If you use AI at work, you have probably heard the EU AI Act mentioned, usually alongside some worry about fines and paperwork. Most of that concern is aimed at the high-risk parts of the law and does not touch the average organisation. There is one obligation, though, that does apply widely and quietly affects almost everyone: Article 4, the AI literacy requirement. The good news is that it is one of the most reasonable parts of the whole law, and for most organisations it is very manageable.
This article explains what Article 4 actually asks for, who it applies to, and a calm, practical way to meet it. The aim is to leave you knowing what applies to you and what to do, without alarm.
A quick word on the AI Act itself
The EU AI Act is the European Union's law for artificial intelligence. It entered into force in 2024 and applies in phases over several years. Its core idea is risk-based: the obligations you carry depend on how risky a given use of AI is. A handful of uses are banned outright. A defined set of high-risk uses, such as AI in recruitment or credit decisions, carry heavy requirements. Most everyday business uses fall into the lighter categories and carry few obligations. Article 4 is different because it is not tied to a risk tier at all. It applies across the board.
What Article 4 actually requires
Article 4 is the AI literacy obligation. In plain terms, providers and deployers of AI systems must take measures to support a sufficient level of AI literacy among their staff and other people operating AI on their behalf. Most organisations are deployers: you are simply using AI tools built by someone else. That still counts. So a Dutch SME that has rolled out an AI writing assistant, a chatbot, or an AI feature inside existing software is squarely within scope.
This obligation started applying on 2 February 2025, so it is already live. It is worth being clear that this is not the dramatic part of the law. There is no product certification here and no register to file. It is an expectation that the people using AI in your name actually understand what they are working with. From 2 August 2026, national market surveillance authorities are the ones responsible for supervising it, so the practical message is simply to be able to show you have made a reasonable effort.
What 'sufficient AI literacy' means in practice
The word that matters is proportionate. Article 4 does not ask everyone to become a data scientist or to understand how a model is built. It asks that people have enough understanding for their role and for the systems they actually touch. In practice, sufficient literacy means someone understands:
- Roughly how the AI they use works, in plain terms, without needing the maths.
- What it is good at and, just as importantly, where it falls down or makes things up.
- The main risks in their context, such as inaccurate output, bias, or putting confidential data into the wrong tool.
- How human oversight applies to their role: when to check the output, when to overrule it, and when a person must make the call.
So the literacy a marketing assistant needs to use an AI writing tool is different from what an HR lead needs when AI touches hiring. That is the point. The level scales with the person's role and the risk of the system, which keeps the whole thing sensible.
AI literacy is not a qualification everyone has to earn. It is enough understanding to use a tool well and to know when to trust a person over the output.
What the 2026 update changed
In 2026 the EU adopted a package of amendments to the AI Act, often called the Digital Omnibus, aimed at simplifying the rules and easing a timeline that had proven hard to meet. Two points are worth knowing. First, several of the heavier high-risk obligations were pushed back: the rules for stand-alone high-risk systems, such as AI used in recruitment or credit scoring, now apply from December 2027 rather than August 2026. Second, the wording of the AI literacy duty was softened, so it now asks organisations to support the development of AI literacy rather than to guarantee it, and it makes explicit that you do not have to ensure any particular level for any single individual.
What did not change is the substance for everyday users. The AI literacy obligation remains in force, still applies to providers and deployers alike, and has done so since 2 February 2025. If anything, the softer wording confirms the spirit of Article 4: a proportionate, good-faith effort rather than a box-ticking exercise.
How to comply, step by step
You do not need a large programme. A short, honest effort that fits your organisation is exactly what the article expects. A practical sequence:
- 1Map where AI is used and by whom. List the AI tools in play, including AI features inside software you already run, and note which teams use them.
- 2Assess current knowledge. Get a rough sense of what people already understand and where the gaps are, rather than assuming.
- 3Give role-appropriate training. Match the depth to each role: a short session for casual users, more for people whose AI use carries real weight.
- 4Set simple usage guidelines. A one-page set of do's and don'ts, covering things like checking output and never pasting confidential data into public tools.
- 5Document what you did. Keep a light record of the training and guidelines so you can show you took reasonable measures.
- 6Keep it current. Tools and features change quickly, so revisit this once or twice a year and when you adopt something new.
Why this is easier than it sounds
For most organisations Article 4 is not a burden but a nudge towards something you would want to do anyway. People who understand the tools they use make fewer mistakes, get better results, and are less likely to hand sensitive data to the wrong place. The obligation lines up naturally with good human oversight: the same understanding that satisfies Article 4 is what lets a person sensibly check and, where needed, override what an AI produces.
Treat it as a modest, recurring habit rather than a one-off project. Map your AI use, give people the understanding that fits their role, write down a few clear rules, and keep it up to date as your tools evolve. That is a proportionate response, and for the large majority of organisations it is genuinely enough. Please note that this is general information, not legal advice; if AI touches high-risk areas of your business, it is worth checking your specific obligations with a qualified professional.
Ready to put AI to work, human in the loop? See how our AI Operations & Insight work is built.