AI Literacy Training for Your Team

Understanding how an AI system is classified under the EU AI Act determines what obligations apply to it. The classification is based on the system's use case and intended purpose — not its technical architecture.

Annex I — AI Techniques covered

The Act applies to systems using machine learning approaches (supervised, unsupervised, reinforcement), logic- and knowledge-based approaches (constraint satisfaction, knowledge representation, rule-based systems), and statistical approaches. If your system uses any of these to generate outputs that affect decisions, it is an AI system under the Act.

Annex III — High-risk use cases

These are the eight sectors where AI systems are automatically classified as high-risk:

• Critical infrastructure: AI used in safety components of energy, water, gas, heating, road transport, or digital infrastructure systems
• Education and vocational training: AI that determines access, admission, or assesses students and candidates
• Employment and worker management: AI for recruitment (screening, filtering, evaluating applicants), promotion decisions, performance monitoring, work allocation
• Access to essential services: AI for credit scoring, insurance risk assessment, public benefit eligibility, emergency services routing, creditworthiness evaluation
• Law enforcement: AI for individual risk assessment (recidivism, crime likelihood), polygraph-like tools, crime analytics using personal data
• Migration and border control: Risk assessment of people crossing borders, asylum processing, travel document verification
• Justice and democratic processes: AI assisting courts in researching or applying the law, AI influencing election outcomes
• Biometric identification and categorisation: Remote biometric identification (facial recognition), categorisation of people by protected characteristics

Prohibited AI systems (Annex II)

Some AI systems are banned outright. These include: systems that use subliminal techniques to manipulate people against their interests, systems that exploit vulnerabilities of specific groups (age, disability), real-time remote biometric identification in publicly accessible spaces by law enforcement (with narrow exceptions), social scoring by public authorities, and AI systems to infer emotions in the workplace or educational settings.

Article 50 — Transparency for limited-risk systems

Even if your system is not high-risk, Article 50 may still apply. If your system interacts with users (chatbots), generates synthetic content (images, audio, video, text), or conducts emotion recognition or biometric categorisation, you must clearly inform users they are interacting with AI or that content is AI-generated. This applies to all such systems regardless of risk tier.

The EU AI Act creates different responsibility tiers depending on your role. Understanding your role is essential to knowing your obligations. You may be a provider (you developed the AI system), a deployer (you deploy a third-party AI system in your own product), or a user (you use AI tools within your organisation).

Provider obligations

If you develop an AI system (including fine-tuning a foundation model for a specific purpose), you are a provider. Your key obligations for high-risk AI systems include:

• Create and maintain Annex IV technical documentation before placing the system on the market
• Implement a quality management system
• Carry out conformity assessment procedures
• Affix CE marking (for EU market entry)
• Register in the EU AI Act public database of high-risk AI systems
• Post-market monitoring and reporting obligations

Deployer obligations

If you use an AI system (built by someone else) in your own product or process to serve end users, you are a deployer. Your obligations include:

• Use the system only as the provider intended and documented
• Implement human oversight measures specified by the provider
• Monitor performance of the system in practice
• Log and retain records of system use where required
• Inform your employees and affected people about AI decision-making

Article 50 — Transparency obligations (applies to most SaaS teams)

If your product shows AI-generated content or enables AI interaction with end users:

• Chatbots and conversational AI: Users must be told they are interacting with an AI system at the start of the interaction — unless it is obvious from context
• AI-generated content: Synthetic images, audio, video, and text must be machine-readable labelled. For human-facing content, a clear disclosure is required
• Deep fakes: Manipulated images, audio, or video depicting real people must be disclosed as artificially generated

Article 4 — What "adequate AI literacy" means for you personally

The Act requires operators to ensure that people working with AI systems understand:

• The capabilities and limitations of the AI systems they use
• The data the system was trained on and where that data may be biased or unrepresentative
• When to trust AI output and when to use their own judgement
• How to identify outputs that may be incorrect, biased, or fabricated
• Their organisation's procedures for escalating AI-related issues

Understanding the regulation is necessary but not sufficient. AI literacy means being able to work effectively and responsibly with AI tools in your day-to-day role. This module covers the practical skills that constitute "adequate AI literacy" under Article 4.

What "adequate literacy" means in practice

The EU AI Act does not prescribe a specific training curriculum. The standard is whether you are able to: understand the AI system's purpose and limitations, identify when it might be wrong, exercise appropriate oversight, and escalate appropriately when something seems off. The training you are completing now is designed to satisfy that standard.

Assessing AI output quality

AI systems can produce confident-sounding outputs that are factually wrong. Developing the ability to evaluate AI output quality is a core literacy skill:

• Check for hallucination: Large language models generate plausible-sounding text whether or not it is accurate. Always verify factual claims, statistics, legal references, and citations independently
• Notice overconfidence: AI systems do not know what they do not know. A confident-sounding answer does not indicate correctness. Look for acknowledgement of uncertainty
• Test with edge cases: If an AI system makes decisions affecting people, test how it handles unusual cases, minority populations, and data it was not trained on
• Compare outputs: Run the same input multiple times or through different models to see if outputs are stable and consistent

Recognising AI-generated content

AI-generated text, images, and audio are increasingly indistinguishable from human-created content. Developing recognition skills matters both for your own work and for what you publish:

• AI text often has consistent rhythm, avoids strong opinions, and produces lists and structures even when prose would be more appropriate
• AI images often have subtle inconsistencies in hands, text, and background coherence
• Audio deepfakes can be identified by unnatural cadence, unusual pronunciation, or acoustic inconsistencies

Data privacy when using AI tools

Using AI tools — including general-purpose tools like ChatGPT, Claude, Gemini, and Copilot — creates data privacy obligations:

• Never input personal data of customers or employees into an AI tool without checking your data processing agreement (DPA) with the provider. If there is no DPA in place, do not input personal data
• Treat AI tools as potentially public: assume anything you input could be seen by the provider and potentially used for training unless you have confirmed otherwise
• Use anonymised, synthetic, or test data when developing or testing AI features
• Check whether your organisation has an approved list of AI tools. Using unapproved tools may create compliance exposure

Knowing when to escalate

Your organisation needs clear escalation procedures for AI-related concerns. Escalate when:

• An AI system makes a decision that seems wrong, biased, or discriminatory
• A customer or user raises concerns about an AI decision affecting them
• You discover an AI system is being used outside its documented intended purpose
• An AI system appears to be generating harmful, illegal, or defamatory content
• You are unsure whether an AI tool is approved or compliant for a particular use case