![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 27 27" xmlns="http://www.w3.org/2000/svg"><path d="M 24 0 C 25.657 0 27 1.343 27 3 L 27 24 C 27 25.657 25.657 27 24 27 L 3 27 C 1.343 27 0 25.657 0 24 L 0 3 C 0 1.343 1.343 0 3 0 Z M 4.137 23.25 L 8.163 23.25 L 8.163 10.25 L 4.137 10.25 Z M 18.519 9.853 C 15.767 9.853 14.605 11.989 14.599 12.001 L 14.599 10.25 L 10.737 10.25 L 10.737 23.25 L 14.599 23.25 L 14.599 16.426 C 14.599 14.597 15.441 13.509 17.052 13.509 C 18.532 13.509 19.243 14.555 19.243 16.426 L 19.243 23.25 L 23.25 23.25 L 23.25 15.02 C 23.25 11.537 21.276 9.853 18.519 9.853 Z M 6.131 3.75 C 4.816 3.75 3.75 4.824 3.75 6.148 C 3.75 7.473 4.816 8.548 6.131 8.548 C 7.446 8.548 8.512 7.473 8.512 6.148 C 8.511 4.824 7.446 3.75 6.131 3.75 Z" fill="rgb(255, 255, 255)" height="27px" id="TmfUJaOY1" width="27px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 27 27" xmlns="http://www.w3.org/2000/svg"><path d="M 7.934 0.081 C 9.374 0.015 9.833 0 13.5 0 C 17.167 0 17.626 0.016 19.064 0.081 C 20.503 0.146 21.485 0.376 22.344 0.708 C 23.243 1.048 24.059 1.579 24.735 2.267 C 25.422 2.941 25.952 3.755 26.291 4.656 C 26.625 5.515 26.853 6.497 26.919 7.933 C 26.985 9.375 27 9.834 27 13.5 C 27 17.167 26.984 17.626 26.919 19.066 C 26.854 20.502 26.625 21.483 26.291 22.343 C 25.952 23.243 25.421 24.06 24.735 24.735 C 24.059 25.422 23.243 25.952 22.344 26.291 C 21.485 26.625 20.503 26.853 19.067 26.919 C 17.626 26.985 17.167 27 13.5 27 C 9.833 27 9.374 26.984 7.934 26.919 C 6.498 26.854 5.517 26.625 4.657 26.291 C 3.757 25.952 2.94 25.421 2.266 24.735 C 1.579 24.06 1.047 23.244 0.708 22.344 C 0.376 21.485 0.147 20.503 0.081 19.067 C 0.015 17.625 0 17.166 0 13.5 C 0 9.833 0.016 9.374 0.081 7.936 C 0.146 6.497 0.376 5.515 0.708 4.656 C 1.048 3.756 1.58 2.94 2.267 2.266 C 2.941 1.579 3.756 1.047 4.656 0.708 C 5.515 0.376 6.497 0.147 7.933 0.081 Z M 18.955 2.511 C 17.532 2.446 17.105 2.432 13.5 2.432 C 9.896 2.432 9.468 2.446 8.045 2.511 C 6.728 2.571 6.014 2.791 5.537 2.976 C 4.908 3.222 4.457 3.512 3.985 3.985 C 3.537 4.421 3.192 4.951 2.976 5.537 C 2.791 6.014 2.571 6.728 2.511 8.045 C 2.446 9.468 2.432 9.896 2.432 13.5 C 2.432 17.105 2.446 17.532 2.511 18.955 C 2.571 20.272 2.791 20.986 2.976 21.463 C 3.192 22.048 3.537 22.579 3.985 23.015 C 4.421 23.463 4.952 23.808 5.537 24.024 C 6.014 24.209 6.728 24.429 8.045 24.489 C 9.468 24.554 9.894 24.568 13.5 24.568 C 17.106 24.568 17.532 24.554 18.955 24.489 C 20.272 24.429 20.986 24.209 21.463 24.024 C 22.092 23.778 22.543 23.488 23.015 23.015 C 23.463 22.579 23.808 22.048 24.024 21.463 C 24.209 20.986 24.429 20.272 24.489 18.955 C 24.554 17.532 24.568 17.105 24.568 13.5 C 24.568 9.896 24.554 9.468 24.489 8.045 C 24.429 6.728 24.209 6.014 24.024 5.537 C 23.778 4.908 23.488 4.457 23.015 3.985 C 22.579 3.537 22.049 3.192 21.463 2.976 C 20.986 2.791 20.272 2.571 18.955 2.511 Z M 11.776 17.662 C 12.739 18.062 13.811 18.117 14.809 17.815 C 15.808 17.513 16.67 16.874 17.25 16.006 C 17.83 15.139 18.09 14.097 17.987 13.059 C 17.884 12.022 17.424 11.052 16.685 10.315 C 16.214 9.845 15.644 9.484 15.017 9.26 C 14.39 9.036 13.721 8.953 13.059 9.019 C 12.396 9.084 11.756 9.296 11.185 9.638 C 10.614 9.98 10.126 10.445 9.756 10.999 C 9.386 11.552 9.143 12.181 9.046 12.84 C 8.948 13.498 8.997 14.17 9.19 14.808 C 9.384 15.445 9.716 16.031 10.163 16.525 C 10.61 17.018 11.161 17.407 11.776 17.662 Z M 8.593 8.593 C 9.238 7.949 10.003 7.438 10.844 7.089 C 11.686 6.74 12.589 6.561 13.5 6.561 C 14.411 6.561 15.314 6.74 16.155 7.089 C 16.997 7.438 17.762 7.949 18.407 8.593 C 19.051 9.238 19.562 10.003 19.911 10.844 C 20.259 11.686 20.439 12.589 20.439 13.5 C 20.439 14.411 20.259 15.314 19.911 16.155 C 19.562 16.997 19.051 17.762 18.407 18.407 C 17.105 19.708 15.34 20.439 13.5 20.439 C 11.66 20.439 9.895 19.708 8.593 18.407 C 7.292 17.105 6.561 15.34 6.561 13.5 C 6.561 11.66 7.292 9.895 8.593 8.593 Z M 20.828 8.041 C 20.401 8.035 19.994 7.863 19.692 7.561 C 19.39 7.259 19.218 6.852 19.211 6.425 C 19.205 5.998 19.366 5.585 19.659 5.275 C 19.809 5.115 19.99 4.987 20.191 4.899 C 20.392 4.81 20.609 4.763 20.828 4.76 C 21.048 4.757 21.266 4.798 21.469 4.88 C 21.672 4.963 21.857 5.085 22.012 5.241 C 22.168 5.396 22.29 5.581 22.373 5.784 C 22.455 5.987 22.496 6.205 22.493 6.425 C 22.49 6.644 22.442 6.861 22.354 7.062 C 22.266 7.263 22.138 7.444 21.978 7.594 C 21.668 7.887 21.255 8.048 20.828 8.041 Z" fill="rgb(255, 255, 255)" height="27px" id="nRjU8rtQC" width="27px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 26 27" xmlns="http://www.w3.org/2000/svg"><path d="M 26 13.584 C 26 6.08 20.177 0 13 0 C 5.818 0 0 6.08 0 13.584 C 0 20.362 4.752 25.982 10.969 27 L 10.969 17.511 L 7.668 17.511 L 7.668 13.585 L 10.969 13.585 L 10.969 10.59 C 10.969 7.187 12.907 5.307 15.877 5.307 C 17.3 5.307 18.789 5.572 18.789 5.572 L 18.789 8.914 L 17.147 8.914 C 15.535 8.914 15.031 9.963 15.031 11.037 L 15.031 13.584 L 18.636 13.584 L 18.057 17.51 L 15.031 17.51 L 15.031 26.999 C 21.243 25.981 26 20.361 26 13.583 Z" fill="rgb(255, 255, 255)" height="27px" id="rDyl5ps1z" width="26px"/></svg>)
EU AI Act compliance: five mistakes to avoid
Ervy Team
5 min read
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 40 40" xmlns="http://www.w3.org/2000/svg"><path d="M 0 0.549 L 14.701 16 L 29 0" fill="transparent" height="16px" id="gXlJV61ih" stroke-dasharray="" stroke-linecap="round" stroke-linejoin="round" stroke-width="7.5" stroke="rgb(31, 31, 31)" transform="translate(5 12)" width="29px"/></svg>)
Most HR and L&D teams have seen something about EU AI Act compliance by now – specifically Article 4, the AI literacy obligation that’s been in effect since February 2025 and applies to any company using AI tools. What’s less clear is what it actually requires. The regulation says staff (and that includes contractors and third parties) must have "a sufficient level of AI literacy" and largely leaves the rest to you.
The EU AI Act compliance bar for Article 4 is achievable and there’s no mandated curriculum, no certification, and no exam. The European Commission confirmed in May 2025 guidance that there’s no single right way to do it, so you have a lot of flexibility.
Most organisations though are using that flexibility as an excuse to do nothing – or to do the wrong thing. And with full EU AI Act enforcement set for August 2026, that’s about to become a much bigger problem.
We’ve gathered the five mistakes we see most often so you can avoid them (the last one will actually get you in trouble).
Mistake 1: You don't know how much AI you're already using
Most organisations underestimate how many AI tools are active in their environment. When HR and L&D teams think about AI literacy training, they think about the obvious ones: Microsoft Copilot, ChatGPT, maybe an AI-powered analytics dashboard. The actual list is much longer, but nobody is keeping track of it.
AI is embedded in tools your teams use every day without thinking of them as AI. Grammarly, Zoom’s and Microsoft Teams’ meeting summaries, Salesforce Einstein, the automated screening layer in your ATS, AI-generated insights in your finance software – most of these tools have introduced AI features in the last two years, often quietly.
Then there’s shadow AI – employees using ChatGPT, Claude, Perplexity, or other AI tools without IT’s knowledge or approval. A 2024 Microsoft survey found that 78% of AI users at work are bringing their own AI tools rather than waiting for officially sanctioned ones. These tools often process sensitive data: client information, internal documents, financial figures, personal data. Without training, employees have no sense of what’s safe to put in and what isn’t.
The EU AI Act requirements apply to all of these tools as well as the ones IT officially approved – and EU AI Act compliance starts with knowing what you’re actually dealing with.
So before you design a training program, do the inventory. Survey IT for sanctioned tools and survey department heads for what their teams are actually using. Check for AI features embedded in existing software. Include anything used by contractors or external partners on your behalf. You will be surprised how long this list gets.
Mistake 2: The generic course tick-box
The most common response to Article 4 is to buy an off-the-shelf "Introduction to AI" course, assign it to everyone, and consider the job done.
This doesn’t satisfy the EU AI Act compliance requirements.
The regulation is explicit that your training should come from your own AI policy and reflect the specific tools your organisation uses, the specific risks those tools carry, and the specific roles of the people using them. A generic course from a vendor’s content library covers none of this. It tells your employees what a large language model is, but it doesn’t tell them what to do when Copilot hallucinates a figure in a client report or how to flag a concern about your AI-powered recruitment screening tool.
Regulators investigating an AI Act breach will ask what training was in place. “We bought a general AI literacy course” is not the answer they will be looking for. If your AI use policy exists as a PDF, DOCX, or webpage, Ervy can turn it into a course in under seven minutes – lessons and quiz questions drawn from your actual content, including any diagrams or schematics in the document. All of it without needing to get IT involved.
Mistake 3: Everyone gets the same training
Even if you’ve built a course from your own AI use policy, you shouldn’t treat AI literacy as a single level of training that everyone receives identically. The EU AI Act compliance requirements are explicit here too: training should take into account the "technical knowledge, experience, education and training" of staff, and the context in which AI is used. Different roles carry different risk profiles, so your HR team, your finance team, and your C-suite shouldn’t sit or click through the same training.
In practice, this means thinking and training in tiers.
General awareness covers everyone in the organisation who might interact with AI tools, even occasionally (basically everyone). What tools the company uses and why, as well as the basic dos and don’ts – what’s safe to put into AI systems and what isn’t, and how to flag a concern.
Regular users need more depth, tailored to their function. Your marketing team using AI for content generation needs to understand copyright and brand risk. Your HR team using AI in recruitment needs to understand bias, discrimination risk, and the specific GDPR implications of processing candidate data through AI tools. Your finance team using AI for forecasting needs to understand data accuracy, liability, and what verification steps are expected before acting on AI outputs.
Power users and decision-makers – people managing AI implementations or making consequential decisions based on AI outputs – need the fullest picture: AI limitations and failure modes, oversight responsibilities, regulatory obligations relevant to their function, and incident reporting procedures.
The practical output of this step is a simple role mapping: which departments use which AI tools, what the specific risks are, and which training tier applies. It doesn’t need to be complicated. But it does need to exist, because without it you can’t demonstrate that your training program was proportionate and role-appropriate, which is exactly what Article 4 expects.
Mistake 4: Treating it as a one-off event
AI literacy is not a project with an end date that you can mark complete and move on.
The EU AI Act requirements don’t work that way. The Commission’s guidance is clear that AI literacy training should be ongoing as the environment keeps changing. Your AI stack will change, existing tools will add new AI features, policies will get updated. Every change comes with new risks and, ideally, should also come with an update in your AI literacy training.
If the last time your company updated its training was more than 6 months ago, chances are, it’s already outdated. If something goes wrong and regulators come knocking, it’s not likely to suffice.
The practical fix is holding short, recurring sessions rather than one long event and updating the content regularly. Tools like Ervy are built to avoid this mistake. Lessons are scheduled once and delivered automatically in Teams on a recurring basis. When your AI policy changes, you can either generate a new course from the updated document or add lessons to the existing one. New hires can be set up to join the training schedule automatically.
Mistake 5: No documentation
There’s no standalone fine for violating Article 4 of the EU AI Act, but a lack of AI literacy training will be treated as an aggravating factor when investigating other AI Act breaches. It’s very similar to health and safety training – you don’t get a fine for skipping training, but you do get one when someone falls off a ladder and the investigation finds staff had last been trained eighteen months ago.
The EU AI Act deadline for full enforcement is August 2026. By August, you need to make sure that you are not only regularly delivering company and role-specific AI literacy training to your staff but also documenting the whole process. Keep a record of which AI tools you use, which roles interact with them, what training was delivered, who completed it, and when it was updated. And there’s no mandated format – a simple spreadsheet works.
There are different tools that can make the recordkeeping part of things even easier. For example, Ervy logs training completion per person and per team – what course was delivered and when, which lessons were completed, when, and whether the quiz questions were answered correctly. All of it is exportable in an xlsx format.
What the EU actually expects
Part of why Article 4 has been ignored is that the EU AI Act has been treated as a future problem, when, in reality, the AI literacy obligation has already been in force since February 2025. If your organisation uses AI systems in the EU, you’ve been subject to it for over a year.
August 2026 is the EU AI Act compliance deadline most teams are tracking. That’s when full enforcement of the broader Act begins, including rules for high-risk AI applications. But you shouldn’t wait until August to start building an AI literacy program. Start doing it today.
All you need to satisfy Article 4 requirements is training that’s built around the AI tools your people use, the risks those tools carry, appropriate depth for different roles, delivered on an ongoing basis, with records.
That’s where Ervy can help: you can run AI literacy training in Microsoft Teams, the same way you’d cover onboarding or compliance. Ervy takes your existing AI use policy, turns it into a microlearning course automatically, and delivers it in two-to-three-minute lessons directly in Teams. Completion is tracked per person, so your documentation takes care of itself.
If you want the full step-by-step process before you get started – inventory, role mapping, what to document, all of it – we put it into a plain-language EU AI Act compliance checklist built specifically for HR and L&D teams. Everything you need to get EU AI Act compliance right.
