"Mandatory" doesn't mean "a course to tick off"
Since 2 February 2025, companies that use AI have an obligation to train their staff. It's Article 4 of the AI Act, and we've explained in detail what the AI literacy obligation involves.
Faced with a legal obligation, the risk is to downgrade it to a bureaucratic exercise: buy a recorded course, have everyone click "completed", file the certificate. Technically it looks like compliance. In reality it serves no purpose, and in the event of an audit it holds up poorly.
The rule asks for training that is "sufficient" for the context. Which means something inconvenient but sensible: people have to genuinely understand. Let's look at how to build training that works and, at the same time, brings you into compliance.
First step: map where you use AI
You can't train if you don't know what you need to train for. The starting point is an honest snapshot: which AI tools are running in the company, in which processes, with which data, used by whom.
This map almost always holds surprises. There's the "official" AI, the one the company has adopted. And there's the shadow IT: employees using ChatGPT from a personal browser, the assistant built into some tool, the extensions. All of this falls under the obligation.
The mapping serves two purposes: understanding who needs to be trained and on what, and starting to govern a use that today, in many companies, is already widespread but invisible.
Train by role, not with a single course
The most common mistake is the same course for everyone. It doesn't work, because needs differ and the rule itself asks you to take role and context into account.
In practice it's worth distinguishing at least three levels. Executives and decision makers need to understand opportunities, risks and governance: how to use AI as a strategic lever and which decisions to make. Teams and professionals, in marketing, operations, HR, finance, need operational skills: effective prompts, automations, safe use of data. Developers and technical teams need advanced tools: how to build solutions, integrations, agents.
This differentiation isn't just more effective. It's exactly what Article 4 means when it talks about proportionate training. We've covered this too in our guide to corporate AI training with Claude.
Want a tailored training program?
30 minutes to discuss your specific case.
What the training has to cover
Adequate training isn't just "how to write a prompt". To hold up to the obligation it should touch four areas.
The practical side: how to use the tools in the real tasks of daily work. It's the part that creates value and makes the rest stick.
The risk side: hallucinations, bias, the limits of the models, when not to trust the output. Knowing what can go wrong is half the work.
The data side: what you can and can't enter, where the information ends up, how to handle personal or confidential data. This is where it intertwines with GDPR, a topic we've explored for companies using Claude in compliance with GDPR.
The regulatory and policy side: the company's internal rules, what's allowed, who to turn to when in doubt.
Documenting: the boring part that saves you
The law doesn't ask for a certificate, but it recommends documenting the initiatives you've carried out. It's the least exciting part and the most important in the event of an audit.
You need to keep track of who was trained, on what content, when, at what level of depth. Not for bureaucracy's sake, but because it's the evidence that demonstrates compliance.
A good training program produces this documentation as a natural by-product, without becoming a second job. Materials, attendance records, prompt libraries built during the workshops: all of this, besides helping people grow, is also evidence of compliance.
The fatal mistake: one-off training
There's one last point that makes the difference. AI doesn't stand still. Tools change every month, new models come out, features and risks change.
Training done once and filed away ages fast. In six months people are using tools that didn't exist at the time of the course. That's why the rule talks about a level of literacy to be maintained, not a one-off event.
You need an ongoing presence: periodic updates, an internal point of reference, a culture that keeps pace. It's more demanding than a one-and-done course, but it's the only way to be genuinely compliant and, above all, to get a real return from AI instead of a checkbox.
How we work
At Maverick we don't sell a recorded course to show off in case of inspection. We build a program around the client's real processes, with a six-phase method: initial assessment, practical workshops on the team's tasks, a prompt library built around your cases, a follow-up session, support for daily adoption and a final measurement that doubles as documentation of the training carried out.
The result is twofold: people genuinely use AI in their work, and the company has the proof that it has met the AI Act obligation. We build it on Anthropic's Claude ecosystem, the same tools we work with internally. If you want to figure out where to start, see our AI Act training page or let's talk directly.