EU Commission issues key guidance on AI literacy requirements under the EU AI Act
On May 7, 2025, the European Commission released a detailed Q&A document shedding light on the AI literacy obligations set out in Article 4 of the EU Artificial Intelligence (AI) Act. In effect since February 2, 2025, Article 4 requires all organisations developing or using AI systems that impact individuals in the EU — whether based in the EU or not — to ensure a “sufficient level of AI literacy” among staff and any individuals dealing with AI systems on their behalf. The new guidance is designed to help organisations understand and effectively implement these obligations in the lead-up to formal enforcement.
What exactly is “AI Literacy”?
The AI Act defines AI literacy as: the “skills, knowledge and understanding that allow providers, deployers and affected persons to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause.”
In practice, this refers to the ability to understand, use, and interact with AI responsibly and effectively and to critically recognise its risks, limitations and impact.
The obligation applies to all organisations, EU-based or not, whose AI systems are used in the EU or affect individuals in the EU. It is not limited to high-risk AI systems. The requirement also applies to all individuals within an organisation’s remit who directly interact with an AI system, from employees to service providers and customers.
Key compliance measures: What do you need to know
While the AI Office promotes a flexible, risk-based approach over rigid compliance checklists and prescriptive mandates, it highlights minimum actions organisations should take to meet the requirements:
- General AI awareness: ensure all relevant individuals understand basic AI principles, capabilities, limitations, and potential risks.
- Clarify your organisation’s role: Are you a provider (developer) or a deployer (user)? Your responsibilities depend on it. Know where and how AI is used in your organisation.
- Map & assess risk: Identify your AI systems and evaluate their potential harms. A robust risk-based strategy is essential in developing appropriate mitigation.
- Tailored literacy initiatives: Skip the one-size-fits-all manual. Instead, design custom programs for different roles — from executives and frontline employees to clients — reflecting the organisation’s unique needs. While there is no explicit obligation to deliver formal training, the Q&A emphasizes that training and guidance remain the most effective and appropriate means to fulfill the AI literacy requirement.
- Documentation: While certification is not required, organisations are strongly advised to keep solid internal records of AI literacy actions, e.g. training sessions, for compliance tracking and accountability purposes.
Enforcement Timeline: The clock is ticking
Although Article 4 is already in force, enforcement won’t begin until August 2, 2026, when national market surveillance authorities are formally designated. This gives organisations a critical window to prepare and align their practices with the AI literacy requirements. While there are no direct penalties for noncompliance with Article 4, failure to ensure adequate AI literacy could expose an organisation to legal and reputational risks, particularly in cases of AI misuse or harm.
Now’s the time to act.
Educating your team on AI isn’t just a legal box to tick — it’s a smart move for future-proofing your organisation. If you have any questions or need tailored guidance in developing a more comprehensive AI literacy program or otherwise considering your obligations with regards to the deployment of AI within your organisation, feel free to contact one of our authors below, or the KG lawyer with whom you normally consult.