Blend
Compliance Training 18 May 2026

AI Act Compliance Checklist for L&D Directors

A practical AI Act compliance checklist for L&D directors covering AI inventory, risk classification, training obligations, and evidence trails.

By Tom Payani

You have 76 days. The Article 4 AI literacy requirements of the EU AI Act become enforceable on 3 August 2026, and Vision Compliance's 2026 readiness report puts 78% of enterprises in the unprepared cohort. For L&D directors, this creates a specific problem: you need a structured approach to something most organisations have never had to think about before, and a timeline that no longer allows for a slow build.

This checklist is the working document. It covers the six areas L&D teams need to address between now and the deadline, and it is structured so you can use it as the basis for internal reporting, project planning, or a board-level update.

If you want to understand the Article 4 literacy requirements in more detail before working through this checklist, our breakdown of AI Act Article 4 and what it means for employee training covers the legal text and its practical implications.


Step 1: Inventory Every AI System in Your Organisation

You cannot train people on AI systems they do not know about. The first step — and the one most organisations underestimate — is building a comprehensive inventory of every AI system deployed, procured, or under evaluation across the business.

This is broader than most people expect. AI systems under the AI Act are not limited to large language models or chatbots. The definition in Article 3 covers any machine-based system that operates with varying levels of autonomy, receives input, and generates outputs such as predictions, recommendations, decisions, or content that can influence physical or virtual environments.

In practical terms, your inventory should include:

  • Recruitment tools — CV screening software, automated shortlisting, video interview analysis, psychometric scoring platforms
  • HR and workforce management — automated scheduling, performance prediction, attrition risk scoring, compensation benchmarking tools
  • Customer-facing AI — chatbots, recommendation engines, dynamic pricing, personalised marketing tools
  • Operational AI — predictive maintenance, supply chain optimisation, fraud detection, quality control automation
  • Productivity tools — AI writing assistants, code generation tools, AI-powered search, meeting transcription and summarisation
  • Decision-support systems — any tool that provides recommendations or scores that influence human decisions, even if a person makes the final call

For each system, record:

  • System name and vendor
  • Business function and department
  • Who uses it (roles, not just team names)
  • What decisions it influences
  • Data inputs and outputs
  • Current training provision (if any)

The goal is not perfection on the first pass. The goal is visibility. Most organisations discover AI systems during this inventory that no central team knew about — particularly in departments that procured SaaS tools independently.

Owner: Assign a single person to lead the inventory. In most organisations, this sits with IT or procurement, but L&D needs to be involved from the start because the training obligations flow directly from this list.

Deadline: Complete the initial inventory at least four months before the August 2026 deadline. You will need the remaining time to classify, plan, and deliver training.


Step 2: Classify Each System by Risk Level

The AI Act introduces a risk-based classification framework. Where a system falls in this framework determines what obligations apply — and by extension, what training your people need.

The four tiers are:

Unacceptable risk — Prohibited outright. This includes social scoring systems, real-time biometric surveillance in public spaces (with narrow exceptions), and AI that exploits vulnerabilities of specific groups. If anything on your inventory falls here, escalate immediately. This is not a training issue; it is a legal one.

High risk — Subject to the most extensive obligations. The AI Act lists specific use cases in Annex III, including: AI in recruitment and HR management, credit scoring, insurance risk assessment, access to essential services, law enforcement, and safety components in regulated products. If your organisation uses AI for any of these purposes, those systems carry the heaviest compliance burden.

Limited risk — Systems with transparency obligations. Chatbots, deepfake generators, and emotion recognition systems must disclose that users are interacting with AI. Training here focuses on ensuring the people who deploy and manage these systems understand disclosure requirements.

Minimal risk — Most AI systems fall here. Spam filters, AI-powered search, recommendation engines for internal use. The AI Act does not impose specific technical requirements on these, but Article 4 literacy obligations still apply to the people who use them.

For your checklist, mark each system on the inventory with its risk classification. Where classification is ambiguous — and it will be for some systems — document your reasoning. This documentation itself becomes part of your compliance evidence.


Step 3: Map Training Obligations to Roles

Article 4 of the AI Act requires that providers and deployers of AI systems ensure their staff have "sufficient AI literacy" — taking into account their technical knowledge, experience, education, training, the context in which the AI system is used, and the persons or groups on whom the system will be used.

This means training is not one-size-fits-all. The obligation scales with the person's role and the system's risk level.

Here is how to map it:

Executive and board level — Need to understand the AI Act's risk framework, the organisation's obligations, the penalties for non-compliance, and their governance responsibilities. They do not need technical depth. They need enough to make informed decisions and provide meaningful oversight.

AI system operators (people who use AI tools daily) — Need practical training on the specific systems they use: what the system does, what it does not do, how to interpret its outputs, when to override or escalate, and how to document their interactions. This is the largest training population in most organisations and where the Article 4 obligation has its most direct application.

HR and recruitment teams — If your organisation uses AI in any part of the hiring process, these teams carry heightened obligations. AI in recruitment is classified as high-risk under Annex III. Training must cover bias awareness, the limits of automated scoring, human oversight requirements, and candidate rights.

IT and data teams — Need deeper technical training on how AI systems work, how to monitor them, how to detect drift or degradation, and how to maintain documentation. For high-risk systems, this extends to conformity assessment and risk management requirements.

Procurement — Anyone involved in purchasing or evaluating AI tools needs to understand the due diligence the AI Act expects. They should know what questions to ask vendors, what documentation to request, and how to assess whether a system will create compliance obligations.

For each role group, document:

  • Which AI systems they interact with
  • What level of training they need
  • The format and frequency of that training
  • How completion and comprehension will be assessed

Our AI Act scenario-based course is built around exactly this mapping — different learning paths for different roles, each tied to the specific obligations those roles carry.


Step 4: Build Your Evidence Trail

Compliance under the AI Act is not just about doing the right things. It is about being able to prove you did them. This is a documentation-first regulation, and your training programme needs to produce auditable evidence from day one.

Your evidence trail should include:

Training records — Who completed what training, when, and with what result. Completion certificates alone are insufficient. You need records that show the training was relevant to the person's role and the AI systems they use.

Competency assessments — Evidence that people understood what they were taught, not just that they sat through it. This can be scenario-based assessments, practical exercises, or knowledge checks — but it needs to demonstrate comprehension, not just attendance.

Policy documentation — Written policies on AI use, acceptable use guidelines, escalation procedures, and governance structures. These policies should reference the specific AI systems in your inventory and the risk classifications you have assigned.

Update records — The AI landscape changes. New systems are deployed, existing ones are updated, roles shift. Your evidence trail needs to show that training is reviewed and updated at appropriate intervals, not treated as a one-off compliance exercise.

Gap analysis records — Documentation showing that you assessed your training needs systematically, identified gaps, and addressed them. This is particularly important for the initial compliance phase, where auditors will want to see how you moved from your pre-regulation state to compliance.

Store all of this centrally. If it is spread across five different systems with no single point of access, it will not serve you well when you need it.


Step 5: Set Deadlines and Milestones

The August 2026 deadline for Article 4 AI literacy is the first of several compliance dates. Working backwards from that, here is a realistic timeline:

Now through April 2026 — Complete AI system inventory and risk classification. Begin stakeholder engagement with department heads to identify AI systems you may have missed.

April to May 2026 — Finalise role-to-training mapping. Identify which training you can deliver with existing resources and where you need external content or expertise. Make procurement decisions.

May to June 2026 — Begin delivering training to priority groups. High-risk system operators and executive leadership should be trained first. These are the groups most likely to attract early scrutiny.

June to July 2026 — Extend training across the organisation. Run assessments. Begin building your evidence trail with real completion and competency data.

August 2026 — Article 4 obligations take effect. Your organisation should be able to demonstrate that staff who interact with AI systems have received training appropriate to their role and that you can evidence this.

Post-August 2026 — Ongoing. New hires need onboarding into the programme. System changes trigger training updates. Annual reviews keep the programme current.

These dates assume a standing start. If your organisation has already begun AI literacy work, you can compress the early stages. If you have done nothing, starting after May 2026 leaves very little margin.


Step 6: Assign Ownership and Governance

The final step is the one that determines whether everything else actually happens. Without clear ownership, checklists remain checklists.

Programme owner — One named individual who is accountable for AI Act training compliance. In most organisations, this sits within L&D, but it requires a formal mandate and reporting line to a senior sponsor. The programme owner does not need to deliver all the training. They need to ensure it gets delivered, tracked, and evidenced.

Senior sponsor — A member of the leadership team who owns the compliance outcome at board level. This person receives regular updates, removes blockers, and ensures AI Act compliance has budget and visibility.

Departmental leads — Each department with AI systems in the inventory needs a point of contact who manages training completion for their team. They ensure the right people take the right training and report gaps back to the programme owner.

Review cadence — Set a recurring governance review — quarterly is typical for new compliance programmes, moving to biannual once the programme is mature. This review covers: new AI systems deployed, changes to risk classifications, training completion rates, assessment results, and any incidents or near-misses.

Escalation path — Define what happens when a gap is found. If a department is not completing training, or a new high-risk system is deployed without a training plan, there needs to be a clear escalation route with defined response times.


Using This Checklist

Print it, share it, adapt it. The value of a checklist is in its use, not its existence.

If you want to benchmark where your organisation currently stands across these six areas, our free diagnostic scores your readiness and highlights the gaps that need attention first.

And if you are looking for scenario-based training content that maps directly to these obligations, built for L&D teams who need to evidence Article 4 compliance, take a look at our AI Act training course. It is designed around the same role-based framework this checklist uses, with built-in assessment and evidence trails.

The 3 August 2026 deadline is close enough to plan against and just-about close enough to meet. The organisations that start now will have a working programme in place. The organisations that wait will be scrambling. This checklist is designed to help you be in the first group.


If You Need a Deployable Article 4 Module This Week

Building Article 4 content internally is 6-12 weeks of instructional design plus SME interviews. If your timeline no longer allows for that, our scenario-based EU AI Act SCORM course is live and ready to deploy:

  • Module 1 is free to play — no signup, no email gate. It puts an HR director inside a recruitment scenario where the Article 14 override decision is the lesson. Try it now.
  • Full course pricing: Starter €690 (up to 50 staff), Growth €1,490 (up to 250), Scale €3,990 (up to 1,000), Custom Programme from €45,000. All four EU languages and a branded AI Act Q&A tool included in every tier.
  • SCORM 1.2 zip delivered instantly after purchase. Upload to your LMS in 30 minutes. 14-day full refund if you haven't deployed.

Or, if you'd rather see where your organisation stands first, the free diagnostic scores your readiness across all six areas of this checklist in two minutes.

AI Act compliance checklist L&D AI literacy Article 4 risk classification

AI Act Readiness Diagnostic

Score your organisation's AI Act preparedness across all six checklist areas. 3 minutes.

Free: AI Training Audit for Your Team

See where AI could improve your training programs. Interactive 5-minute assessment.

Start the Audit