The research paper discusses different issues of interpretation and qualification of illegal access to an information system (IS), taking into account international instruments and European Union legislation as well as the relevant case law of Lithuania. Analysis of criminal cases and legal regulation shows that such cases require an appropriate combination of the technical and legal sides of such criminal offences. In this context, it is also important that criminal liability for illegal access to an IS must be underpinned not only by the principles of technological neutrality and equivalent assessment but also must ensure respect for the ultima ratio (last resort) principle. It is this principle which in particular is the subject of considerable attention in the research paper in terms of over-criminalisation of illegal access to an IS. While solving the puzzle of technology and terminology alignment, the paper also explores the elements of illegal access to an IS. In the light of developments in Lithuanian case law, more emphasis is placed on the debatable infringement of security measures, as an element, and on possible interpretation of its content.