AIAdopt
nlfren
HomeEU AI Act

The EU AI Act and what it asks of your organisation

Since 2 February 2025, the EU AI Act has required every organisation within its scope that uses AI to ensure sufficient AI literacy among its staff. That is set out in Article 4. What the AI literacy obligation under Article 4 asks of your organisation concretely is something we set out in a separate insight. Even where it doesn't apply to you, it is a credible standard to work to. The law doesn't say how. Deliberately not.

Article 4 calls for an "adequate level" of AI literacy. No fixed hours, no mandatory certificate, no tick-box. Adequate. The European Commission explains why: AI evolves too fast for rigid requirements. A law with fixed requirements would be out of date within a year. The standard moves with reality and is tailored to role, context, risk and the people to whom AI is applied.

That sounds vague until a supervisory authority or auditor probes it. Then it turns out that an open standard is not a free pass but an invitation to explain why your approach is defensible. From 2 August 2026, broader supervision and enforcement by national authorities becomes operational. The national supervisory structure is still being finalised: Belgium is expected to give a central role to the BIPT, while the Netherlands proposes a coordinated model involving the Data Protection Authority and the RDI.

We have made three choices that fill in this open standard in the way we believe holds up best under supervision, audit and organisational reality.

Our choices differ, and for good reason...

AI Act training with an annual update, not a one-off session

What the law says.

Article 4 of the AI Regulation requires providers and deployers to ensure an adequate level of AI literacy among their staff, taking into account "the context in which the AI systems are to be used" and the people to whom they are applied. In its Q&A on Article 4, the European Commission explains explicitly why it sets no fixed requirements: AI evolves fast, and what is adequate today need not be in two years' time.

Our approach.

The subscription is not an optional extra. It is the structural commitment that we keep track, on your behalf, of which developments, guidance and enforcement practice affect the "adequate" standard, and that we work those changes into the trainings your people take. Anyone wanting to do this themselves needs internal capacity, year after year. For most of the organisations we serve, that is more expensive than the subscription itself.

AI Act certificate with audit evidence, not an attendance tick

What the law says.

The Commission confirms in its Q&A that a certificate is not legally required, and that there is no obligation to measure knowledge formally. An internal register is legally sufficient. At the same time, Article 4 calls for an adequate level, and enforcement starts from August 2026. In a check or an incident, you need to be able to show what your employee knew at the moment it mattered.

Our approach.

A dated certificate with a score result, tied to the employee's role, is in our view the strongest possible form of that demonstrability. On the back are the learning outcomes: exactly which competences were demonstrated, tied to which articles of the EU AI Act. Not "someone took something", but "this person can do this, with this legal coverage". At each annual recertification those learning outcomes move with the law and with practice. A tick on an attendance list is also enough, but says nothing about what knowledge was actually gained. The twelve-month validity reflects the pace of AI developments: shorter is panic, longer is no longer credibly defensible to a supervisory authority asking whether the knowledge is still current.

AI literacy tailored by role, not a generic training

What the law says.

Article 4 explicitly calls for tailoring to the "technical knowledge, experience, education and training" of those involved. The Commission's Q&A is firm on this: there is no one-size-fits-all, and the approach must match role, sector, risk and context of use.

Our approach.

A director assessing AI procurement and a front-desk employee using ChatGPT for an email have the same legal obligation but a different knowledge need in substance. We therefore split into four base modules and four sector-specific extensions, and tie each employee to the right package through a short selection wizard. A single generic training for everyone looks simpler up front, but does not meet the differentiation requirement of Article 4 the moment a supervisory authority probes it.

Article 4 is not a one-off obligation. How we keep following developments around the EU AI Act and work them into trainings and certificates is set out on the AIAdopt-built EU AI Act Monitor.

Frequently asked questions

Yes. Article 4 applies to every organisation that deploys AI systems, regardless of size. SMEs, local authorities and healthcare organisations fall under the obligation just as much as large enterprises.

Other questions about our approach? [email protected]