Understanding Article 4 of the EU AI Act: Roadmap to AI Literacy

Under the European Union’s Artificial Intelligence Act (AI Act), organizations are required to ensure that all personnel involved in the development, deployment, or operation of AI systems possess a robust understanding of AI. Effective February 2, 2025, the AI literacy obligation under Article 4 of the AI Act is not a mere legal formality but a strategic commitment to responsible, informed, and ethical AI usage.

Consider a financial institution using an AI-driven loan approval system. Without adequate AI literacy among its staff, loan officers might fail to recognize biases embedded in the algorithm, leading to discriminatory lending practices and potential legal repercussions. This scenario highlights the critical need for comprehensive AI literacy across all sectors. Therefore, organizations should have a strategic, long-term approach to ensure a mature level of AI literacy.

Although formal public enforcement of penalties for non-compliance with the AI Act begins on August 2, 2025, private enforcement (individuals or organizations initiating legal actions or complaints independently) is already active, allowing individuals to raise concerns through legal channels even before a formal oversight body is established.

Before we delve further into AI literacy, it is important to understand what AI literacy means.

What is AI literacy?

Article 4 of the AI Act defines AI literacy as:

“Skills, knowledge, and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of the AI Act, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause.” 

This definition is quite broad, generic, and flexible. The AI Act does not prescribe a specific level or quality of expertise but emphasizes the importance of being able to make well-informed decisions when deploying or developing AI systems. This includes not just developers and deployers, but also 'affected persons,' such as consumers whose loan applications are processed by AI, or job applicants screened by AI-powered tools.

In essence, the culmination of AI literacy lies in having a holistic understanding of how best to use AI in that particular context. This understanding ensures that individuals are well-equipped to navigate its complex and ever-evolving landscape. It also encompasses ethical considerations, ensuring that AI systems are used responsibly and aligned with your organization's core values.

AI Literacy Obligations

Article 4 of the Act sets forth the requirements for AI literacy.

It states that:

“Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf.” 

The scope of Article 4 is critical. It applies to providers and developers. This means that most organizations deploying AI will be subject to these literacy obligations. Providers and deployers must ensure that their employees and all persons involved in operating these systems achieve a “sufficient level” of AI literacy. The term other persons could mean the affected person, i.e., contractor, service provider, or user (client). Although the AI Act uses terms like “to their best extent” and “sufficient level,” it offers little specific guidance on these criteria, leaving them to be interpreted contextually based on the technical skills, experience, education, and training of their staff, along with the specific type and risk of AI systems used, the size and resources of the organization, and the groups that are impacted by these systems.

There is currently no comprehensive guidance on AI literacy mandated by the European Commission. However, based on our understanding and guidelines from the Dutch Data Protection Authority, organizations can adopt the following steps to ensure compliance with the AI literacy obligation.

Steps for Organizations to Ensure AI Literacy

Below are practical steps to help organizations establish effective AI literacy programs.

1. Identify AI Systems and Assess Risks

Organizations should begin by mapping where, how, and by whom AI is used within their operations while carefully evaluating the risks these systems may pose to employees, customers, and society at large. Creating a comprehensive inventory by leveraging existing records of processing activities (RoPA) is a practical first step. It is equally important to assess the broader impact of these AI systems and review any existing policies, initiatives, or frameworks that support AI literacy.

Example: A project manager in a technology firm may be responsible for cataloging all AI systems. In doing so, the manager evaluates the risk level associated with each system, considers the potential effects on various stakeholders, and identifies the roles employees play in managing these systems.

2. Define AI Literacy Goals by Role and Risk Level

Not every role requires the same depth of AI expertise. Individuals involved in AI development or critical decision-making need advanced training, while others may benefit from a general overview. Training programs should be prioritized based on the risk profile of each AI system. Key decision-makers such as executives and managers must have the insights necessary to oversee AI deployment responsibly, and employees who work directly with AI must be aware of the risks and potential outcomes. Tailored initiatives across different functions, such as HR, IT, and operations, ensure that all parts of the organization are equipped to manage AI risks effectively.

Example: In a company, a content manager using generative AI to create marketing materials must understand the underlying processes of AI, including potential biases and inaccuracies. Similarly, HR personnel responsible for recruitment need deeper insights into AI systems, especially if these systems are used for profiling or assessment, as such tools can significantly influence hiring decisions.

This example shows that knowledge and skill requirements vary among employees within an organization, influenced by the specific context and the risk level of the AI system.

3. Develop and Implement Comprehensive AI Literacy Programs

Once knowledge gaps are identified, organizations should design training programs that address these specific needs. These programs may include specialized training sessions, courses on AI ethics and legal compliance, and targeted instruction for staff involved in procuring or making decisions about AI systems. Training should be offered at multiple levels, from basic overviews to advanced courses, and should cater to various learning styles. Larger organizations might consider appointing an AI officer to coordinate training efforts and drive continuous improvement. Maintaining detailed records of all training activities is essential to demonstrate compliance and support periodic reviews.

Example: An organization might develop a guiding document titled “Approach to AI” that outlines the principles for responsible AI use and serves as a reference for all employees.

4. Monitor, Evaluate, and Enhance AI Literacy Initiatives

Given the rapid evolution of AI technology and regulatory standards, ongoing evaluation is critical. Organizations should implement regular internal or external audits, conduct employee surveys, and establish baseline measurements to gauge the effectiveness of their training programs. Adopting a multi-year AI literacy action plan can help ensure that training remains relevant, adaptive, and aligned with emerging risks and opportunities.

Example: Conducting annual employee surveys can provide valuable feedback on the effectiveness of AI training programs, allowing organizations to refine their approach and ensure that skill development keeps pace with technological advancements.