Frequently asked questions
The key answers about the EU AI Act, Article 4 and the training.
What is the EU AI Act?
The EU AI Act (Regulation (EU) 2024/1689) is the EU's first comprehensive AI law. It regulates AI based on risk and entered into force on 1 August 2024; the obligations take effect in stages.
When does the AI literacy obligation apply?
The AI literacy obligation under Article 4 has applied since 2 February 2025. Companies must ensure sufficient AI literacy of their staff from that date.
Who does Article 4 apply to — providers, deployers, or both?
Article 4 applies to both providers (companies that develop or place AI systems on the market) and deployers (companies that use AI systems in the course of their activities). Anyone who uses AI — in any form — is subject to the obligation.
Does Article 4 only apply to high-risk AI?
No. The AI literacy obligation applies in principle to all providers and deployers that use AI systems — regardless of the risk class.
Does the AI literacy obligation apply even if we only use ChatGPT or Microsoft Copilot?
Yes. Anyone using AI systems such as ChatGPT, Microsoft Copilot, or similar tools in the course of business activities qualifies as a deployer under the EU AI Act — and is therefore subject to Article 4. The obligation applies whether your company develops AI itself or merely uses it.
Does the EU AI Act also apply to companies outside the EU?
Yes, in many cases. The regulation applies to providers that place AI systems on the EU market regardless of where they are established, and to deployers based in the EU. Companies outside the EU may also be covered when their AI systems are used in the EU.
Do all employees need to be trained?
Not necessarily every single employee — but all persons who use AI systems in the course of their work. Since AI tools are now widespread in marketing, HR, sales and administration, this affects a large share of the workforce in most organisations.
What are the key deadlines in the EU AI Act?
Since 2 February 2025 prohibited AI practices are banned and Article 4 applies. From 2 August 2025, obligations for general-purpose AI (GPAI) models and governance and penalties rules take effect. From 2 August 2026 the majority of provisions for high-risk AI systems become applicable; a transitional period for certain high-risk systems ends on 2 August 2027.
What fines apply for infringements?
For prohibited practices, up to €35 million or 7% of global annual turnover; for other breaches of the Act, up to €15 million or 3%; for incorrect information provided to authorities, up to €7.5 million or 1.5%. The higher amount applies in each case. For SMEs and start-ups, the lower of the two amounts applies as the cap.
How do I prove AI literacy?
The law prescribes no fixed format but requires appropriate and demonstrable measures. A documented training with a quiz, a personal certificate, and an automatic audit trail — with AI-Konform a Vanta-compatible ISO 27001 report — is a practical proof.
How long does the training take?
The training consists of 4 compact lessons and typically takes around 30–60 minutes per person in total — usually in a single session, or at your own pace if preferred. A short comprehension quiz follows each lesson; only after the final quiz is passed is the personal certificate issued automatically.
How is the training structured?
The training consists of 4 compact lessons: AI fundamentals, the EU AI Act, safe use of AI, and AI in everyday work. A short comprehension quiz follows each lesson; once all quizzes are passed, a personal certificate is created automatically.
How long is the certificate valid?
The certificate permanently and audit-proof documents the date, training content and passed quiz. The EU AI Act does not prescribe a fixed validity period. Many companies nonetheless plan regular refresher training — for example annually — to be able to demonstrate a current qualification during regulatory audits.
Which languages is the training available in?
In 26 languages: all 24 official EU languages plus Norwegian and Icelandic, so every employee can learn in their own language.
What does the training cost?
There are two billing models: Training credits (billed per training from prepaid credit, no subscription) and a savings plan with a volume discount for companies with ongoing demand. The scope of services is identical for both. The specific price in your local currency is shown on a no-obligation basis directly after registration.
Do we need our own IT infrastructure or servers?
No. AI-Konform runs entirely as a cloud solution — employees only need a personal access code and a browser, with no user account required. No dedicated IT infrastructure is needed.
How does user management work — roles and departments?
AI-Konform uses four roles: Management sets up the company, grants permissions, and sees the compliance score. Authorised users (e.g. department heads) manage their teams and request training. Accounting books billing plans (training credits/savings plans) and sees all bookings and training consumption per department — without access to employee or personal data. Employees complete the training via an access code. Employees can be imported as a list or added individually, organised by department.
Is the solution GDPR-compliant?
Yes. Hosting is exclusively in the EU (Frankfurt) — no third-country transfer. Data protection is built in from the ground up, and all certificates and audit trails are stored in the EU in a tamper-proof manner.
What does "AI literacy" mean under Article 4 in practice?
AI literacy means that employees understand the basic principles and limits of AI systems, can recognise opportunities and risks — such as errors, bias or "hallucinations" — and can critically assess results. The requirements depend on the specific context of use and the employee's role. The law prescribes no fixed format; what matters is that the measures taken are appropriate and demonstrable.
What risk categories does the EU AI Act define?
The EU AI Act classifies AI systems into four categories: unacceptable risk (prohibited, e.g. social scoring by authorities), high risk (strict requirements, e.g. AI in recruitment or credit scoring), limited risk (transparency obligations, e.g. chatbots) and minimal risk (no special obligations, e.g. spam filters). The AI literacy obligation under Article 4 applies regardless of risk category to all providers and deployers.
What is the difference between a provider and a deployer under the EU AI Act?
Providers develop, train and place AI systems on the market — for example, a software company that creates an AI-powered recruitment tool. Deployers use ready-made AI systems in the course of their own activities — for example, a company that uses ChatGPT or Microsoft Copilot in daily work. Those who only use existing AI services are typically deployers and therefore also subject to the obligations of the EU AI Act.
Which authority supervises the EU AI Act?
At EU level, the AI Office of the European Commission coordinates the implementation of the EU AI Act. In Germany, the Federal Network Agency (Bundesnetzagentur) is designated as the national market surveillance authority. The exact institutional setup is still being established in some member states.
Is the training certificate legally required or voluntary?
The EU AI Act does not prescribe a specific format for proving AI literacy. The European Commission explicitly states that no certification requirement exists — but the obligation to take appropriate and demonstrable measures does. A personal certificate with a passed quiz, date and unique ID is a well-established, verifiable proof that serves as evidence of due diligence during regulatory inspections.
Do employees need to refresh their AI training regularly?
The law does not prescribe a fixed repetition frequency. As AI technologies and the regulatory framework continue to evolve, many companies nonetheless plan regular refresher training — typically annually — so they can always demonstrate an up-to-date qualification during audits. New employees who use AI systems should be trained promptly after joining.
What is the Vanta/ISO 27001 audit report?
The AI-Konform audit report is an automatically generated, tamper-proof record of all completed training sessions — compatible with the Vanta compliance framework and the ISO 27001 standard. It documents each employee's date of completion, training content and quiz result. This allows you to prove compliance with the AI literacy obligation immediately during internal or external audits — exportable as CSV or PDF.
How quickly can new employees be trained after joining?
Since the training is fully online and takes around 30–60 minutes, new employees can be trained immediately after joining — with no fixed training dates or trainer capacity limits. Authorised users add the employee in the system, request the training, and the new person starts straight away with a personal access code. The certificate is issued automatically once the final quiz is passed.
Get started More on the EU AI Act
Information, not legal advice.