AI Literacy: what is it, why now, and how do you approach it? | iPeople

A marketing employee at a medium-sized financial services provider was tasked with writing a series of blogs and social media posts about new, complex pension schemes. With a tight deadline, she decided to use a well-known generative AI tool. Within two months, she produced content 40% faster than before. However, the real gain was not in speed; it was in her approach. Because her organization had invested in AI literacy, she didn't fall into common pitfalls. She did not upload internal client cases or sensitive financial projections, as she knew public models can use such data for training. When the AI produced a smoothly written paragraph about a specific tax exemption, she didn't blindly accept it; she checked the details with the legal department and corrected a crucial error in the model's calculation. She used the AI as a hyperactive sparring partner for outlines and titles, but rewrote the final texts herself to maintain a human tone consistent with the brand. This is what AI literacy means in practice. Not "knowing ChatGPT exists." Not "remembering a handy prompt." But knowing what the tool can and cannot do, where to apply it, and where it's better to pause. And as of February 2, 2025, it is also a legal obligation for every organization deploying AI within the European Union. TL;DR. AI literacy is the ability of employees to use AI responsibly, effectively, and critically: knowing what AI can and cannot do, prompting effectively, understanding the tool landscape, recognizing practical applications, and managing risks related to privacy, hallucinations, and legislation. The EU AI Act mandates organizations, as of February 2025, to train their employees in this. This guide explains the five core skills, common mistakes, and how to address them in your organization. What exactly is AI literacy? The European Commission defines AI literacy as "the skills, knowledge, and understanding that enable people to use AI systems in an informed way, as well as being aware of their capabilities and risks." This sounds abstract. In practice, it involves five concrete skills: Conceptually understanding what AI is and isn't. Prompting effectively. Knowing the tool landscape. Recognizing practical applications, including what AI *cannot* do. Handling privacy, ethics, hallucinations, and legislation responsibly. We will elaborate on these further in this article. First: why this is suddenly a topic that managers and HR departments need to address. Why this is relevant now Search volumes for "EU AI Act" have increased by 50% in the past year in the Netherlands. "AI literacy" saw similar growth. This is no coincidence. Three developments are converging: 1. AI has moved from a trial balloon to a workplace reality. Where only early adopters were experimenting with ChatGPT two years ago, a large portion of office workers now use AI daily; often unseen by management. This is called "shadow AI" and is more the rule than the exception. 2. The EU AI Act has entered into force. As of February 2, 2025, Article 4 applies: organizations that deploy AI systems or allow their employees to use them must ensure those employees are "sufficiently AI literate." The penalties are significant, rising to a maximum of 3% of annual global turnover or 15 million euros, whichever is higher. 3. Companies cannot keep up with the pace of change. AI developments are so rapid that formal guidelines, policies, and training programs are already outdated before they are rolled out. The consequence: employees improvise, and management has no visibility into what is happening. None of these three are independent of the others. Together, they form the situation every organization faces now, whether they act on it or not. The 5 skills that matter 1. Conceptually understanding what AI is (and isn't) The biggest pitfall in any AI introduction: employees treating a large language model as a database, a search engine, or a person. It is none of the three. It is a statistical model that predicts words based on patterns in training data. No truth, no understanding, no memory between sessions (unless explicitly enabled). Those who don't grasp this conceptually cannot avoid two errors: over-reliance ("it's written, so it's correct") and under-reliance ("that thing is just making things up"). Both lead to misuse. 2. Prompting effectively A good prompt is not a question; it's a briefing. Telling the AI: what you need, for whom, in what style, with what constraints, and what examples work well, yields something useful. Someone who just says "write a text about X" will get something meaningless. Effective prompting is a skill people underestimate as "something you learn automatically." This is partly true; you get better with extensive use. But the learning curve is much faster if you know a few principles: assign a role, provide context, specify output format, and refine iteratively. 3. Knowing the tool landscape Many business users in the Netherlands have had Microsoft Copilot as their first contact with AI. This has an unintended side effect: they see AI as "a functionality within the Office suite." But there is a world of tools beyond Copilot: Mistral AI's Le Chat (European), OpenAI's ChatGPT, Anthropic's Claude, Google's Gemini, and hundreds of specialized tools for research, summarization, image generation, code, legal work, and much more. Knowing which tool is suitable when often saves a multitude of productivity. Using a general chatbot for a task where a specialized tool works better is like building a house with a hammer. 4. Recognizing practical applications (and what AI *cannot* do) Not every task is suitable for AI. Some examples of where it usually works well: writing text drafts, creating summaries, generating code snippets, extracting structured data from unstructured text, improving translations, brainstorming. But there are also clear limits. AI is not reliable for: factual statements without verification, processing personal data in public models, legal or financial calculations that must be exact, or decisions requiring accountability. The question is therefore not "are we using AI?" but "for what yes, for what no, and how do we maintain quality?" 5. Responsible use: privacy, ethics, hallucinations, and legislation Here, various aspects often get mixed up in practice: Privacy. What you input into a public AI tool can be used to further train the model. Customer data, source code, trade secrets, personal health information; none of these should be casually thrown into a free ChatGPT account. The rule here is: when in doubt, don't, or subscribe to a business plan with data protection. Hallucinations. AI models invent facts that sound plausible. A non-existent source. A legal article with a fabricated number. A calculation with a logical-sounding but incorrect outcome. Critically checking output is not a luxury; it is a basic skill. Ethics and bias. AI models reflect the biases in their training data. Decisions about people based on AI output can be discriminatory in ways you don't immediately see. For HR applications, customer selection, or risk assessments, this is a serious concern. Legislation. The EU AI Act, GDPR, and sector-specific regulations (financial sector, healthcare, government) impose requirements on how AI may be used. Those who are unaware of these risks taking them unknowingly. What often goes wrong in organizations In the organizations we work with, we consistently see the same patterns. Four of the most common: 1. Employees lack a basic understanding of what AI is Many employees use AI without a general understanding of what's happening under the hood. The result is twofold: they underestimate its power (leading to limited use) and don't recognize the dangers (leading to unintentional pitfalls). Hallucinations are not identified as such. Privacy risks are not perceived. Output is accepted as proven fact. What we recommend: don't start with "which tool should we choose" but with "what is AI, really." An hour of basic explanation about what a language model is and how it works prevents years of misuse. 2. Copilot as the sole frame of reference Because many Dutch companies have contracts with Microsoft, Microsoft Copilot is the first and only AI tool many business users encounter. The side effect: they view AI as "a functionality within the Office suite" rather than as a fundamental new technology with a broad landscape of tools. What we recommend: let employees perform comparative work. The same task in Copilot, ChatGPT, and Claude, and discuss the differences. This broadens their horizons and makes them more critical about which tool is suitable for what. 3. Shadow AI with free accounts Many employees use free accounts of ChatGPT, Gemini, or other tools at home (and at work). They sometimes add extremely sensitive company information to these, without realizing that much of that information is also used to further train the model. Pure naivety, not malice. But it's a potential data breach. What we recommend: prohibition doesn't work (it happens anyway). What does work: offer business subscriptions with data protection, along with clear agreements about what data can and cannot be entered into which tool. 4. Companies cannot keep up with the pace of change AI developments are so rapid that formal company processes (policy development, procurement of training, rollout, control) always lag behind. By the time the AI policy is approved, everyone is using a new tool. Result: employees improvise, management has no insight. What we recommend: invest in people, not just policy. An AI-literate employee will make the right choices themselves when the next tool emerges. An outdated policy document won't. Our AI Basic Training is focused precisely on this. EU AI Act in plain language The EU AI Act is an ambitious piece of legislation. Legislation is fundamentally always behind the reality of everyday life; given the enormous speed of AI developments, it is admirable that Europe has managed to establish the markers for this law within a reasonably foreseeable timeframe. It is an initial step that attempts to classify the risks of AI and also assigns responsibility, primarily to AI system providers. Unfortunately, the law is very complex and now spans hundreds of pages, articles, and annexes. For most organizations, however, the core part can be simply summarized: Article 4 (AI literacy). Mandatory since February 2, 2025. Organizations must ensure that their employees who work with AI are sufficiently AI literate for their tasks. There is no exact hour requirement, but a result obligation. Risk categories. AI systems are classified into four risk levels: unacceptable (prohibited), high (strict requirements), limited (transparency requirements), minimal (no specific requirements). Responsibility. Primarily lies with the providers of AI systems, but users (organizations deploying AI) also have their own obligations, especially with high-risk applications. Sanctions. Up to 3% of global annual turnover or 15 million euros, whichever is higher. For those who want to delve deeper, also read our previous article EU AI Act: what does this mean for your team. Take the test: is your organization AI literate? Three questions to assess your organization's status in five minutes: 1. Do we know *what* is running? Do we have a clear overview of which AI tools our employees are using; both official software and 'shadow AI' such as free versions of ChatGPT or Copilot? 2. Do we know how to protect data? Does every employee know which data may and absolutely *may not* be entered into an AI tool; consider customer data, source code, or trade secrets? 3. Do we recognize the risks? Are our teams trained to critically check AI output for errors ('hallucinations') and do they understand that AI decisions can be biased? Three times yes: your organization is on the right track. Two times yes: there's work to be done, but it's manageable. One time or no times yes: this is not a "later" problem; it's a now problem. How to approach this? The structured path to AI literacy in an organization is essentially simple, less so in execution: Step 1: Conduct a baseline assessment Do not ask "do you know anything about AI." Instead: measure with a short test or questionnaire the basic understanding, which tools are already in use (official and unofficial), and where the biggest risks lie. What you don't measure, you can't manage. Step 2: Train on basic skills, not tool tricks Most AI trainings on the market focus on "how to use ChatGPT" or "ten prompts for productivity." That's fluffy and becomes outdated within three months. What works long-term: the five skills from this article, in the correct order, with practical examples from your own organization. This is exactly what our AI Basic Training is built on: an e-learning with five practical modules that build skills that won't become obsolete when ChatGPT-5 appears or a new tool conquers the market. Step 3: Build an infrastructure for ongoing AI questions AI changes too quickly to offer one training per year. What does work: designate one person in the organization responsible for AI questions, set up an internal channel for "I encountered this, is this allowed?", and periodically discuss new tools or risks. Not a dead-end project, but an ongoing skill. Frequently Asked Questions Is AI literacy a legal obligation for my organization? Yes, as of February 2, 2025, under Article 4 of the EU AI Act, for every organization within the EU that deploys AI systems or allows employees to use them. The form is not prescribed, but the result (sufficiently AI-literate employees) is. What if our organization doesn't use AI? It's highly likely that individual employees are using AI, even without a formal decision. That would still fall under Article 4. Furthermore, realistically, the question isn't "if" but "when" your organization will deploy AI, so preparation is never a bad thing. How long does an AI literacy training take? That depends on what is already known. A good basic training can be completed in a day (or spread over weeks in e-learning format). The five skills from this article can be built up within that time if the training is practical. Does this also apply to governments? Yes. The EU AI Act applies to all organizations within the EU that deploy AI, including government agencies. Governments often have an additional responsibility because AI decisions directly impact citizens. What is the difference between AI literacy and data literacy? Data literacy is about understanding, interpreting, and critically using data. AI literacy is about understanding, deploying, and critically evaluating AI systems. There is overlap (critical thinking in both), but AI literacy includes additional elements such as prompting, knowing the tool landscape, and specific risks like hallucinations. Which tools should I know? Start with the three major generative models (OpenAI's ChatGPT, Anthropic's Claude, Google's Gemini) and the integrated tools in your work environment (like Microsoft Copilot). After that, you can specialize in tools for your field. Getting started with AI literacy in your organization AI literacy is not a luxury or a hype training topic. As of February 2, 2025, it is a legal obligation, and, more importantly, it is a practical necessity for any organization that does not want its employees to unknowingly take risks or miss opportunities. Our AI Basic Training is designed around precisely the five skills from this article. An online self-paced e-learning with five practical modules, including a module on the EU AI Act, with 12 months of access. Suitable for individual employees but also deployable as an organization-wide solution for Article 4 compliance. Want to know more directly? View the AI Basic Training and see exactly what is covered, who it is suitable for, and what it costs. Want to read more first? Also read our guide EU AI Act: what does this mean for your team or Getting started with AI at work.