AI Ethiek & Governance

AI literacy under the EU AI Act: what your organization should put in place now

Geert Haisma

AI literacy is no longer a soft side topic. Organizations that deploy AI need to show that employees, managers, and administrators understand how the system works, where the risks are, and how human oversight should operate.

Illustration of an executive team reviewing AI literacy and governance with a secure AI assistant.

AI conversations often focus on models, vendors, and use cases. In real organizations, however, one factor decides whether AI lands safely and responsibly: do people actually know when to trust the system, when to challenge it, and what rules apply around its use? That is what AI literacy is about.

Under the EU AI Act, that is no longer just a good intention. The European Commission has now published dedicated guidance, Q&A material, and a living repository of AI literacy practices linked to Article 4. The underlying message is straightforward: providers and deployers of AI systems should ensure that the people working with those systems have appropriate knowledge, context, and support.

Why this matters now

Most organizations are already beyond first experiments. Teams use AI to draft content, summarize files, support coding, classify documents, and prepare decisions. At the same time, leadership teams are under pressure to make AI not only useful, but controllable and explainable. The Commission’s AI literacy repository exists specifically to encourage learning and exchange among providers and deployers in light of Article 4. That matters because AI literacy cannot be reduced to one generic awareness course.

Someone using AI to prepare an internal note needs different skills from a manager approving AI-assisted output or an administrator responsible for access control, logs, and escalation paths. When organizations train everyone in the same way, they create false confidence: people may feel fluent, while still missing the moments where review or intervention is essential.

What AI literacy actually includes

Good AI literacy is role-based. It combines three things:

  • knowledge of what the system can and cannot do;
  • understanding of the context in which it is used;
  • clear behavioral rules on review, security, and escalation.

For knowledge workers, that means knowing when a summary needs verification, what data should never be entered into a public tool, and how to check sources or reasoning. For managers, it means understanding where human accountability remains, what kinds of automation risk are introduced, and which KPIs signal safe adoption. For IT and compliance teams, it means having control over access, logging, retention, model choice, and auditability.

Six building blocks for a workable approach

  1. Map current AI use before writing policy. Start with reality. Which teams already use public tools? Which pilots are live? Where are decisions already being supported by AI?
  2. Train by role, not by hierarchy. End users, process owners, managers, and administrators need different guidance.
  3. Make human oversight concrete. Define who reviews what, when outputs cannot move forward without a check, and how exceptions are escalated.
  4. Provide a safe default environment. If people lack a trusted option, shadow AI will grow. Private AI or secured workspaces reduce that risk immediately.
  5. Embed learning in real workflows. Use live documents, real decision moments, and everyday cases rather than abstract examples.
  6. Measure behavior, not completion rates. A completed course says little. Better metrics are correct usage, escalations, error reduction, and adherence to policy.

Where organizations often go wrong

The first mistake is treating AI literacy as an internal communications exercise. An intranet page and a lunch session may raise awareness, but they do not change behavior. The second mistake is assigning the topic entirely to IT or legal. Line managers need to understand how AI changes work, otherwise there will always be a gap between policy and practice. The third mistake is waiting for perfect governance before people are allowed to learn. In that gap, shadow AI grows.

A pragmatic path works better: choose a limited set of workflows, give teams a safe environment, train by role, and create feedback loops. That makes AI literacy visible in day-to-day execution instead of keeping it on paper.

A realistic 90-day route

In month one, inventory current AI use and assign process owners. In month two, translate those findings into guidance, short role-based training, and example cases. In month three, embed oversight, logging, and evaluation in the workflow itself. That does not create a perfect end state, but it does create a manageable operating base.

For many organizations, this is also the moment to make a tooling decision. If you expect people to work safely, you need to give them a safe default. That is why, in practice, AI literacy and Private AI often move together: without control over environment and data, good behavior is hard to enforce consistently.

Want to turn AI literacy into concrete roles, workflows, and governance? Plan a short session with PrudAI through our contact page or explore our approach on AI Services.

Sources

AIPrudAIAI ActAI literacyData Privacy

Geert Haisma

Director

Geert Haisma is the co-founder and director of PrudAI, an AI specialist that supports organizations in securely and custom-deploying generative AI for improved decision-making and process automation. With a background in public administration and years of experience in making organizations more successful, Haisma is the driving force behind PrudAI's strategic and substantive direction.