What compliance training is legally required for UK employers?

UK employers face mandatory training obligations across several pieces of legislation. The Health and Safety at Work Act 1974 requires employers to provide adequate training to ensure employees can perform their roles safely. UK GDPR requires organisations to ensure staff who handle personal data understand their data protection obligations. The Equality Act 2010 does not mandate specific training but requires employers to demonstrate reasonable steps to prevent discrimination, which courts and tribunals increasingly expect to include training. FCA-regulated firms must meet Training and Competence requirements. From August 2025, the EU AI Act Article 4 adds an AI literacy obligation for organisations in scope.

How long do compliance training records need to be kept?

Retention periods vary by regulation. H&S training records should be kept for at least three years (some guidance suggests the duration of employment plus three years). GDPR training records should be retained while the employee is in post and for a reasonable period after, to evidence compliance during any regulatory investigation. FCA Training and Competence records must be kept for five years from the date the training was completed. For EU AI Act Article 4, no specific retention period has been set in guidance to date, but standard practice is to retain records for the duration of employment plus three to five years.

Does generic AI awareness training satisfy the EU AI Act Article 4 requirement?

Almost certainly not, if the training is not role-relevant and not mapped to the specific AI systems in use. Article 4 requires “sufficient” AI literacy — a standard that implies relevance and depth appropriate to the employee’s role and their exposure to AI systems. Generic awareness training that explains what machine learning is without reference to the AI tools the organisation actually deploys is unlikely to satisfy a regulator’s scrutiny, particularly for employees in roles directly affected by AI-assisted decision-making. Training needs to be specific, role-relevant, and properly evidenced with attestations.

Compliance Training

Compliance training in the UK: obligations, records, and best practice

A complete guide to compliance training in the UK: legal obligations, the EU AI Act Article 4 requirement, attestation records, and how to build an audit-ready compliance training programme.

Mike Bourke Co-founder, The Skills Partnership

Compliance training in the UK: obligations, records, and best practice hero image — AI-generated editorial hero image.

Compliance training in the UK: obligations, records, and best practice

Get monthly L&D and training updates