Whose job is AI literacy? Why the EU AI Act puts it on your desk
It would be easy, right now, to assume the pressure around the EU AI Act is off! With its key deadlines pushed back to 2027 under the recently adopted AI Omnibus, ‘the AI Act’ might now feel like a looming issue – but one for next year. For the obligation that matters most to your workforce though, that assumption is very wrong.
The duty to build AI literacy across your workforce has actually been in legal effect since February 2, 2025. This has not changed due to the recent announcements and isn’t affected by the delay to the deadlines. This duty is already live, and national regulators gain their supervisory and enforcement powers over the Act this August. In practice, there’s no standalone ‘literacy fine’, but a gap in this area could amplify the penalties if something else goes wrong, that means regulators ask you to show what measures you have taken.
For digital workplace leaders, this is not a distant headache for the legal team. It lands squarely on your desk. However, also looking at the opportunity here, if handled well, this may be one of the strongest cases you will ever have for investing in the digital IQ of your workforce.
What Article 4 actually says
Article 4 of the EU AI Act (Regulation (EU) 2024/1689) requires “providers and deployers” of AI systems to take active measures on the AI literacy of their staff – and of anyone using AI on their behalf. A 2026 amendment, now adopted, eased the exact wording – providers and deployers must now “take measures to support the development of” AI literacy, rather than “ensure a sufficient level” of it – but left the duty, and who carries it, intact. The word that matters is deployer: you don’t have to build AI to be caught – any organization that uses an AI system under its authority, in a professional capacity, is a deployer. A bank rolling out an AI assistant, a manufacturer using an AI-powered HR platform, a retailer with a chatbot on its intranet are all deployers, all in scope.
Two things make the duty unusually broad. First, it applies to all AI systems, not just the ‘high-risk’ category; a generative assistant, AI-enhanced search, a chatbot, all count. Second, it is explicitly not a ‘send everyone a policy PDF’ exercise: the European Commission states that relying on a system’s instructions, or asking staff to read them, “might be ineffective and insufficient”. Literacy here means genuine understanding, tailored to role and risk.
Yes, this means you – wherever you’re headquartered
A common question from UK- and US-headquartered organizations is whether an EU regulation really applies to them at all. For most large employers, it does. The Act has GDPR-like extraterritorial reach: non-EU organizations can be caught where AI systems are placed on the EU market, used in the EU, or where their outputs are used in the Union.
In practice, that captures almost every large, internationally operating organization. A US company with EU offices is a deployer through those offices, and the duty often includes AI deployed centrally on their behalf. A company with no EU office is still caught the moment an AI output is used in the EU – say, an HR tool screening EU-based applicants. UK organizations aren’t bound by the Act as domestic law, but their EU operations are captured all the same, and many will adopt EU-aligned standards as a market norm, just as they did with GDPR.
There is no direct US federal equivalent, but US employers face a growing patchwork of state and local rules on automated employment tools – from New York City’s bias-audit requirements to a wave of similar laws emerging across other states. A robust, EU-standard literacy programme is a useful global baseline, though not a substitute for local legal compliance.
Why this lands on the digital workplace team’s desk
The systems that bring most organizations into scope are not exotic, lab-built models. They are the everyday tools your team already owns: the AI assistant bundled into your collaboration suite, the generative features in your intranet, the AI-powered search you’re rolling out, the chatbot handling employee self-service. That makes many organizations de facto deployers of AI inside the digital workplace – often with no clear owner for the literacy, governance and communication the Act now requires.
It also sits alongside a problem digital workplace teams know well: shadow AI. An undeclared tool can’t be risk assessed, can’t be built into a literacy programme, and can’t be evidenced to a regulator. The behaviours that create exposure are precisely the ones intranet and digital workplace teams already manage. The intranet is the natural infrastructure through which literacy is delivered and policy made visible – so the function that owns the digital workplace is often best placed to co-own the response, alongside Legal, HR, IT and security, risk and learning.
What good AI literacy looks like
The Act is deliberately non-prescriptive – no mandated curriculum, no certificate, no required test. That flexibility is both a gift and a trap: a gift because you can fit it to your organization; a trap because “we ran an optional lunch-and-learn” won’t stand up. The Commission’s guidance points to a clear minimum: people should understand what AI is and how it works, which systems your organization uses, the risks those carry, and your role as provider or deployer – all calibrated to role and context, because a one-size-fits-all module won’t build real capability.
And you should be able to show your work. There’s no certificate requirement or prescribed format, but keeping internal records of the training, guidance and communications you provide is what lets you evidence the measures you’ve taken. This is the territory DWG’s AI People Readiness services are built for: a view of literacy spanning AI, data and digital skills, and a role-based framework that defines what good looks like for different groups. The law sets a floor – and it’s now a lighter-touch one – but the case for genuine AI literacy was never really about the legal minimum.
The deeper layer: high-risk systems
There’s also a deeper layer worth planning for. AI used in recruitment, performance management and worker monitoring – much of it embedded in the platforms digital workplace and HR teams already run – is classified as ‘high-risk’, carrying stronger duties around human oversight and notifying the workers affected. Those obligations don’t fully bite until 2027, but that runway is exactly the time to build the literacy foundations, because trained, capable people are what the high-risk rules will ultimately depend on.
What to do now
Treat Article 4 not as a compliance chore but as the forcing function that makes the case for AI readiness at both the organizational and people levels. Four moves matter most:
- Know where you stand. Article 4 assumes you can describe the AI you run, the governance around it, and how ready your people are. DWG’s AI Organizational Readiness Diagnostic gives that baseline in two to four weeks – a scorecard across eight dimensions, from governance and ethical/regulatory frameworks to people readiness and adoption.
- Build literacy by role, not by broadcast. A single all-staff module won’t build the capability that real use demands – depth by role, context and risk. DWG’s AI People Readiness services deliver a skills framework spanning AI, data and digital literacy, plus role and task mapping that pinpoints the human–AI handoffs where high-risk oversight bites.
- Put the governance where people already look. An acceptable use policy, clear guidance and a route to report or request tools belong on the intranet, in the flow of work – the digital workplace team’s home advantage.
- Build the evidence trail as you go. There’s no certification requirement, but missing documentation reads, to a regulator, as missing effort – and while there’s no standalone literacy fine, that gap could amplify the penalties when something else goes wrong.
None of this is unfamiliar ground. It is governance, communication, enablement and change management – disciplines this community already practises – applied to a problem that regulation has brought into sharp focus. The 2027 delay is not the reprieve it looks like: the literacy duty is already here, and so is the opportunity – to lead your organization’s AI readiness rather than inherit its AI risk.
How ready is your organization to demonstrate that its workforce understands the AI it uses every day? Take our 10-point self-checker and find out
Legal Disclaimer
The information provided by Digital Workplace Group (“DWG”) is for general information purposes only and reflects DWG’s views at the time of publication or presentation. It does not constitute legal advice or legal opinion and DWG is not acting as your legal adviser. The information should not be relied upon as a substitute for obtaining independent legal advice tailored to your specific circumstances.
As legal and regulatory requirements vary depending on the facts and jurisdiction, you should seek independent legal advice before making decisions or taking action. To the fullest extent permitted by law, DWG accepts no liability for any loss, damage, costs or liabilities arising from any action, inaction, decision or reliance on the information, whether in contract, tort (including negligence) or otherwise.
Key sources
- Regulation (EU) 2024/1689 (the EU AI Act), full text on EUR-Lex (pre-AI Omnibus consolidated text; Article 4 wording is being amended): https://eur-lex.europa.eu/eli/reg/2024/1689/oj
- European Commission, AI Literacy – Questions & Answers: https://digital-strategy.ec.europa.eu/en/faqs/ai-literacy-questions-answers
- European Commission, AI Act – regulatory framework and implementation timeline: https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
- AI Act Service Desk / AI Act Explorer – Article 2 (scope), Article 3 (definitions), Article 4 (AI literacy), Article 26 (deployer obligations) and Annex III (high-risk systems): https://ai-act-service-desk.ec.europa.eu/en/ai-act
- Council of the EU (Consilium) – Artificial intelligence: Council gives final green light to simplify and streamline rules (29 June 2026): https://www.consilium.europa.eu/en/press/press-releases/2026/06/29/artificial-intelligence-council-gives-final-green-light-to-simplify-and-streamline-rules/
- NYC Department of Consumer and Worker Protection – Automated Employment Decision Tools (AEDT): https://www.nyc.gov/site/dca/about/automated-employment-decision-tools.page
Categorised in: Artificial intelligence and automation


