Search
Free Trial

Hongke's latest articles

HongKe

Add your title text here

I. Introduction: Strategic Changes at the Data Layer under the Critical Infrastructure Legislation

[Hongke Solutions] EU AI Act: How AI Literacy Training for Enterprises can be Realized

With the EU AI Act coming into force and entering into phased application, AI governance is moving from a 'self-regulatory proposal' to a 'regulatory imperative'. The Act adopts a gradual approach in terms of timeline: the AI Act comes into force on August 1, 2024, and is expected to be fully applicable on August 2, 2026; the "Prohibited AI Practices" and the "AI Competence Obligations" have been applicable since February 2, 2025, so companies must be able to account for the adequacy of their employees' AI competence and the measures taken by the company now.

I. The core requirement of the bill: AI literacy is "to do and to continue to do".

Article 4 of the EU AI Act explicitly requires that providers and deployers of AI systems must "take measures" to ensure, within their capabilities, that their employees and those who operate/use AI systems on their behalf have an adequate level of AI literacy, taking into account their technical background, experience, education and training, as well as the context in which the AI system is used and the target audience affected. This takes into account their technical background, experience, education and training, as well as the context in which the AI system is being used and who is being impacted.
 
The key here is not just to "teach a lesson", but to be able to go back to the language of management: do you have the segmentation design, do you have the frequency and tracking, do you have the training content aligned to the actual usage situation, and can you justify it when asked by the auditor/authority.

Turning AI Knowledge into Compliance: A Four-Level Training Framework

In order to make AI literacy training effective, it is recommended to use a four-layer structure of "from shallow to deep, from knowledge to behavior", which is in line with the idea of "according to the person, according to the situation, according to the target of influence" as required in Article 4.
 
  • Basic Cognitive Layer: Establish basic AI concepts, capability boundaries, and common misunderstandings to reduce operational and compliance risks caused by "over-trust" or "misuse of tools".
  • Risk Identification Layer: Enable employees to look at AI usage scenarios from a compliance risk perspective and know which scenarios are particularly sensitive and require upgraded controls.
  • Compliance Operations: Write company rules into actionable processes (e.g., which tools to use, which data not to lose, which outputs to manually review, and when to go through the approval process), so that the "policies" can really be put into practice.
  • Culture of Responsibility Layer: Transparency, fairness, accountability, and human oversight become work habits, especially in AI-assisted decision-making contexts.

Role differentiation: different departments have to learn different things about the same statute.

The essence of Article 4 is to "customize the curriculum to suit the needs of each individual". Therefore, it is recommended that the syllabus and depth of the course should be divided by roles, so as to avoid the same set of teaching materials for the whole company, which will lead to "learning but not using".
 
  • Employee-wide: Focus on safety and compliance guidelines for the day-to-day use of AI tools (e.g., sensitive data, output auditing, error and bias awareness).
  • Technical/Data teams: Enhance how compliance requirements become verifiable control points (risk of bias, record retention, transparency and governance interface) during development, deployment and maintenance.
  • HR/Legal Affairs: For highly sensitive decision-making scenarios such as recruiting and performance, strengthen the sensitivity of regulations and internal control processes on the matter of "people will be affected by AI".
  • Management: learns about governance: how to set up training systems, division of responsibilities, audit evidence and cross-departmental collaboration mechanisms to ensure that the company is really "taking action".

Use KnowBe4 for "Manageable, Trackable, Auditable" Training Operations

If an organization is already security-conscious or has a compliance training program in place, merging AI literacy into an existing platform is often the least laborious and easiest way to form a chain of evidence.
 
In terms of KnowBe4's Compliance Plus direction, it focuses on the delivery of compliance courses using KnowBe4's training platform and offers short, interactive modules, automated training activities and report tracking, with an emphasis on regular updates, so that you can turn training into a 'going concern' rather than a one-off project.
 
In addition, it is publicly available information that Compliance Plus has a library of "over 500 modules" and focuses on customizability, continuous updates and integration with the KnowBe4 platform for delivery, a structure that is more in line with the "contextual and personnel-driven" approach desired in Article 4.
Go to Knowbe4 product page

Other Articles
Hongke Case

Rainbow Solutions] Ali's Thousand Questions: How Redis Stream can tame tens of millions of streams in milliseconds?

AIGC has spawned a huge amount of information and news, and it is difficult for traditional message queues to support the high concurrency of tens of millions of information streams. This article explains how to combine Bloom Filter, Consumer Groups, and Vector Retrieval with Redis Stream to realize milliseconds content de-weighting, priority distribution, and real-time recommendation, which can solve the problems of feed stream delay and content homogenization.

Read more
HongKeTechnology May 28, 2026
Hongke Dry Goods

Redis + Graph Database: Bank AML and Anti-fraud Real-Time Risk Control Architecture

Banks dealing with AML and anti-fraud often face the tension between real-time decision-making and in-depth investigation. In this paper, we analyze how Redis (real-time scoring) and ArangoDB (graph database correlation analysis) can be perfectly divided into different roles and combined with Decisions to automate the process to meet the HKMA compliance guidelines and create a millisecond RegTech defense.

Read more
HongKeTechnology May 27, 2026
close menu icon

Contact Hongke to help you solve your problems.

Let's have a chat