Stéphane Donzé is the Founder and CEO of AODocs, with more than 20 years of experience in the enterprise content management industry.
getty
Europe is moving to formalize AI literacy under the EU AI Act. Whether that's the right approach is debatable, and more regulation won't fix how most organizations actually use AI day to day. However, the move does surface a real issue that most people are getting wrong.
When companies talk about AI literacy, they focus on the model. They train employees to write better prompts, roll out acceptable-use policies and run workshops on hallucinations and bias. All of that is useful, but none of it addresses where things actually break in practice.
Most people don't misunderstand AI in theory. They misunderstand it in practice, specifically the difference between finding a document that seems to answer a question and knowing which version of that document is actually correct. AI handles the first well. The second requires something it doesn't have on its own.
This gap is about to become harder to ignore. Under Article 4 of the EU AI Act, organizations must ensure a sufficient level of AI literacy among employees and anyone using AI systems on their behalf. The European Commission has been clear that this isn't a theoretical requirement and that literacy is expected to reflect the context in which systems are used and the risks they create in practice.
That's directionally right, but most organizations are reading it the wrong way—treating it as a call for more training sessions, guidelines and documentation about how models behave. The real failure mode has nothing to do with understanding how a model works.
AI is a retrieval and synthesis engine, not a source-of-truth engine. Ask a model a question, and it can identify relevant content with high accuracy, summarize it, rewrite it and make it sound authoritative. What it can't do on its own is determine which version of a document is approved, whether a file is outdated or superseded, whether two similar documents conflict or whether that content belongs in that context at all. That requires context the model doesn't have unless the system provides it.
In the enterprise, AI operates on top of documents, records, repositories, permissions and sensitive content—and that's where governance actually lives. It's also where most organizations already struggle.
Governance tends to get framed as something that wraps around the AI system itself—guardrails on prompts, restrictions on outputs, model-level controls. In reality, the most consequential decisions happen before anyone writes a prompt.
Every AI interaction starts with questions the model can't answer. Which document am I using? Is this the latest version? Am I allowed to use it here? Those questions determine whether the output is correct or risky, and they surface every time someone decides which document to upload into an AI system, every time internal content gets copied into a prompt and every time AI-generated output gets saved or shared without anyone thinking about where it came from or where it's going.
Every AI interaction is also an information interaction.
Most enterprises already struggle with information discipline, and that was true before AI arrived. Documents get duplicated across systems, permissions are applied inconsistently, outdated content sits alongside current versions with no obvious way to distinguish them, ownership is unclear and traceability is weak. AI doesn't fix any of that. It scales it.
The real literacy gap is about whether the information being used is correct, current and permitted. When the underlying content is unstructured, mis-permissioned or unreliable, AI amplifies those weaknesses rather than compensating for them. You can follow every AI policy on the books and still get the wrong answer if the input's wrong.
Most organizations treat AI literacy as a training problem, assuming that if employees understand the technology, they'll make the right calls in the moment. However, the failure mode isn't misunderstanding the model; it's trusting the inputs. You can teach someone to prompt well and still have them use the wrong document. You can explain hallucinations thoroughly and still have them trust an output built on outdated information.
Training creates awareness. It doesn't create control.
The NIST AI Risk Management Framework already points in this direction, stressing that AI risk has to be managed through processes, controls and continuous oversight embedded in how systems actually operate. If employees have to guess whether a document is safe or correct to use, governance has already failed.
AI literacy needs a different definition. It's not the ability to use AI tools but, rather, the ability to work responsibly with information inside AI-enabled workflows, and it depends heavily on whether systems make the right behavior the default.
That means defining and enforcing clear systems of record, ensuring access controls persist when information enters an AI workflow, maintaining traceability across inputs, transformations and outputs, and structuring information so the system can tell what's authoritative and what isn't.
Most organizations aren't ready for this—not because they lack AI tools or ambition but because they're building on an information foundation that was already broken. AI doesn't fix that. It makes the cracks visible faster, at greater scale, with higher stakes.
Regulation may push organizations to take AI literacy more seriously, but if that conversation stays focused on models instead of information systems, it misses the point. The problem isn't that people don't know how to use AI. Rather, it's that they don't know whether the information they're giving it is actually right.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。