Secure AI Adoption for SMEs: Cybersecurity and the EU AI Act
- Description
- Curriculum
- Reviews
In today’s organisations, AI adoption and cybersecurity are increasingly inseparable. Many AI-related risks do not come from “using AI” itself, but from unclear responsibilities, hidden or informal AI use, weak data controls, over-reliance on AI outputs, poor supplier checks, and missing evidence when something goes wrong. This course equips learners with practical, intermediate-level skills to adopt AI tools securely, responsibly, and in line with the EU AI Act.
The course is structured in short, self-paced modules built around text-first flipbooks, knowledge checks, and realistic SME scenarios. Learners will follow the fictional SME BrightMarket Ltd. as it moves from informal AI use to structured adoption. They will learn how to identify AI tools in everyday business operations, understand basic AI Act roles, classify AI use cases, recognise AI-specific cybersecurity threats, apply proportionate controls, assess suppliers, monitor AI use, respond to incidents, and keep practical evidence.
By the end of the course, learners will be able to:
- Recognise where AI is used in SME operations, including hidden AI features and informal or unapproved AI use.
- Understand the basic EU AI Act roles that affect SMEs, especially the deployer role, and recognise when responsibilities may increase.
- Classify AI use cases using the AI Act risk-based approach, including lower-risk, transparency-related, potential high-risk, and prohibited-use concerns.
- Identify cybersecurity risks linked to AI systems, including data leakage, prompt injection, insecure integrations, excessive access rights, supplier risk, poisoning, model evasion, confidentiality attacks, hallucinations, and over-reliance.
- Apply proportionate controls for secure AI use, including approved tool lists, data rules, access management, output review, logging, monitoring, human oversight, and incident response.
- Assess AI suppliers before procurement or activation, including questions on purpose, data use, security, performance, human oversight, lifecycle changes, and incident notification.
- Produce a lightweight Secure AI Adoption Pack for one SME AI use case, including an AI inventory entry, risk classification sheet, supplier due diligence record, approval decision, monitoring log, and incident route.
The course is fully online and self-paced. It is designed for learners who already understand basic digital tools and cybersecurity concepts and want to apply them to real AI adoption contexts, particularly in SMEs, operational teams, project delivery, compliance support, IT/security roles, HR, marketing, and management.
-
2
AI Adoption, AI Act Essentials and SME ExposureThis section helps SMEs recognise where AI is already used in their organisation, understand basic AI Act roles such as deployer and provider, identify early cybersecurity exposure, and start building a first SME AI inventory.
-
3
Module 1 Knowledge Test: AI Adoption, AI Act Essentials and SME Exposure
Test your understanding of Module 1 through practical SME scenarios. You will check whether you can spot AI use, tell the difference between AI and ordinary software, recognise shadow or hidden AI, identify basic AI Act roles, and understand why an AI inventory is the first step towards secure and responsible AI adoption.
-
4
AI Act Risk Classification and SME Governance
This section helps SMEs classify AI use cases using the EU AI Act risk-based approach. Learners will understand how to define intended purpose, check prohibited-practice red flags, identify potential high-risk or transparency-related AI use, assign governance roles and document classification decisions.
-
5
Module 2 Knowledge Test: AI Act Risk Classification & SME Governance
Test your ability to classify AI use cases and make practical governance decisions in SME scenarios. You will check whether you can define intended purpose, spot prohibited-practice red flags, recognise possible high-risk or transparency-related AI use, assess material influence, and decide when an AI tool should be approved, restricted, escalated or documented.
-
6
Cybersecurity of AI Systems: Threats, Controls and Secure Use
This section helps SMEs understand the cybersecurity risks created by AI systems and generative AI tools. Learners will explore AI-specific threats such as data leakage, prompt injection, insecure plugins, poisoning, model evasion and confidentiality attacks, and will learn how to apply practical controls for secure AI use.
-
7
Module 3 Knowledge Test: Cybersecurity of AI Systems
Test your ability to recognise AI cybersecurity risks and choose the right controls in practical SME situations. You will check whether you can identify threats such as data leakage, prompt injection, insecure plugins, poisoning, model evasion and over-reliance on AI outputs, and apply secure-use measures for users, data, vendors, access, monitoring and incident response.
-
8
Compliance in Practice: Procurement, Monitoring, Incidents and Evidence
This section helps SMEs turn AI governance into practice. Learners will understand how to set up an AI procurement and approval process, check suppliers, define deployment conditions, monitor AI use, respond to incidents and prepare a lightweight Secure AI Adoption Pack.
-
9
Module 4 Knowledge Test: Compliance in Practice
Test your ability to turn AI governance into practical SME decisions. You will check whether you can review suppliers, choose the right approval conditions, monitor AI use, recognise reassessment triggers, respond to incidents and keep the evidence needed for secure and responsible AI adoption.
-
10
What to Keep from the Course
This final section summarises the key messages of the course and helps learners reflect on what they should remember before applying secure AI adoption in practice. Learners will review the most important lessons on AI governance, cybersecurity, human oversight, data protection, verification and accountability.
-
11
We Value Your Feedback!
