AI Literacy: What You Need to Know
Artificial intelligence (“AI”) literacy is a new buzz word in the AI and data governance domain. The reason for this increased focus? A wave of regulatory guidance and requirements in the UK and the EU effectively makes AI literacy a must-have for organisations that develop, deploy, or use AI. Beyond simply upskilling staff, AI literacy offers a significant advantage: it enables core functions to effectively screen, detect and manage AI risks, ensuring compliance with the relevant regulatory requirements.
This blog post breaks down the AI literacy guidance and requirements in the UK and the EU and explains their practical significance for your organisation.
What is AI literacy exactly?
AI literacy broadly refers to the skills and knowledge needed for AI providers and users to develop, deploy, interact with, and otherwise handle the technology safely, lawfully, and ethically.
The EU AI Act provides a legal definition, conceptualising AI literacy as “skills, knowledge and understanding that allow providers, deployers and affected persons, taking into account their respective rights and obligations in the context of [the EU AI Act], to make an informed deployment of AI systems, as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause”.
As well as being very broad and prescriptive, we note that the definition offers guidance on the types and sophistication of competences expected from AI providers, deployers and their personnel to manage AI and its implications. We discuss these practical requirements in more detail below.
AI literacy in the UK: A practical necessity
While current UK legislation doesn't explicitly mandate AI literacy, the UK's regulatory approach to AI effectively necessitates it. The UK government has been promoting wider, responsible AI adoption. These pro-innovation plans, however, come with some guardrails against AI’s implications attached. AI providers and deployers in both the public and private sectors are expected to guarantee safety, technical resilience, and fundamental human rights through technical standards and assurance controls. These include risk and impact assessments, audits, performance testing, and mitigation measures.
Effective implementation of these safeguards requires AI providers and deployers to cultivate and maintain the necessary knowledge, understanding, and practical skills within their core teams. AI literacy training is not a ‘nice to have’ – it’s essential.
Various policy documents – such as the UK’s National AI Strategy, the Generative AI Framework for HM Government and the Information Commissioner’s Office Guidance on AI and Data Protection -- also stress the need for AI literacy and associated trainings to upskill employees and facilitate safe, lawful, and ethical use of AI. This guidance is particularly relevant for governmental, public and private organisations engaged in the delivery of public services or in personal data processing.
Future legislation may explicitly require competence building. The proposed AI Regulation Bill and Artificial Intelligence (Regulation and Employment Rights) Bill both envisage safeguards and governance mechanisms (e.g. AI officer, risk and impact assessment, bespoke employee rights) to manage AI’s implications. If these proposals become law, compliance would require capacity building among key management and relevant functions.
How does the EU AI Act's AI literacy obligation affect UK-based organisations?
The EU AI Act explicitly requires AI providers and deployers to ensure AI literacy. This obligation is far-reaching due to its broad scope:
- Covered entities, namely providers and deployers of any AI system (not just high-risk) marketed or used in the EU or the output of which is used in the EU;
- Expected In-house competences and measures, nurturing knowledge, understanding and skills for risk management and compliance with the EU AI Act and other relevant legislation;
- Individuals who should achieve AI literacy, i.e. Staff, vendors, customers, and other partners dealing with AI (whether on the provider- or deployer-side).
The EU AI Act sets a high bar: AI providers and deployers must ensure “to their best extent” a “sufficient level of AI literacy”. They should consider the context, including personnel’s background and capabilities, the AI application, and its impact on third parties.
The EU AI Act’s AI literacy obligation applies to UK-based providers and deployers if they place an AI system on the EU market, put it into service in the EU, or use the output of an AI system in the EU. This obligation came into effect on 2 February 2025.
Practical Implications: What do you need to do?
Ensuring sufficient AI literacy requires measures of varying scope and intensity, depending on the organisation’s role as a provider or deployer, specific AI uses, required competencies, etc. Assuming organisations often use third-party AI while developing their own models or fine-tuning generative AI, AI literacy would, at a minimum, include:
- Tone from the top: Promoting a culture of risk awareness and management.
- KYAI (Know Your AI): Understanding the specific uses, benefits, risks, performance, trade-offs, mitigations, and controls involved.
- Identification of the functions to be trained, and their specific remits and needs
- Customisation and contextualisation of trainings to specific remits, needs, and context
- Introductory training for the separate types of functions regarding benefits, risks, regulatory requirements, and practical safeguards specific to the AI developed/used by the organisation
- Refreshers on significant changes to the use of AI systems of the organisation's use policies, on the identification of new risks, or following major incidents.
Need help with AI literacy? Our briefing on practical implementation and expert advice is just an email away. Contact Kate Collocott at
