Featured Publication — PECB Insights · Issue 51 · April–June 2025
Operationalizing Responsible AI in Light of the EU AI Act
Governance Begins with Literacy — how AI literacy obligations under the EU AI Act are reshaping the first steps every organisation must take.
Most organizations approaching the EU AI Act focus immediately on risk classification. That instinct is understandable — and premature. The Act’s first enforceable obligation is not about the technology. It is about the people using it.
AI literacy — the competency to understand how an AI system works, evaluate its outputs critically, and exercise meaningful oversight — is where the EU AI Act begins its rollout. This sequencing was deliberate. Regulators recognised that most organisations would be in the nascent stages of governance readiness when enforcement arrived. Literacy is the foundation. Everything else follows.
“Governance readiness is not a compliance milestone. It is a prerequisite for reputational resilience and sustainable AI deployment.”
AI systems are socio-technical systems — not deterministic software. They ingest personal and operational data to make predictions and automate decisions with direct consequences on people’s lives. The governance frameworks built for purely technical systems are structurally ill-equipped for this. Closing that gap requires distributing accountability across every function that touches an AI system, not concentrating it in a single compliance team.
Our team maps the practical steps organisations can take to embed AI literacy at every level — turning a regulatory obligation into a genuine operational capability.
Authors
Katie Grillaert
Chief Strategy Officer · ForHumanity Fellow, AI Governance & Ethics
Esther Y. Chung
Chief Privacy & Risk Officer · ForHumanity Fellow, Ethics & AI Governance
Laura Morgan
Chief Ethics Officer · ForHumanity Fellow, Ethics & Bias
Paul Crafer
VP EMEA Services · Certified Auditor of AI Systems
Published Research
Read the Full Article in PECB Insights
Issue 51 examines how DORA, NIS 2, and the EU AI Act are reshaping compliance, security, and operational resilience across industries.