FORESIGHT
Austrian CIO Clemens Möslinger on sovereignty, resilience, and the realities of government IT
“In a crisis, the government must still be able to operate”
When Clemens Möslinger talks about digital resilience, he does not start with technology. He starts with responsibility. “If a company cannot operate during a crisis, it’s a problem for that company,” he says. “But when a crisis hits a country, everybody turns to the government. That means the government must always be able to operate.”
TEXT: SANDER HULSMAN IMAGE: European Resilience Summit
As CIO of the Austrian Federal Chancellery, Möslinger carries exactly that responsibility: ensuring that the government of Austria can function under any circumstances, including cyberattacks, geopolitical disruptions or even large-scale infrastructure failures. His perspective on digital sovereignty and resilience is therefore not theoretical. It is operational. And increasingly, it is European.
Clemens Möslinger recently participated in the European Resilience Summit in London, where he was part of the panel discussion ‘Resilience on the global scale’. He is also a member of the Advisory Board of ERS Vienna.
From paper courtrooms to digital government
Möslinger’s journey into government IT started in 2010, when he became CIO of Austria’s Constitutional Court. At the time, the organisation was still heavily dependent on paper-based processes. “The IT environment was basically from the 1980s,” he recalls. “Our task was to bring the Constitutional Court into the digital era.”
Over the next eight years, he led the transformation of the court’s processes, replacing paper workflows with digital systems. “We redesigned all the processes and created a completely digital workflow from lawyer to lawyer. There were no interruptions where you switch back to paper and then digital again.”
You cannot just install technology and expect everything to work. You have to understand the processes first
For the court system, the impact was significant. “Suddenly the whole legal process could run digitally. That changed the speed, efficiency and transparency of the system.”
The project also gave him deep insight into how complex public sector organisations operate. “You cannot just install technology and expect everything to work,” he says. “You have to understand the processes first.”
Building cybersecurity from scratch
In 2018, Möslinger was asked to move to the Federal Chancellery and establish a completely new department: cybersecurity. “At that time, there was no cybersecurity department in the Chancellery,” he explains. “So, my job was to build it.”
He became CISO of the Federal Chancellery and was responsible for strategic cybersecurity policy for the Austrian government. That included implementing the European NIS Directive and contributing to discussions around it. It did not take long before the role was tested. “We experienced the first really large cyber incident affecting the Austrian government,” he says.
The attack targeted the Ministry of Foreign Affairs and required a coordinated response involving government leaders, security agencies, and law enforcement. “It was the first big cyber crisis for the Republic of Austria. We learned a lot from that.” The experience reinforced a lesson that would later shape his thinking about digital sovereignty. “In a crisis, the government must be able to act immediately. There is no time to discover that systems are unavailable.”
From CISO to CIO
Last year, Möslinger became CIO of the Federal Chancellery, expanding his responsibilities beyond cybersecurity to the broader IT landscape of the Austrian government. The structure of that landscape is unusual. Austria currently has thirteen federal ministries. Under the constitution, each minister heads an autonomous organisation. “In Germany, the ministries are formally under the Federal Chancellery,” he explains. “But in Austria, every ministry is its own highest entity.”
We brought together the people who actually do the work not just the managers
That means the Chancellery cannot simply impose centralised IT policies. “Everyone can theoretically do what they think is best for their ministry.” Instead, coordination, and collaboration become essential. “We try to bring people together, share best practices, and align strategies,” he says.
Building communities across government
To strengthen collaboration across the public sector, Möslinger helped establish several networks connecting government technology leaders. These include CIO, CISO, and digitalisation communities where professionals from different ministries meet regularly to exchange experiences. One initiative he is particularly proud of is the creation of a federal cloud community. “We brought together the people who actually do the work (cloud architects, GDPR specialists, AI experts), not just the managers,” he explains.
The initiative has already grown beyond the federal government. Austria consists of nine regional states, known as Bundesländer. Initially the community focused only on federal institutions, but demand quickly emerged from the regional level. “So, we opened the community to the Bundesländer as well,” he says.
At a recent meeting, around eighty participants attended. “The feedback was extremely positive. People finally had the opportunity to exchange experiences and discuss real problems.” For Möslinger, the key to collaboration is simple: people need to know each other. “If you know someone personally, it becomes much easier to work together.”
Why sovereignty suddenly matters
While digital sovereignty has been discussed in Europe for years, Möslinger believes the geopolitical landscape has changed the urgency of the debate. “If you had asked me three years ago about our relationship with the United States, I would have said they are our friends,” he says. “But the world is changing.”
Concerns about geopolitical tensions, intelligence laws and technological dependencies are becoming more prominent. At the same time, many large technology vendors are moving their services entirely into the cloud. “They are ending on-premises options and forcing customers into cloud services,” he says. For governments, that can create uncomfortable dependencies.
How can we be sure that no backdoors are introduced, or that security fixes are delivered quickly and safely?
Building on that perspective, Möslinger also raises critical questions about the role of open-source communities in government environments. “Open-source communities are very important,” he says. “But who are these communities? Who are the people behind them, and how can we be sure they act in the interest of the common good?”
He points to potential risks when critical components are maintained by only a limited number of contributors. “Is that truly resilient? How can we be sure that no backdoors are introduced, or that security fixes are delivered quickly and safely?” For governments, he argues, this raises fundamental questions about trust, governance, and the need for continuous oversight of critical software components.
The blackout scenario
To explain his thinking, Möslinger often uses a simple scenario. Imagine a nationwide blackout. “If a private company cannot operate during a blackout, its competitor probably cannot operate either,” he says. “But when a crisis happens, the entire country looks to the government.”
That means government systems must remain operational even when other infrastructure fails. “If I move all our services into cloud data centres outside Austria, and the connection is gone, what happens?” He pauses for a moment. “Then the Chancellor goes on television and says: I’m sorry, we cannot manage the crisis because we cannot access our systems.” For Möslinger, that scenario is unacceptable.
Bringing critical systems back
As a result, the Austrian government is identifying critical services that must always remain operational. “These core services need to be as close to us as possible,” he says. In practice, that means moving certain systems back into government-controlled data centres.
At the same time, the government is exploring open-source alternatives to large commercial platforms. One example is the replacement of VMware with Proxmox. For Möslinger, Proxmox is just one example of a broader shift. “It’s an Austrian company based in Vienna, with development happening locally. We would be crazy not to use it,” he says.
Across the Austrian government, similar initiatives are emerging. The Ministry of Defence, for example, has rolled out LibreOffice across its organisation and actively contributes improvements back to the open-source community. The Ministry of Economics has adopted the Nextcloud stack, using its full suite of applications.
For Möslinger, the strategic value is clear. “The key factor is choice. I decide what I use, and if I no longer want to use it, I can switch. That decision should be mine, not dictated by a vendor.”
Not all services need to be treated the same way. “If the website of the Chancellery goes offline, it’s not ideal, but it’s not critical,” he explains. “But some services must always be available.”
If the private sector offers twice as much, it becomes very difficult to attract people
The real constraint: resources
Despite clear strategic priorities, implementation is not always straightforward. “Our biggest challenge right now is budget,” he says. Across Europe, government IT budgets are under pressure while technology costs continue to rise. “Many cloud services are becoming more expensive, while our budgets are shrinking.”
At the same time, governments struggle to compete with the private sector when hiring skilled professionals. “In government, salaries are fixed,” he says. “If the private sector offers twice as much, it becomes very difficult to attract people.”
Life as a security leader
Before becoming CIO, Möslinger spent eight years as CISO of the Federal Chancellery. It was a role that came with significant pressure. “There are things I can change, and things I cannot change,” he says. “You have to accept that you cannot solve every problem in the world.”
But some responsibilities cannot be ignored. “If my phone rings at night, I answer it. That’s part of the job.”
Looking beyond the Austrian bubble
While his work focuses on Austria, Möslinger believes resilience ultimately requires European cooperation. “Many countries still operate within their national bubbles,” he says.
Breaking those bubbles is one of the reasons he supports the European Resilience Summit (ERS) Vienna 2026. “I travel a lot and visit other governments because I want to see how they solve problems.”
He actively brings these insights back to Austria. “Last year, I organized visits for Austrian government CIOs to Germany,” he explains. “In Thüringen, we saw a highly automated open-source data centre, and in Schleswig-Holstein, the government has fully transitioned to open source.”
For him, these visits are essential. “It’s important to see how it can be done and to speak directly with the people who implemented it. Where did they face challenges, and what would they do differently next time?”
He also highlights the importance of supply chain visibility, pointing to the United Kingdom as an example. “The UK has a very detailed overview of its supply chains. That’s something we will all need in the future.”
Sharing those experiences across Europe is essential, he believes. “We all face similar challenges. If we collaborate and exchange ideas, we can become stronger together.” And that, ultimately, may be the real meaning of digital resilience. 
Clemens Möslinger & ERS Vienna
Clemens Möslinger is a member of the Advisory Board of ERS Vienna. This board includes many influential Austrian CIOs who work together on strategies for digital resilience and innovation. Read more about:
Visit ERS Vienna