Art. 4 AI Act · Digital Omnibus Update May 2026

Art. 4 AI Act Training: turnkey AI literacy after the May 2026 update

End-to-end service to promote AI literacy under Article 4 of Regulation (EU) 2024/1689 in the version after the Digital Omnibus political agreement of 7 May 2026 (formal adoption pending). The duty remains, now framed as an obligation of means; a documented baseline training is the most practical way to prove it. Online platform, training manual, evaluated exam, named certificates and a cryptographically signed evidence dossier. Sector-neutral, suitable for any company whose staff uses AI tools.

Sector-neutral From 1 participant EUR 20 per participant, no commitment Audit-grade evidence dossier (Ed25519) Reaches every worker, even without an email account (PIN cards)
Request a quote See how it works

Looking for the full SME obligations overview? Complete EU AI Act SME compliance guide (Art. 4, 5, 26, 27, 50)

Regulation (EU) 2024/1689 · AI Act · Digital Omnibus 7 May 2026

The legal framework after the Digital Omnibus of 7 May 2026

Article 4 (AI literacy) of Regulation (EU) 2024/1689 has been in force since 2 February 2025. With the political agreement on the Digital Omnibus on 7 May 2026 (formal adoption pending), the scope of Article 4 has been reframed as an obligation of means: providers and deployers shall take measures to support the AI literacy of their staff and of persons acting on their behalf dealing with the operation and use of AI systems. The duty to ensure a specific level becomes an obligation of means, but the obligation remains: you must take and document measures, and a documented training is the most practical way to prove it. The competent authorities gain their enforcement powers on 2 August 2026; in Spain this is AESIA, in Germany the Bundesnetzagentur coordinates market surveillance. The AI Act sets no specific fine for Article 4: its sanctions are left to each Member State. The high fine brackets of Article 99 (up to EUR 35 million or 7 % of worldwide annual turnover) apply to other breaches, especially the prohibited practices in Article 5.

Freshlab Recommendation

Still a legal obligation, now as an obligation of means

The Digital Omnibus does not remove the Article 4 obligation: it only reframes it from an obligation of result into an obligation of means. That is why we recommend that every company runs a documented baseline training for all staff who touch AI. Three reasons: first, it demonstrably covers the obligation of means before the competent authority, which gains its enforcement powers from 2 August 2026 onwards. Second, it shields against liability risks from AI misuse, even without administrative fines. Third, it operationally ensures that staff use AI systems safely, in line with GDPR and free of Shadow-AI risks. A one-off audit dossier with a signed proof per person is the fastest way to demonstrate the obligation of means to a supervisory authority.

Pricing

One single rate, all-inclusive

Single price per participant. No minimum, no maximum, no commitment period. The invoice grows with your workforce, nothing more.

Single rate · All inclusive

EU AI Act Art. 4 turnkey training

EUR 20 Per participant · VAT excluded · No commitment

Everything you need to prove compliance with Art. 4 AI Act before a supervisory authority: training manual, evaluated exam, named certificates and a cryptographically signed audit dossier at campaign closure.

  • Training platform with personal access link per participant
  • Excel import for participants, mail-code verification
  • Training material in English (Spanish available, others on roadmap)
  • Exam of 5 to 6 questions, 80 % pass threshold
  • Up to 3 attempts per participant with waiting period
  • Reading tracking (time and document progress)
  • Named certificate with your logo and verifiable SHA-256 code
  • Automatic reminders for those who haven't completed
  • Real-time dashboard for Compliance and HR
  • Signed dossier at closure with all auditable evidence
  • Email support throughout the campaign
  • Full deletion of personal data 90 days after dossier handover
  • Printed PIN cards for staff without corporate email (shop floor, shift, temp, cleaning), with QR + 4-word address + 6-digit PIN, training in the worker's native language
  • Multi-user HR portal: hand-out tracking, lost-card regeneration, real-time progress, all in the tamper-evident audit chain
EUR 600Company with 30 employees
EUR 2,000Company with 100 employees
EUR 4,000Company with 200 employees
VolumeAbove 300, tailored offer

Rate per participant, all inclusive. No minimum, no maximum, no commitment period. Offer valid 60 days. VAT excluded. Platform hosted on private European infrastructure, with no transfer to public cloud services. Billing by Freshlab Iberia, S.L.U.

Scope

What the training manual covers

18-page base manual, ready and sector-neutral. Each deployment is fully personalised during the alignment week: your corporate identity, the data of your designated AI Officer and real examples adapted to your specific sector (services, industry, retail, healthcare, education, public administration).

Included in the syllabus (15 sections)

  • Legal framework and application timeline of the AI Act
  • Risk model and prohibited practices (Art. 5)
  • Safe use of cloud AI and service comparison
  • GDPR applied to the AI context
  • Human oversight, hallucinations and bias (Mata v. Avianca case)
  • Transparency and labelling obligation (Art. 50)
  • Effective and safe prompting (R-O-C-R framework)
  • Shadow AI: scenarios, risks and internal policy
  • Penalty regime (Art. 99) and complaints before supervisory authorities
  • Internal process, tool inventory and roles
  • Checklists and daily decision tree
  • Glossary of 21 terms and regulatory references

Out of scope

  • Translation of the material to additional languages (delivered in English)
  • In-person sessions or synchronous virtual classroom
  • Integration with your LMS
  • Specialised training on development or validation of high-risk AI systems (Art. 9 to 15 AI Act)
  • Adaptation of the syllabus to an internal private AI platform (optional evolution)

How it works

Five steps, from start to finish

You deliver an Excel, we run the campaign, you receive the signed dossier.

1

Excel

You deliver name, email, department and role of each participant.

2

Invitation

Personal link by email, verification via one-time code.

3

Reading

Document accessible on screen, minimum reading time and progress tracked.

4

Exam

5 to 6 random questions. Pass at 80 %, up to 3 attempts.

5

Certificate

Named PDF with your logo and verifiable code. Signed dossier at closure.

Inclusion and reach

Reach every employee, even without an email account

Production workers, temps, shift staff and cleaning teams are onboarded with printed PIN access cards, right at their workplace. No corporate email account, no personal smartphone, no self-registration overhead.

A

HR prints A4 cards

Personalised per employee: client logo, QR code, 4-word address in the training language (e.g. tree-house-bread-river) and a 6-digit PIN.

B

Worker accesses on the floor

Scans at a shop-floor kiosk or their own phone, or types the word address by hand. Enters the PIN, reads the document, takes the quiz.

C

Signed certificate

Receives a named, verifiable certificate in their native language (EN, DE, ES, DA), even without a corporate email or personal smartphone.

HR stays in control at every step

  • Own portal access per HR person
  • Marks each card "handed out on ... by ..."
  • Regenerates cards for lost copies
  • Watches each worker's quiz progress in real time
  • All actions in the tamper-evident audit chain
  • No corporate Single Sign-On, no employee accounts

Audit guarantees

Evidence reconstructable years later

Every action is traced so that any inspector can reconstruct the campaign years later, without access to the platform.

Hash-chained event log

Every event (invitation, reading, attempt, pass, certificate) is chained to the previous via SHA-256. Any later tampering breaks the chain and is detectable.

Ed25519-signed ZIP with offline viewer

The classical paper acknowledgement is replaced by an Ed25519-signed ZIP package: certificate PDFs with live-verify QR codes, the original training document with SHA-256 fingerprint, a hash chain of every audit event, an offline viewer.html that works without Internet, and a reproducible verification script for Linux, macOS and Windows. Auditable today, in 5 years and in 20, with no vendor lock-in.

Private European hosting

European infrastructure with no personal data transfer to public cloud services. GDPR-compliant by design. Data Processing Agreement (DPA) included.

Minimised data, portable evidence

Personal data is kept on the platform only during the active campaign plus 90 days of courtesy retention. After that it is fully erased. The signed dossier delivered to you is the complete auditable evidence, archived by you as the data controller under GDPR. Even after personal data is deleted, the signed certificate remains cryptographically verifiable.

Timeline

Standard calendar from order confirmation

Adaptable to your pace. A standard campaign closes in seven weeks.

Week 1
Alignment.Material review with Compliance, Quality and HR leads. Agreement on logos, deadlines and internal communication templates.
Week 2
Excel import and launch.Participant import, pilot group test, mass invitation send-out.
Weeks 3 to 6
Active campaign.Participants access, read and pass. Automatic reminders for stragglers. Dashboard always accessible.
Week 7
Closure.Generation of the signed dossier for the company. Delivery of the signed ZIP and verification manifest.

Frequently asked questions

What to know about Art. 4 of the AI Act

What does Article 4 of Regulation (EU) 2024/1689 say after the Digital Omnibus of 7 May 2026?
Article 4 (AI literacy) requires providers and deployers of AI systems to take measures to support the AI literacy of their staff and of persons acting on their behalf dealing with the operation and use of AI systems. With the Digital Omnibus political agreement of 7 May 2026 (formal adoption pending), the original obligation to ensure a sufficient level has been reframed from an obligation of result into an obligation of means, but the duty remains. The framework has been in force EU-wide since 2 February 2025 and is sector-neutral.
Is AI training still mandatory in the EU in 2026?
Yes. Article 4 of the AI Act remains legally binding. After the Digital Omnibus of 7 May 2026 it is framed as an obligation of means: no specific course is mandated, but you must take and document measures to support the AI literacy of your staff. A documented training is the most practical and demonstrable way to prove this to the competent authority, whose enforcement powers begin on 2 August 2026. In Spain the authority is AESIA; in Germany the Bundesnetzagentur acts as the central coordinating market surveillance authority. A documented training also reduces civil liability risk from improper AI use.
What penalties apply for breaching Article 4?
The AI Act sets no specific fine for Article 4: unlike Article 5 (prohibited practices) or the other obligations covered by Article 99, the consequences of an Article 4 breach are left to each Member State. In practice, what matters is being able to demonstrate the measures taken to the competent authority, whose enforcement powers begin on 2 August 2026. The high fine brackets of Article 99 (up to EUR 35 million or 7 % of worldwide annual turnover) apply to other breaches, especially Article 5. The full penalty matrix and complaint procedure is covered in section 9 of the manual.
Who must be trained under Article 4?
Anyone in the organisation operating, supervising or affected by an AI system. This covers use of generalist cloud assistants (ChatGPT, Copilot, Gemini) as well as internal AI systems. Sector-neutral: applies to services, industry, retail, healthcare, education and public administration.
Is the certificate legally valid before a supervisory authority?
At campaign closure you receive a cryptographically signed evidence dossier with all per-participant proofs: invitation, reading, exam attempts, pass and named certificate. Each event is chained to the previous via SHA-256 so any later tampering is detectable. This dossier replaces the paper acknowledgement of receipt and is the auditable evidence.
Where is personal data hosted?
The platform is hosted on private European infrastructure, with no personal data transfer to public cloud services. GDPR-compliant by design. Data Processing Agreement included. Personal data is fully erased 90 days after dossier handover.
Are there in-person sessions or synchronous virtual classes?
No. The training is asynchronous: each participant accesses via a personal link, reads the manual at their own pace and passes the exam. This makes it feasible to train large workforces without operational downtime. If you also need on-site IT or Key-User training, see the Corporate AI Training page.
How much does the training cost per participant?
EUR 20 per participant, VAT excluded, all-inclusive, no commitment, no minimum quantity. A 30-employee company invests EUR 600; a 200-employee one, EUR 4,000. Above 300 participants, a tailored offer with volume conditions applies.
How do we train workers without a corporate email account?
We generate a personalised A4 card per employee with the client logo, a QR code, an easy-to-type 4-word address (e.g. tree-house-bread-river) and a 6-digit PIN. HR hands the card out in person and logs the hand-out in the portal. The worker scans at a shop-floor kiosk, on their own phone, or types the word address, enters the PIN, reads the document, passes the quiz and receives a signed certificate in their native language (EN, DE, ES, DA). No corporate email, no Single Sign-On, no self-registration. Especially useful for production workers, temps, shift staff and cleaning teams.
How does the evidence stay valid for 10 or 20 years?
The final dossier is signed with Ed25519, a long-lived standard cryptographic signature. The package contains the certificate PDFs with live-verify QR codes, the training document with SHA-256 fingerprint, the hash chain of every audit event, an offline viewer.html that works without Internet, and a reproducible verification script that confirms authenticity on any future Linux, macOS or Windows machine. The package is self-contained and independently auditable: even if the kAIra platform were no longer running, the proof remains intact and verifiable, with no cloud vendor lock-in and no expiry.

Next step: material alignment

A 30-minute call with Compliance and Quality to review the manual and agree the calendar. To launch the campaign we need four deliverables from you:

  • Excel with name, email, department and role of each participant
  • Logo in high resolution (PNG or SVG) for the certificates
  • Person designated as AI Officer, with name and title
  • Target date for campaign completion
Request a tailored quote Email info@freshlab.es
Emailinfo@freshlab.es
Phone+34 722 715 740
Webfreshlab.es
Response timeunder 24 h