AI literacy training for employees: DACH proof for authorities under EU AI Act Art. 4
Since 2 February 2025, the AI training obligation under Article 4 of the EU AI Act has been binding. Here's what proof that stands up before authorities looks like in Germany, Austria and Switzerland — and how the PASSION4IT Academy AI driver's licence closes the gap between obligation and practice.
The training obligation under EU AI Act Art. 4 is legally binding for all operators and providers of AI systems — regardless of company size. Since 2 February 2025, companies have had to train their staff in AI competence. A certificate alone is not enough for robust compliance: what matters is the combination of role-specific training and the durable embedding of compliance into daily work.
For companies in the DACH region that means: anyone deploying AI systems must document that their staff can handle AI safely. From August 2026 at the latest, national authorities will check whether this proof exists. The scope covers providers, operators and using organisations, insofar as they develop, supply or deploy AI systems within the company.
This article is for managing directors, HR leads and compliance officers in mid-sized companies who want to understand what the AI regulation concretely requires, what proof that stands up before authorities looks like, and which implementation paths realistically work in the mid-market.
What you’ll take away from this article:
- Which obligations EU AI Act Art. 4 concretely creates for your company — and since when.
- How proof for authorities must be structured to hold up under review.
- What Germany, Austria and Switzerland each regulate specifically.
- Why the PASSION4IT Academy, with its AI driver’s licence, closes the gap between obligation and practice in the mid-market.
- Which concrete steps you should take now to become compliant.
What do AI literacy and the training obligation under EU AI Act Art. 4 mean?
AI literacy under Article 4 of the EU AI Act is not an abstract knowledge quiz. It’s about documented competence for the safe, responsible use of AI systems in the specific work context. The regulation defines AI competence in Art. 3(56) as the skills, knowledge and understanding that enable informed AI use — including the ability to weigh opportunities, risks and potential harm.
The legal framework is clear: Regulation (EU) 2024/1689 entered into force on 1 August 2024. Chapters I and II, which include Article 4, have applied directly since 2 February 2025. For DACH companies that means the obligation exists today. It applies regardless of the systems’ risk class — to all companies using AI systems, not only operators of high-risk AI systems.
Affected companies and staff groups
The reach of the training obligation is deliberately broad. All employees who use or develop AI systems are affected. This covers not only IT departments or developer teams, but explicitly also staff in HR, marketing, sales and customer service — every department that comes into contact with AI tools.
Affected are all providers and operators of AI systems. That spans from the large corporation developing its own AI applications to the 30-person business using a chatbot in customer service or AI-assisted recruiting software. It applies equally in regulated sectors such as banks or insurers, where AI use touches particularly sensitive processes. Companies from third countries also fall under the regulation if their AI products are used in the EU internal market — so-called extraterritoriality.
Special requirements apply to public-sector organisations and operators of critical infrastructure. Authorities deploying AI systems must ensure their staff understand the risks and limits of these systems — precisely because AI outputs here can directly influence decisions about individuals. AI systems posing an unacceptable risk have been banned since February 2025. Art. 4 also expressly covers service providers, freelancers and other people who handle AI systems on a company’s behalf. The training obligation does not end at the company boundary.
The duty of proof towards supervisory authorities
The Bundesnetzagentur will be the national supervisory authority in Germany. The AI Act begins supervision by national authorities from August 2026 — from that point, reviews will actively take place.
For proof, documentation of the training content and participation is required. Concretely, it should cover: the goals and content of the training, participation or completion records with a personalised certificate, a role matrix showing which staff groups use which AI systems, and an inventory of all AI tools and applications deployed in the company.
There is no official form for the proof, and the AI Act prescribes no specific certification. That sounds like freedom, but it’s a challenge — companies must develop individual training concepts. A retention period of ten years is recommended, analogous to tax compliance requirements.
Faulty AI use can create civil liability risks. Anyone who cannot present a documented training concept after AI-related harm risks the charge of organisational negligence. Preventive proof is therefore essential not only in regulatory terms but also for liability.
DACH-specific implementation requirements
The AI regulation applies directly in all member states — and yet the implementation conditions in Germany, Austria and Switzerland differ considerably. All organisations in Germany are obliged to ensure competence-building. In Austria, sector-specific training offers already exist, with funding via AMS, WKO and WIFI. In Switzerland the EU AI Act does not apply automatically, but because of its extraterritorial effect Swiss providers are affected as soon as their AI products are offered on the EU market or their outputs are used in the EU internal market.
The EU plans an AI Act Service Desk to support companies. In Germany, the Bundesnetzagentur’s AI Service Desk already serves as a point of contact for implementation questions.
Compliance requirements in detail
The training must be matched to the risk level of the AI systems in use. An employee using an AI-assisted chatbot for internal knowledge bases needs a different competence level than an HR lead deploying AI-based recruiting software whose results directly influence hiring decisions. Training content must be aligned to technical knowledge and the context of use.
The training should be modular and role-specific and cover both the opportunities and risks of AI applications — including data protection, ethical questions and the ability to critically assess AI outputs. Insufficient AI competence can lead to data protection breaches: a risk that weighs heavily precisely when handling personal data.
In employment-law terms the classification matters: AI training mandated by the employer counts as working time and must be paid accordingly. Regular refresher training is recommended — not just one-off mandatory sessions, but continuous updating when new AI tools or changed risks appear.
Developing internal AI use policies is decisive. Without clear rules on which AI applications are permitted, how data may be entered and how AI outputs are to be handled, shadow AI arises: staff use AI tools on their own initiative without the company knowing or being able to steer that use.
Regulatory reviews and sanction risks
What happens in a regulatory review without sufficient proof? A breach of the training obligation currently carries no direct fine — that’s the important nuance. Art. 4 itself does not currently define its own fine categories. Breaches can, however, fall under the general sanction system of Art. 99 of the AI Act. For serious or repeated breaches, fines of up to EUR 35 million or 7 percent of global annual turnover are possible there.
In the first implementation phase, some measure of proportionality can be expected from the authorities. Anyone who can present a documented training concept at the time of the first reviews — even if it isn’t fully rolled out yet — is in a far better position than a company with no measures at all. Missing or incomplete documentation not only leads to regulatory consequences but also weakens the position in civil disputes.
The so-called Digital Omnibus proposal by the EU Commission aims at simplifications, particularly for SMEs. It has, however, not yet been finally adopted and made legally binding.
The practical solution: the PASSION4IT Academy AI driver’s licence
This is where the most underestimated problem of mid-market digitalisation lies: the best technology fails if the people in front of it don’t understand it, don’t want to use it, or don’t know how to use it safely. On-site training ties up a whole working day, costs travel and downtime, and by the next day half of it is forgotten. Classic e-learning platforms like LinkedIn Learning offer content, but no structured proof documentation, no link to the daily reality of the mid-market and no compliance logic under EU AI Act Art. 4.
The PASSION4IT Academy is not a classic e-learning platform. It’s a practice-oriented further-training layer that delivers digital competence in learning blocks of 15 to 20 minutes: focused, device-independent, self-paced and designed for the entire workforce. No prerequisites, no IT jargon. The Academy closes the gap between the leadership decision and employee adoption — the point at which digitalisation in the mid-market most often fails.
AI driver’s licence under EU AI Act Art. 4
The PASSION4IT Academy AI driver’s licence is built from four learning blocks of 15 to 20 minutes each:
- AI fundamentals: what is artificial intelligence, how do AI systems work, where do opportunities and limits lie?
- Safe AI use: handling AI in daily work, avoiding shadow AI, internal policies.
- Risk assessment: interpreting AI outputs, spotting hallucinations and bias, handling high-risk scenarios.
- Data protection and compliance: GDPR-compliant AI use, transparency obligations, documentation.
The EU AI Act requires transparency obligations for AI applications — the AI driver’s licence conveys exactly this knowledge, in a practical way that non-IT people understand. Each learning block ends with a final test. At the end there’s a certificate as proof of competence for regulatory reviews — not a mere attendance slip, but evidence of demonstrable competence.
The pricing: EUR 59 per user per year. Scalable with no on-site effort, no trainer costs, no room hire. Device-independent — whether on desktop, tablet or smartphone.
Comparison: PASSION4IT Academy vs. alternative training formats
| Criterion | On-site training | Classic e-learning | PASSION4IT Academy learning blocks |
|---|---|---|---|
| Time per employee | 4–8 hour seminar day | 1–3 hours in one go | 4 × 15–20 minutes, flexible |
| Scalability | limited by trainers and rooms | high, but low completion rates | high, with documented completion rate |
| Proof for authorities | attendance list, no learning record | usually only an attendance certificate | certificate with final test and learning progress |
| Cost per employee/year | EUR 300–800 + downtime | EUR 20–50 (no compliance logic) | EUR 59 (AI driver’s licence) |
| Role-specific content | depends on the trainer | rarely tailored to the mid-market | designed for non-IT people, practical |
| Transfer to practice | low after two weeks | very low | immediately applicable at work |
For a mid-sized company with 100 employees, the ROI difference runs into the tens of thousands of euros per year — and that’s before you factor in the reduced liability risk and the productivity gain from competent AI use.
Further PASSION4IT Academy modules: Cyber Security for EUR 39, Digital Work with Microsoft 365 for EUR 39, and the Business Bundle with all modules including Building Leaders for EUR 99 per user per year.
Implementation and documentation
The rollout follows a clear sequence:
- Needs analysis: create an inventory of all AI systems, define a role matrix — which staff groups use which AI tools in which context. An AI readiness check provides the necessary orientation here.
- Rollout: set up access, assign learning paths, communicate the timeframe. Not an IT project — cloud-based, with no local installation.
- Progress tracking: the Academy automatically documents learning progress, completions and certifications — exactly the data required in regulatory reviews.
- Integration: connection to existing HR systems and compliance processes. Audits become a documentable procedure rather than a stress test.
Michael Fischer, ABF Synergie GmbH, sums it up: “In 15 to 20 minutes I always take away something concrete.” That’s the difference between a learning block and a classic e-learning module: focused, practical, immediately applicable.
Anyone who wants to settle the strategic framing first starts with an AI workshop for managing directors — without IT knowledge, with a clear focus on decisions rather than technology.
Common challenges and approaches
The regulatory requirements are clear. Implementation in the mid-market nonetheless often fails on three typical hurdles that have less to do with the law than with the business.
Employee acceptance and learning motivation
Problem: AI training is perceived as an extra burden. A whole seminar day for a topic that feels abstract to many creates resistance rather than trust. The result: low participation, even lower transfer to practice.
Solution: learning blocks of 15 to 20 minutes with immediate practical relevance. Each block conveys one concrete topic — for example, how to safely use a chatbot for customer enquiries, or why you shouldn’t enter confidential data into public AI tools. The knowledge is applicable the same day; the application rate is measurably higher than with day seminars.
Budget constraints and ROI proof
Problem: many mid-sized companies are unsure whether the investment in digital training pays off — especially with an obligation whose fine risk isn’t yet directly enforced.
Solution: at EUR 59 per user per year, the cost question is clearly answerable. A single data protection breach through uncontrolled AI use costs many times that. The Academy delivers measurable competence development through documented completions and at the same time reduces the liability risk that looms without proof. That’s not value on paper but calculable liability protection.
Technical integration and IT resources
Problem: mid-market IT departments are already stretched. The fear of having to implement a complex learning management system blocks adoption.
Solution: the Academy is cloud-based, with no local installation and device-independent access. No IT project, no rollout by the IT department — set up access, done. The automatic documentation of learning progress and certifications runs in the background, with no extra administrative effort.
Conclusion and next steps
The AI literacy training obligation under EU AI Act Art. 4 has been legally binding since 2 February 2025. From August 2026, national authorities will check whether companies meet their obligations. The requirements are clear: role-specific training, documented learning progress, a traceable training concept. Digitalisation in the mid-market doesn’t fail on missing technology — it fails because people don’t understand the technology, don’t want to use it, or don’t know how to use it safely.
Your immediate action steps:
- Take stock: create an inventory of all AI systems and applications — which AI tools are used where, by whom and with which risks?
- Define staff groups: which roles have which AI contact? Create a role matrix with risk profiles.
- Develop internal policies: define clear rules for AI use — before shadow AI arises.
- Choose a training solution: start the rollout with the PASSION4IT Academy AI driver’s licence — EUR 59 per user per year, with a certificate and automatic proof documentation.
- Secure documentation: ensure training records are kept for at least ten years.
Strategically, mandatory AI training is not only a compliance topic but a layer of digitalisation: those who enable their workforce today benefit tomorrow from more competent AI use, fewer errors and higher productivity. For knowledge work, context retention and building a structured organisational memory, it’s worth a look at amaiko — a standalone AI building block that makes company knowledge intelligently accessible.
Further resources
- AI driver’s licence: EU AI Act Art. 4 mandatory training in the mid-market — how the mandatory training is structured and why a certificate alone is not enough.
- How do I train 50 employees in AI — without on-site effort and high costs? — the scalable rollout path for larger workforces.
- Cyber security training for the mid-market: certified and online — the complementary Academy module for safe workflows.
Meet the AI training obligation now — with the PASSION4IT Academy AI driver’s licence. Role-specific learning modules, automatic proof documentation and certificates, so you meet the EU AI Act’s requirements efficiently and make your staff confident in handling AI.
Get to know the AI driver’s licence in an initial consultation.
Frequently asked questions
Who is affected by the training obligation under EU AI Act Art. 4?
All operators and providers of AI systems — regardless of company size. This covers every company using AI tools, from an AI-assisted chatbot to AI-based recruiting software. Affected are all staff who use, develop or are responsible for the deployment of AI systems — so not only IT, but also HR, marketing, sales, customer service and executives. Freelancers or service providers working with AI on the company’s behalf also fall under the obligation.
What proof must be presented in regulatory reviews?
There is no official form. Companies must, however, present a documented training concept covering: an inventory of all deployed AI systems, a role matrix of the affected staff groups, the learning goals and content of the training, personalised participation and completion records, and proof of regular updating. The recommended retention period is ten years.
How does the PASSION4IT AI driver’s licence differ from other e-learning offers?
The AI driver’s licence delivers competence in four learning blocks of 15 to 20 minutes that are immediately applicable at work. Each block ends with a final test and leads to a certificate. The automatic documentation of learning progress is specifically geared to the proof requirements of EU AI Act Art. 4. Unlike generic platforms, the content is designed for non-IT people and tailored to mid-market needs.
Can existing training be recognised as proof?
In principle yes — the AI Act prescribes no specific certification. Existing training is only recognised, however, if it meets the requirements: role-specific and tool-appropriate content, documented participation, demonstrable learning goals and a link to the AI systems actually in use. A general AI seminar without a link to the work context is not enough. A certificate alone is also insufficient for robust compliance — what matters is the overall concept.
What does implementing the mandatory training cost per employee?
The AI driver’s licence costs EUR 59 per user per year. For comparison: on-site training typically runs to EUR 300–800 per employee plus downtime and travel costs. The Cyber Security training is EUR 39, Digital Work is EUR 39, and the Business Bundle with all modules is EUR 99 per user per year.
How is the training classified in employment-law terms?
AI training mandated by the employer counts as working time and must be paid accordingly. The documentation must record when and to what extent training took place. The advantage of short learning blocks: 15 to 20 minutes are far easier to fit into the working day than a whole seminar day.
What fines loom for non-compliance?
A breach of the training obligation under Art. 4 currently carries no direct fine. Breaches can, however, fall under the sanction system of Art. 99, which provides for fines of up to EUR 35 million or 7 percent of global annual turnover. Independently of that, missing training records can lead to civil liability for organisational negligence in the event of AI-related harm.
Can Swiss and Austrian companies use the same proof?
The core requirements of EU AI Act Art. 4 apply uniformly across the EU and, through extraterritoriality, also to Swiss companies with an EU market link. The proof structure — training concept, role matrix, participation records, certificates — is valid across borders. In Austria, additional funding offers exist via AMS, WKO and WIFI. Swiss companies should check whether their AI products or outputs are used in the EU internal market — if so, the same obligations and proof requirements apply.