Skip to content
AISO Learn AISO Learn - Home
Part of AISO Group Take the Scorecard
Article 4 - Spoke

Article 4 vs Article 5 vs Article 50 obligations explained

Three articles that often get confused, with the boundary lines and the practical actions each one triggers.

TL;DR

Article 4 requires AI literacy across providers and deployers. It applies horizontally to every organisation in scope. Article 5 lists prohibited practices: AI systems that exploit vulnerabilities, perform unauthorised social scoring, or use real-time remote biometric identification in public spaces in most circumstances. Article 50 sets transparency obligations on providers and deployers of certain AI systems, including chatbots, emotion-recognition systems, biometric categorisation, and AI-generated synthetic content. The three are independent but compound: a generative-AI chatbot in HR triggers Article 4 (train the staff who run it), Article 5 (do not use it for prohibited purposes), and Article 50 (label outputs as AI-generated and disclose its nature).

Article 4 - AI literacy, horizontal obligation

Article 4 of Regulation (EU) 2024/1689 applies to providers and deployers of any AI system. The obligation is to ensure a sufficient level of AI literacy in the staff who design, configure, supervise, or use AI systems on the organisation’s behalf. The European Commission’s AI Act service desk confirms it has applied since 2 February 2025.

Practical action: a written training plan, role-tier curricula, attendance logs, refresher cadence. See the compliance checklist spoke.

Article 5 - prohibited practices

Article 5 lists eight categories of AI use that are prohibited outright in the EU. The most operationally relevant for organisations are:

  • AI that exploits the vulnerabilities of a person or group due to age, disability, or socio-economic situation in a way that materially distorts behaviour and causes harm.
  • AI for social scoring by public authorities or on their behalf where it leads to detrimental treatment in unrelated contexts or that is unjustified or disproportionate.
  • Real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes, except for narrowly defined circumstances.
  • Untargeted scraping of facial images from the internet or CCTV to build facial-recognition databases.
  • Emotion recognition in workplaces and educational institutions, except for medical or safety reasons.

The Digital Strategy framework page hosts the canonical scope. Article 5 has applied since 2 February 2025, the same date as Article 4.

Practical action: an annual review of in-house AI use against each prohibited category, with sign-off by the DPO or compliance lead. Document the review.

Article 50 - transparency

Article 50 sets transparency obligations for specific categories of AI system, primarily on providers and deployers:

  • Providers of AI systems that interact with people (chatbots) must ensure users are informed they are interacting with AI, unless this is obvious from context.
  • Deployers of emotion-recognition or biometric-categorisation systems must inform the natural persons affected.
  • Providers of generative AI systems that produce synthetic content must mark outputs as AI-generated in a machine-readable form.
  • Deployers of deepfake content must disclose that the content has been artificially generated or manipulated.

Portugal’s Government Digital Strategy flags Article 50 as the obligation most often missed by deployers, because organisations focus on Article 4 training and Article 5 compliance and overlook the per-output disclosure duty.

Article 50 obligations apply from 2 August 2026.

How the three interact

Take a concrete worked example. An organisation deploys an internal generative-AI assistant for HR queries. Three obligations attach:

  • Article 4. HR staff who use the assistant need role-specific training: how the assistant fails, how to spot it, when to stop relying on its output, what to log. Headcount in scope: HR plus IT supervision.
  • Article 5. The deployment must not slip into emotion recognition, biometric categorisation in employment contexts, or any prohibited social-scoring pattern. A scope review documents this.
  • Article 50. The assistant interface must inform users (employees) that they are interacting with AI. Generated content used in formal HR communication should be marked as AI-assisted.

University-led research at Instituto Superior Técnico and applied programmes at Nova IMS use this exact triple-obligation framing as the default lens for scoping enterprise AI deployments.

How AISO Learn helps

We integrate Article 4 training with the Article 5 scope review and the Article 50 transparency design in a single eight-week engagement, so the three obligations are addressed once instead of three times. See our team-engagement programme.

Talk through your AI Act scope