Article 4 of the EU AI Act — the AI literacy obligation — moves from passive duty to supervised obligation on 2 August 2026. The Digital Omnibus did not extend this date. Here is what Irish organisations should have in place, and what they can stop worrying about.
TL;DR. Article 4 AI literacy supervision begins on 2 August 2026. The Digital Omnibus deal did not extend this date. The defensible minimum is an AI inventory by role, a literacy plan mapped to it, training delivered, and a recorded refresh cadence — achievable in seven weeks.
Roughly seven weeks from today, on 2 August 2026, supervision and enforcement of Article 4 of the EU AI Act formally begins. The European Commission's AI Literacy Q&A confirms the date and confirms the scope. The Digital Omnibus deal of May 2026 softened the wording of the obligation from "ensure" to "support" — but it did not move the date and it did not narrow who the obligation applies to.
Most Irish organisations have spent the past twelve months thinking about high-risk AI systems and the August 2026 conformity deadline. That deadline has been extended to December 2027 for stand-alone systems and August 2028 for AI in regulated products. The literacy obligation has not. It is the only AI Act obligation whose enforcement starts on schedule for the broad population of Irish providers and deployers.
That makes Article 4 the practical compliance question for almost every Irish organisation between now and August.
What Article 4 actually requires
Article 4 applies to "providers and deployers of AI systems" — language broad enough to cover any organisation that develops, contracts for, or uses AI in the course of its work. The risk classification of the system in use does not change the obligation. A solicitor using a consumer AI tool to draft client correspondence is a deployer. A construction firm using AI-enabled project management software is a deployer. A finance function using AI for forecasting is a deployer.
The obligation is to take measures to ensure, "to their best extent", a sufficient level of AI literacy among staff and other persons dealing with the operation and use of AI systems on the organisation's behalf. The standard is calibrated: technical knowledge, experience, education, training, and the context in which the AI systems will be used all factor in. A pharmaceutical regulator's compliance staff need different literacy from a logistics coordinator. The Act does not specify the curriculum. It specifies that one must exist and that it must be defensible.
The Commission's published Q&A guidance treats literacy as cumulative: an inventory of who uses AI, a mapping of what literacy each role requires, evidence that training has been delivered, and a record of how literacy is refreshed as systems change. That guidance is not binding law, but it is what competent authorities will measure against.
What supervision will look like in practice
Ireland's competent authority for general AI literacy supervision will be the AI Office of Ireland, which becomes operational on 1 August 2026 — one day before Article 4 supervision starts. Sector-regulated organisations will deal with their existing competent authority: the Central Bank for financial services, the Data Protection Commission where literacy intersects with data protection, the HPRA for medical devices, and so on.
The first three months of supervision will not be prosecutorial. New regulators do not lead with fines. They lead with information requests. The question Irish organisations should plan to answer, on receipt of a polite request, is: "Describe the measures you have taken to ensure sufficient AI literacy among staff using AI systems, and provide evidence of those measures."
An organisation that can produce a literacy plan, role mapping, completed training records, and a refresh cadence will be treated as engaged. An organisation that responds "we are working on it" will not be in breach on day one — but it will be flagged for follow-up. An organisation that responds "we do not use AI" while staff are demonstrably using AI consumer tools will be in a worse position than either.
What "sufficient literacy" looks like, role by role
The Commission's guidance is deliberately non-prescriptive on content, but a defensible literacy programme generally covers four dimensions:
Capability: what the AI system can and cannot do, where it is reliable, where it is not.
Limits: hallucination risk, training-data bias, confidentiality implications, jurisdictional limits (a model trained on US case law is not authoritative on Irish law).
Use boundaries: what the organisation permits and prohibits, what data may and may not be entered, what outputs require human review.
Escalation: what to do when something looks wrong, who owns the decision, how an issue gets reported.
This is not technical training. It is judgement training. The volume of content required is small — typically two to three hours per role, plus an annual refresh. The defensibility comes from the role-by-role mapping, not the volume.
What did not change in the Omnibus
The softened wording — from "ensure" to "support" — matters less than it appears. The obligation still applies to providers and deployers. The supervision and enforcement date still begins on 2 August 2026. The Commission's guidance position has not shifted. Organisations that interpreted the softening as a deferral have misread it.
The genuine effect of the change is to clarify that the duty is to take reasonable measures, not to guarantee outcomes. An employee who circumvents literacy training and misuses an AI tool does not automatically put the organisation in breach, provided the organisation's measures were appropriate to the role and the context. That is a useful clarification. It is not a deferral.
The seven-week shortlist
For Irish organisations that have not started: an AI inventory by role, a literacy plan mapped to that inventory, an initial training module delivered to at-risk roles, and a recorded refresh cadence. The defensible minimum is achievable in seven weeks. The undefensible minimum — nothing at all — is not.
For organisations that have started but stalled: complete the role mapping. Most stalled literacy programmes are stalled at the role-mapping stage because the inventory is incomplete. The inventory does not have to be perfect on 2 August. It has to exist and be evidently in use.
For organisations that consider themselves compliant: check whether your training records are role-mapped and whether your refresh cadence is recorded. Generic completion records will not satisfy a competent authority request. Role-mapped records will.
Acuity AI Advisory delivers AI literacy programmes for Irish organisations calibrated to role, sector, and the supervision posture of the relevant competent authority. We have built Article 4-ready literacy programmes for organisations across professional services, regulated industries, public bodies, and SME operations since the obligation was confirmed.