Article 4 requires all organisations using AI to ensure their staff have "sufficient AI literacy." Every company using AI tools — from ChatGPT to automated hiring systems — is in scope. Most haven't started.
Article 4 of the EU AI Act requires providers and deployers of AI systems to ensure their staff and others acting on their behalf have "sufficient AI literacy" — proportionate to the context, the role, and the complexity and impact of AI systems in use.
This is not a checklist. It's not a certificate. Regulators will ask whether your training was:
Role-appropriate — did each person receive training matched to how they interact with AI?
Proportionate to risk — were staff using high-risk AI systems (Annex III) trained to a higher standard?
Assessable — can you demonstrate that staff can apply the knowledge, not just recall it?
Documented — do you have evidence of completion and comprehension?
Who is in scope
If your organisation does any of the following, Article 4 applies:
Uses AI tools for hiring or HR decisions
Uses AI for customer service or sales
Deploys AI for credit scoring or risk assessment
Uses generative AI (ChatGPT, Copilot, Claude) in operations
Provides AI-assisted products to EU customers
Uses AI for security monitoring or fraud detection
Why standard eLearning isn't enough
A generic "AI literacy" video module proves one thing: staff clicked through it. Article 4 asks for more. "Sufficient" means proportionate to the risk — and for staff using high-risk AI systems, the bar is higher than a completion timestamp.
Blend's AI Act scenario — "The Shortlist" — puts staff inside an AI-assisted hiring process where bias and transparency issues emerge. They make real decisions: whether to override the AI, how to document reasoning, what the candidate's rights are. Every choice is tracked. You get decision-level evidence, not a certificate.
EU AI Act — Article 4
The Shortlist
An HR team uses AI to screen job candidates. The system flags a qualified candidate as high-risk. Bias is suspected. You're in the room when the decision has to be made.
AI Act entered into force. General provisions apply.
August 2025Completed
Prohibited AI practices (Article 5) took effect.
Now — August 2026Action window
Article 4 AI literacy training must be implemented before enforcement begins. Most organisations haven't started.
2 August 2026Enforcement
National market surveillance authorities begin assessing AI literacy compliance. Penalties for providers: up to €15M or 3% of global turnover. Deployers: up to €7.5M or 1.5% of global turnover.
124
days remaining
Start before it's urgent
Organisations that run a pilot now will have real completion data, identified training gaps, and documented evidence before the August deadline. Those that start in July won't.
The Act entered into force on 1 August 2024 with a staggered application schedule. From 2 February 2025: Chapter I (general provisions) and Chapter II (prohibited AI practices under Article 5) apply, alongside the AI literacy obligation under Article 4. From 2 August 2025: governance provisions and obligations for general-purpose AI models apply. From 2 August 2026: most other provisions apply, including those on notified bodies, high-risk AI systems listed in Annex III, and the corresponding penalty framework. From 2 August 2027: obligations for high-risk AI systems embedded in products covered by Annex I (medical devices, machinery, toys, etc) apply.
What needs to be done by 2 August 2026?
By 2 August 2026, organisations operating in the EU should have: (1) a documented inventory of AI systems in use across the business; (2) a written AI use policy approved at executive level; (3) role-tailored AI literacy training for all staff who provide or deploy AI systems, with completion records; (4) for any high-risk AI systems under Annex III, the technical documentation, logging, transparency, human oversight, accuracy/robustness/cybersecurity, post-market monitoring and conformity assessment infrastructure required by Chapter III; (5) if applicable, registration of high-risk systems in the EU database; (6) governance arrangements that designate accountable persons for AI Act compliance.
Who needs Article 4 AI literacy training?
Article 4 requires providers and deployers of AI systems to ensure that their staff and any other persons dealing with the operation and use of AI systems on their behalf have a sufficient level of AI literacy. In practice that covers: any employee using a generative AI tool for work (drafting, coding, analysis); HR teams using AI shortlisting or assessment tools; marketing teams using AI content generation; customer-service teams using AI agents; data science and IT teams building or operating AI systems; managers approving AI use; executive sponsors with governance responsibility. The level and depth varies by role and risk.
What does Article 4 actually require?
Article 4 sets a duty, not a syllabus. The standard is 'sufficient' AI literacy, judged against four factors: technical knowledge, experience, education and training of the person; the context the AI systems are used in; the persons or groups on whom the AI systems are used. Regulators are expected to look for: documented training plan tied to the AI inventory; evidence of role-tailored content; per-learner completion or comprehension evidence; refresh cycle aligned to material changes in the AI systems in use.
What are the penalties for AI Act non-compliance?
Article 99 sets three penalty tiers. Non-compliance with the prohibition on the AI practices listed in Article 5: up to €35 million or 7% of total worldwide annual turnover for the preceding financial year, whichever is higher. Non-compliance with obligations applicable to providers (other than Article 5) and deployers of high-risk AI systems, notified bodies, providers of general-purpose AI models, and other duties: up to €15 million or 3% of total worldwide annual turnover. Supply of incorrect, incomplete or misleading information to authorities: up to €7.5 million or 1% of total worldwide annual turnover. SMEs and start-ups are subject to the lower of the absolute or percentage figure.
What is a high-risk AI system under the AI Act?
Article 6 defines two categories. First, AI systems intended to be used as a safety component of a product or that are a product themselves, where the product is covered by EU harmonisation legislation listed in Annex I (medical devices, machinery, toys, lifts, etc) and required to undergo third-party conformity assessment. Second, AI systems intended to be used in any of the use cases listed in Annex III: biometrics, critical infrastructure, education and vocational training, employment and worker management (including recruitment screening), access to essential private and public services and benefits, law enforcement, migration/asylum/border control, administration of justice and democratic processes. Annex III systems can be exempted under Article 6(3) if they do not pose significant risk in the specific use case.
What are the prohibited AI practices under Article 5?
In force since 2 February 2025. Article 5 prohibits eight categories of AI practice: subliminal techniques beyond consciousness or purposefully manipulative or deceptive techniques causing significant harm; exploitation of vulnerabilities (age, disability, social or economic situation) causing significant harm; social scoring leading to detrimental or unfavourable treatment that is unrelated to the contexts where data was generated or unjustified or disproportionate; risk assessments of natural persons to assess or predict criminal offences based solely on profiling or personality traits; untargeted scraping of facial images from the internet or CCTV footage to build face-recognition databases; emotion inference at work or in educational institutions (with limited exceptions for medical or safety reasons); biometric categorisation systems inferring race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation; real-time remote biometric identification in public spaces for law enforcement (with narrow exceptions).
Does the EU AI Act apply to non-EU companies?
Yes, under Article 2. The Act applies to providers placing AI systems on the EU market or putting them into service in the EU, regardless of where they are established. It applies to deployers established or located in the EU. It also applies to providers and deployers established or located outside the EU where the output of the AI system is used in the EU. Non-EU providers must designate an EU authorised representative for high-risk AI systems before placing them on the market.
