Skip to content
easyAI
Products▼
  • AI Foundation Audit
  • AI ROI Calculator
  • GDPR Accountability Snapshot
Insights
  • Products
    • AI Foundation Audit
  • Free Tools
    • AI ROI Calculator
    • GDPR Accountability Snapshot
  • Insights
  1. Home
  2. Insights
  3. AI Literacy Under Article 4: The EU AI Act Duty in Force

AI Literacy Under Article 4: The EU AI Act Duty in Force

The EU AI Act's Article 4 AI-literacy duty has bound providers and deployers since 2 February 2025 — what it requires and how to evidence it.

AI Literacy Under Article 4: The EU AI Act Duty in Force
Methodology by Daniela Piskackova — Co-founder & AI Audit Lead·Published July 13, 2026

If your company uses AI, the first EU AI Act obligation you owe is not a 2026 or 2027 deadline — it is one that has already been binding since 2 February 2025. Article 4 requires you to make sure the people who use AI on your behalf are AI-literate. There is no certificate to buy and no exam to sit, but there is a result you must reach and a paper trail you should be able to produce. Here is what the duty actually says, who it covers, how to run the training, and how to prove you did.

Quick Answer. Yes — Article 4 of the EU AI Act requires every provider and deployer to ensure a sufficient level of AI literacy among staff and anyone using AI on their behalf. It is not a future deadline: the AI-literacy duty has applied since 2 February 2025. It is an obligation of result you must be able to evidence — not a certificate, exam or specific course.

Last updated: 13 July 2026 · Verified against Regulation (EU) 2024/1689 as amended by the Digital Omnibus (adopted and signed; awaiting Official Journal publication).

Summary

AI literacy under Article 4 — a duty already in force, and how to prove you met it
│
├─ It already binds you
│   ├─ In force since 2 Feb 2025 — not a future deadline
│   └─ Penalties live since 2 Aug 2025; the Omnibus left Art. 4 untouched
│
├─ What Article 4 actually demands
│   ├─ Providers AND deployers ensure their people are AI-literate
│   ├─ An obligation of result — no exam, no certificate, no set course
│   └─ Scale the level to each person's role, risk and context
│
└─ Do it — then evidence it
    ├─ Map who touches AI · set the level · deliver the training
    ├─ Record who, what and when — the evidence trail is the point
    └─ Refresh as tools change and keep the log for a regulator

What does Article 4 of the EU AI Act require?

Article 4 is short, and it is worth reading in full because so much guidance paraphrases it into something narrower than it is:

"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used." [1]

In plain terms, that is one obligation with several moving parts. You must take measures — active steps, not a policy you never operationalise. The target is a sufficient level of AI literacy, not a fixed syllabus, which means the bar moves with the situation. It binds both providers (those who build or supply AI systems) and deployers (any organisation using an AI system under its own authority). And it reaches beyond your payroll to other persons dealing with the operation and use of your AI — the contractors, agency staff and outsourced operators who touch the system on your behalf.

Article 3 of the same regulation defines AI literacy as the skills, knowledge and understanding that let people deploy AI systems appropriately and be aware of the opportunities, risks and possible harm [1]. So "literacy" here is practical competence for the systems your people actually use — not a general awareness course about robots. For how this duty sits inside the wider set of records a company using AI has to keep, work through our complete EU AI Act documentation guide, which maps Article 4 against the rest of the pack.

Since when does the AI-literacy duty apply?

Since 2 February 2025. Article 4 became applicable on that date under Article 113 of the regulation, in the same first wave as the Article 5 prohibitions [1][3]. That is the single fact most companies get wrong: the AI-literacy duty is not something arriving with the transparency or high-risk deadlines — it is already in force, and has been for over a year.

Two consequences follow. First, if you have not run any AI-literacy measures, you are not "getting ready" for a deadline; you are already behind one. Second, the exposure is not theoretical: the Article 99 penalty regime has applied since 2 August 2025, so the enforcement machinery around the Act is live [1][3].

It is also worth killing a common piece of misinformation. The Digital Omnibus — the simplification amendment that moved parts of the Act — did not touch Article 4. It shifted the Annex III high-risk obligations to 2 December 2027 and the regulatory sandboxes to 2 August 2027, and left the literacy duty exactly where it was. If you want the corrected schedule in full, our corrected post-Omnibus deadline timeline lays out what moved and what did not. (Verified on 13 July 2026.)

Who must be trained — and to what level?

Everyone who "deals with the operation and use" of your AI systems is in scope, but the level of literacy is deliberately relative. Article 4 tells you to take into account each person's technical knowledge, experience, education and training, and the context and risk of the systems they use [1]. A colleague pasting text into a drafting assistant does not need the same depth as the person who selected, configured and monitors a model that screens suppliers.

The practical move is to start from your inventory of AI systems and the roles that touch each one. If you have not mapped that yet, our guide on how to build your AI register in about 90 minutes gives you the who-and-what that this duty scales against. Then set a proportionate level per role:

Role / exposure to AIWhat a "sufficient level" looks like
Occasional user (drafting aid, chatbot)Knows it is AI, what it is for, its limits, when to check its output and what not to feed it
Regular operator (runs an AI-assisted workflow)The above, plus the system's failure modes, escalation path and the guardrails they must not bypass
Business owner of an AI systemUnderstands the use case, its risk tier, oversight duties and how outputs affect people
Leadership / decision-makersEnough to govern AI use, sign off risk and resource the controls — not hands-on operation

The point of the table is not to certify anyone. It is to show, role by role, that you thought about what "sufficient" means for the systems those people actually operate — which is exactly what Article 4 asks you to weigh [1][2].

How do you actually run AI-literacy training?

Because Article 4 is an obligation of result rather than a prescribed course, you have wide latitude on format — and you should use it to keep the effort proportionate. The Commission's own AI-literacy guidance is explicit that there is no single mandated programme; organisations are expected to design measures that fit their staff and their use of AI [2]. In practice, a defensible programme has five moving parts, and they run as a pipeline rather than a one-off event:

How to run and evidence AI-literacy training under Article 4 of the EU AI ActA pipeline for meeting the Article 4 AI-literacy duty: start from who deals with AI on your behalf; map the roles including staff, contractors and vendors; set the required level of literacy per role by risk and context; deliver training through briefings, guardrails and role guides; record who was trained, on what and when as the evidence trail; the result is AI literacy you can prove, and you refresh the training as tools and roles change.

refresh as tools & roles change

Who deals with AI
on your behalf?

Map the roles
staff · contractors · vendors

Set the level per role
by risk & context

Deliver the training
briefings · guardrails · role guides

Record who · what · when
the evidence trail

AI literacy you can prove

Run it as a loop, not a one-off — the refresh step is what keeps the literacy 'sufficient' as your tools change.

In words, the programme works like this:

  1. Map who deals with AI on your behalf — staff, contractors, agency operators and any vendor running a system for you. This is the population Article 4 covers, and it is wider than your headcount [1].
  2. Set the level per role, scaled to risk and context using the table above. A low-risk drafting aid warrants a short briefing; a system that affects people warrants real depth.
  3. Deliver the training in whatever format fits — a live briefing, a short e-learning module, written role guides, an acceptable-use policy staff sign, or supplier-provided sessions for a tool you bought. Content should cover what the system does, its limits, the guardrails and how to escalate.
  4. Record who was trained, on what, and when — the step most organisations skip, and the one that turns "we did some training" into evidence.
  5. Refresh it when you add tools, change use cases or onboard people. "Sufficient" is a moving target, so a static 2025 slide deck stops being sufficient the moment your AI estate changes.

You do not need a bespoke platform to do this. If you would rather generate the programme and the records than build them from a blank page, the free EU AI Act Documentation tool produces an AI-literacy programme and a training-record template as editable documents you can adapt and keep on file.

Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act

How do you document AI-literacy training (the evidence trail)?

The duty is an obligation of result, but nobody can see a result — they can only see the record of it. So the practical test of Article 4 compliance is whether, when a customer's procurement team or a regulator asks, you can produce a paper trail showing you took proportionate measures. The Commission frames Article 4 as an ongoing obligation to keep under review, which only works if you are recording what you did [2].

A good AI-literacy evidence trail has two artefacts. The first is a short AI-literacy programme document that states your approach: which roles are in scope, what level each needs, what content you cover and how often you refresh. The second is a training record that logs the delivery. At minimum, a defensible record captures:

A good training record capturesWhy it matters
Who was trained (name / role / team)Proves coverage of the people who actually touch AI
What content and which systemsShows the training matched the tools in use
When it happened, and the refresh dateDemonstrates it is current, not a one-off from 2025
Format and materials usedLets you reproduce and evidence the measure later
Contractors and third parties, not just staffArticle 4 reaches everyone acting on your behalf [1]

Keep both alongside your AI register so the whole picture sits in one place. This is where the difference between a checker and a document generator shows: free readiness checkers tell you whether the Act concerns you, but the EU AI Act Documentation tool approach generates the actual programme and training-record templates you file — the artefacts, not just the diagnosis. It is a documentation aid, not legal advice, an audit or a certification.

What happens if you skip it?

There is no line-item "AI-literacy fine" in the Act, which lulls some organisations into treating Article 4 as optional. It is not. The duty is legally binding and has been since February 2025, the Article 99 penalty regime has applied since August 2025, and national authorities supervising the Act came online in 2026 [1][3]. A regulator assessing any AI-related complaint can reasonably ask what steps you took to make your operators competent — and "none, on record" is a poor answer.

The bigger day-to-day exposure is commercial and legal rather than a direct fine. Enterprise procurement questionnaires increasingly ask suppliers to evidence AI governance, and an AI-literacy programme is one of the cheapest boxes to be able to tick. And if an AI system your staff misused causes harm, the absence of any literacy measure weakens your position. Because AI use rarely sits alone — it usually processes personal data too — the literacy duty overlaps with your existing obligations; our guide on how the AI Act sits alongside GDPR and UK data rules shows where the two regimes meet. The controls reinforce each other, and the evidence trail does double duty.

Article 4 of the EU AI Act has required providers and deployers to ensure their people are AI-literate since 2 February 2025 — it is already in force, not a future deadline, and the Article 99 penalties have applied since 2 August 2025. It is an obligation of result, not a certificate: scale the training to each role's risk, then keep a dated record of who was trained on what, so you can evidence it when a customer or regulator asks.

Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act

Related insights

  • EU AI Act Compliance: The Documentation Guide — the deployer-first path and the document pack this literacy duty sits inside.
  • EU AI Act Deadlines in 2026: What the Omnibus Changed — the corrected timeline showing Article 4 was never delayed.
  • How to Build Your AI Register in About 90 Minutes — the inventory of who and what touches AI that Article 4 scales against.

Last updated: July 2026. Version 1.0.

Frequently Asked Questions

Does the EU AI Act require AI literacy training?+
Yes. Article 4 obliges providers and deployers to ensure a sufficient level of AI literacy among staff and others using AI on their behalf. It is not framed as one fixed course, but you must be able to show your people can use your AI systems competently and safely.
Since when has the Article 4 AI-literacy duty applied?+
Since 2 February 2025, under Article 113 of the EU AI Act. The duty is already live — not a future deadline. If you have not addressed it, it is overdue rather than upcoming, and the Article 99 penalties have applied since 2 August 2025.
Who has to be AI-literate under Article 4?+
Providers and deployers must cover their own staff plus any contractors or third parties operating AI on their behalf. The required level scales to each person's role, knowledge and the risk and context of the systems they actually touch.
Is there an official AI-literacy certificate or exam?+
No. Article 4 sets no certificate, exam or mandated course. It is an obligation of result: your people must genuinely be AI-literate for the systems they use. You choose the format — briefings, guardrails, role guides — and scale it to risk.
How do you prove you met the AI-literacy duty?+
Keep an evidence trail. Record who was trained, on what content, when, and for which role, plus the materials used and any refresh dates. A dated training log and a short AI-literacy programme document are what you show a customer or regulator who asks.
Did the Digital Omnibus change the Article 4 AI-literacy duty?+
No. The Digital Omnibus moved only the Annex III high-risk obligations to 2 December 2027 and sandboxes to 2 August 2027. Article 4 was untouched and still applies from 2 February 2025. Verified on 13 July 2026.
What are the penalties for ignoring the AI-literacy duty?+
There is no separate AI-literacy fine, but the duty is enforceable and the Article 99 penalty regime has applied since 2 August 2025. A literacy gap also weakens your position if an AI system causes harm, which is why the evidence trail is your protection.

Sources

  1. 1.Regulation (EU) 2024/1689 — Artificial Intelligence Act, Article 4 (AI literacy) and Article 3 (definitions), CELEX 32024R1689 — European Parliament and Council of the European Union · 2024↗
  2. 2.AI Literacy — Questions & Answers — European Commission — Shaping Europe's Digital Future · 2025↗
  3. 3.Timeline for the implementation of the EU AI Act — European Commission — AI Act Service Desk · 2026↗
  4. 4.Regulatory framework on AI — European Commission · 2024↗

Want this run on your business?

AI Foundation Audit — a structured assessment of your AI footprint: integration risks, governance gaps, ROI opportunities. Delivered as a comprehensive report you can act on.

Start your audit →

You receive your Executive Report and Implementation Brief — tailored to your business and delivered immediately.

AI by the math. No deck, no meetings. No call. Just click.

PRODUCTS
  • AI Foundation Audit
  • All products
COMPANY
  • About
  • Contact
  • info [at] easy-audit [dot] ai
LEGAL
  • Terms of Service
  • Privacy Policy
  • AI Transparency
  • Cookie Policy
  • Complaints

© 2026 easyAI · All rights reserved. · easyAI is operated by DDN Consulting s.r.o., based in the EU.

Inspired by ISO/IEC 42001 + NIST AI RMF + EU AI Act principles. easyAI is not a certification body. Our methodology is inspired by ISO 42001 and NIST AI RMF principles; we do not provide formal certification or conformity audits.

easyAI