AI literacy has been a legal duty since February 2025 under Article 4 of the EU AI Act. From 2 August 2026, the wider AI Act regime kicks in: high-risk system rules, transparency obligations, conformity assessments and the bulk of the penalty regime become enforceable.
Article 4 requires every employer deploying AI to ensure their staff, and anyone operating on their behalf, have sufficient understanding of the systems they use, what those systems can and cannot do, and the risks they carry.
While the UK is not directly bound by the AI Act, any organisation with EU operations, EU data subjects, EU-based partners or shared services falls within its scope. UK organisations also have parallel obligations under the Data (Use and Access) Act 2025, which requires meaningful human involvement in significant decisions made with AI.
For most UK social care providers, AI literacy is a near-term obligation, not a future ambition.
These are the actual statutory sources, with the AI-specific articles flagged. Everything below the links is plain-English summary, written for social care leaders who need to brief a board or evidence a CQC inspection.
AI-specific by design. The whole regulation governs AI.
No standalone AI chapter, but Part 5 reshapes the rules for automated decisions.
Article 4 of the EU AI Act is the headline. Since 2 February 2025 it has been a binding obligation on any organisation deploying AI where output reaches the EU market. It requires providers and deployers to ensure their staff have sufficient AI literacy, proportionate to technical knowledge, experience, education, and the context of use. There is no certified curriculum, no exemption for small organisations, and no get-out for UK providers with EU service users, EU contractors or EU data flows.
For training providers this creates three concrete drivers. One, employers need evidence: CPD-aligned modules, completion records, dated certificates, and a documented curriculum become the audit artefact a regulator or commissioner can ask for. Two, literacy must be role-based, not generic awareness. A frontline social worker using Copilot to draft case notes needs different training from an SLT signing off procurement; the Act expects content proportionate to role and risk. Three, social care sits inside the high-risk category. Annex III flags AI used in employment, education, essential public services and access to social benefits as high-risk, so children's services, adult social care and safeguarding decisions raise the literacy bar.
The DUAA layer sits on top. Sections 80–85 relax UK rules on solely-automated decisions but bring new safeguards: meaningful human review, the right to contest, and clearer notice. Practitioners using AI to draft assessments, score risk or triage referrals need to understand where the legal line between AI-assisted and solely-automated decision sits. That is core content for Modules 1, 2 and 5 of the TESSA curriculum.
If your organisation deploys AI systems where the output reaches the EU market, or you have EU-based service users, EU contractors or EU data flows, Article 4 of the EU AI Act has required staff AI literacy since 2 February 2025. UK organisations outside that scope still face overlapping obligations under the Data (Use and Access) Act 2025, the UK GDPR and ICO guidance, which together expect staff to understand AI systems they operate.
Providers and deployers of AI systems must take measures to ensure, to their best extent, a sufficient level of AI literacy among their staff and other people operating AI on their behalf. The level expected is proportionate to technical knowledge, experience, education, training, the context of use, and the people the AI is used on. There is no prescribed curriculum or certification. Read Article 4 in full.
The DUAA received Royal Assent on 19 June 2025. The AI-relevant provisions are mainly in Part 5, sections 80 to 85, which replace UK GDPR Article 22 on automated decision-making. They permit solely-automated significant decisions in more cases but require safeguards: meaningful human review, the right to contest, and clear notice to the data subject. Section 86 also gives the ICO an explicit innovation duty. Read Part 5.
Regulation (EU) 2024/1689 entered into force on 1 August 2024. Prohibited practices and the Article 4 literacy duty applied from 2 February 2025. General-purpose AI obligations applied from 2 August 2025. The full regime, including high-risk rules, transparency, conformity assessments and penalties, becomes enforceable from 2 August 2026. Rules for high-risk systems embedded in regulated products apply from 2 August 2027.
TESSA Training, part of TESSA Tools Ltd (UK company number 16752016), provides CPD-aligned AI literacy modules for the UK social care workforce. Six modules cover practitioner literacy and a seventh covers senior leadership governance. The curriculum is mapped to Article 4 of the EU AI Act and to UK obligations under the Data (Use and Access) Act 2025 and ICO guidance. Founder Nadia Hajat is a registered social worker undertaking a Professional Doctorate on AI literacy in social work practice at Nottingham Trent University. See the modules or apply for the pilot.
Apply for the pilot or talk to me about a custom build for your team.