To train contact center employees on the AI Act, you need to start with the AI literacy requirement that has been in effect since February 2, 2025. Every agent who works with AI systems must understand what those systems do, what risks they pose, and how human oversight works in practice. The training varies by role: agents, team leaders, and IT managers each have different obligations under the regulation. In this article, we answer the most frequently asked questions about AI Act training in a contact center, so you can get started right away. To learn more about how AI-driven technology is used responsibly, visit the page on AI-driven intelligence.
What does the AI Act require contact center employees to know?
The AI Act requires every employee who works with or makes decisions based on AI systems to have sufficient AI literacy. This means understanding what the system does, what its limitations are, how to recognize automation bias, and when human intervention is necessary. This requirement applies to deployers—that is, organizations that deploy AI—not just to developers.
The AI literacy requirement is set forth in Article 4 of the regulation and is already enforceable. This is not a non-binding recommendation, but a legal requirement. For contact centers, this specifically means that employees must know:
- Which AI systems they use on a daily basis, for example, for call routing, quality monitoring, or customer profiling
- What these systems can and cannot do, including their known limitations and margins of error
- How they can follow, adjust, or ignore an AI-driven recommendation or decision
- When they need to escalate a situation to a human colleague or supervisor
- That customers may, pursuant to Article 86, request an explanation of decisions influenced by a high-risk AI system
In addition, Article 26(7) requires deployers to inform employees before a high-risk AI system is put into use. Training is therefore not something that can be organized after the fact, but a prerequisite for putting the system into use.
Which AI systems in a contact center are covered by the AI Act?
Not every AI system in a contact center is automatically subject to the strictest rules of the AI Act. The regulation distinguishes between four risk levels: prohibited applications, high-risk systems, systems with limited risk, and systems with minimal risk. Most contact center AI falls into the latter two categories, but there are exceptions that require immediate action.
Systems that are likely to be classified as high-risk
High-risk AI in a contact center applies when the system falls under one of the eight domains listed in Annex III. Of particular relevance to contact centers are: systems used to provide access to essential services such as lending, insurance, or emergency calls, and systems that perform customer profiling. Profiling of natural persons is always high-risk, regardless of the domain used. Examples include AI that automatically creates a customer profile based on conversation behavior and uses that profile for prioritization or offers.
Low-Risk Systems and What That Means
Chatbots and virtual assistants that interact with customers generally fall under the transparency requirements for low-risk AI. Customers must be informed that they are communicating with an AI system. This is a less stringent requirement than that for high-risk AI, but it is enforceable. Emotion recognition in the workplace—for example, systems that analyze the mood of employees or customers—is explicitly prohibited unless a medical or safety exception applies. This prohibition has been in effect since February 2, 2025.
How does AI Act training vary by role in the contact center?
AI Act training is not the same for everyone. The regulation imposes different obligations on different roles, and an effective training program is designed to reflect that. Broadly speaking, there are three levels: frontline employees, team leaders and supervisors, and IT or compliance officers.
Frontline employees
Employees who work with AI-powered tools on a daily basis need to understand how those tools affect their work. They don’t need to be technical experts, but they do need to know when it’s appropriate to ignore an AI recommendation, how to inform a customer about the use of AI, and how to initiate an escalation. The focus is on practical action and awareness of automation bias: the tendency to blindly follow AI outcomes without critical scrutiny.
Team Leaders and Supervisors
Team leaders are responsible for assigning human oversight to AI-driven processes. Article 26 of the AI Act requires that deployers assign human oversight to competent and trained individuals. Supervisors must therefore not only understand how the systems work, but also know how to organize oversight, identify anomalies, and report them. They are also the first point of contact if a customer requests an explanation of an AI-driven decision.
IT and Compliance
IT managers and compliance officers have the most extensive training needs. They must maintain the AI systems register, determine the organization’s role (provider, deployer, importer, or distributor), retain logs for at least six months, and conduct a data protection impact assessment where required. They must also know when a system change could inadvertently make the organization a provider, with all the associated obligations that entails.
How do you set up an AI Act training program for your team?
You can build an effective AI Act training program for a contact center in four steps: assess, classify, train by role, and document. Don’t start with the training itself; instead, begin by creating a comprehensive overview of all the AI systems you use and the role your organization plays in them.
- Establish an AI registry. Document which AI systems you use, what they do, which vendor provides them, and what risk level applies. This inventory serves as the foundation for everything that follows.
- Determine your role for each system. Are you a deployer, an importer, or did you develop the system yourself? The obligations vary significantly. Deployers have fewer obligations than providers, but they are still responsible for proper use and human oversight.
- Develop role-specific training modules. Use the three levels from the previous section: frontline, supervisors, and IT/compliance. Make sure the content aligns with the day-to-day realities of each group, and use specific examples from your own contact center environment.
- Document the training. Keep a record of who completed which training and when. This is not just an administrative formality, but proof of compliance. Also, keep the user manuals provided by AI vendors, as deployers are required to use the systems in accordance with those instructions.
Repeat the training whenever there is a significant system change or when new AI tools are deployed. The AI Act requires that employees be informed before high-risk systems are put into use, so training must be part of your implementation process, not a separate activity carried out afterward.
What do you need to document to demonstrate compliance with the AI Act?
To demonstrate compliance with the AI Act, contact center organizations must maintain a combination of records, logs, and training documentation. The regulation imposes specific retention requirements on deployers, and in the event of an audit or complaint, you want to be able to immediately demonstrate that you have met your obligations.
The minimum documentation you must keep includes:
- AI Systems Registry: An overview of all AI systems in use, their risk level, vendor, and intended use
- Supplier Instructions: Keep the instructions provided by suppliers and document that you are using your systems in accordance with those instructions
- Logs of AI Decisions: For high-risk systems, there is a retention requirement of at least six months for automatically generated logs
- Training Records: Who took which training course, on what date, and covering what content
- Oversight Structure: Defining who is responsible for human oversight of which system
- DPIA Documentation: Where a Data Protection Impact Assessment is required, it must be demonstrably conducted
Under Article 86, customers or affected parties may request an explanation of decisions influenced by a high-risk AI system. Make sure you are actually able to provide that explanation, which means you must be able to reconstruct the system’s determining factors.
What are the consequences if contact center employees do not comply with the AI Act?
If a contact center organization fails to comply with the AI Act, it risks substantial fines and reputational damage. The fine structure has three levels: violations of the prohibited practices under Article 5 can result in fines of up to 35 million euros or 7% of global annual revenue; non-compliance with other obligations can result in fines of up to 15 million euros or 3%; and providing incorrect information to regulators can result in fines of up to 7.5 million euros or 1%.
In addition to financial penalties, there are also operational consequences. If a regulator determines that you are using a high-risk system without demonstrable human oversight or without the required employee information, the use of that system may be suspended. For a contact center that relies on AI-supported routing, quality monitoring, or self-service, this can directly impact operations.
Enforcement for high-risk Annex III systems will become mandatory as of August 2, 2026. That may seem like it’s still some time away, but the AI literacy requirement and the prohibitions under Article 5 are already in effect. In January 2026, Finland became the first country to grant enforcement powers to its national authority. Other member states are expected to follow suit soon. Delaying compliance is therefore a risk that your organization consciously takes.
How Pegamento Helps Ensure AI Act Compliance in the Contact Center
If you use AI in your contact center, you—as the deployer—are responsible for its proper use, human oversight, and demonstrable compliance with the AI Act. This requires more than just one-time training: it calls for a structured approach in which technology, processes, and people are aligned. We provide concrete support in this area, drawing on our expertise in Agentic AI for customer service. Agentic AI represents the evolution from task-based automation to self-thinking assistants that not only follow instructions but also take the initiative and act independently—always within the parameters set by your organization.
What we can do for you:
- Provide insight into which AI systems are in use in your contact center and what the associated risk level is
- Provide role-specific training support for frontline employees, supervisors, and IT managers
- Delivering AI solutions designed with human oversight as a starting point, not as an afterthought
- Set up documentation and logging so that you can demonstrate compliance in the event of an audit or complaint
- Get everything under one roof: from implementation to management and support, without complex supplier structures
We work with proven standard building blocks that we cleverly combine into a solution tailored to your organization and industry, without the need for costly custom development. Our approach is ISO 27001 certified (information security), supplemented by ISO 9001 and ISO 26000. Would you like to know where your contact center stands right now and what it will take to become AI Act-compliant? Get in touch, and we’d be happy to help you figure it out.
Frequently Asked Questions
Does the AI literacy requirement also apply to employees who use AI tools only indirectly, such as through a dashboard or report?
Yes, the requirement applies to any employee who works with or makes decisions based on AI systems, even if this is done indirectly. If a team leader uses management information generated by an AI system, this falls within the scope of Article 4. The training does not need to be technical in nature, but the employee must understand that the information is AI-generated, what the limitations are, and when it is necessary to ask critical follow-up questions or escalate the matter.
What if our AI vendor says its system is not high-risk AI? Can we, as a contact center, rely on that?
No, as the deployer, you cannot blindly trust a vendor’s classification. The ultimate responsibility for proper use lies with your organization. Check for yourself whether the system falls under one of the domains listed in Annex III, and pay specific attention to customer profiling and use in essential services. Document your own assessment in your AI registry, including the rationale, so that you can demonstrate during an audit that you made an independent assessment.
How often must AI Act training be repeated, and is there a mandatory minimum frequency?
The AI Act does not prescribe a fixed frequency for refresher training, but it does require that employees be informed before a high-risk system is put into use and whenever significant changes are made. In practice, this means that training must be a recurring part of your HR and implementation processes, not a one-time activity. An annual refresher course combined with a mandatory training session whenever a new or modified AI tool is introduced is a workable and demonstrably compliant approach.
What exactly is automation bias, and how do you recognize it in the day-to-day operations of a contact center?
Automation bias is the tendency of people to uncritically accept the output of an automated system, even if that output is incorrect or incomplete. In a contact center, this manifests, for example, when an agent adopts an AI recommendation for a customer solution without considering the context of the conversation, or when a supervisor does not question a quality score generated by an AI monitoring system. Training on this topic focuses on actively encouraging critical thinking: with every AI recommendation, ask yourself whether the outcome aligns with your own observations.
What should we do if a customer requests an explanation for an AI-driven decision based on Article 86?
As an organization, make sure you have a procedure in place in advance for these types of requests, so that employees know who to contact and what information needs to be available. The explanation must provide insight into the factors that determined the AI decision, such as what data was used and how heavily it was weighted. Frontline employees do not need to answer these questions themselves, but they must know how to correctly forward the request to the appropriate person within the organization.
When does a contact center organization inadvertently become a provider rather than a deployer, and why does that make such a big difference?
You become a provider as soon as you substantially modify an AI system—for example, by retraining it on your own data, changing the decision-making logic, or integrating the system in a way that falls outside the supplier’s original intended use. The difference is significant: providers have considerably more stringent obligations than deployers, including conformity assessments, technical documentation, and registration in the EU database. Involve your IT and compliance teams in every significant modification to an AI system to assess whether your role is changing.
How do you approach AI Act training in a contact center with high turnover and a rotating staff?
Make AI Act training a standard part of the onboarding program for new employees, so that compliance isn’t dependent on ad hoc training sessions. Use short, role-specific modules that can be completed quickly and are directly aligned with the tools an employee uses in their role. Ensure that training records are automatically tracked in your HR system so that, in the event of an audit, you can always provide up-to-date proof of compliance, regardless of staff turnover.


