The importance of AI literacy despite the regulatory simplification of the RIA for the European Digital Omnibus

The Artificial Intelligence Regulation and its literacy system

Regulation (EU) 2024/1689 of the European Parliament and of the Council, of 13 June 2024 – (henceforth, the “European Artificial Intelligence Regulation” or “REIA”) establishes a solid regulatory framework, sets the risk levels associated with artificial intelligence (AI) systems, and determines the necessary measures for the protection of health, safety, and fundamental rights enshrined by the EU.

To achieve these goals, and considering the volatile and exponentially evolving context of AI, the RIA establishes a system of actions aimed at training those involved in the AI life cycle and its outcomes.

The existing regulation adopts a holistic approach to promote AI literacy, which must be implemented in three interdependent areas:

• At the European level: The European Commission and the European Councilreceive the competencies to promote literacy in artificial intelligence through actions aimed at raising public awareness in exercising their governance functions, in accordance with Article 66 of the RIA.
• At the national level: The AI Office and the Member States should facilitate the development of codes of conduct for the voluntary implementation of measures to promote AI literacy, in accordance with Article 95 of the AI Act.
• Internally by companies and entities: Article 4 of the AI Act establishes that providers and those responsible for deploying AI systems must take measures, from 2 February 2025, to ensure that both their internal staff and third parties acting on their behalf have a sufficient level of competence in AI, considering the expected context of use of this technology.

These areas are interrelated, as the guidelines at the European level should guide strategies directed at businesses and entities, while the outcomes of actions taken at the national level should feed into the strategic decision-making of the Commission and the Council.

The proposed simplification in the Digital Omnibus and the persistence of literacy

Within the framework of the European regulatory package Digital Omnibus, aimed at regulatory simplification in the field of technology and greater harmonization of rules at the EU level, it is proposed to amend Article 4 of the RIA, which establishes literacy obligations at the organizational level and currently has the following wording:

Article 4. The providers and those responsible for the implementation of AI systems shall take measures to ensure that, as far as possible, their staff and other individuals responsible in their name for the operation and use of AI systems have a sufficient level of competence in AI, considering their technical knowledge, experience, education, and training, as well as the expected context of use of the AI systems and the individuals or groups of individuals for which the systems are intended.

The proposed amendment to the AI Act, submitted in November 2025 and currently awaiting approval, aims to eliminate the requirement for internal competence in AI, in order to reduce the administrative burdens for companies, and to replace it with promotion measures at the national and European level. Below is the proposed wording of Article 4 included in the Digital Omnibus:

Proposed wording of Article 4. The Commission and the Member States will encourage providers and those responsible for the implementation of AI systems to adopt measures to ensure a sufficient level of knowledge about AI by their personnel and other persons involved in the operation and use of AI systems on their behalf, considering their technical knowledge, experience, education, and training, as well as the context in which AI systems are to be used, and taking into account the individuals or groups of individuals to whom these systems are directed.

However, even if this simplification is approved, actions for AI literacy will remain necessary for companies and entities to ensure compliance with various legal obligations under the EU RIA, as well as to ensure the proper management of AI systems and the effective mitigation of associated risks.

Organizational roles requiring training for compliance with the AIAR

Training activities in AI, whether for intervention in the deployment and use of results, or in design and technological development activities, as well as in the implementation, monitoring, and improvement of risk management systems, are essential to ensure an adequate level of compliance with the AI Act.

Some examples of positions whose training, tailored to the reality of the organization, is necessary for compliance with the RIA are as follows:

• Top management, to guide decision-making and the management of a digitalization plan that takes into account AI, as well as to raise awareness and facilitate monitoring of the associated risks of the technology.
• Implementation and procurement directors, to anticipate risks associated with the implementation of AI systems, with the aim of avoiding the advance of projects that are prohibited or present an unacceptable level of risk for the entity.
• The individuals responsible for AI governance, to ensure an adequate knowledge of the classification methodology and the possible reclassification of systems as high-risk, as well as monitoring internal compliance assessments.
• The individuals responsible for products and services incorporating AI systems, to ensure the correct application of risk management procedures, especially regarding human review controls, post-market management, and the identification and management of incidents.
• The individuals responsible for communication and external user experience (UX), for the correct implementation of transparency measures regarding interaction with AI systems and the communication of their features, capabilities, and limitations.
• Internal users of AI systems, for the correct application of usage instructions created both by the provider of the AI system and, if applicable, by the person responsible for deployment, as well as for compliance with limitations regarding the information provided as input and the content generated as output.
• Legal department, for identifying cross-cutting risks (such as those related to personal data protection, cybersecurity, consumer regulation, confidential information, intellectual property, etc.) as well as for negotiating contracts with AI system providers.
• Internal audit and compliance function,to understand the controls established by national and international regulations (such as ISO 42001) and to verify the effectiveness of AI governance systems.

In addition to these key functions, an appropriate strategy for literacy and training in AI must consider the specific characteristics of each company or entity, which must receive appropriate guidance to identify AI systems in use or development, determine the organization’s position within the AI supply chain, assess and address AI risks, define the legal responsibilities associated with each system, and design the necessary governance structure.

Conclusions

Awareness and training activities related to the development and use of AI systems are essential, regardless of whether they constitute an express legal obligation, with the aim of preventing risks arising from the use of this technology and as part of a comprehensive compliance management system.

In this sense, regardless of the approval of the Digital Omnibus, it is necessary for companies and entities to define and integrate awareness and training measures as an essential element of their risk management systems, in order to avoid administrative penalties and mitigate potential negative consequences with clients, suppliers, and internal personnel.

Informative note prepared by Guilherme Sicuto, senior consultant in AI governance, privacy, and cybersecurity, TMT department, ECIJA Madrid.