EU AI Act: Are You Prepared for the “AI Literacy” Principle?

The EU AI Act is the world’s first horizontal and standalone law governing the commercialization and use of AI, and a landmark piece of legislation for the EU. Among the various provisions of the EU AI Act, the “AI literacy” principle is an often overlooked but key obligation which requires organizations to ensure that staff who are involved in the operation and use of AI have the necessary skills, knowledge and understanding to adequately assess AI-related risks and opportunities (e.g., through training and hiring staff with the appropriate background and skillset). This obligation – which applies from February 2, 2025 – is one of the few obligations under the EU AI Act that applies to all AI systems i.e., irrespective of the level of risk that the AI system presents. Indeed, by introducing AI literacy as one of the first provisions of the AI Act (Article 4), the EU legislators appear to underscore the significance of this requirement.

What is AI Literacy?

The EU AI Act defines ‘AI literacy’ as the skills, knowledge and understanding to enable the informed use and operation of AI systems and increase awareness of the opportunities, risks and possible harm that AI systems may present – with the ultimate purpose being to ensure that staff are able to take informed decisions in relation to AI such as, how to interpret AI output and decision-making processes and their impact on natural persons.

Who Needs to Comply?

The EU AI Act requires both providers and users of AI systems to take appropriate measures to ensure their staff and other persons dealing with AI systems have a sufficient level of AI literacy. The requirement applies regardless of the perceived risk of the AI system, meaning that staff will need to be appropriately trained when using or operating any AI system subject to the AI Act – even if it qualifies as a “limited risk” AI system, such as AI chatbots, or when falling outside a specific risk category. Although, presumably the AI literacy measures should be commensurate to the level of risk associated with the AI system.

What is the Requirement?

The EU AI Act requires that organizations need to “take measures to ensure, to their best extent, a sufficient level of AI literacy”. It requires in particular that the level of AI literacy aligns with the technical knowledge, experience, education, and training of relevant staff as well as the context in which the AI system is used.

In short, while it is clear that there is a high threshold to meet—specifically, the requirement that organizations take AI literacy measures “to their best extent”—there is also an element of proportionality that can be applied.

How to Comply?

The EU AI Act does not dictate precisely how organizations should comply with the AI literacy principle. However in practice organizations may wish to:

  • Identify AI Usage/Development: Determine how employees currently use or develop, or plan to use or develop AI in the near future;
  • Assess Understanding of AI: Evaluate employees’ current AI knowledge – e.g., through surveys / quizzes – to pinpoint specific knowledge gaps;
  • Leverage Internal Expertise: Utilize the skills of appropriate teams within the business to assist with the development and delivery of the program. For example, HR knows employees the best and marketing knows how to deliver engaging content – take advantage of these skill sets;
  • Leverage External Expertise: Engage with external experts where internal knowledge is lacking or recruit staff with the appropriate expertise (e.g., from a legal or IT perspective) – in particular in relation to decision-making around high-risk AI output that could have an impact on fundamental rights;
  • Develop an AI Literacy Program: Create a tailored AI literacy program with clear objectives and a curriculum that addresses key topics. In particular, for example, staff involved in interpreting AI output or conducting AI risk assessments should receive more specialized training than staff merely engaged in the use of AI;
  • Distribute and Train: Provide training materials through various platforms, ensuring they are engaging to boost motivation;
  • Encourage Practical Experience: Facilitate opportunities for employees to apply their AI knowledge in real-world scenarios;
  • Implement Feedback Mechanisms: Collect feedback from employees on the program’s effectiveness and track key performance indicators (KPIs) to measure the impact on AI literacy;
  • Document Thoroughly: Keep detailed records of all training activities and materials to demonstrate compliance; and
  • Regularly Update: Continuously refresh the program to stay current with the latest requirements and implement ongoing education plans to ensure AI literacy is an ongoing effort, not a one-time task.

What Regulatory Guidance Exists?

Whilst to date AI literacy-related guidance is relatively limited, we can likely expect this to change going forward as the EU AI Act empowers the EU AI Office – which oversees the EU AI Act’s implementation and enforcement – to collaborate with EU Member States in the creation of voluntary codes of conduct, including on the promotion of AI literacy. In addition, national Data Protection Authorities have taken the initiative to clarify the AI literacy principle. For example, the Dutch Data Protection Authority is actively engaged with stakeholders to ensure that organizations possess an adequate level of AI knowledge.

When to Comply?

The EU AI Act enters into application in a gradual manner, depending on the obligation in question, with most obligations entering into application (i.e., being enforceable) as of August 2, 2026. However, the requirement for AI literacy will take effect earlier, on February 2, 2025. This leaves organizations with a mere two months to ascertain what constitutes adequate AI literacy measures for their personnel, as well as to develop and implement these measures (e.g., through training).

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.