The opportunities afforded by the global information space give rise to the potential for the commission of new crimes –crimes such as hacking or denial of service attacks– and for existing crimes, such as speech offences or fraud, to be committed in new ways and with potentially larger consequences. One of the biggest challenges for the regulation of information and communications technology is that the global information space does not respect national boundaries. In order to be successful, any regulatory approach will call for some degree of cooperation between countries. This poses an obvious problem for those seeking to develop a regulatory structure. This challenge is particularly relevant in the criminal law context, as the criminal law has traditionally been considered to be the product and responsibility of national law. This article considers the EU’s regulatory approach in this area. The aim here is not to offer a critique of the EU’s regulatory structure in the context of cybercrime, but rather to use the situation in the EU to illustrate various issues arising in the context of the criminal law regulation of information and communications technology. This article examines some of the issues which have arisen in the context of the regulation of cyber activity at the EU level as a result of this tension between national sovereignty and broader overarching EU regulation and assesses the relevance of these issues in the context of criminal law regulation more broadly. Consideration of the processes of criminalisation and harmonisation provides the basis for an analysis of the manner in which the EU seeks to justify its involvement in criminal law in this field.