Every organisation that deploys or uses AI systems in the EU must ensure that their personnel have a sufficient level of AI literacy. This applies to every employee, in every sector, across all 27 member states.
Feb 2025
Already in force
27
EU Member States
All
Sectors Covered
7.5M+
Max Fine (EUR)
Already in force. Article 4 became binding on 2 February 2025 as part of the first phase of the EU AI Act. Organisations that have not yet implemented AI literacy measures are in potential non-compliance.
“Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context in which the AI systems are to be used, and considering the persons or groups of persons on whom the AI systems are to be used.”
— Article 4, Regulation (EU) 2024/1689 (EU AI Act)
Captures both organisations that develop AI systems and organisations that use them. A law firm using AI legal research, a bank using AI credit scoring, a hospital using AI diagnostics — all are deployers.
Extends beyond employees to contractors, consultants, temporary workers, and anyone else who interacts with AI systems on the organisation's behalf. Not just the IT department.
A proportional standard — the required level depends on the person's role, the system's complexity, and the context of use. All personnel need some level; none can be excluded.
Provides proportionality but does not eliminate the obligation. Organisations must make genuine, documented efforts. Ignoring the requirement because training is expensive is not compliant.
Article 4 does not allow organisations to train their technology staff and consider the obligation met. Every function that touches AI — which in 2026 is every function — must be addressed.
AI Tools Used
Applicant tracking, resume screening, sentiment analysis, workforce planning
Literacy Required
Understanding bias in AI screening, when to override algorithmic recommendations
AI Tools Used
Content generation, customer segmentation, predictive analytics, personalisation
Literacy Required
Hallucination risks in AI-generated claims, ethical AI-driven targeting
AI Tools Used
Fraud detection, financial forecasting, automated reporting, compliance monitoring
Literacy Required
Reliability limits of AI predictions, automation bias, audit implications
AI Tools Used
Demand forecasting, inventory optimisation, quality control, logistics
Literacy Required
Model prediction limitations, training data divergence, human oversight
AI Tools Used
Contract review, legal research, regulatory monitoring, compliance assessment
Literacy Required
Functional AI literacy for own work plus governance literacy for Article 4 advisory
AI Tools Used
Strategic AI investment, risk oversight, deployment governance
Literacy Required
Strategic AI understanding, regulatory alignment, ethical AI oversight
or 1% of worldwide annual turnover
Minimum penalty tier for general violations including Article 4 non-compliance.
Risk multiplier for other violations
AI literacy failures may aggravate penalties for high-risk system violations. The literacy obligation is foundational.
National authorities enforce
Each member state designates enforcement authorities. Approach varies by jurisdiction but the obligation is uniform.
Beyond regulatory fines
Organisations whose personnel misuse AI due to insufficient training may face civil liability, client claims, and reputational damage that exceeds any regulatory fine. The risk is operational, not just compliance.
Based on the text of Article 4 and emerging guidance from national authorities and legal scholars, compliance requires these elements.
Map every AI system your organisation uses and identify who interacts with each one. Many organisations will be surprised by how pervasive AI is in their existing technology stack.
Create a matrix mapping organisational roles to the AI systems they interact with and the level of literacy each interaction requires. Cover all functions, not just technology and legal teams.
Implement role-appropriate training calibrated to the needs assessment. The receptionist using AI-assisted scheduling needs different training than the data analyst building predictive models.
Record who was trained, when, on what content, and to what standard. Article 4's "to their best extent" language requires demonstrable compliance efforts.
Verify that training actually develops the required competence. Simply providing training is insufficient if it does not produce sufficient understanding.
AI literacy is not a one-time event. Update training programmes as AI capabilities, organisational use, and regulatory guidance evolve.
Article 4's AI literacy requirement has concrete, immediate implications for how legal professionals work with AI tools.
The Darmstadt Regional Court ruling in Germany set a powerful precedent: when a court-appointed medical expert used AI extensively without disclosure, the court set the expert's fee at zero euros and declared the entire report inadmissible. This case underscores that AI literacy includes understanding when and how to disclose AI use.
AI tools in litigation now assist with case law research, document review, and predictive analytics. Lawyers must understand how generative AI can hallucinate non-existent case citations.
Contract drafting, due diligence, and regulatory compliance increasingly involve AI assistance. AI-generated contract language requires human review for appropriateness.
IP practitioners using AI for trademark searches, patent analysis, or copyright assessments need specialized literacy including recognizing AI limitations in assessing novelty.
Lawyers advising on regulatory matters require understanding of AI risk classification systems, sector-specific regulations, and AI-specific contractual provisions.
First EU member state to adopt comprehensive national AI legislation. Mandatory client disclosure when AI is used in legal representation.
Darmstadt Regional Court ruling established mandatory AI disclosure for all court-related submissions.
Latvia, Lithuania, and Estonia are coordinating cross-border implementation of AI regulation for legal services.
The comparison to GDPR is instructive. When GDPR took effect in 2018, it created massive demand for data protection training. The EU AI Act is likely to follow the same pattern.
EU AI Act: Regulation (EU) 2024/1689 - Full Text
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689
European Commission: Regulatory Framework for AI
https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
AI Act Article 4: AI Literacy - Analysis and Commentary
https://artificialintelligenceact.eu/article/4/
NOVA School of Law: AI Regulation Research
https://novalaw.unl.pt/en/ai-regulation/
European Parliament: EU AI Act - First Regulation on Artificial Intelligence
https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
Future of Life Institute: EU AI Act Explorer
https://artificialintelligenceact.eu/
