AI Literacy Baseline (EU AI Act Art. 4)

Why This Module Exists

There are two reasons, and they are not the same. The first is legal. Since 2 February 2025, EU AI Act Article 4 has been in force: any organization that provides or deploys an AI system touching the EU market must ensure its staff — and any contractor operating AI on its behalf — have "a sufficient level of AI literacy." This is not a poster in the break room. The regulators have stated plainly that handing people a tool's usage instructions is insufficient. Enforcement begins 2 August 2026. If you operate in or sell into the EU and cannot show documented, role-tailored literacy training, you have an open compliance gap. This module closes it, and the completion log at the end is your evidence.

The second reason is operational, and it bites sooner than any regulator will. Generative AI is now bottom-up and everywhere — staff adopt tools before policy catches up, and executives are among the heaviest unsanctioned users. An employee who does not understand that a language model can be confidently, fluently wrong will paste it into a customer email, a board deck, or a compliance filing. An employee who does not understand data classification will paste a customer record or a snippet of source code into a free chatbot whose terms allow training on the input. Each of those is a real incident waiting for a name.

Learning Objectives

By the end of this module, participants will be able to:

1. Explain in plain language what a large language model (LLM) is and what it is not — a predictor of likely text, not a knowledge database or a calculator.
2. Name and recognize the three core failure modes: hallucination, bias, and confident-but-wrong output — and give an example of each from their own work.
3. State the Article 4 obligation in one sentence and explain why "we gave them instructions" does not satisfy it.
4. Classify data correctly using the company's four-tier scheme and decide, for any given piece of information, whether it may go into an AI tool.
5. Identify shadow AI and choose the sanctioned alternative instead of the convenient unsanctioned one.
6. Write a basic effective prompt and critically evaluate the output before trusting or forwarding it.
7. Decide when to escalate — naming at least three triggers that mean "stop and ask a human."
8. Complete and sign the AI Literacy completion log, contributing to the company's Article 4 evidence record.

Session Agenda

Core Content

Part 1 — What Generative AI Actually Is (And Isn't)

A large language model is a system trained on enormous amounts of text to do one thing: predict the next most likely word (technically, the next "token") given everything before it. Chatbots like ChatGPT, Claude, Gemini, and Microsoft Copilot are LLMs wrapped in a friendly chat interface. When you ask a question, the model is not "looking up" an answer. It is generating text that statistically resembles a good answer based on patterns it learned in training.

That single fact explains almost everything else in this module. The model is fluent, confident, and grammatical — because it learned from fluent, confident, grammatical text. Fluency is not accuracy. The model can produce a beautifully worded, completely false statement with exactly the same confidence as a true one, because to the model they are the same kind of object: likely text.

   YOU TYPE                 THE MODEL DOES                 YOU GET BACK
 ┌───────────┐   ┌────────────────────────────────┐   ┌────────────┐
 │ a question│ → │ predicts likely next words, one   │ → │ fluent text│
 │ or task   │   │ at a time, from learned patterns  │   │ (maybe true│
 └───────────┘   │ — NOT a lookup, NOT a calculator  │   │  maybe not)│
                 └────────────────────────────────┘   └────────────┘
        It optimizes for "sounds right," NOT "is right."

What it is good at: drafting, summarizing, rephrasing, brainstorming, explaining a concept, translating tone, generating first-draft code or text you will review.

What it is NOT: a search engine you can trust without checking, a database of facts, a calculator, a lawyer, a doctor, or a substitute for your own judgment. (Many tools now add web search or a calculator on top of the model — useful, but it does not change the rule below.)

Do / Don't

Part 2 — How AI Fails: Hallucination, Bias, Confident-But-Wrong

There are three failure modes everyone must recognize on sight.

1. Hallucination. The model produces information that is fabricated but plausible: a fake legal case, a non-existent statistic, a citation to a paper that was never written, a quote no one said, an API function that does not exist. It is not "lying" — it is doing exactly what it was built to do (produce likely text) in a situation where the likely text happens to be false.

2. Bias. The model learned from human-written text, which carries human biases. It can reproduce or amplify stereotypes about gender, race, age, and other attributes — in hiring language, in who it assumes holds which job, in tone toward different groups, in which examples it reaches for first. Bias is most dangerous in consequential decisions (hiring, lending, eligibility, content moderation), which is exactly where extra human review is mandatory.

3. Confident-but-wrong. This is the meta-failure that makes the other two dangerous. The model has no built-in signal for its own uncertainty in the way a careful human does. A wrong answer arrives in the same fluent, assured tone as a right one. There is no flashing red light. The burden of doubt is entirely on you.

  ┌───────────────────────────────────────────────────────┐
  │  HALLUCINATION   →  invented facts, fake citations         │
  │  BIAS            →  reproduces/amplifies human stereotypes  │
  │  CONFIDENT-WRONG →  same calm tone for true AND false       │
  └───────────────────────────────────────────────────────┘
        The fix for all three is the same: a human verifies.

Part 3 — The Article 4 Obligation (Your Legal Baseline)

This module is the company's Article 4 control. You should understand what the obligation is so you understand why we log it.

The rule, in one sentence: Anyone who provides or deploys AI systems in the EU must ensure staff and contractors operating AI on their behalf have a sufficient level of AI literacy.

Two things matter in that sentence:

• "Provider AND deployer." You do not have to build AI to be covered. If you use a third-party AI tool in your work, your company is a deployer, and the obligation applies. Almost every company is now a deployer.
• "Sufficient AI literacy." The European Commission and major law firms have been explicit: distributing usage instructions is not enough. Sufficient literacy means people understand, at minimum:
  • what AI is and how it can fail,
  • whether the company is building or merely using a given system,
  • the specific risks of the systems they actually touch,
  • and content tailored to their technical level and role — a non-technical sales rep and a platform engineer need different depth.

And it must be documented. Training that happened but cannot be evidenced does not help you in an audit.

  ARTICLE 4 — minimum sufficient literacy
  ┌─────────────────────────────────────────────────┐
  │ general understanding of AI ........... Part 1 + 2        │
  │ build-vs-deploy posture awareness ..... Part 3 (this part)│
  │ risk awareness for systems you use .... Part 2 + 4        │
  │ tailored to staff technical level ..... role-based tracks │
  │ DOCUMENTED COMPLETION ................. the log, signed   │
  └─────────────────────────────────────────────────┘
  In force 2 Feb 2025 · Enforcement begins 2 Aug 2026

Part 4 — Acceptable Use & Data Classification (What Can and Can't Go In)

The single most common way staff create risk is by putting the wrong data into an AI tool. Once you paste something into a tool, you may have no control over whether it is stored, logged, reviewed by humans, or used to train a future model. The rule is simple: classify before you paste.

We use four data tiers. Learn them — this is the part you will use every single day.

The default-safe rule for non-technical staff: If you are not sure which tier it is, treat it as Tier 4 and do not paste it. When in doubt, ask before, not after.

Acceptable-use essentials (the short version):

• Use only sanctioned tools from the approved list. Sanctioned tools have terms negotiated so your input is not used to train the vendor's models, and they sit inside the company's security perimeter.
• Never paste Tier 4 data (customer PII, PHI, payment data, credentials, secrets) into any AI tool.
• Never paste secrets — API keys, passwords, tokens, private keys. Treat these as Tier 4 instantly.
• AI output is a draft, not a deliverable. A human owns and signs off on anything that leaves the company.
• Disclose AI use where a policy, a client contract, or a grant requires it.

  THE 5-SECOND DATA CHECK (do this before every paste)
  ┌─────────────────────────────────────────┐
  │ 1. What tier is this?  (Public / Internal / Conf / Restr)│
  │ 2. Is this a sanctioned tool?            (yes / no)      │
  │ 3. Tier 3? approval + opt-out verified?  (yes / no)      │
  │ 4. Tier 4? STOP. Do not paste. Ask.                     │
  │ 5. Any secret/credential? STOP. Never.                  │
  └─────────────────────────────────────────┘

Part 5 — Shadow AI Safety + Prompting and Evaluating Output

Shadow AI is any AI tool used for work that the company has not sanctioned — the personal ChatGPT account, the browser extension that "summarizes anything," the free image generator, the random app a colleague recommended. People reach for shadow AI because it is convenient and the sanctioned path feels slower. The danger is invisible: you do not know the vendor's data practices, whether your input trains their model, or whether it meets the company's security and compliance bar.

The shadow-AI safety basics:

• Prefer the sanctioned tool every time, even when it is one extra click.
• If the sanctioned set is missing something you genuinely need, ask for it to be added — do not route around it quietly. (Module K covers this in depth; the company manages shadow AI by enablement, not bans.)
• Be alert to prompt injection: malicious instructions hidden inside content you feed the AI — a webpage, a document, an email — that try to make the AI do something it shouldn't. If an AI suddenly behaves oddly after you fed it external content, stop and report it.

Prompting basics — how to get a useful answer:

A good prompt gives the model role, task, context, and format.

• Weak: "Write about our product."
• Strong: "You are a B2B copywriter. Write a 120-word LinkedIn post announcing our new analytics dashboard to operations managers at mid-size SaaS companies. Plain, confident tone. No buzzwords."

Then iterate: tell it what to fix. "Shorter." "More concrete." "Remove the marketing tone." Treat it as a conversation, not a vending machine.

Critically evaluating output — the four checks before you trust it:

1. Verify facts. Any name, number, date, quote, citation, or claim of fact — confirm it independently. Assume citations may be fabricated until checked.
2. Check for the tells. Over-confidence on something niche, suspiciously round numbers, a citation you cannot find, reasoning that skips a step.
3. Apply your own judgment. Does this match what you know about the situation? If it contradicts your domain knowledge, trust yourself and dig in.
4. Own it. If you forward it, you are vouching for it. Your name, not the model's, is on the output.

Part 6 — When to Escalate

Knowing when to stop and ask a human is a core literacy skill, not a sign of weakness. Escalate — to your manager, the AI/security point of contact, or legal/compliance — when any of these is true:

• High-stakes output. Anything going to a customer, regulator, board, court, investor, or the public, where an error has real consequences.
• Consequential decisions about people. Hiring, firing, lending, eligibility, discipline, or anything where bias would cause harm. A human must own these decisions.
• Regulated or restricted data is involved. Any time Tier 4 data is in the picture and someone is tempted to use AI on it.
• You can't verify it and you can't afford to be wrong. If you cannot check the answer and the cost of error is high, do not ship it on the model's word.
• The tool behaved strangely. Suspected prompt injection, a tool ignoring its instructions, output that seems manipulated, or a leak of information it shouldn't have.
• You're being asked to use a non-sanctioned tool for real work, or to paste data you're unsure about.

  ESCALATION QUICK-PATH
  high stakes? ─┐
  about people? ├─→ YES to any → STOP → ask a human before proceeding
  Tier 4 data? ─┤              (manager / AI-security contact / legal)
  can't verify? ─┘

Hands-On Lab / Exercises

Exercise 1 — The Data Sort (8 minutes)

Below are ten items. For each, write the tier (1–4) and a yes / conditional / no on whether it may go into a sanctioned AI tool. Then check against the key.

1. Last quarter's published press release.
2. A customer's full support ticket including their name and email.
3. Your team's internal draft of next year's product roadmap.
4. A blog post draft with no confidential data.
5. A snippet of the company's proprietary source code.
6. A patient's medical record (healthtech context).
7. A list of marketing taglines you're brainstorming.
8. An AWS secret access key.
9. Anonymized, aggregated usage stats already shared publicly.
10. A signed customer contract.

Facilitator answer key:

Exercise 2 — The Prompt Critique (8 minutes)

You asked an AI tool: "Give me three statistics about AI adoption in fintech, with sources." It returned three crisp statistics, each with a percentage, a year, and a named research firm.

Tasks:

1. List the verification steps you must take before using any of these statistics in a client deck.
2. Identify which failure mode is the biggest risk here.
3. Decide: ship as-is, ship after verification, or escalate?

Facilitator answer key:

1. Independently locate each cited source; confirm the firm published it; confirm the exact figure, year, and context; if a source cannot be found, discard the statistic. Do not "trust the round number."
2. Hallucination — fabricated statistics with fake-but-plausible citations are a classic LLM failure, and they are riding on confident-but-wrong delivery.
3. Ship only after full verification. Because it is going to a client (high stakes), if any statistic cannot be verified, discard it. If the whole set is unverifiable, escalate or source figures the normal way.

Exercise 3 (optional, team) — "Find the Tier-4 Paste" (5 minutes)

In small groups, each person names one realistic moment in their own daily work where they'd be tempted to paste Tier 3 or Tier 4 data into an AI tool. The group identifies the sanctioned alternative for each. Output: a short list the manager forwards to the AI/security contact as feature requests for the sanctioned toolset.

Templates & Takeaway Artifacts

Artifact 1 — AI Literacy Completion Log (Article 4 evidence)

Keep this record current; it is the documented evidence Article 4 requires. One row per person; retain through at least the enforcement period and per the company's records-retention policy.

┌─────────────────────────────────────────────────────────────────────────────┐
│  IIIBC AI LITERACY BASELINE — COMPLETION LOG (Module B)                             │
│  Article 4 (EU AI Act) evidence of record · Module version: 1.0                     │
├──────────┬───────────┬───────────────┬──────────┬───────────┬──────────┬──────────┤
│ Name     │ Role /    │ Staff or      │ Tailored │ Completion│ Score    │ Signature│
│          │ Dept      │ Contractor    │ track    │ date      │ (≥80%)   │ / attest │
├──────────┼───────────┼───────────────┼──────────┼───────────┼──────────┼──────────┤
│          │           │               │          │           │          │          │
│          │           │               │          │           │          │          │
│          │           │               │          │           │          │          │
└──────────┴───────────┴───────────────┴──────────┴───────────┴──────────┴──────────┘
  Owner of record: ____________________   Storage location: ____________________
  Review cadence: on hire · on material AI-policy change · annually
  "Tailored track" = Awareness (all) / Practitioner / Builder / Leader — Art. 4 requires
  content matched to the person's technical level and the systems they actually use.

Artifact 2 — One-Page "AI Ground Rules" Cheat Sheet (print and keep)

╔═══════════════════════════════════════════════════════════════════╗
║                 AI GROUND RULES — keep this at your desk                ║
╠═══════════════════════════════════════════════════════════════════╣
║                                                                        ║
║  1. AI PREDICTS LIKELY TEXT. It is not a fact database. Fluent ≠ true.  ║
║                                                                        ║
║  2. IT FAILS 3 WAYS:                                                    ║
║       • Hallucination  — invents facts & citations                     ║
║       • Bias           — repeats human stereotypes                     ║
║       • Confident-wrong — wrong answers sound exactly like right ones  ║
║     YOU verify. Every fact, name, number, quote, citation.             ║
║                                                                        ║
║  3. CLASSIFY BEFORE YOU PASTE:                                          ║
║       Public/Internal → sanctioned tool OK                             ║
║       Confidential    → sanctioned + opt-out + approval                ║
║       Restricted (PII/PHI/payment/secrets) → NEVER. Stop. Ask.         ║
║     Not sure? Treat it as Restricted.                                  ║
║                                                                        ║
║  4. USE SANCTIONED TOOLS ONLY. No personal accounts for work data.     ║
║     Need a tool we don't have? Ask for it — don't route around.        ║
║                                                                        ║
║  5. OUTPUT IS A DRAFT. A human owns and signs what leaves the company. ║
║                                                                        ║
║  6. ESCALATE when: high stakes · decisions about people ·              ║
║     Tier-4 data · you can't verify it · the tool acted strange.        ║
║     → manager / AI-security contact / legal. Asking is the smart move. ║
║                                                                        ║
║  Sanctioned tools list: ________   AI/security contact: ________       ║
╚════════════════════════════════════════════════════════════════════╝

Artifact 3 — Prompt Starter Pattern

ROLE:    You are a [job/expertise].
TASK:    [One clear action — draft / summarize / rewrite / explain].
CONTEXT: [Audience, purpose, constraints, what to avoid].
FORMAT:  [Length, structure, tone].
→ Then iterate: "shorter" · "more concrete" · "drop the buzzwords" · "show your reasoning"
→ Then EVALUATE: verify facts · check the tells · apply your judgment · own it.

Knowledge Check

1. (MCQ) A large language model fundamentally works by:
   a) Looking up verified facts in a database b) Predicting the next most likely word from learned patterns c) Reasoning like a human expert d) Searching the live internet for every answer
2. (MCQ) "Hallucination" in an LLM means:
   a) The tool crashes b) It refuses to answer c) It produces fabricated but plausible-sounding information d) It returns blank output
3. (Short answer) State the EU AI Act Article 4 obligation in one sentence, and explain why giving staff a tool's usage instructions does not satisfy it.
4. (MCQ) Your company uses a third-party AI tool but does not build any AI. Under Article 4 you are:
   a) Exempt — only AI builders are covered b) A deployer, and the obligation applies c) Covered only if you have EU customers and over 250 staff d) Covered only after 2 August 2026
5. (Short answer) A customer's full support ticket (name, email, account details) — what data tier is it, and may you paste it into your personal ChatGPT account to draft a reply? Why or why not?
6. (MCQ) You may safely put into a sanctioned enterprise AI tool:
   a) An AWS secret key b) A patient's medical record c) A public press release draft d) A customer's payment card number
7. (Short answer) Name three situations in which you must stop and escalate to a human before relying on AI output.
8. (Short answer) An AI tool gives you three statistics with named sources for a client deck. List the verification steps before you use them, and name the failure mode you're guarding against.

Answer Key

1. b. It predicts likely text; it is not a lookup, a reasoner, or (by default) a live search.
2. c. Fabricated but plausible content — including fake citations.
3. Sufficient: "Any provider or deployer of AI in the EU must ensure staff and contractors have sufficient AI literacy." Instructions alone are insufficient because Article 4 requires general AI understanding, risk awareness for the systems used, content tailored to technical level, and documented completion — not just how-to steps.
4. b. Using third-party AI makes you a deployer; the obligation has been in force since 2 Feb 2025 (enforcement begins Aug 2026).
5. Tier 4 (Restricted). No — never paste customer PII into a personal/free tool. Use the sanctioned tool, ideally with the PII removed; the free tool may store the data or use it to train the vendor's model.
6. c. A public press release draft (Tier 1). The others are Tier 4 — never.
7. Any three: high-stakes output (customer/regulator/board/court); consequential decisions about people (hiring, lending, eligibility); Tier-4/regulated data involved; cannot verify and cannot afford to be wrong; suspected prompt injection / tool behaving strangely; being asked to use a non-sanctioned tool for real work.
8. Independently locate each source, confirm the firm published it, confirm the exact figure/year/context, discard any statistic you can't verify; because it's a client deck (high stakes), don't ship unverifiable figures. Failure mode: hallucination (riding on confident-but-wrong delivery).

Facilitator Guide

Prep checklist

• Insert the company's sanctioned tools list and AI/security contact into Parts 4–6, both artifacts, and the cheat sheet (blanks are intentional).
• Confirm the company's data-classification scheme matches the four tiers here; adjust labels to house terminology if needed.
• Have the completion log ready (shared sheet or LMS field) and confirm who owns the record and where it is stored.
• Prepare one live hallucination demo in a sanctioned tool (e.g., ask for citations on a niche topic and show a fabricated one) — far more memorable than describing it.
• Version-stamp this module (v1.0) so the log ties completion to a specific content version.

Materials needed: the module, the cheat sheet (printed, one per person), the data-sort worksheet, a sanctioned AI tool for the demo, the completion log.

Timing guidance: Self-paced Parts run ~45 min. Keep the live segment to the demo (Part 1/2), the data-sort debrief (Part 4), and signing the log. If time is short, the non-negotiables are Part 2 (failures), Part 4 (data classification), and Part 6 (escalation).

Common pitfalls

• Treating this as IT box-ticking. Lead with a real near-miss (a Tier-4 paste, a hallucinated stat that almost shipped). Make it concrete.
• One-size content. Article 4 requires tailoring. This is the Awareness baseline for everyone; technical staff still complete it but then go deeper in their role module — record the tailored track in the log.
• Forgetting contractors. They are explicitly in scope. Anyone operating AI on the company's behalf completes and is logged.
• No record. Training without a signed, dated, versioned log is not Article 4 evidence. The log is the deliverable.

Discussion prompts

• "Where in your workflow are you most tempted to paste data you shouldn't?"
• "Tell me about a time AI gave you a confident answer that was wrong. How did you catch it — or did you?"
• "What sanctioned tool do we not have that you keep reaching for a personal account to do?"

How to tailor by audience

• Non-technical (GTM, ops, admin): spend the most time on Parts 4 and 6; use customer-email and document examples.
• Technical (eng, data, platform): keep Awareness content, add the source-code/secrets angle in Part 4, and point to Modules I, J, K for depth.
• Managers: add a note that they sign off on their team's completion and model sanctioned-tool use — manager modeling is the biggest adoption driver.

Outcome Scorecard

IIIBC requires measurable proof a deliverable worked. Module B is working when:

Further Resources & Sources

• EU AI Act Article 4 (AI literacy; in force 2 Feb 2025, enforcement begins 2 Aug 2026) — European Commission AI-literacy Q&A; Mayer Brown and Latham & Watkins guidance: provider and deployer scope, "instructions are insufficient," documented + tailored completion. (Authoritative, load-bearing.)
• Competency framework — Alan Turing Institute AI Skills for Business (v3, Dec 2025); SFIA AI skills: Awareness → Practitioner → Builder → Leader.
• Shadow AI — ISACA (auditing unauthorized AI); Cybersecurity Dive (executives are heaviest unsanctioned users); managed by enablement, not bans (see Module K).
• Workforce literacy gap (directional) — ~6% feel "very comfortable" with AI; ~48% would use it more with formal training (WEF / IDC / Workera survey synthesis).
• Related IIIBC modules — F (AI for Everyone), K (Shadow AI & Safe Tool Use), H (Governance & Operating Model), L (AI Regulation & Compliance).