This article highlights the challenges for the global community when harmonizing substantive cybercrime legislation. At the example of EU-Directive 2013/40/EU and the Council of Europe's Convention on Cybercrime the benefits of a model law over a binding international treaty are pointed out. Protecting critical infrastructures is recognized as most crucial and their vulnerability of digital attacks with trans-boundary effects is identified. Eventually the EU-Directive is proposed as a potential model law for international harmonization regarding core cybercrimes.