AI Literacy Under Article 4: The EU AI Act Duty in Force
The EU AI Act's Article 4 AI-literacy duty has bound providers and deployers since 2 February 2025 — what it requires and how to evidence it.

If your company uses AI, the first EU AI Act obligation you owe is not a 2026 or 2027 deadline — it is one that has already been binding since 2 February 2025. Article 4 requires you to make sure the people who use AI on your behalf are AI-literate. There is no certificate to buy and no exam to sit, but there is a result you must reach and a paper trail you should be able to produce. Here is what the duty actually says, who it covers, how to run the training, and how to prove you did.
Quick Answer. Yes — Article 4 of the EU AI Act requires every provider and deployer to ensure a sufficient level of AI literacy among staff and anyone using AI on their behalf. It is not a future deadline: the AI-literacy duty has applied since 2 February 2025. It is an obligation of result you must be able to evidence — not a certificate, exam or specific course.
Last updated: 13 July 2026 · Verified against Regulation (EU) 2024/1689 as amended by the Digital Omnibus (adopted and signed; awaiting Official Journal publication).
Summary
AI literacy under Article 4 — a duty already in force, and how to prove you met it │ ├─ It already binds you │ ├─ In force since 2 Feb 2025 — not a future deadline │ └─ Penalties live since 2 Aug 2025; the Omnibus left Art. 4 untouched │ ├─ What Article 4 actually demands │ ├─ Providers AND deployers ensure their people are AI-literate │ ├─ An obligation of result — no exam, no certificate, no set course │ └─ Scale the level to each person's role, risk and context │ └─ Do it — then evidence it ├─ Map who touches AI · set the level · deliver the training ├─ Record who, what and when — the evidence trail is the point └─ Refresh as tools change and keep the log for a regulator
What does Article 4 of the EU AI Act require?
Article 4 is short, and it is worth reading in full because so much guidance paraphrases it into something narrower than it is:
"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used." [1]
In plain terms, that is one obligation with several moving parts. You must take measures — active steps, not a policy you never operationalise. The target is a sufficient level of AI literacy, not a fixed syllabus, which means the bar moves with the situation. It binds both providers (those who build or supply AI systems) and deployers (any organisation using an AI system under its own authority). And it reaches beyond your payroll to other persons dealing with the operation and use of your AI — the contractors, agency staff and outsourced operators who touch the system on your behalf.
Article 3 of the same regulation defines AI literacy as the skills, knowledge and understanding that let people deploy AI systems appropriately and be aware of the opportunities, risks and possible harm [1]. So "literacy" here is practical competence for the systems your people actually use — not a general awareness course about robots. For how this duty sits inside the wider set of records a company using AI has to keep, work through our complete EU AI Act documentation guide, which maps Article 4 against the rest of the pack.
Since when does the AI-literacy duty apply?
Since 2 February 2025. Article 4 became applicable on that date under Article 113 of the regulation, in the same first wave as the Article 5 prohibitions [1][3]. That is the single fact most companies get wrong: the AI-literacy duty is not something arriving with the transparency or high-risk deadlines — it is already in force, and has been for over a year.
Two consequences follow. First, if you have not run any AI-literacy measures, you are not "getting ready" for a deadline; you are already behind one. Second, the exposure is not theoretical: the Article 99 penalty regime has applied since 2 August 2025, so the enforcement machinery around the Act is live [1][3].
It is also worth killing a common piece of misinformation. The Digital Omnibus — the simplification amendment that moved parts of the Act — did not touch Article 4. It shifted the Annex III high-risk obligations to 2 December 2027 and the regulatory sandboxes to 2 August 2027, and left the literacy duty exactly where it was. If you want the corrected schedule in full, our corrected post-Omnibus deadline timeline lays out what moved and what did not. (Verified on 13 July 2026.)
Who must be trained — and to what level?
Everyone who "deals with the operation and use" of your AI systems is in scope, but the level of literacy is deliberately relative. Article 4 tells you to take into account each person's technical knowledge, experience, education and training, and the context and risk of the systems they use [1]. A colleague pasting text into a drafting assistant does not need the same depth as the person who selected, configured and monitors a model that screens suppliers.
The practical move is to start from your inventory of AI systems and the roles that touch each one. If you have not mapped that yet, our guide on how to build your AI register in about 90 minutes gives you the who-and-what that this duty scales against. Then set a proportionate level per role:
| Role / exposure to AI | What a "sufficient level" looks like |
|---|---|
| Occasional user (drafting aid, chatbot) | Knows it is AI, what it is for, its limits, when to check its output and what not to feed it |
| Regular operator (runs an AI-assisted workflow) | The above, plus the system's failure modes, escalation path and the guardrails they must not bypass |
| Business owner of an AI system | Understands the use case, its risk tier, oversight duties and how outputs affect people |
| Leadership / decision-makers | Enough to govern AI use, sign off risk and resource the controls — not hands-on operation |
The point of the table is not to certify anyone. It is to show, role by role, that you thought about what "sufficient" means for the systems those people actually operate — which is exactly what Article 4 asks you to weigh [1][2].
How do you actually run AI-literacy training?
Because Article 4 is an obligation of result rather than a prescribed course, you have wide latitude on format — and you should use it to keep the effort proportionate. The Commission's own AI-literacy guidance is explicit that there is no single mandated programme; organisations are expected to design measures that fit their staff and their use of AI [2]. In practice, a defensible programme has five moving parts, and they run as a pipeline rather than a one-off event:
In words, the programme works like this:
- Map who deals with AI on your behalf — staff, contractors, agency operators and any vendor running a system for you. This is the population Article 4 covers, and it is wider than your headcount [1].
- Set the level per role, scaled to risk and context using the table above. A low-risk drafting aid warrants a short briefing; a system that affects people warrants real depth.
- Deliver the training in whatever format fits — a live briefing, a short e-learning module, written role guides, an acceptable-use policy staff sign, or supplier-provided sessions for a tool you bought. Content should cover what the system does, its limits, the guardrails and how to escalate.
- Record who was trained, on what, and when — the step most organisations skip, and the one that turns "we did some training" into evidence.
- Refresh it when you add tools, change use cases or onboard people. "Sufficient" is a moving target, so a static 2025 slide deck stops being sufficient the moment your AI estate changes.
You do not need a bespoke platform to do this. If you would rather generate the programme and the records than build them from a blank page, the free EU AI Act Documentation tool produces an AI-literacy programme and a training-record template as editable documents you can adapt and keep on file.
Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act
How do you document AI-literacy training (the evidence trail)?
The duty is an obligation of result, but nobody can see a result — they can only see the record of it. So the practical test of Article 4 compliance is whether, when a customer's procurement team or a regulator asks, you can produce a paper trail showing you took proportionate measures. The Commission frames Article 4 as an ongoing obligation to keep under review, which only works if you are recording what you did [2].
A good AI-literacy evidence trail has two artefacts. The first is a short AI-literacy programme document that states your approach: which roles are in scope, what level each needs, what content you cover and how often you refresh. The second is a training record that logs the delivery. At minimum, a defensible record captures:
| A good training record captures | Why it matters |
|---|---|
| Who was trained (name / role / team) | Proves coverage of the people who actually touch AI |
| What content and which systems | Shows the training matched the tools in use |
| When it happened, and the refresh date | Demonstrates it is current, not a one-off from 2025 |
| Format and materials used | Lets you reproduce and evidence the measure later |
| Contractors and third parties, not just staff | Article 4 reaches everyone acting on your behalf [1] |
Keep both alongside your AI register so the whole picture sits in one place. This is where the difference between a checker and a document generator shows: free readiness checkers tell you whether the Act concerns you, but the EU AI Act Documentation tool approach generates the actual programme and training-record templates you file — the artefacts, not just the diagnosis. It is a documentation aid, not legal advice, an audit or a certification.
What happens if you skip it?
There is no line-item "AI-literacy fine" in the Act, which lulls some organisations into treating Article 4 as optional. It is not. The duty is legally binding and has been since February 2025, the Article 99 penalty regime has applied since August 2025, and national authorities supervising the Act came online in 2026 [1][3]. A regulator assessing any AI-related complaint can reasonably ask what steps you took to make your operators competent — and "none, on record" is a poor answer.
The bigger day-to-day exposure is commercial and legal rather than a direct fine. Enterprise procurement questionnaires increasingly ask suppliers to evidence AI governance, and an AI-literacy programme is one of the cheapest boxes to be able to tick. And if an AI system your staff misused causes harm, the absence of any literacy measure weakens your position. Because AI use rarely sits alone — it usually processes personal data too — the literacy duty overlaps with your existing obligations; our guide on how the AI Act sits alongside GDPR and UK data rules shows where the two regimes meet. The controls reinforce each other, and the evidence trail does double duty.
Related insights
- EU AI Act Compliance: The Documentation Guide — the deployer-first path and the document pack this literacy duty sits inside.
- EU AI Act Deadlines in 2026: What the Omnibus Changed — the corrected timeline showing Article 4 was never delayed.
- How to Build Your AI Register in About 90 Minutes — the inventory of who and what touches AI that Article 4 scales against.
Last updated: July 2026. Version 1.0.
Frequently Asked Questions
Does the EU AI Act require AI literacy training?
Since when has the Article 4 AI-literacy duty applied?
Who has to be AI-literate under Article 4?
Is there an official AI-literacy certificate or exam?
How do you prove you met the AI-literacy duty?
Did the Digital Omnibus change the Article 4 AI-literacy duty?
What are the penalties for ignoring the AI-literacy duty?
Sources
- 1.Regulation (EU) 2024/1689 — Artificial Intelligence Act, Article 4 (AI literacy) and Article 3 (definitions), CELEX 32024R1689 — European Parliament and Council of the European Union · 2024
- 2.AI Literacy — Questions & Answers — European Commission — Shaping Europe's Digital Future · 2025
- 3.Timeline for the implementation of the EU AI Act — European Commission — AI Act Service Desk · 2026
- 4.Regulatory framework on AI — European Commission · 2024
Want this run on your business?
AI Foundation Audit — a structured assessment of your AI footprint: integration risks, governance gaps, ROI opportunities. Delivered as a comprehensive report you can act on.
You receive your Executive Report and Implementation Brief — tailored to your business and delivered immediately.
