AI Literacy and the Dutch Data Protection Authority’s Recommendations

Is your business ready for the AI Act? As of February 2, 2025, businesses operating in the EU must ensure that their employees are AI-literate in accordance with the AI Act. This means that anyone working with AI, whether developing, implementing, or using AI-driven tools, must have the necessary knowledge, skills, and ethical awareness to handle AI responsibly.

To help organizations meet these requirements, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens or AP) has issued practical guidelines on fostering AI literacy within your business.

What do the guidelines say?

The AP outlines four key steps for building AI literacy within a business:

Identify AI systems and risks

Businesses must first identify where AI is used and assess its risks to employees, customers, and society. A structured inventory of AI tools (a good starting point could be checking records of processing activities) helps pinpoint high-risk applications and align policies with best practices in AI governance. When assessing risks, also consider understanding the potential impact of AI systems on people and society. Then, review existing policy documents, initiatives or other relevant frameworks that support AI literacy within your business.

Set AI literacy goals based on risk levels and roles

Not all employees need the same level of AI expertise. Those involved in AI development or decision-making require in-depth training, while others may only need general awareness. Businesses should prioritize training based on AI risk levels and ensure key stakeholders (executives, managers, and compliance teams) have the knowledge to make informed decisions. Additionally, AI literacy should be tailored for different roles, including HR, IT, policymakers, and general employees, to ensure AI systems are used responsibly at every level.

Implement a structured AI literacy program

Once knowledge gaps are identified, it’s time to act. AI literacy programs could include hands-on workshops, training on AI ethics and legal compliance, and specialized sessions for employees working closely with AI. Large businesses may also appoint an AI officer to oversee training efforts and ensure continuous improvement.

Continuously evaluate and improve

AI is constantly evolving, and AI literacy should evolve with it. Regular audits, progress reviews, and updates to training programs will help businesses keep up with new regulations and emerging risks. A proactive approach ensures businesses remain compliant and prepared for the future. The AP encourages businesses to adopt a multi-year AI literacy action plan to ensure long-term sustainability and adaptation to new AI developments.

What’s next? More support from the AP

The AP continues to support businesses in developing AI literacy. Their latest guidelines are included in the fourth “AI & Algorithm Risks Report for the Netherlands (February 2025)”. Moving forward, the AP plans to share the best practices, provide ongoing guidance, and host industry-wide events to facilitate knowledge exchange and collaboration. The AI literacy framework is expected to evolve, so businesses should monitor AP’s updates for further clarifications.

How to get started

To align with the AP’s recommendations, businesses can take the following steps:

• Identify how AI is currently used and assess associated risks.
• Determine key stakeholders and define AI literacy goals based on roles and responsibilities.
• Develop a structured training program
• Integrate AI literacy into ongoing employee development initiatives with clear governance and oversight.
• Regularly review and update training to keep up with evolving regulations and technologies.

The AP stresses that there is no one-size-fits-all approach to AI literacy. Businesses should customize their strategy based on AI use, risk exposure, and business needs. By implementing a multi-year AI literacy action plan with executive commitment and budget allocation, businesses can ensure AI literacy remains a priority. Regular progress reviews help maintain a long-term commitment, rather than just a one-time initiative.

Conclusion: Act now to stay ahead

AI regulations are rapidly evolving, and the AP’s guidelines offer a solid framework. By taking proactive steps now, businesses can ensure compliance, mitigate risks, and develop a strong understanding of AI’s impact and potential across all levels.

If you’re looking for support, FIRST PRIVACY offers an AI Fundamentals Competency Training, designed to provide practical examples and clear action guidelines. This training is fully customized to align with your company’s unique needs and aesthetics and can be seamlessly integrated into your Learning Management System (LMS).

If you need AI literacy training, legal guidance on AI compliance, or an AI officer, our team is ready to assist you. At FIRST PRIVACY, we offer all-encompassing AI and data privacy services across Europe, delivered seamlessly from a single source.

You want to know more? Feel free to get in touch with us.

Your contact:

Cihan Parlar
Mail: cparlar@first-privacy.com
Phone: +31 20 211 7116