AI training obligation: what the AI Act means for personnel development
Artificial intelligence is no longer a topic for the future; it is part of everyday working life. Chatbots, automated decisions, generative text tools: AI is already in use in many companies, often without employees knowing what rules apply. That changed on February 2, 2025. Article 4 of the EU AI Act sets out a clear requirement: anyone who uses or develops AI systems must ensure that their staff are competent in using them. The reaction of many companies? Wait and see. But this is a risky approach. The AI training requirement does not only apply to technology companies or corporations; it applies to any organization that uses AI-supported tools. And that is practically every company today. Those who act now protect themselves from liability risks and at the same time gain a real competitive advantage.
Mandatory AI training: The most important facts in brief
- Since February 2, 2025, Article 4 of the EU AI Act requires all companies that use or develop AI systems to ensure that their employees have sufficient AI expertise.
- Article 4 does not prescribe a fixed curriculum, but rather an organizational responsibility: training courses, internal guidelines, or multiplier programs are equally recognized measures.
- Anyone who ignores the AI training requirement risks liability for AI-related damages. From August 2026, high-risk AI violations will also be punishable by fines of up to €30 million.
- Effective training concepts differentiate according to target groups and cover five core areas: AI literacy, law and compliance, ethics, data protection, and practical application.
- Well-designed AI training courses are more than just a mandatory requirement—they prepare employees for everyday AI use and give companies a competitive advantage.
What is behind the mandatory AI training?
The basis for this is Regulation (EU) 2024/1689 of the European Parliament and of the Council, known as the EU AI Act or AI Regulation. It is the world's first comprehensive set of rules for regulating AI systems. The aim is to ensure the safe, transparent, and responsible use of artificial intelligence in the EU.
Article 4 of this regulation is central to this: it obliges providers and operators of AI systems to ensure that their staff have sufficient AI expertise. This is not a rigid training requirement with a prescribed curriculum. Article 4 formulates an organizational responsibility. How companies fulfill this responsibility is up to them. This can be done through training, but also through internal guidelines, multiplier programs, or targeted continuing education offerings.
What does this mean in terms of liability? Anyone who ignores the requirements does not risk a direct fine based on Article 4, but they do risk significant liability risks. If incorrect use of AI causes damage that could have been prevented by appropriate training, companies can be held liable for violating their general duty of care.
The AI Regulation will come into force in stages:
- February 2, 2025: Article 4 (AI competence) and prohibitions on certain AI practices become binding.
- August 2, 2026: Comprehensive obligations for high-risk AI systems come into force, including fines of up to €30 million or 6 percent of global annual turnover.
- From August 2027: Transition period for existing high-risk systems ends.
Who is affected?
As a general rule, all companies that use, offer, or develop AI systems are subject to the regulation, regardless of their size or industry. Even those who "only" use ChatGPT, automated translation tools, or AI-supported recruiting software are affected. Many companies underestimate this because they do not see themselves as "AI companies." However, the use of a single AI-supported tool is sufficient to trigger the requirements of Article 4.
The key point here is that training content does not have to be the same for everyone. The regulation expressly requires that technical skills, professional experience, and the specific context in which AI systems are used be taken into account. A one-size-fits-all approach falls short here and often fails to achieve the actual learning effect.
The first step is therefore always to take an honest inventory: Which AI systems does your company use? Who works with them and in what context? What skills are already available and where are there gaps? Only on this basis can a training concept be developed that really works.
What needs to be taught?
The EU AI Act does not specify any fixed training content. However, five core areas can be derived from the regulation and practical experience that every training concept should cover. They build on each other, from the basics to responsible application in everyday working life.
1. AI Literacy
What is AI? What distinguishes machine learning from generative AI? And what are the limitations of these systems? Employees need to understand how the technologies they use every day work, not at a technical level of detail, but sufficiently to recognize opportunities and assess risks. This basic understanding, known internationally as AI literacy, is the indispensable foundation for any further skills development.
2. Law & Compliance
Managers, legal departments, and data protection officers need to be familiar with the key points of the EU AI Act: Which GDPR requirements apply in the context of AI systems? Who is liable for AI-supported decisions that lead to errors? But end users should also be aware of the most important rules, because anyone who works with AI tools on a daily basis shares responsibility for their compliant use.
3. Ethics & Responsibility
AI systems can contain biases and, as a result, produce discriminatory or incorrect results. Employees should understand what fairness, transparency, and explainability of AI systems mean and when and how they need to intervene. This area is particularly sensitive wherever AI is involved in personnel-related or legally significant decisions.
4. Data security & data protection
What data is fed into AI systems? What risks arise when using AI tools that run on external servers? And how can personal data be protected during AI training and ongoing operations? These questions concern not only IT specialists, but all employees who use AI-supported tools in their everyday work.
5. Practical application
Safe use of tools, responsible prompting with generative AI, recognition of AI-generated content, and understanding that humans must always remain involved in critical decisions. This principle, known as human-in-the-loop, is a central security element of modern AI use.
Here you can get an insight into our course "Working with AI Tools."
How companies implement mandatory training
There is often a gap between legal requirements and actual practice. These five steps will help you close that gap and develop a viable training concept.
Needs analysis: First, identify all AI systems in use within the company, including purchased solutions, externally used tools, and even seemingly harmless everyday applications. Classify them according to the risk classes of the EU AI Act and analyze which employees work with them and which skills are already available.
Develop role-specific training concepts:Instead of sending all employees through the same program, it is worthwhile to differentiate content and depth according to role and area of responsibility. End users need different content than developers, and management needs a different focus than the works council.
Choose formats wisely: E-learning modules are suitable for the broad rollout of basic knowledge and enable flexible, self-directed learning. Workshops deepen application cases and promote exchange within the team. Blended learning, the combination of digital and face-to-face formats, offers the best balance of reach and depth of learning. Certifications also create commitment and provide measurable evidence.
Document evidence: Even though Article 4 does not explicitly stipulate an obligation to provide evidence, it is advisable to carefully document all training measures. When national supervisory authorities, in Germany probably the Federal Network Agency, begin their work, evidence of compliance will be crucial. Those who document now will be on the safe side.
Continuous updating: AI knowledge quickly becomes outdated. New models, new fields of application, new regulatory developments. Training formats should be chosen in such a way that content can be updated regularly and easily without having to redesign the entire program.
Three challenges and how to solve them
In practice, implementing mandatory AI training rarely runs smoothly. Companies frequently encounter three particular hurdles.
Challenge 1: Knowledge quickly becomes outdated
AI is developing at a pace that exceeds traditional training cycles. What applies to Article 4 today may already be supplemented by new guidelines tomorrow. Rely on modular, digitally maintained learning formats that can be updated independently of each other. This saves time and ensures that employees always work with up-to-date knowledge.
Challenge 2: Gaining acceptance among employees
"Another mandatory training course." Many HR developers are familiar with this reaction. If you only communicate AI training as a compliance measure, you are wasting potential. Instead, highlight the personal benefits: those who use AI competently work more efficiently, make better decisions, recognize risks early on, and protect themselves from liability risks. Practical examples from your own everyday work increase relevance and thus the willingness to learn.
Challenge 3: Avoid one-size-fits-all solutions
Generic AI training for all employees may formally meet the minimum requirements, but it misses the actual purpose. Role-specific content that ties in with real work situations has been proven to be more effective and is much better accepted by employees. The additional effort involved in the design pays off in the form of greater learning success and sustainable skills transfer.
Haufe Akademie: Systematically building AI expertise
Mandatory AI training is a requirement, but it is also an opportunity to permanently strengthen the learning culture and digital competence within your company. Haufe Akademie you with solutions that are tailored to your company: scalable, measurable, and directly applicable in everyday work.
- The Compliance College offers ready-made, legally compliant learning modules on AI, data protection, and IT security—ideal for the efficient rollout of mandatory training across the entire workforce.
- In addition, the Content Collection a set of e-learning courses that you can easily make available to your employees.
- The Content Kit offers a curated content library of microlearning nuggets with the AI Kit, which you can use as performance support or individual learning paths.
FAQ
What are the consequences if companies ignore the training requirement?
Article 4 does not directly impose fines. However, if damage occurs as a result of incorrect or incompetent use of AI, companies can be held liable for breach of general duty of care, especially if appropriate training could have prevented the damage. In addition, from August 2026, fines will be imposed for violations of the more extensive obligations for high-risk AI systems.
Do all employees really need to be trained?
Not necessarily everyone, but everyone who works with AI systems. In many companies, this affects far more people than initially thought, because the use of AI-supported everyday tools such as generative writing assistants or automated analysis tools also falls under the regulation.
Which formats meet the requirements of the EU AI Act?
The EU AI Act does not prescribe a specific format. E-learning modules, face-to-face workshops, blended learning programs, or internal training by multipliers are all equally possible. The key thing is that the content is tailored to the respective role and specific AI application context and that the acquisition of skills is documented.
You might also be interested in
