Tiago Sérgio Cabral*
** PhD Candidate on the
College of Minho | Researcher at JusGov | Undertaking Professional for the Portuguese
workforce within the “European Community on Digitalization and E-governance”
(ENDE). Creator’s opinions are his personal.
Photograph credit score: Salino01,
through Wikimedia
Commons
Introduction to AI Literacy
beneath the AI Act
Beneath Article 4 of the AI Act (headed “AI literacy”),
suppliers and deployers are required to take “measures to make sure, to their finest
extent, a ample degree of AI literacy of their workers and different individuals
coping with the operation and use of AI programs on their behalf, taking into
account their technical information, expertise, training and coaching and the
context the AI programs are for use in, and contemplating the individuals or teams
of individuals on whom the AI programs are for use”. The idea of AI literacy
is outlined in Article 3(56) of
the AI Act as we are going to see beneath.
Article 4 is a part of a wider
effort by the AI Act to advertise AI literacy, which can also be mirrored in different
provisions reminiscent of these addressing human oversight, the requirement to attract up
technical documentation or the suitable to clarification of particular person
decision-making. Article 4 focuses on workers and other people concerned within the
operation and use of AI programs. As such, the principle consequence of this
provision is that suppliers and deployers are required to supply coaching for
workers and other people concerned within the operation and use of AI programs, permitting
them to acquire an affordable degree of understanding of the AI programs used
throughout the group, in addition to common information about the advantages and
risks of AI.
It is very important distinguish
between the foundations on AI literacy and the necessities on human oversight, in
specific Article 26(2) of the
AI Act. Beneath this provision, deployers will likely be required to assign human
oversight of high-risk AI programs to pure individuals who’ve the required
competence, coaching and authority, in addition to the required assist. The extent
of data and understanding of the AI system required of the human overseer
will likely be deeper and extra specialised than what’s required from all workers within the
context of AI literacy. The human overseer will need to have specialised information
in regards to the system that he/she is overseeing. The folks subjected to AI literacy
obligations require extra common information in regards to the AI programs used within the
group, significantly those with whom the workers is participating, together with
understanding of the advantages and risks of AI. The extent of AI literacy
required in organizations that develop or deploy high-risk programs will,
naturally, increased than organizations that deploy, for instance, programs topic
to particular transparency necessities. In any case, it is going to nonetheless probably be
decrease than one is required of a human overseer (though not restricted to
high-risk programs as the foundations for human oversight).
The scope of Article 4 of the
AI Act
AI literacy is a sui generis obligation
beneath the AI Act. It’s systematically positioned inside “Chapter I – Basic
Provisions”, and thus disconnected from the danger categorization for AI programs.
This may end up in important challenges in decoding the scope of the
obligations arising from Article 4 of the AI Act.
In actual fact, an remoted studying of this
provision may end result within the conclusion that AI
literacy obligations apply to all programs that meet the definition of an AI system
beneath Article 3(1) of the AI Act. Because the definition in Article 3(1) of the AI
Act is extraordinarily broad in nature, this is able to end in a big growth of the
scope of the AI Act, far past the normal pyramid composed of (i) prohibited
AI (Article 5 of the AI Act),
(ii) high-risk AI programs (Article 6
of the AI Act); and (iii) AI programs topic to particular transparency
necessities (Article 50 of the
AI Act). The chance categorization additionally contains general-purpose AI fashions and
general-purpose AI fashions with systemic danger, however the AI literacy obligation
beneath Article 4 seems to solely apply on to programs. Not directly,
suppliers of AI fashions will likely be required to supply suppliers of AI programs that
combine their fashions with ample info to permit the latter to
fulfil their literacy obligations (see, inter alia, Article 53(1)(b) of the AI
Act).
The abovementioned interpretation
doesn’t maintain, nonetheless, if we go for studying of Article 4 of the AI Act that
adequately considers the definition of AI literacy beneath Article 3(56) of the
AI Act. Article 3(56) of the AI Act lays down that AI literacy means the “expertise,
information and understanding that permit suppliers, deployers and affected
individuals, bearing in mind their respective rights and obligations within the
context of [the AI Act], to make an knowledgeable deployment of AI programs, as effectively
as to achieve consciousness in regards to the alternatives and dangers of AI and attainable hurt
it may well trigger”.
Suppliers and deployers of AI
programs that aren’t a part of the abovementioned categorization aren’t, strictly
talking, topic to any obligations associated to those AI programs– not less than none
arising from the AI Act. Likewise, the AI Act doesn’t grant affected individuals
any rights in relation to programs that aren’t a part of the “basic”
categorizations. Provided that the existence of rights and obligations are the
constructing blocs upon which the AI literacy measures must be designed, in the event that they
don’t exist, the logical conclusion is that the definition can’t be utilized
on this context. If the definition beneath Article 3(56) of the AI Act can’t be
utilized, Article 4 of the AI Act which solely depends upon this definition
can not apply both.
Enforcement
Along with points across the
interpretation of its scope, enforcement of Article 4 additionally raises important
questions. Article 99(3-5) of the AI Act doesn’t set up fines for the
infringement of AI literacy. As such organizations can’t be fined for failing
to fulfil their AI literacy obligations primarily based on the AI Act (if thought of in
isolation). Market surveillance authorities have enforcement powers that don’t
entail monetary sanctions, however it’s nonetheless a wierd situation for the AI Act
to determine an obligation with no corresponding effective which is arguably the
key sanctioning instrument. It additionally stays to be seen whether or not market surveillance
authorities will prioritize an obligation that the EU legislator didn’t
think about as important sufficient to benefit inclusion in Article 99(3-5) of the AI Act.
As well as, Member States might
use their energy beneath Article 99(1) of the AI Act to determine further
penalties and, by means of these, make sure the enforcement of Article 4 of the AI Act.
Nonetheless, this strategy dangers fragmentation and inconsistency, which is
undesirable.
Personal enforcement can also be a chance,
however whether or not within the context of tort legal responsibility or product
legal responsibility, it appears to us that proving damages and the causal hyperlink between
the behaviour of the AI system and the harm might proceed to be main
obstacles to the success of any makes an attempt. On this context, you will need to
observe that new EU
Product Legal responsibility Directive (relevant to merchandise marketed or put into
service after 9 December 2026) accommodates related provisions which will make
non-public enforcement simpler in opposition to producers sooner or later. Specifically,
Article 10(3) of the Product Legal responsibility Directive establishes that “the causal
hyperlink between the defectiveness of the product and the harm shall be presumed
the place it has been established that the product is flawed and that the harm
brought about is of a form usually per the defect in query”. In
addition, Article 10(4) addresses conditions the place claimants face extreme
difficulties, particularly as a consequence of technical or scientific complexity, in
proving the defectiveness of the product or the causal hyperlink between its
defectiveness and the harm by permitting courts to determine a presumption. Nonetheless,
on this situation, linking a breach of the duty to make sure AI literacy to a
defect in a product or a selected occasion of harm in any sort of
passable method appears difficult and unlikely to accepted by courts.
Lastly, though the AI literacy
obligations technically turned relevant on 2 February 2025, the deadline for
the appointment of Member State authorities is on 2 August 2025. As such, any
try of enforcement will probably be restricted throughout this era.
Identification of AI programs
as a preliminary step for the evaluation of literacy obligations
Though, as referred above, literacy
obligations aren’t relevant to programs outdoors of the danger categorization of
the AI Act, from an accountability perspective, suppliers and deployers who
wish to depend on this exception ought to nonetheless proceed an analysis
of the AI programs for which they’re accountable as a preliminary step. Solely
after figuring out the AI programs and evaluating whether or not they fall out of the
danger classes established by the AI Act can suppliers and deployers know with
an satisfactory degree of certainty that they don’t seem to be likewise topic to the
literacy obligations beneath Article 4 of the AI Act.
The GDPR in its place
supply of literacy obligations
For suppliers and deployers who
are appearing as knowledge controllers beneath the GDPR, you will need to observe that
non-applicability of Article 4 of the AI Act doesn’t exclude literacy and
coaching obligations which will come up beneath different EU authorized devices.
Significantly, for AI programs that rely on the processing of non-public knowledge for
their work, satisfactory coaching of workers could also be required to adjust to
controller accountability obligations and make sure that the measures carried out
by the controller to make sure lawful processing of non-public knowledge within the context
of the group’s use of AI (Articles 5(2) and 24 of the GDPR). Contemplating
the wording of Article 39(1)(b) of the GDPR, knowledge safety officers must be
concerned within the analysis of coaching necessities.
