AI Literacy Training Across the Organisation

Article 4 requires providers and deployers to ensure that their staff and other persons dealing with the operation and use of AI systems have a sufficient level of ai literacy. This obligation is not a one-time training event; it is an ongoing programme calibrated to each person's role in the oversight pyramid. Operational oversight cannot function if the people responsible for oversight do not understand what they are overseeing.

The requirement applies across the entire organisation, covering everyone from engineering teams building the system to executives responsible for governance decisions. Sufficient literacy means each person understands the AI system to the extent necessary for their specific responsibilities, whether that involves interpreting model outputs, managing compliance obligations, or approving risk decisions.

The AI Governance Lead tiers ai literacy training to match each individual's role in the oversight pyramid. The Operational Oversight framework defines five levels of training, each targeting different responsibilities and knowledge requirements.

Level 1, Engineering, provides deep technical training on model behaviour, failure modes, monitoring tools, and incident response. Level 2, Operators, delivers practical training on the specific system being overseen, including its capabilities and limitations, the meaning of confidence indicators and explanations, override procedures, and escalation pathways.

Level 3, Product Management, covers AI compliance obligations, the relationship between business metrics and compliance metrics, deployer management, and affected person rights. Level 4, covering Compliance, Legal, and the DPO, addresses the EU AI Act's requirements, the ai system description package structure, conformity assessment, and the interaction between the AI Act and GDPR.

Level 5, Executive, consists of briefings on the organisation's AI portfolio, risk posture, compliance status, and regulatory environment. This tiered approach ensures training resources are directed where they have the greatest impact, rather than applying uniform content that is too technical for executives or too superficial for engineers.

The oversight pyramid defined in the ai system description package typically has three operational tiers, each requiring distinct competencies. Tier 1 encompasses executive sponsors and governance leads who need to understand the regulatory framework, the organisation's compliance obligations, and the risk management process. They do not need to understand SHAP values or PSI thresholds; they need to understand what decisions require their approval, what risks the system presents, and what the governance dashboard is telling them.

Tier 2 covers technical leads and senior engineers who need deep understanding of the system's technical design, the monitoring infrastructure, and the compliance controls. They must be able to interpret monitoring alerts, assess whether a change constitutes a substantial modification, and explain the system's design to an assessor.

Tier 3 addresses operators who need task-specific training: how to use the oversight interface, how to interpret explanations, how to identify cases where the system's recommendation warrants overriding, and how to activate the break-glass procedure.

The training programme should include initial training before a person assumes their role, periodic refresher training at least annually, and event-triggered training after specific circumstances. Event triggers include a significant incident, a substantial system modification, or a regulatory update affecting the system's compliance requirements.

Completion is tracked by the AI Governance Lead in a learning management system such as Docebo, TalentLMS, or Moodle and retained as Module 7 evidence. The LMS should generate compliance reports showing, for each person in the oversight pyramid, their current training status, the date of their last completed training, and any overdue refreshers. These records serve as evidence for the ai system description package's quality management documentation, supporting Article 17.

Custom training materials are essential for Tier 3 operators because generic AI literacy training does not prepare an operator to review specific cases in their specific domain with their specific interface. Off-the-shelf courses may cover general AI concepts but cannot address the particular system an operator oversees daily.

The training should include hands-on exercises using the actual oversight interface, worked examples from the system's domain, calibration exercises where the operator reviews cases with known outcomes, and scenario exercises where the operator practises the override and break-glass procedures. For operators of high-risk AI systems, certification records confirming that the operator has completed the required training and demonstrated competence are maintained by the AI Governance Lead.

Training can be delivered without a learning management system as a procedural alternative. Training materials such as slide decks, documents, or recorded presentations are stored in a shared drive. A training log spreadsheet tracks each person in the oversight pyramid, their tier, the training modules they have completed, the completion dates, and the next refresher due date.

Training delivery takes place through in-person sessions, video calls, or self-study with a sign-off sheet. This approach loses automated completion tracking, quiz-based competency verification, and certificate generation. An open-source LMS such as Moodle adds these capabilities at minimal cost and is worth considering even for organisations with limited budgets.

The AI Governance Lead convenes a quarterly review of each high-risk system's operational oversight effectiveness, which includes assessing training and certification currency alongside other oversight metrics. The review examines whether operators are escalating appropriately, whether monitoring thresholds remain adequate, and whether the training programme is keeping pace with system changes.

The Internal Audit Assurance Lead conducts an annual audit of the operational oversight framework, testing whether training records are current and whether the oversight framework is proportionate to the system's risk profile. Findings from quarterly reviews, annual audits, and actual incidents are documented and integrated into the ai system description package, with each finding that results in a change creating a new version of the living document.