1. AI inventory and scope
Document AI systems, generative AI tools, suppliers, purposes, teams, external parties and risk profiles. Without scope, training is hard to defend.
Article 4 EU AI Act
Article 4 AI literacy evidence dossier
A practical hub for organisations that want to make AI literacy demonstrable: role matrix, learning goals, training records, certificates, management reporting and connection with AI governance.
- Article 4 applies
- 2 Feb 2025
- Suitable level
- Per role
- Records and reporting
- Evidence
Last updated: 2 June 2026
Article 4
What should you be able to show under Article 4?
Article 4 does not ask for one standard course for everyone. The core requirement is that providers and deployers take measures to ensure a sufficient level of AI literacy. That level depends on technical knowledge, experience, education, the context in which AI is used and the people affected by the system.
Which AI systems or AI tools are used, for what purpose and by which teams.
Which roles work with those systems or act on behalf of the organisation.
Which risks, limitations, privacy rules and usage instructions matter per role.
Which training, guidance, assessment, certificates and follow-up are in place.
How progress, exceptions, incidents and changes are tracked at management level.
Evidence
The evidence dossier that works in practice
A supervisor is unlikely to ask only whether someone completed a course. A stronger dossier explains why your measures fit the organisation's AI use, role distribution and risks.
2. Role matrix
Connect functions to AI use: management, users, HR, legal/compliance, privacy, IT, product teams, procurement and suppliers do not need the same learning goals.
3. Learning goals per risk
Show what people must understand about hallucinations, bias, privacy, human oversight, logging, transparency, vendor claims and sector rules.
4. Training, guidance and practical cases
Keep modules, work instructions, prompt rules, practical exercises, policy updates and cases. AI literacy should connect to work behaviour.
5. Records and assessments
Track attendance, assessment results, certificates, exceptions, remediation and refresh cycles. A certificate helps, but context makes the evidence strong.
6. Management reporting
Report periodically on coverage per role, open gaps, incidents, new AI tools, vendor changes and the next quarterly plan.
Roles
Which roles should evidence what?
The European Commission stresses that AI literacy is context-specific. Evidence becomes stronger when you show what knowledge is needed per role and how that knowledge is maintained.
| Role | Knowledge focus | Evidence |
|---|---|---|
| Board and management | AI governance, risk decisions, policy, escalation and progress oversight. | Decision records, management reporting, roadmap, AI policy and governance meetings. |
| Staff using AI | Safe use, output checking, privacy, hallucinations, bias and human judgement. | Training records, assessment results, usage instructions and practical cases. |
| HR, recruitment and people analytics | Annex III risk, non-discrimination, transparency and candidate or worker impact. | HR-AI use-case register, Article 4 records, DPIA/FRIA and human oversight arrangements. |
| Legal, privacy and compliance | AI Act roles, GDPR, DPIA/FRIA, vendor review, policy, incidents and evidence. | Review records, risk assessments, supplier files and control framework. |
| IT, data and product teams | System boundaries, data governance, logging, model behaviour, monitoring and changes. | Technical documentation, change log, evals, monitoring and release decisions. |
| Suppliers and contractors | Use on behalf of the organisation, safe handling of output and contractual arrangements. | Onboarding, instructions, contract clauses, attestations and exception register. |
Certificate
Is an online AI literacy certificate enough?
No. The European Commission says there is no certificate requirement. An online certificate is still useful supporting evidence when it sits inside a broader dossier with role-based learning goals, records, assessment, follow-up and periodic evaluation.
Strong evidence
- Participant, date, module, score, role and validity are recorded.
- The module fits the role, AI tools and risk profile of the employee.
- There is follow-up for low scores, missed parts or changed systems.
- Management can see coverage, open gaps and exceptions.
Weak evidence
- Everyone gets the same generic awareness module.
- There is no link to AI systems, roles or risks.
- There is no refresh, assessment or follow-up when new tools appear.
- The certificate is treated as the endpoint instead of a piece of evidence.
Difference
AI awareness is not the same as AI literacy
Awareness is a useful start: people understand that AI has opportunities and risks. AI literacy goes further and must connect to the task, the system, the rights and obligations of the role and the impact on affected people.
| Area | AI awareness | AI literacy |
|---|---|---|
| Goal | Awareness | Responsible action in context |
| Evidence | Attendance or e-learning | Role matrix, learning goals, assessment and follow-up |
| Depth | Basic concepts | Risks, limitations, governance and practical decisions |
| Rhythm | One-off session | Ongoing evaluation and refresh |
Plan
30-day implementation path
This path is a starting point. Larger organisations should then turn it into a quarterly rhythm for new tools, new roles and changed risks.
Week 1: scope and AI inventory
Inventory AI tools, processes, teams, suppliers and external persons. Start with the highest impact or broadest use.
Week 2: roles and learning goals
Define minimum competency per role: what should someone understand, assess, apply and document?
Week 3: training and assessment
Start role-based modules, short practical cases and assessments. Record attendance and results immediately.
Week 4: reporting and embedding
Create a management update with attendance, scores, open gaps, exceptions, incidents and the next quarterly plan.
Governance
Connect Article 4 to your AI governance
AI literacy should not sit beside governance as a separate training project. It should run together with AI inventory, risk classification, DPIA/FRIA, vendor assurance, human oversight, transparency and incident response.
AI inventory
Determines which systems and teams need training.
Annex III classification
Raises training depth in high-risk or sensitive contexts.
DPIA and FRIA
Shows which risks staff must recognise and mitigate.
Vendor assurance
Ensures suppliers and contractors receive sufficient instruction.
Human oversight
Connects training to real authority, escalation and control.
Management reporting
Makes progress and open risk visible to leadership.
AI literacy guideDefinition, obligation, roadmap and FAQ.AI governance and complianceConnect Article 4 to governance, inventory and evidence.Provider vs deployerDetermine who is responsible for training and instructions.Annex III classificationHigh-risk context requires deeper role training.DPIA vs FRIATurn risk assessment into learning goals.Transparency obligationsConnect training to disclosure and human oversight.
Sectors
Sectors where Article 4 evidence matters more
Every organisation using AI should organise suitable AI literacy. In these sectors, evidence is often more urgent because of fundamental-rights impact, supervision, customer trust or Annex III risk.
HR and recruitmentRecruiters, HR, hiring managers and people analytics.EducationAI in assessment, admission, monitoring and support.GovernmentPublic services, algorithm registers and citizen impact.Financial servicesCredit, fraud, onboarding and model risk.HealthcareDecision support, privacy, safety and clinical context.Technology and softwareProvider roles, product teams and downstream instructions.
Next
From explanation to execution
Use Responsible AI Platform for explanation, sources and templates. Go to LearnWize when you want to organise team training, records, certificates and reporting. Use Embed AI when governance, scope and implementation choices need to be set up.
LearnWize for training and evidence
Assessment, role-based learning paths, Article 4 training, certificates, records and team reporting.
Embed AI for governance and scope
Support with AI inventory, roles, policy, DPIA/FRIA, supplier requirements and the Article 4 evidence rhythm.
Expert guidance
Article 4 also touches governance, risk and evidence
Zahed Ashkara connects AI literacy with EU AI Act readiness, AI governance, Annex III and evidence. Read the central profile or the relevant expert pages when you need to place the obligation in a broader AI approach.
FAQ
Frequently asked questions
Does every employee need to be AI-literate?
Everyone working with AI systems or acting on behalf of the organisation needs a suitable level. That does not mean everyone needs the same depth.
What might a supervisor ask for?
Think of an AI inventory, role matrix, learning goals, training records, assessment results, policies, management reporting and evidence of periodic evaluation.
Is a certificate mandatory under Article 4?
No. The European Commission indicates there is no certificate requirement. A certificate can still be useful evidence when it is part of a broader dossier with role-based learning goals, records and follow-up.
Does Article 4 also apply to ChatGPT or Copilot?
Yes, when staff use AI systems or generative AI tools on behalf of the organisation, they should understand the relevant opportunities, limitations and risks, such as hallucinations, privacy, confidential information and output review.
Can LearnWize help with Article 4 evidence?
LearnWize helps with evidence: assessment, learning paths, assessments, certificates, training records and reporting. The organisation remains responsible for scope, governance and application in its own context.