Yannick H.,
Too Long; Didn't Read
EU AI Act Article 4 makes AI training mandatory. What real AI literacy is and how to get started.
TLDR
The EU AI Act already requires companies to ensure AI literacy among all employees who use or operate AI systems. Most Swiss companies ignore that. The risk is not only regulatory: untrained teams make poorer decisions, trust AI output blindly, and underestimate data protection risks. Start with a simple competence assessment—not with a mandatory webinar.
Your team uses ChatGPT daily. Maybe Copilot. Maybe three other AI tools that different departments have subscribed to themselves. And nobody has trained them.
That used to be a management problem. From this year, it is a compliance problem.
Article 4 of the EU AI Act: what it actually says
The EU AI Act has been in force since August 2024. Most companies took note of that, filed it away, and moved back to business as usual. What was overlooked: Article 4 does not apply only to high-risk AI systems. It applies now, across the board, to everyone.
The article is short. Its brevity almost makes it seem less significant:
"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf."
In plain English: anyone who uses or operates AI systems is obliged to ensure that the people involved have sufficient AI literacy. Not at some point. Not when the other articles apply. Now.
"But we're in Switzerland." – Yes, we hear that often. And of course, Switzerland is not an EU member. But if you have EU customers, process EU data, or work with EU companies—and who doesn't—then the AI Act applies to your business activities with EU relevance. Not to mention that Switzerland is developing its own AI regulations, which are strongly aligned with the EU model.
The window in which "we'll take a look at it" is an acceptable answer is closing.
What "AI Literacy" really means
Here lies the biggest misunderstanding we keep seeing in our work.
"We use ChatGPT, we've got it under control" is not AI literacy. Just as "we held a workshop last month" does not amount to training.
AI Literacy is not a prompt-engineering course. It is the ability to use AI systems responsibly—to understand what these systems can do, where they fail, when not to trust them, and what consequences this has for decisions.
Concretely, that means:
What AI can and cannot do. Language models hallucinate. They produce plausible-sounding but factually incorrect answers with the same confidence as correct ones. Anyone who does not know this will not check. Anyone who does not check will make poor decisions based on AI output.
When AI outputs must be reviewed. Not every task carries the same risk. An AI that summarizes meeting notes needs less oversight than one that analyses contract clauses or evaluates financial data. Employees need to know and assess this difference.
Data protection and confidentiality. What may be entered into an AI system? What may not? Many teams do not know. We have seen companies where employees entered customer data, internal strategy documents, or HR data into external AI tools—without malicious intent, simply because no one explained why that was a problem.
How to recognize AI errors. Does the output sound too polished? Are the source references correct? Does the result fit the company's context? These are skills that can be learned.
That is AI Literacy. A whole spectrum. Not a one-hour webinar.
The mistake we see almost everywhere
We work with companies of all sizes and across industries. And the pattern is almost always the same: investment in AI tools, but not in the people who use those tools.
The result reminds us of a comparison we like to use. It is like buying a Formula 1 car and skipping the driving course. The car cannot race—the driver has to be able to do that.
Concretely: a pharmaceutical company introduced an AI research tool. Large budget, good integration. Six months later, it turned out the team barely questioned the findings because "the AI checked it." Review steps that had previously been mandatory were quietly skipped.
A bank rolled out GitHub Copilot for the development team. Without a policy, without training, without understanding that Copilot sometimes suggests outdated or security-critical code. Only after an internal audit did it become apparent that several vulnerabilities originated in AI-generated code that had been adopted unchanged.
These are not isolated cases. This is the normal state of unprepared AI adoption.
A pragmatic approach in four steps
No panic, no large-scale project. Here's the simple way to do it:
Step 1: Competence assessment – what is already there?
Before you develop a training program, you need to know where your team stands. Which AI tools are being used? By whom? In which processes? What do users understand about these tools—and what do they not understand?
This does not have to be a major study. A structured assessment lasting one to two days is enough to get a realistic picture. And most of the time, that picture is... sobering. Not because the employees are poor, but because no one ever explained what they were supposed to know.
Step 2: Define role-based training objectives
AI Literacy is not the same for everyone. What a developer needs to know differs fundamentally from what a marketing manager, a compliance officer, or a CFO needs to know.
Define three to four role groups in your company. For each group, identify: Which AI tools do they use? Which decisions do these tools support? What can go wrong if sound judgment is lacking?
Then turn that into concrete learning objectives. Not "knows what AI is" but "can identify the most common sources of error in this specific tool and classify outputs accordingly."
Step 3: Training program – but not a one-day event
This is the most delicate point. A one-hour workshop does not create AI Literacy. It creates a checkmark in the compliance log.
Effective AI training has several levels:
Basics (for everyone): What is a language model, how is AI output generated, what typical errors exist, and what are the basic rules for data protection when using AI.
Role-specific training (per role group): The concrete tools that group uses, with real examples from their day-to-day work.
Ongoing reinforcement: Short updates when new tools are introduced. Case studies from your own company when errors happen. An internal forum for questions.
Step 4: Measure effectiveness – and iterate
How do you measure whether the training worked?
Not with a quiz at the end of the workshop. But with indicators from everyday work: Are AI outputs being questioned more critically? Are there fewer data protection violations related to AI tools? Do teams escalate unsafe AI decisions to their managers instead of implementing them quietly?
That requires baseline data—that is why step 1 is not optional.
Thinking industry-specifically works better
In Switzerland, there are industries for which AI Literacy is particularly urgent—and where the specific requirements vary greatly.
In banks and insurance companies, FINMA compliance is relevant when AI-supported decisions are involved. Anyone using AI in credit decisions, risk models, or customer communication bears a special duty of care.
In the pharmaceutical and medical technology industries, regulatory validation of software systems is common—and AI tools are increasingly falling under this. Employees who use AI tools in processes requiring documentation must know the limits of these systems.
In manufacturing, AI-supported process optimization and predictive maintenance applications are growing rapidly. Anyone basing production decisions on AI recommendations must know the model's susceptibility to error.
What they all have in common: the regulatory requirements are becoming more specific, not more general. Generic AI training will not be sufficient in the long term.
What this means for your company
If your company uses AI tools—and almost every company does, whether knowingly or not—then you are already making decisions today under the umbrella of the EU AI Act.
That does not mean you need a complex training program immediately. It means you need to start. Documented. Structured. With a clear owner.
A first honest check: Can you answer today which AI tools are used in your company, by whom, and what those people know about them? If not, that is the starting point.
(We help with the AI Readiness Check if you lack an overview. More on that in our article about AI Readiness.)
The next step
Forget the big training plan for now. Tomorrow, do exactly one thing: write down which AI tools are used in your company and who uses them.
That is not a major analysis. An hour, maybe two. But without this list, you do not know where the training needs to start. And you cannot prove that, as a company, you take the obligation from Article 4 seriously.
If you need support with this step or want to get started right away with a structured AI enablement program, take a look at what we do in the area of AI for Business. No generic workshops—training programs that fit your real AI use cases.
