AI Act (EU)
The AI Act is the European Union regulation that governs artificial intelligence. It sorts AI systems by risk and places obligations on anyo...
Read definitionAI literacy is the knowledge and judgement people need to use AI responsibly: understanding what a model can do, checking its output, protecting data, and recognising risks such as hallucination, bias, and over-automation.
AI literacy is the knowledge, skills, and judgement people need to use AI responsibly. It means knowing what an AI system can do, where it fails, which data may be used, and when a human needs to check or decide.
It is not the same as being able to build models. Most people in a company do not need to train a neural network or tune a language model. They do need to understand that an AI answer can sound fluent and still be wrong, incomplete, biased, or based on information they were not allowed to paste into the tool.
A useful analogy is a very confident new colleague. The colleague writes quickly, answers every question, and sounds certain. AI literacy is knowing when that work is good enough to reuse, when it needs checking, and when it should not have been asked in the first place.
The term appears directly in the EU AI Act. Article 3(56) defines AI literacy as the skills, knowledge, and understanding that allow providers, deployers, and affected people to make informed use of AI systems and understand their opportunities, risks, and possible harms.
Article 4 matters for any organisation that provides or deploys AI systems in the EU. The original AI Act rule started applying on 2 February 2025 and required measures to ensure a sufficient level of AI literacy for staff and other people using AI systems on the organisation's behalf.
The wording is changing. On 29 June 2026, the Council gave its final green light to the Digital Omnibus on AI. The adopted text replaces Article 4 with softer wording: providers and deployers must take measures to support the development of AI literacy, taking into account technical knowledge, experience, education, training, the use context, and the people affected by the system. The same text says this does not mean guaranteeing a specific level of AI literacy for each individual.
That nuance matters. AI literacy is still not optional, but it is not a fixed certificate, a single mandatory course, or a one-size-fits-all exam. It is a role-based, context-based obligation. Keep a dated compliance note, because the Digital Omnibus enters into force only after publication in the Official Journal and the usual three-day entry period.
Capabilities and limits
A language model predicts and generates text. It does not automatically know your latest prices, contracts, policies, or customer history unless you connect that information safely.
Invented output
An AI system can invent a source, a date, a legal reference, or a product detail while sounding confident. That is the practical risk behind hallucination. Names, numbers, dates, prices, and legal claims need verification before they leave the company.
One-sided results
AI systems can repeat patterns from their training data or from your own historical data. This is where bias matters, especially in recruitment, credit, customer treatment, education, and any workflow that affects people.
Data protection
Customer data, employee records, contracts, and confidential business information do not belong in a public tool unless your organisation has approved that use and the vendor terms support it.
Human decision points
When an AI-assisted decision can affect someone's rights, job, loan, access to service, or reputation, a human needs the skills and authority to challenge the output.
Enough depends on the role and the risk. A sales colleague using Copilot to draft a first version of an email needs a different level of training from a HR team using AI to screen CVs, or a data team selecting a model for a customer-facing process.
For most staff, the baseline is practical: what AI tools are approved, which data may be used, how to check output, how to report a problem, and when to involve a person. For teams using AI in decisions about people, training should go deeper into bias, human oversight, record keeping, and the limits of the specific system.
For technical, legal, procurement, and management roles, AI literacy also includes governance. They need to understand the difference between provider and deployer, the risk categories in the AI Act, vendor documentation, logging, and how AI use fits with GDPR and internal data rules.
Training should also repeat. Tools change, vendors add features, colleagues join, and the law evolves. A short baseline session, role-specific scenarios, and a light evidence file usually beats one long workshop that nobody revisits.
Prompt engineering is about giving better instructions to an AI model. It helps you ask clearer questions, provide context, control format, and get more useful output.
AI literacy is broader. It includes prompt quality, but also asks whether the tool is appropriate, whether the data may be used, whether the answer needs checking, whether bias could harm someone, and who is responsible for the final decision.
In practice, prompt engineering is one skill inside AI literacy. Someone can write a neat prompt and still be careless with confidential data or unverified output. An AI-literate person knows the whole workflow, not only the wording of the request.
Map actual AI use
Include unofficial use. The person quietly using ChatGPT to draft quotations is part of the risk picture, even if the tool is not in the IT catalogue.
Set simple rules
Write down which tools are approved, which data is off-limits, which outputs need review, and who decides when there is doubt. One clear page is better than a policy nobody opens.
Train with real work
Use examples from the team: a customer email, a supplier contract summary, a support response, a dashboard explanation, or a recruitment scenario. People remember risks when they recognise the task.
Split training by role
Everyone gets the basics. People using AI for decisions about customers, employees, students, or citizens get deeper training. Technical and procurement teams learn how to assess tools and vendors.
Keep evidence
Track who received which training, which rules apply, which tools are approved, and when you reviewed them. The European Commission's repository of AI literacy practices can provide examples, but copying a practice does not create a presumption of compliance.
For a small company, the aim is not to build a legal theatre. The aim is that people know what they are using, where the risk sits, and when to slow down before AI output becomes a business decision.
The AI Act is the European Union regulation that governs artificial intelligence. It sorts AI systems by risk and places obligations on anyo...
Read definitionAn AI agent is an AI system that autonomously plans and executes multiple steps to reach a goal. It uses a language model as its brain and c...
Read definitionAn AI harness is the software layer around a language model that turns it into a working agent. It manages the loop, tools, context, permiss...
Read definitionAnomaly detection automatically flags data points, events, or patterns that do not fit normal behaviour. It can catch odd invoices, machine ...
Read definitionAn approval workflow routes a request to the people who must sign off before it takes effect. A purchase, an expense, a data change, or an a...
Read definition
The June 2026 Power BI Desktop Bridge lets an agent build and verify reports. Here is how to enable it and install the two CLIs the docs lea...
Simple guide to set up version control for Power BI using PBIP, Git and clean repo structures. Learn branching, deployments and safe AI work...