The Grace Period Is Over
Article 4 of Regulation (EU) 2024/1689, the EU AI Act, has been in force since 2 February 2025. Across all member states, this creates a binding obligation: anyone providing or operating AI systems must ensure "a sufficient level of AI literacy" among their staff (Source: Regulation (EU) 2024/1689, Art. 4 (1)).
Our overview article on the EU AI Act addressed the what. This article addresses the how: what does training look like that will be accepted as proof of "sufficient AI literacy" during a supervisory or KZV inspection? And what is the appropriate training architecture for a dental practice in 2026?
"Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf ..." -- Regulation (EU) 2024/1689, Art. 4 (abbreviated)
What "Sufficient AI Literacy" Actually Means
The regulation is written for entire industries, not for individual practices. Recital 20 specifies that AI literacy is the ability to use AI systems competently and to be aware of the opportunities and risks. For a dental practice this translates into three competence dimensions:
- Technical understanding: what an AI system is, what it can and cannot do, where its training data comes from, what a hallucination is, what a false-positive finding means
- Application competence: how the actually deployed system is operated safely, where the clinician's review must apply, how to phrase patient information
- Risk awareness: which data protection, liability and regulatory consequences arise from using AI, how a data breach is detected and reported
The depth of these three dimensions depends on the role:
- Practice owner: all three dimensions in full, plus regulatory responsibility (data protection impact assessment, processing agreement, AI Act compliance)
- Treating dentist: all three dimensions, with emphasis on diagnostic correlation and patient information
- Dental assistant (ZFA / ZMP): application competence and day-to-day risk awareness; technical understanding at an orienting level
- Reception and administration: application competence and data-protection sensitivity for AI-supported scheduling or patient communication
A blanket "one-hour AI crash course for everyone" does not satisfy Art. 4. Training has to fit the role, and its depth has to be evidentiable.
What an Audit-Ready AI Training Has to Document
Supervisory authorities will look for three things during an inspection:
- Content: which topics were covered at what depth, ideally structured along the three competence dimensions above
- Participation and comprehension: who completed the training, when, for how long, with what test result? An attendance list alone is not enough; a short knowledge check is industry standard
- Currency: AI systems evolve. A 2024 training is no longer sufficient in 2026. Supervisory authorities expect an annual review and refresh, at minimum when the AI system itself changes
Structurally, the training documentation needs: a curriculum and module overview, a participant list, the time spent, a final knowledge check with a documented result, a certificate with an electronic signature, and a reminder for the next refresh.
What a Dental-Specific AI Training Has to Cover
A generic "AI awareness" course from the industrial sector misses the point. A dental training must cover the system classes that actually appear in a practice:
- AI-supported diagnostic imaging (caries detection, periodontal assessment on X-ray or CBCT): sensitivity and specificity calibration, finding correlation, liability questions
- AI reception systems and chatbots: GDPR-compliant patient communication, transparency obligation under Art. 50 EU AI Act, escalation paths
- AI-supported scheduling and practice PMS: data integration, processing arrangements, interface responsibility
- Voice assistants and dictation systems: capture and storage rules, BfArM classification when used medically
- Generative AI in the back office (letter drafting, research, marketing copy): confidentiality, hallucination risk, source traceability
These five classes cover practically every AI application a dental practice can run in 2026. A training that goes deep into at least three of them has a realistic chance of being recognised as "sufficient" by the supervisory authority.
Bodo Tech CE Course B: AI Literacy for Dental Practices
Our dental-specific compliance course is designed as a direct answer to Art. 4 and is being prepared for CME accreditation through the Westphalia-Lippe Dental Chamber (Zahnärztekammer Westfalen-Lippe). The course covers all five application classes above and is offered in four tiers, depending on practice need:
- Online (EUR 49 per person): self-paced learning, knowledge check, signed certificate. Target group: practice teams with limited AI use
- In-person (EUR 149 per person): half-day session with live demos, interactive discussion and a joint risk workshop
- Hands-on (EUR 490 per person): full-day format with real AI systems on a live setup, calibration, simulated false findings, escalation drills
- Security (EUR 590 per person): practice-owner format with DSFA development, DPA workshop, AI Act conformity matrix and a personal audit roadmap
All four tiers deliver the same compliance documentation: curriculum, knowledge check, signed certificate, refresh reminder, retrievable through the QM platform as a structured obligation record with GoBD-compliant archiving. How a digital QM system carries this obligation documentation systemically is described in our article on digital QM for dental practices.
Scientific Anchor
The course evolves with continuous scientific engagement on the topic. Bodo Tech founder ZA Utku Pul, MSc, is engaged with the application of AI in dentistry in an ongoing doctoral research process. The course modules reflect the current discussion within the relevant German professional bodies (DGZMK, BZÄK, KBV) and are updated continuously as new statements emerge.
To attend the course or to make a binding inquiry on behalf of your practice, reach us via the contact form or directly at kontakt@bodotech.de.
Frequently Asked Questions
Is a single online course enough to satisfy Art. 4 EU AI Act?
For practices with limited AI use, a qualified online course with a knowledge check can be sufficient, provided it is role-specific and documented with a signed certificate. For mission-critical AI applications -- in particular AI-based image diagnostics as a medical device -- the relevant statements recommend an additional in-person or hands-on component. Supervisory authorities will likely apply a risk-proportional standard rather than a uniform minimum.
When will federal supervision begin active enforcement?
The national market surveillance authorities in Germany -- the Bundesnetzagentur in cooperation with BfArM and BfDI -- are building their structures throughout 2025 and 2026. Active focused inspections are expected from 2026 and 2027 onwards. Practices should not, however, wait for the first fine, because the obligation has applied since February 2025 and breaches will be enforceable retrospectively.
Can my own training records from previous years count as AI literacy proof?
Earlier data protection, IT security or medical device trainings generally do not satisfy Art. 4 in full, because their content depth does not match the AI-specific risk profile. They can, however, be incorporated as legacy modules into AI literacy documentation if the overlapping content is documented. The additional AI-specific content has to be evidenced separately.
How much time do I have to budget for training per staff member?
Realistic ranges: 60-90 minutes for the dental assistant or reception role at low AI usage, 3-4 hours for treating dentists who actively use AI diagnostics, a full day for practice owners with additional responsibility for DSFA and DPA. Plus an annual refresh of approximately 30-60 minutes.
Who carries liability if AI-based diagnostics turn out to be wrong?
Medical liability fundamentally remains with the treating clinician, regardless of whether an AI system was used. The AI system is a diagnostic aid, not an autonomous decision-maker. A documented training and a demonstrated AI literacy are, however, central exonerating indicators in a dispute -- they show that all available diagnostic resources were used competently. The practice owner's regulatory responsibility for EU AI Act compliance remains separate from this.