AI Literacy requirement for organizations

AI literacy

Article 4 of the AI Act contains the so-called AI literacy obligation, which is defined as follows: "Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used."

Under the AI Act, both providers of AI systems and users are required to take measures to ensure that their employees have an adequate level of AI literacy. [1]

This AI literacy obligation means that organizations are required to ensure that their employees have sufficient knowledge of AI to use it responsibly.[2] The AI Act does not include any specific measures to comply with the AI literacy obligation. Thus, there are no uniform measures that organizations can take in advance to ensure an adequate level of AI literacy among employees.

When deciding on the measures to be taken, organizations must take into account the technical knowledge, experience, and education of their employees, as well as the context in which the AI systems will be used. Furthermore, consideration must be given to the people for whom the AI systems will be used.[3] In addition to taking measures to ensure AI literacy, organizations are also required to keep internal documentation of the measures taken, such as training courses or information sessions.

Specifically for high-risk AI systems (for more information, see our blog: High-risk AI systems and obligations), an additional requirement applies for deployers to ensure that the persons designated to carry out the instructions for use and human supervision have the necessary skills, in particular sufficient AI literacy, training, and authority to perform those tasks properly.[4]

Guidelines from supervisory authorities

The European Artificial Office and the Dutch Data Protection Authority (the Dutch coordinating supervisory authority for AI) have published guidelines on AI literacy.

Dutch Data Protection Authority ( AP)

The AP has developed two guidelines for a multi-year action plan to promote AI literacy among organizations. [5]  The guidelines are not intended as a checklist, but as a tool to provide structure and encourage organizations to take action. The first guideline consists of four steps and the second guideline supplements this. The recommended actionplan consists of the following steps:[6]

• Step 1: Identify: all AI systems in use, the risks of AI, and the level of knowledge of employees, among other things.
• Step 2: Set goals: Set goals within an organization based on the risk level of the AI systems used.
• Step 3: Implementation: Implementing the approach ensures that it is more structured and measurable.
• Step 4: Evaluate: Evaluate the effectiveness of the measures taken.

The second guideline complements the first guideline. The second guideline emphasizes the importance of maintaining adequate internal documentation to demonstrate AI literacy. For example, a demonstrable lack of AI literacy may play a role in the assessment of an incident during enforcement by authorities.

It also clarifies that the AI literacy obligation applies not only to an organization's own staff, but to all people who use an AI system on behalf of an organization, such as a service provider or contractor's staff.

European AI Office

The AI Office published the document "Living repository to foster learning and exchange on AI literacy | Shaping Europe's digital future" . This is an archive of AI literacy practices. This archive could be used as a document with examples of possible practices. Implementing these examples does not automatically means that the AI literacy obligation under the AI Act has been met.

Recent proposal: Digital Omnibus

On November 19, 2025, the European Commission published a proposal for amendments to simplify the rules in the digital domain.[7]

The Digital Omnibus proposes changing the AI literacy to an obligation for the European Commission and Member States to encourage companies to promote AI literacy, rather than placing this obligation solely on companies.[8]

The regulations are currently only in the early stages of the legislative process. For more information, see our blog about the Digital Omnibus.

In short, there are no standard measures that organizations can take to comply with the AI literacy obligation. 

Do you have specific questions or need advice on how to shape this obligation for your organization? Feel free to contact: Roeland de Bruin.

Disclaimer

Please note that this is only a general explanation of the AI literacy obligation.

Disclaimer

Let op dat dit slechts een algemene uitleg is van de AI-geletterdheid verplichting.

[1] Article 3(56) of the AI Act.

[2] Article 4 AI Act.

[3] Article 4 AI Act.

[4] (recital 91).

[5] Getting started with AI literacy | Dutch Data Protection Authority & Continuing to build AI literacy | Dutch Data Protection Authority.

[6] Getting started with AI literacy | Dutch Data Protection Authority

[7] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2016/679, (EU) 2018/1724, (EU) 2018/1725, (EU) 2023/2854 and Directives 2002/58/EC, (EU) 2022/2555 and (EU) 2022/2557 as regards the simplification of the digital legislative framework, and repealing Regulations (EU) 2018/1807, (EU) 2019/1150, (EU) 2022/868, and Directive (EU) 2019/1024 (Digital Omnibus).

[8] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) p. 2 & p. 7.