After numerous intentionally wrongful acts, the EU’s leadership in promoting ‘an open, free, stable and secure cyberspace’ is now more critical than ever before. Does current international law apply to cyberspace and cybercrime? Or is a new cyber convention needed?