AI Literacy under Art. 4 EU AI Act
Compliance · 12 min · Updated: March 2026
ATTENTION: Art. 4 AI Literacy applies since 2 February 2025! The AI literacy obligation is not a future deadline — it is already in force. Companies using AI systems must now ensure that their staff has sufficient AI literacy. There is no single certification, no mandatory AI Officer role, and no one-size-fits-all training requirement. Enforcement with penalties up to EUR 15 million or 3% of global annual turnover starts from August 2026.
What is Art. 4?
Article 4 of the EU AI Act (Regulation (EU) 2024/1689) requires all providers and deployers of AI systems to ensure that their staff has a sufficient level of AI literacy. This applies regardless of the risk class of the AI system — including minimal-risk applications like chatbots or recommendation engines.
Who is affected?
| Role | Examples | Affected? |
|---|---|---|
| AI Providers | Software vendors, SaaS with AI features | Yes |
| AI Deployers | Any company using AI tools | Yes |
| Staff | All employees operating or working with AI | Yes |
| End users (private) | Personal ChatGPT use | No |
In Austria alone, an estimated 400,000 companies are affected — every SME using ChatGPT, Copilot, AI-powered accounting or any other AI tool. The same applies to all companies in the EU/EEA.
What must be trained?
1. AI Fundamentals
- What AI is, what it can do, what it cannot
- Difference between rule-based systems and machine learning
- Key concepts: model, training, inference, hallucination
2. Risks and Limitations
- Bias and discrimination in AI outputs
- Hallucinations and incorrect outputs
- Privacy risks with cloud AI (third-country transfers)
- Manipulation risks (prompt injection)
3. Legal Framework
- EU AI Act risk classes (Prohibited, High, Limited, Minimal)
- Transparency requirements (labeling AI-generated content)
- GDPR requirements for AI usage
- Documentation obligations
4. Practical Application
- Responsible use of AI tools in daily work
- When to verify AI results, when to trust them
- Reporting obligations for malfunctions
- Ensuring human oversight
Penalties
| Violation | Penalty |
|---|---|
| Prohibited AI practices (Art. 5) | Up to EUR 35M or 7% revenue |
| Non-compliance with Art. 4 (AI literacy) | Up to EUR 15M or 3% revenue |
| False information to authorities | Up to EUR 7.5M or 1% revenue |
For SMEs and startups, proportionate caps apply — whichever amount is lower.
Checklist: Implementing AI Literacy
- 1. Create inventory: Which AI systems does your company use?
- 2. Identify affected staff: Who works with AI?
- 3. Assess training needs: What competency level is required (based on role and risk class)?
- 4. Conduct training: Fundamentals, risks, legal framework, practical application
- 5. Document everything: Keep training records (who, when, what)
- 6. Repeat regularly: AI evolves fast — update training annually
Further Reading
Sources
Next step: operationalize compliance
Use ready-to-run GDPR templates, checklists and practical guidance for AI systems that need documentation and auditability.
- Local and self-hosted by default
- Documented and auditable
- Built from our own runtime
- Made in Austria