EU AI Act  /  Article 4
Article 4 · in force since Feb 2025

Article 4: the AI literacy duty that already applies, decoded

Most EU AI Act deadlines are still ahead of you. Article 4 is not — it has applied since 2 February 2025, to providers and deployers, for AI systems of every risk level. Here is what it actually requires, and how to meet it without boiling the ocean.

Article 4 is the shortest operative article in the EU AI Act — one sentence — and the easiest to overlook. It sits in Chapter I, which means it applies to every AI system you provide or use professionally, not just high-risk ones. And unlike the high-risk obligations arriving in August 2026, it is already law in force.

What Article 4 says

Under Article 113 of Regulation (EU) 2024/1689, Chapters I and II apply from 2 February 2025 — the same date the Article 5 prohibitions took effect. Article 4 has been a live obligation ever since.

Who it applies to

Both roles, explicitly:

The duty covers your staff and “other persons” operating or using AI on your behalf — which reaches contractors and service providers acting for you, not just employees. And because Article 4 sits outside the high-risk chapter, it is not limited to high-risk systems: it attaches to AI system use generally.

What “sufficient AI literacy” means

Article 4 is a best-effort obligation (“to their best extent”), not a certification scheme. There is no prescribed curriculum, exam, or minimum hours. What it demands is proportionate, context-specific competence, calibrated to:

Factor in Article 4What it means for you
Technical knowledge, experience, education and trainingA data scientist and a call-centre agent using the same system need different training — one size does not fit all roles
The context the AI systems are used inLiteracy for a credit-scoring model is not literacy for a marketing copy assistant — training must be system- and use-case-specific
The persons or groups the systems are used onWhere AI affects customers, candidates or other people, staff must understand the risks and limitations for those affected

In practice, “sufficient” means people who operate or rely on an AI system understand what it does, where it fails, what its outputs do and do not mean, and what their own obligations are when using it. For deployers this connects directly to Article 26: the human oversight you must assign under Article 26(2) has to go to people with the necessary competence and training — which is Article 4 made concrete.

Enforcement — and the missing fine

Here is the nuance most summaries get wrong in one direction or the other. Article 99, the Act’s penalty article, does not list Article 4 — there is no dedicated administrative fine for an AI literacy breach as such. But that does not make it a dead letter:

One moving part worth tracking: the proposed Digital Omnibus on AI — provisionally agreed in 2026 but not yet adopted into law as of mid-2026 — would soften Article 4’s wording towards “supporting the development” of AI literacy, an explicit obligation of effort. Until it is formally adopted and published in the Official Journal, the enacted text above is the binding one — plan against it and watch the legislative process.

Meeting Article 4 in practice

A defensible Article 4 programme is four steps, in order:

  1. Inventory: establish which AI systems your organisation provides or uses, and who operates, uses or depends on each one. You cannot train the right people on systems you have not catalogued.
  2. Map roles to literacy needs: per system, decide what its operators, overseers and downstream users each need to understand — capabilities, limitations, failure modes, and the rules that apply to it.
  3. Deliver role-based training: targeted and system-specific beats a generic all-hands e-learning. Depth should follow risk: a high-risk system’s oversight owner needs far more than a casual user of an office assistant.
  4. Document the measures: keep a record of what training was given, to whom, on which systems, and when it is refreshed. Article 4 is a duty to take measures — the evidence that you took them is the compliance artefact.

Why literacy starts with an inventory

Every factor in Article 4 is per system and per person: the context a system is used in, who deals with its operation, who it is used on. None of that can be answered at the level of “the company uses AI.” The prerequisite is a register of your AI systems that records what each one is, what it is used for, and who works with it — the same register your Article 6 classification and Article 26 duties will hang off in 2026.

Track this in your Jira

Know what you have — then train the people who use it

Model Inventory for Jira turns each AI system into a work item in the Jira your team already uses: what the system is, its intended use, its EU AI Act classification, and an owner — with an immutable change history. That gives your Article 4 programme its foundation: a definitive list of systems to train against, and a natural place to raise and track the training work per system. The training itself is yours to design — Model Inventory for Jira is the inventory layer that tells you who needs it, on what.

See how it works

This page is a practical explanation, not legal advice. Always confirm requirements against the official text of Regulation (EU) 2024/1689.