a website where you have initiated an on-line purchase.

TL/DR: if the bank is too lazy to hide the card number on a printed receipt it is their problem, not yours. As you are not responsible for that, there is no negligence from you.

In the USA, the Fair and Accurate Credit Transactions Act of 2005 (FACTA) prohibits printing more than five digits of a credit card number. So while your receipt complies with PCI regulations, it wouldn't comply with the law if you were in the US. However your profile says you're in Slovenia, and I'm not aware of any similar Slovene or EU laws.