Close Sidebar
COPYRIGHT © PROFESSIONAL EVALUATION AND CERTIFICATION BOARD 2021 ALL RIGHTS RESERVED
Now Reading
Operationalizing Responsible AI in Light of the EU AI Act: Governance Begins with Literacy
Search for content, post, videos
Search for content, post, videos

Operationalizing Responsible AI in Light of the EU AI Act: Governance Begins with Literacy

August 4, 2025

The Responsible AI movement and the EU AI Act are among the major catalysts shaping the AI landscape, highlighting issues such as fairness, transparency, and accountability. Governance professionals have rapidly developed principles, frameworks, assessments, and toolkits, and yet many companies are struggling to determine their first governance steps. Perhaps the framers of the EU AI Act took into consideration that many organizations would be in the nascent stages of AI governance readiness, and thus, strategically rolled out the Act beginning with two parts: (1) prohibited systems (which we will not delve into further in this article) and (2) AI literacy obligations.

AI Literacy is the set of competencies that allows someone to understand how an AI system works, evaluate appropriate applications for an AI model, interpret and critically evaluate the quality of its output, and effectively oversee deployment. AI literacy is crucial to building an organizational ecosystem that has the necessary knowledge for effective and responsible AI governance.

Unlike deterministic, rule-based software applications, today’s AI systems are not merely tools, but entire socio-technical systems. These systems ingest personal and operational data to make predictions, offer recommendations, or automate decisions, often with significant and direct consequences on individual lives. Traditional paradigms for governance and security, primarily designed around purely technical systems, are ill-equipped to address the complexities introduced by the social dimensions inherent in AI technologies. Thus, AI literacy becomes essential for responsible technology governance; it is a cornerstone of future-proofing organizations for long-term success, reputational resilience, and sustainable growth, specifically because it equips stakeholders to navigate the unique socio-technical challenges presented by AI.

In this report, we will:

  • Outline the business drivers that make AI literacy a critical priority
  • Introduce a practical framework for tailored, organization-wide AI literacy
  • Explore how to build and sustain an effective and evolving literacy program

Together, these elements will equip your organization to embed AI literacy at every level.

The Four Core Business Levers that Drive AI Literacy

A comprehensive, organization-wide AI literacy program offers a significant long-term return on investment, both protecting profits and opening new markets with trust. Strategically, it builds the foundation for resilient, responsible, and future-ready AI deployment. Ethically, it aligns with corporate responsibility and stewardship.

Four core business levers illustrate the importance for technology governance professionals and top management to prioritize and implement AI literacy initiatives:

  • Business Value: AI literacy enables employees to confidently engage with AI systems, improving productivity, adaptability to changing roles, and capacity for innovation.
  • Legal Compliance: Regulations create explicit obligations for organizations to ensure AI literacy among affected employees. Failure to comply exposes businesses to penalties and reputational damage.
  • Risk Management: A workforce that understands the capabilities and limitations of AI is essential for identifying and mitigating risks, including algorithmic bias, privacy breaches, security vulnerabilities, and unanticipated societal impacts.
  • Ethical Imperatives: When employees grasp the ethical dimensions of AI, they are better equipped to use it responsibly, aligning systems with human values, promoting transparency, and strengthening public trust.

For organizations subject to the EU AI Act, the compliance imperative becomes even clearer. Article 4 of the Act mandates the creation of a contextually relevant literacy program, which we will now explore in greater detail.

“Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used.” – EU AI Act, Article 4

AI Literacy as a Compliance Obligation

As of February 2025, Article 4 of the EU AI Act formally entered into force, requiring Providers and Deployers of AI systems to ensure adequate AI literacy among relevant staff. While the AI Act outlines steep penalties for infringements (up to €35 million or 7% of global annual turnover for the most serious violations), it does not yet provide clear guidance on the specific penalty levels applicable to breaches of Article 4. Nonetheless, failure to comply may expose organizations to enforcement action, especially where insufficient literacy contributes to harm or broader non-compliance. Not least of all, the reputational damage from violating a law that mandates training employees on critical technology could be even more damaging than any punitive action. Therefore, the absence of defined thresholds for penalties should not be read as a reprieve, but rather as a call for proactive implementation in anticipation of evolving regulatory expectations, as well as a clear obligation to employees and other persons using the AI system.

Crucially, to comply clearly and completely, organizations must first establish whether they qualify as a Provider, a Deployer, or possibly both, clearly differentiating between roles and responsibilities. This assessment becomes particularly important given the complexity of modern corporate structures. Companies frequently outsource activities related to AI operations, making it all the more important to clearly delineate responsibilities when third parties are “acting on behalf of” the primary organization or when the organization itself is acting on behalf of another.

Conducting thorough internal reviews and due diligence is, thus, foundational to establish not only appropriate AI literacy programs, but also effective and accountable AI governance overall. This step, although potentially demanding significant upfront effort, is essential for clearly aligning roles, responsibilities, and compliance obligations across internal teams, contractors, and external partners. Organizations should anticipate dedicating adequate resources and time to this exercise, reflecting its foundational nature for sustainable AI governance.

Furthermore, it is worth considering the EU AI Act’s Recital 20, which specifies that AI literacy efforts should enable all stakeholders, including not just internal staff but also affected individuals, to “make informed decisions regarding AI systems.” The precise nature and depth of the required knowledge vary depending on each individual’s role and context. Affected persons, such as customers receiving automated financial advice, employees subject to AI-driven performance evaluations, or citizens interacting with AI-powered public services, primarily need sufficient understanding to grasp how AI-driven decisions impact them personally.

Ultimately, clearly defining your organization’s position, whether as a Provider, Deployer, or both, and thoroughly mapping associated responsibilities is not merely an exercise in compliance. It is a strategic step towards embedding responsible, effective, and ethically sound AI literacy programs that safeguard organizational integrity and promote trust and innovation.

Frameworks for Segmenting Employees for AI Literacy Training

To begin, identify all roles within your organization that interact with or are impacted by AI systems. This includes executive leadership and technical teams, as well as operational staff, legal and compliance departments, general employees using AI systems as work tools, and even employees who do not interact with the AI systems but have decisions made about or for them by automated systems. Additionally, consider extending AI literacy training to key external stakeholders, such as vendors and partners.

In support of this process of employee segmentation for AI literacy training, researchers and industry bodies have developed frameworks that can help clarify who needs what kind of literacy and why. For example, the non-profit organization ForHumanity, a collective of over 2,600 contributors from over 100 countries, has developed an AI literacy model using five defined ‘Personas’ that reflect the role, responsibility, and type of interaction an individual has with AI, thereby providing a practical way to build contextual, role-specific learning paths. The ForHumanity CORE AAA Governance Certification Scheme outlines the essential components required for effective governance, oversight, and accountability of AAA (Artificial Intelligence, Algorithmic, and Autonomous) Systems. It is designed to establish and implement globally recognized standards for strong AI system governance. Within this scheme, the five Personas for AI literacy training are described as follows:

  • Persona 1: AI Subjects as users or impacted stakeholders of the AAA System, not including any employees, contractors, or gig-workers.
  • Persona 2: Employees, contractors, or gig-workers as impacted stakeholders only, but not interacting with the AAA System for professional individual or corporate purposes.
  • Persona 3: Employees, contractors, or gig-workers that are interacting with the AAA System for individual or corporate professional purposes.
  • Persona 4: Top Management and Oversight Bodies.
  • Persona 5: Employees (AI leaders) who are the decision-makers in regards to the AAA System.

In the ForHumanity CORE AAA Governance Provider Certification Scheme, the Training and Education section lays out the Personas and their respective Learning Objectives (see Table 1). It also contains robust criteria that address the following AI-specific ethical risks that are rarely considered in AI literacy frameworks:

  • The internal process for raising questions, concerns, or negative impacts on the human rights and freedoms of AI Subjects; and
  • Industry standards, current governance, and best practices on Algorithm Ethics and Ethical Choices.

An important learning objective for all employees, irrespective of their role in the organization, focuses on raising questions and concerns. This component of the training must also explain how employees can share any negative impacts on the fundamental rights of AI subjects. This is especially empowering for employees, giving them a voice and an opportunity to be actively engaged in responsible AI. The company also benefits, being provided valuable perspectives and information on unforeseen or unintended consequences of the AI system, which then enables leadership to address any issues and improve the overall performance and ethical use of the technology.

ForHumanity’s scheme calls for substantive training in ethics for Personas 3, 4, and 5. The learning objectives for these employees include training on bias and ethical choice, two important components of algorithm ethics. As a result, the employees will have familiarity with important aspects of fairness, transparency, accountability, and privacy with respect to AI systems and their output.

Delivering a Flexible, Adaptable, and Engaging AI Literacy Program

AI literacy is not a one-size-fits-all scenario. Different groups across the business (e.g., technical teams, product owners, human resources, sales, marketing, and procurement) will each have different learning needs depending on how they interact with AI systems. So it is important to identify clear, context-driven learning objectives. These should be shaped by a combination of internal consultations (usually with senior staff who know their teams best), AI risk or data protection impact assessments, and a basic understanding of regulatory obligations. If leadership cannot articulate the team’s AI literacy needs, that is usually a red flag for deeper alignment or an external prompt for support.

AI systems may have very different learning objectives depending on the role and responsibility of the user or subject (see Table 1).  Therefore, you will want to craft measures that both reflect best practices and are contextually adaptable.  If you are under the EU AI Act, the learning outcomes will need to tie back to the competencies defined in Article 3(56), namely, the knowledge, skills, and understanding necessary to use AI responsibly and effectively. But even outside the EU, this structure provides a useful way to think.

Track your literacy program metrics. Even though output measures on areas like learning, knowledge transfer, and skills updates require extra thought, it is important to design learning objectives with success metrics baked in. When the time comes to assess impact, you will not be scrambling for proof points. Check with your Learning and Development or Training teams to understand how they have measured the success of previous training programs.

Structure the program to reflect how people actually learn and work. A strong baseline module for the whole workforce sets the stage, followed by layered, role-specific training based on real-world responsibilities. Organizations that do this well often build central learning hubs with resources categorized by topic and role, such as videos, cross-functional training recordings, explainer white papers, or visual tools that demystify AI systems.

Delivery should be flexible. Some teams will benefit from hands-on workshops, and others from self-paced online modules. If you have limited resources, start with the teams most impacted by or actively working with AI. Sales and marketing teams should not be overlooked. Equipping them with the language and understanding to speak confidently about secure and responsible AI use is often the difference between building trust with clients or creating confusion.

Finally, think beyond the classroom. Give people opportunities to apply what they are learning, like internal AI use case pitch days, or cross-functional forums for exploring ethical dilemmas and edge cases. The aim here is not just to train, but to embed AI literacy into how the organization thinks, builds, and operates.

Table 1. The learning objectives established for Personas by ForHumanity.

Persona 1: AI Subjects

●       Define the AI System

●       State the primary purpose of the AI System

●       Describe how their actions affect the output of the AI System

●       Give examples of what can go wrong when using the tool

●       Describe the process for reporting concerns about the tool, for seeking help, and opting out, if applicable

Persona 2: Employees

Persona 2 learning objectives include all of Persona 1 learning objectives and:

●       General AI safety knowledge

●       Corporate governance and organizational policies

●       Approved tool training for individual productivity and information

●       Employees as impacted stakeholders

Persona 3: Employees

Persona 3 learning objectives include all of Persona 1 and Persona 2 learning objectives, and the following AI System-oriented curricula (or equivalent):

●       Ethical Choice Curriculum

●       Nudge and deceptive pattern awareness

●       Automation bias

●       Disability inclusion and accessibility awareness

Persona 4: Top Management and Oversight Bodies

Persona 4 learning objectives include all of the following enterprise-wide considerations for AI Systems:

●       Establishing expert oversight

●       Establishing ethical oversight

●       Risk management policy

●       Data management and governance policy

●       Testing and evaluation processes and procedures

●       Transparency and documentation processes and procedures

●       Monitoring policy

●       Change management processes and procedures

●       Incident response processes and procedures

●       Vendor management processes and procedures

●       Secure development processes and procedures

●       Quality management policy

●       Decommissioning Policy

Persona 5: AI Leaders

Persona 5 should be trained and educated appropriately and proportionately according to their knowledge, expertise, impact, usage, and/or responsibility associated with the AI System in regards to the following learning objectives (as appropriate to the learner):

●       Understanding of direct and indirect stakeholders

●       Current awareness of risks and harms applicable to the AI System

●       State-of-the-art awareness of risk controls, treatments, and mitigations

●       Understanding of potential systemic risk

●       Establishing expert oversight

●       Establishing ethical oversight

●       Risk Management policy

●       Data Management and Governance policy

●       Testing and Evaluation processes and procedures

●       Transparency and Documentation processes and procedures

●       Monitoring Policy

●       Change Management processes and procedures

●       Incident Response processes and procedures

●       Vendor Management processes and procedures

●       Secure Development processes and procedures

●       Quality Management policy

●       Decommissioning Policy

 

Sustaining Your AI Literacy Program

An effective AI literacy program is an ongoing strategic commitment. Success requires a thoughtful allocation of resources, encompassing budget, time, and human capital. Funding external vendors or investing in online platforms is essential, as few organizations have the needed expertise to provide clear and effective training across all the needed domains (e.g., bias, cognitive bias, risk, privacy, security). Furthermore, ensuring that employees have the time, space, and managerial support needed to engage meaningfully with their learning is equally critical.

Prioritization is crucial. This is because resources in technology governance, compliance, and risk management teams are bound to be limited. Organizations must carefully balance their AI literacy needs against both identified risks and strategic goals. It can be valuable to document learning objectives clearly, even if these currently exceed available resources, because these documented gaps can help inform future program expansions and even shape recruitment strategies.

A realistic timeline is essential. Typically, a phased approach proves most practical, beginning with the teams that are working with high-risk AI systems and then progressively broadening out. This method ensures that training reaches those who need it most urgently, without overwhelming organizational capacities.

Embedding continuous learning is key. AI literacy should integrate seamlessly into regular employee development frameworks, onboarding routines, and team meetings. Equally important is cultivating a culture that encourages curiosity and critical thinking, so that employees feel empowered to question, explore AI’s capabilities and limitations, and critically assess AI-generated outcomes.

Organizations must stay current. Doing such allows them to maintain alignment with both technological and regulatory landscapes. Actively monitoring advancements in AI technology, regulatory guidance, and emerging governance best practices is fundamental in keeping the AI literacy program relevant and impactful.

Leveraging internal champions is also vital. Such champions may include AI ambassadors who can advocate, educate, and support their peers. Establishing internal communities of practice facilitates effective knowledge-sharing and building a collective organizational competency and culture around responsible AI.

Finally, robust feedback loops are indispensable. Regularly soliciting and analyzing qualitative and quantitative feedback from employees and external stakeholders ensures that the AI literacy program remains effective and adaptive. Continuous monitoring, auditing AI-related decision-making, and updating training based on insights from both internal feedback and external developments help pinpoint areas where governance processes could benefit from improvement. These practices collectively ensure the program remains responsive, practical, and strategically aligned with organizational goals.

Conclusion

Organizations that are successful in AI literacy programs have sponsorship at the top levels of leadership. Such sponsorship is essential not just for budget and visibility, but also because it sets the tone for engaged and proactive learning. When AI literacy is framed as part of the company’s culture and strategic priorities, it moves from being a compliance exercise to a key enabler of trust, innovation, and resilience. Leaders need to actively support efforts to map AI use across the organization, coordinate cross-functional learning initiatives, and create open channels for discussing AI risks and opportunities. When employees see leadership taking AI seriously, it legitimizes their own learning and decision-making.

Implementing and sustaining AI literacy across your organization is no small task, but it is central to operationalizing responsible and compliant AI governance. Organizations that embed AI literacy deeply into their culture, driven by clear direction from senior leadership and supported by a strategically aligned training program, are best positioned to navigate the complexities of the AI landscape. Done right, AI literacy becomes not merely a compliance necessity but a powerful enabler of trust, innovation, and resilience.

Katherine Grillaert Esther Y. Chung Laura Morgan Paul Crafer

Katherine Grillaert – Chief Strategy Officer, Assessed Intelligence Katie is an interdisciplinary scientist and entrepreneur with over a decade of leadership experience at the intersection of science, technology, and business strategy. As a certified auditor of AI systems, Fellow at ForHumanity in AI Governance and Ethics, and a responsible AI advisor to a United Nations initiative, she brings expertise in ethical frameworks, governance design, and regulatory compliance. Fueled by the belief that technology should serve humanity and with a strong stance against robot overlords, Katie has a passion for AI literacy and community education. Esther Y. Chung – Chief Privacy and Risk Officer, Assessed Intelligence Esther, a certified auditor and a Fellow in Ethics and AI Governance at ForHumanity, channels her background as a public interest attorney into a mission: advocating for the integration of fundamental human rights and ethical considerations into technology by design, and for community empowerment through education. She is dedicated to the secure and responsible adoption of AI, specifically through hands-on AI risk assessment and policy development, and she has played a key role in drafting independent audit certification schemes that meet the standards of global frameworks such as the GDPR, EU AI Act, NIST, and ISO. Laura Morgan – Chief Ethics Officer, Assessed Intelligence Laura possesses a unique blend of expertise at the intersection of AI ethics, evidence-based practice, and philosophy. As a ForHumanity Fellow in Ethics and Bias, she contributes to developing independent audit frameworks aligned with critical standards such as the EU AI Act, NIST, and ISO, with particular expertise in cognitive bias mitigation. As a professor of philosophy, she has taught courses across a range of philosophical domains, including applied ethics, moral philosophy, logic, and critical thinking. Her background in evidence-based medicine and applied ethics provides a unique approach to risk assessments and compliance guidance. Her focus is on translating complex ethical and technical concepts into actionable insights for responsible AI development and deployment. Paul Crafer – Vice President EMEA Services, Assessed Intelligence Paul spent over a decade at Apple in operational leadership roles and more than 20 years driving business development for global technology and business services companies. His career pivot toward AI governance and risk management underscores his commitment to making a meaningful impact at the intersection of technology and social sciences. Paul is a ForHumanity Fellow and a Certified Auditor of AI Systems and contributes significantly to independent audit frameworks aligned with the EU AI Act, GDPR, NIST, and ISO standards. Paul is passionate about understanding the geopolitical and societal implications of emerging technologies and, in doing so, works to minimize risks and maximize the benefits of technology for society.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts