AI Officer and AI training programs

As of February 2, 2025, Article 4 of the European AI Act is in force. This regulation obliges companies to ensure that their employees have sufficient “AI literacy”. This affects all providers and deployers of AI systems. For companies, this may mean that the use of AI tools such as ChatGPT or Microsoft Copilot is already considered sufficient to fall within the scope of the regulation.

What is “AI literacy”?

According to Article 4 of the AI Act, managing directors of affected companies are obliged to take measures to ensure AI literacy. This is intended to ensure that both staff and other persons involved in the use of AI systems on behalf of the company have a sufficient level of AI competence. The EU legislator is particularly focused on the technical knowledge, experience, education and training of employees as well as the context in which the AI systems are to be used (Art. 4 AI Act).

But what exactly does the legislator mean by “AI literacy”? Article 3 (56) of the AI Act defines AI competence as the skills, knowledge and understanding necessary to use AI systems in an informed manner, to gain awareness about recognize the potential risks and opportunities associated with them and as well as to gain awareness about the opportunities and risks of AI and possible harm it can cause.

According to Recital 20 of the AI Act, AI literacy should help all actors along the AI value chain to make informed decisions and ensure compliance with the AI Act. This includes both technical knowledge and the ability to understand the potential impact of the use of AI.

What companies need to be aware of?

Take Action on AI Literacy: Train employees to ensure they use AI tools with technical expertise and legal compliance. This includes raising awareness of AI's opportunities, risks, and potential harms it may cause.
Conduct Risk Analyses for AI Systems: Perform context-specific risk assessments for AI tools.
Implement Transparency, Labeling, and Documentation Requirements: Depending on the type of AI system, user information, reports, documentation or registration with authorities may be required.
Ensure Legally Compliant Contracts: When using AI systems, particular attention must be paid to aspects of copyright, privacy and data protection law.

Key contacts

Dr Felix Wittern

Partner, Co-Head Technology & Data Practice Group
Hamburg, Germany +49 (0)40 87 88 698 114 Email Dr Felix

Data Protection

Dispute Resolution

Technology and Data

Technology and Outsourcing
Stephan Zimprich

Partner, Co-Head Technology & Data Practice Group
Hamburg, Germany +49 (0)40 87 88 698 118 Email Stephan

Artificial Intelligence

Cyber Security

Data Protection

Technology and Outsourcing
Dr Simon Assion, CIPP/E

Partner, Technology & Data
Frankfurt am Main, Germany +49 (0)69 204 342 182 Email Simon

Artificial Intelligence (AI)

Automotive & Mobility

Technology and Outsourcing

Technology, Media and Telecommunications
Dr Martin Diesbach, licencié en droit

Partner, Media & Entertainment
Munich, Germany +49 (0)89 620 306 229 Email Dr Martin

Access to Information and Press Law

Artificial Intelligence (AI)

Commercial

Gambling law
Dr Gerd Hansen

Partner, Media & Entertainment
Munich, Germany +49 (0)89 620 306 225 Email Dr Gerd

Artificial Intelligence (AI)

Legal Technology

Media and Entertainment

Technology, Media and Telecommunications
Thorsten Ihler

Partner, Technology & Data
Hamburg, Germany +49 (0)40 87 88 698 207 Email Thorsten

Cyber Security

Data Protection

Tech Meets Finance (TMF)

Technology
Elisabeth Noltenius, LL.M.

Partner, Media & Digital Commerce
Berlin, Germany +49 (0)30 700 167 001 Email Elisabeth

Commercial

Intellectual Property

Life Sciences & Healthcare

Technology
Dr Philipp Plog

Managing Partner - Germany, Technology & Data
Hamburg, Germany +49 (0)40 87 88 698 537 Email Dr Philipp

Intellectual Property

Retail and Consumer

Technology, Media and Telecommunications
Oliver Süme

Partner, Co-head of Technology
Hamburg, Germany +49 (0)40 87 88 698 217 Email Oliver

Artificial Intelligence

Cyber Security

Data Protection

Technology and Outsourcing
Katharina A. Weimer, LL.M. (UNSW)

Partner, Technology & Data
Munich, Germany +49 (0)89 620 306 205 Email Katharina A.

Artificial Intelligence

Cyber Security

Data Protection

Financial Services

See full team

Who needs an AI officer?

In comparison to data protection law, which requires the appointment of a data protection officer when processing personal data (Art. 37 GDPR/ § 38 BDSG), the AI Act does not contain an explicit obligation to appoint a designated AI officer. Nevertheless, the more actively AI systems are used in the company, the more it is recommended to nominate a designated AI officer. However, it is not enough to simply appoint a colleague with a particular affinity for technology as the AI officer. Rather, it is necessary to train the entire team and ensure interdisciplinary AI expertise in all areas of the company.

The challenge is that not every company has the necessary resources or know-how to ensure the legally required AI expertise internally. For small and medium-sized companies in particular, the most pragmatic solution may therefore be to appoint an external AI officer and use external AI training services.