Shadow AI & literacy
Article 4 of the EU AI Act requires that providers and deployers ensure their staff have a sufficient level of AI literacy. Meridian Blue ships a built-in literacy module and a shadow-AI detector that surfaces unauthorised model use across your environment.
Article 4 literacy
The literacy module is a short quiz covering the AI Act's risk pyramid, prohibited practices, the data-subject rights bundle, and how Meridian Blue's policy / appeal / oversight surfaces work. Completion is recorded against the user's account and shown in the dashboard.
Literacy API
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/literacy/quiz | Fetch the current quiz. |
POST | /api/v1/literacy/submit | Submit answers; stores a completion record on success. |
GET | /api/v1/literacy/status | Check the calling user's completion status. |
Reviewer literacy gate
Acting on the human-review queue requires a current literacy completion — the gate is enforced server-side at /api/v1/review/:id/decision. Reviewers without a completion get 403 literacy_gate until they pass the quiz.
Shadow-AI detection
The shadow-AI service flags requests where the prompt mentions a non-Meridian-Blue model (e.g. an employee pasting "ChatGPT said …" into an enterprise chat). Detected events feed the dashboard's Shadow AI page so security teams can intervene. The detector is heuristic-only today.