AIAdopt
HomeInsightsWhy AI literacy is more than a tick on a checklist
opinionApril 2026· 6 min reading time

Why AI literacy is more than a tick on a checklist

AI literacy under the EU AI Act is not a tick on a checklist. Why an attendance list fails at audit, what Article 4 really asks, and what genuinely works.

Why AI literacy is more than a tick on a checklist

Something curious is going on with AI literacy in many organisations. The moment someone mentions the EU AI Act, it lands on the agenda. A session is scheduled. An external speaker drops by, gives an hour-long talk, shows a few slides. The attendance list goes round, and a week later a summary appears on the intranet. And with that, it is ticked off. AI literacy: sorted.

Is that what "AI-literate" is supposed to come to mean?

Because what has that employee actually learned? And more importantly: how does the organisation demonstrate it when it matters? That attendance list proves one thing: that someone was in the room. Not that someone knows which company data may and may not go into ChatGPT. Not that an HR employee understands why CV screening counts as high-risk AI. Not that an IT administrator knows the difference between when the organisation is a deployer and when it accidentally becomes a provider.

What the law really asks

Article 4 of the EU AI Act is one of the most underestimated articles in the whole regulation. Not because the text is complex, but precisely because it is deceptively simple. Providers and deployers of AI systems must, the law says, "take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf". How you get to work with Article 4 in practice is set out in a separate insight.

Note carefully what it does not say. It does not say "give them a training". It does not say "provide a certificate". It says that an organisation must take appropriate measures to ensure that its people have a sufficient level. That is an obligation of means, to the best of one's ability, not a non-committal promise. You do not have to guarantee that every employee reaches a fixed level. You do have to take demonstrably serious and appropriate measures. The difference with a tick is small on paper and enormous in practice.

In May 2025, the European Commission published an FAQ on this article. It states explicitly that reading a user manual for an AI system is not enough. A one-off plenary session for the whole organisation will often amount to weak evidence too, because the obligation takes account of the technical knowledge, experience, education, context of use and the people the system is applied to. In other words: what a front-desk employee needs to know is different from what an HR professional needs to know, and that is again different from what an IT administrator must be able to assess.

The Digital Omnibus on AI is set to rephrase Article 4 as a duty to take measures that support the development of AI literacy. That does not change the practical point: organisations still need serious, demonstrable and role-appropriate measures.

The difference between demonstrating and being present

Here is the heart of the problem. A certificate is not legally required under Article 4. The Commission leaves organisations the room to document their efforts internally, as long as that is defensible. No text in the regulation requires a formal test or a certificate of completion.

But then comes practice. What happens at an audit? What happens if an employee causes a data breach because a prompt carried sensitive customer information to a public AI tool? What happens if a high-risk AI system takes a decision that harms a citizen or resident, and the question arises whether the official or care provider involved actually knew what to watch out for?

At that moment the question is not: has your organisation done anything about AI literacy? The question is: can you demonstrate that people in this role, including the employee involved, received appropriate AI literacy measures for the AI use expected of them? And an attendance list with a scribble, or an email confirming that someone was able to view an intranet article, falls short at that moment.

The European Commission says so itself in its guidance: a lack of demonstrable AI literacy can be weighed by supervisory authorities as an aggravating factor in other infringements of the AI Act. Fines for high-risk AI infringements run up to fifteen million euros or three per cent of worldwide annual turnover. The lack of training is then not the main infringement, but it is the factor that makes the fine heavier, because it shows that the organisation was insufficiently careful.

Why the how matters

AI literacy is not about collecting knowledge. It is about developing judgement. Three competences are needed for that.

Understanding. Knowing what AI is, at what level it works, and where it occurs in your own work. Not technical depth about transformer architectures, but the practical insight that an AI recognises patterns in data and, on that basis, makes predictions or generates output, and that this output contains errors that often sound convincing.

Judgement. Being able to recognise when an AI outcome is reliable and when it is not. Understanding that an answer can be well phrased and still factually wrong. Seeing that an AI selection tool can be systematically discriminatory without that being visible on the surface.

Responsibility. Knowing what your own role entails. When a human must decide instead of the system. Which data may and may not be shared. Who is held to account if something goes wrong.

Those three competences do not develop in an hour-long group session with slides. They develop by working with scenarios that lie close to your own role. By answering questions where more than one answer is plausible, and, for the wrong answer, explaining why it is wrong. By coming back regularly, because the technology changes so fast that knowledge from eighteen months ago is already half-dead.

What does work

An approach that genuinely promotes AI literacy has recognisable features. They are not laid down in law, but follow logically from what the law asks and what the Commission names in its guidance as a minimum.

The training is role-specific. The knowledge an IT administrator needs is fundamentally different from what an HR employee must know. A front-desk employee who occasionally uses ChatGPT for a customer email has a different frame again than a manager who has to make policy about AI use. A one-size-fits-all package that shows everyone the same slides fails to meet the context-specific requirements embedded in the law.

The training works with recognisable scenarios. Not "suppose an AI system makes a mistake", but: a colleague uses ChatGPT to write a quotation and pastes in customer names and prices. What do you do? Who do you speak to? What do you report? A good training practises that type of decision moment.

The training assesses seriously. Not five easy questions no one can fail, but a real assessment from a broad question bank with a threshold that means something. If everyone passes automatically, the assessment proves nothing. If ten per cent fail and have to resit, the assessment carries genuine weight.

The training is current. AI technology and regulation develop so fast that a training from eighteen months ago is out of date. Annual recertification is not a sales trick, it is a practical way to keep up. What is "good use" today can cause an incident next year.

The training documents what has been learned. Not only that someone took part, but which competences were assessed and which parts of the AI Act were covered. That distinction, participation versus proven competence, is at an audit the difference between a file that holds up and a file that raises questions.

The choice every organisation makes

Every organisation that uses AI makes a choice sooner or later. One side is the minimal side: being able to tick something off as quickly as possible, as cheaply as possible, preferably without it taking too much time. The other side is the side where AI literacy is seen as a competence that makes the organisation better: more insight, fewer incidents, better decisions.

With the first choice, the organisation produces an attendance list. With the second, it produces staff who understand AI, use it responsibly, and make their organisation defensible at an audit.

The EU AI Act forces organisations to choose. The law itself does not prescribe which way to go. But the practice of enforcement, the Commission's guidance and the reality of what a supervisory authority will ask at an audit all point in one direction.

AI literacy is not a tick. It is a competence. And competence is demonstrated through role-specific evidence, not by proving that a room was full.

At AIAdopt we choose the second side. Our microtrainings are role-specific, scenario-based, seriously assessed with a broad question bank and a 70 per cent pass threshold, and kept current annually. Every certificate states which learning outcomes were assessed and which AI Act articles were covered: audit-defensible per employee. Developed specifically for the Belgian and Dutch market, because real literacy is worth more than a tick.

Want to know where your organisation stands?

Download our free EU AI Act Compliance Checklist or view our AI literacy training.

Want to know more?

Get in touch for a no-obligation conversation about what AIAdopt can do for your organisation.