What is EU AI Act Training

Article 4 of Regulation (EU) 2024/1689 requires providers and deployers of AI systems to take measures to ensure, to their best extent, a sufficient level of AI literacy among their staff and any other person dealing with the operation and use of AI systems on their behalf. The literacy must be calibrated to the technical knowledge, experience, education, and training of the people involved, the context the systems are used in, and the persons affected.

The duty took effect on 2 February 2025 and applies to every provider and deployer regardless of risk tier. The EU AI Office published a Living Repository and a public Q&A in early 2025 clarifying that a single onboarding video does not satisfy Article 4 and that organisations should keep documentation of the literacy measures they put in place.

Article 4 applies to staff and any other person dealing with the operation and use of AI systems on the entity's behalf. In practice that means anyone who uses an AI tool as part of their job, including office productivity assistants, customer-service copilots, code assistants, marketing generators, and any embedded AI in line-of-business software. Article 4 does not require identical depth for everyone; it requires calibration to role.

For most enterprises the practical answer is a baseline literacy module for all staff who touch any AI tool at work, with deeper role-specific modules for developers, deployer-side operators, named overseers under Articles 14 and 26, legal and risk teams, and executives. Article 26 separately requires deployers of high-risk AI systems to ensure that natural persons assigned to oversight have the necessary competence, training, authority, and support.

The Article 4 AI literacy duty became applicable on 2 February 2025, six months after the regulation entered into force on 1 August 2024. The same date triggered the prohibition of the eight banned AI practices in Article 5. Both duties are live and enforceable now.

The other applicability milestones are 2 August 2025 (GPAI model rules, governance chapter, penalty regime, national competent authorities), 2 August 2026 (high-risk AI obligations for the Annex III domains and most remaining provisions), and 2 August 2027 (full applicability for high-risk AI embedded in regulated products under Annex I).

The regulation does not define "sufficient" against a single benchmark. The EU AI Office Q&A on Article 4 explains that the assessment is contextual: the literacy must match the technical knowledge, experience, education, and training of the people involved, the way the AI systems are used, and the people affected by those systems. A claims handler using an AI triage tool needs different literacy from the data scientist who built it.

In practice authorities will look for a documented programme rather than a single training event, calibrated by role, refreshed when the regulation or the AI systems change, and supported by evidence that named individuals have completed the modules relevant to their job. The Commission's AI Pact and the Living Repository on AI Literacy give a public bench of programme designs that the AI Office considers acceptable.

Article 14 applies to providers of high-risk AI systems and requires that those systems be designed and developed so they can be effectively overseen by natural persons during the period in which the AI system is in use. Article 26 puts the operating side of that duty on deployers of high-risk AI systems: assign oversight to natural persons who have the necessary competence, training, authority, and support to do the job.

Practically, every named overseer of a high-risk AI system needs targeted training on the system's capabilities and limitations, on automation bias, on the conditions under which to override or disregard the output, and on the escalation path. The training record for those individuals is the document a national competent authority is most likely to ask for first during an investigation.

Article 99 sets a three-tier penalty stack. Breaches of the prohibited AI practices in Article 5 carry the highest tier: up to €35 million or 7% of global annual turnover for the previous financial year, whichever is higher. Non-compliance with most other obligations (data governance, transparency, deployer duties, GPAI provider duties, Article 4 literacy where it applies) carries up to €15 million or 3% of global annual turnover.

Supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities carries up to €7.5 million or 1.5% of global annual turnover. SMEs and start-ups face the lower of the two values rather than the higher. National authorities and the EU AI Office consider the gravity, duration, intentional or negligent character, cooperation, and prior infringements when calibrating fines.

Yes, the regulation has extraterritorial reach. It applies to providers placing AI systems on the EU market or putting them into service in the Union, regardless of where the provider is established. It applies to deployers established in the EU. It also applies to providers and deployers established outside the EU when the output produced by the AI system is used in the Union.

That last hook captures a large slice of the global AI economy: a US-based SaaS vendor whose AI feature is used by a French customer is in scope, and a US-based deployer whose AI output is delivered to or relied on inside the EU is in scope. Non-EU providers must designate an authorised representative in the Union before placing high-risk AI systems on the market.

The regulation entered into force on 1 August 2024 and applies in stages. On 2 February 2025 the prohibited practices in Article 5 and the Article 4 AI literacy duty became applicable. On 2 August 2025 the General-Purpose AI model rules, the governance chapter (including the EU AI Office and national competent authorities), and the Article 99 penalty regime became applicable.

On 2 August 2026 the bulk of the high-risk AI obligations and most remaining provisions become applicable. On 2 August 2027 the regulation is fully applicable to high-risk AI systems embedded in products covered by the Union harmonisation legislation listed in Annex I. Organisations should sequence their compliance programme against these dates, with Article 4 literacy and prohibited-practice screening as the immediate priorities.