The EU AI Act - the first big milestone: Time to get AI Literate

Deadline Day

2 February 2025 sees the European Union's Artificial Intelligence Act (the "EU AI Act") regime finally start to kick off. There are two big milestones on that day. A ban on "Unacceptable Risk" AI systems (which we think (hope!) won’t affect that many) and the requirement to be "AI Literate" (which we think will).

What is required?

The literacy requirement set out in Article 4 is a broad one and states that "providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used".

AI literacy itself is defined under the EU AI Act as "skills, knowledge and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of this Regulation, to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause".

A "deployer" is effectively a user of an AI system or tool in a business capacity.

So for those of you using AI tools, how are you going to become AI literate - and be able to show that you are?

Step 1

Adopt a “Phase 0” approach. Determine and document what AI tools you are already using. Bear in mind recent surveys consistently show that middle managers and grades below are using AI tools (and in particular Gen AI) without informing senior management. So a comprehensive systems audit might be required! 

Step 2

Review what training (if any) has been undertaken by those using an AI tool and/or dealing with its outcomes. Satisfy yourself that users and decision makers understand why they are using the tool and can explain the decisions it makes or influences.

Step 3

The EU AI Act doesn’t tell you how to achieve AI literacy, or indeed any standard you must achieve. However going forward, if you do the following, you should be well on your way. It’s basically all about training and awareness - and there are many layers of each.

You’ll need to provide technical training so users can understand how each AI tool works as well as awareness training so both the rewards and the risks involved in using an AI tool are properly understood.

Then there is the more general training in respect of ethical use of AI, the data protection implications and the protection of confidential information and intellectual property which should be provided to all relevant staff members.

Senior management’s role

And of course it’s not just about the “soldiers in the field”. AI compliance is a C Suite issue. Board members need to be aware of what AI tools are being used and the implications. It is their job also to make sure the training happens. We are all familiar with Data Protection Officers, but serious consideration should be given to appointing an AI Officer to take responsibility for all deployments across an organisation.

Penalties

The good news is that there are no specific fines for being in breach of the AI literacy requirement. But that is not a reason to get complacent. If you happen to be under investigation for any other breach of the AI Act, then a failure to implement AI literacy measures, may be seen as part of a general malaise.

Action

So get training, raise awareness and see this as an opportunity to put in place an AI policy for the safe procurement, deployment and use of AI in your business.

If you have any concerns about the EU AI Act regime, or would like to talk about putting an AI Policy in place for your organisation, please contact Victor Timon, Emily Harrington or any member of our Technology Group.