EU AI Act Compliance

The EU AI Act applies to ‘providers ‘and ‘deployers’ of AI systems. Whilst both players can be natural or legal persons, a provider is one who develops an AI system or a general-purpose AI model and places it on the market or puts the AI system into service under its own name or trademark. A deployer is simply a person who uses an AI system for professional activities.  

The definitions of these two players under the AI Act is therefore broad enough to cover any organisation using AI or making available AI tools to their employees and permitting their use for their business operations.  

Article 4 of the Act requires providers and deployers of AI systems to take measures to ensure that their staff have a sufficient level of AI literacy. The obligation is extended to other persons dealing with the operation and use of AI systems on their behalf, such as contractors. The Act specifies that the measures to ensure appropriate AI literacy must consider the staff’s technical knowledge, education, training and the specific use case of the AI system within the organisation.  

AI literacy is defined as skills, knowledge and understanding that allows a person to an informed deployment of AI systems and be aware of opportunities and risks of the AI system (Article 3(56)). Therefore, AI literacy entails an understanding of how AI systems work, their capabilities, limits, and risks like bias, hallucinations, automation pitfalls and being aware of relevant ethical and legal frameworks

Whilst there are no minimum requirements set for meeting the requirement of AI literacy, organisations must demonstrate a ‘sufficient level of AI literacy’ without a specific yardstick. The European Commission provides an indication of minimum compliance with this requirement:  

• Ensuring a general understanding of AI within the organisation
• Considering the role of the organisation as a provider or deployer of AI systems
• Considering the risks of the AI systems being used  
• Ensuring that the literacy actions take into consideration the context of the AI systems and the persons who will be using the AI systems, as well as the difference in technical knowledge, experience and education of the staff to be trained.  

Based on the guidance issued by the Commission, a one-size-fits all approach will not be appropriate to meet the AI literacy requirements. Careful assessment of the use of the AI systems is merited to adapt measures to the risk of the AI system as well as, an indication of employees’ knowledge of AI.

‍

An exhaustive but significant list of banned AI practices is also in force under Article 5 of the EU AI Act. The rationale underlying these banned practices focuses on their incompatibility with EU values and the harm to fundamental rights. The list of banned practices is exhaustive; however, the European Commission may update it annually, allowing for further practices deemed as risks evolve.  

Prohibited practices include AI systems:  

• exploiting specific vulnerabilities of persons  
• carrying out untargeted scraping of facial images from the internet or CCTV footage
• predicting the risks of a person committing a criminal offence, based solely on profiling of specific characteristics.  

Organisations must ensure that they are not implementing such AI practices when making use of AI systems within their organisations.

‍

Although enforcement of the AI Act commences in August 2025, organisations should begin preparing for AI compliance at an early stage to mitigate regulatory risks, enhance internal readiness, and develop a competitive advantage in compliance.

Proactively implementing AI literacy as part of a comprehensive AI governance strategy can help organisations anticipate future regulatory phases. Organisations should consider adhering to best practices for AI compliance, such as:

• conducting AI compliance audits  
• designing appropriate AI literacy programmes  
• investing in ongoing training programs for employees
• using AI tools in realistic scenarios
• developing internal codes of conduct and policies for AI usage
• encouraging interdisciplinary awareness of the benefits and risks of AI usage in business

Our technology lawyers combine their technical knowledge with legal expertise, to serve clients holistically in the adoption and implementation of AI systems. We firmly believe in the opportunities and benefits that AI creates. We guide first movers in the AI industry to adopt AI confidently and in a compliant manner. 

Reach out to us to ensure your AI literacy obligations are met.