// Trust & Security Report

    Opera Norway AS (Opera Limited, parent - NASDAQ: OPRA) logo

    Opera Norway AS (Opera Limited, parent - NASDAQ: OPRA)

    Opera AI (formerly Aria) — a free, browser-integrated AI assistant with image generation, file analysis, YouTube transcription, and web summarization. Available in Opera browser (desktop and mobile) with no account required; optional login for extended features.

    Certifications held

    2

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Opera Group Limited has officially achieved ISO 27001:2022 certification, awarded by the British Standards Institution (BSI), marking a significant milestone in Opera's commitment to safeguarding information assets.

    Verify on channeleye.media
    GDPR Compliance
    HELD

    Opera Norway AS is subject to GDPR as a European company headquartered in Oslo, Norway. Privacy policy explicitly states GDPR compliance. Data Protection Officer: Lillian Blackadder (CIPP certified).

    Verify on opera.com
    > Show 3 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No public evidence of SOC 2 certification found on Opera's security portal (security.opera.com) or official documentation.

    source: security.opera.com
    HIPAA
    NOT CONFIRMED

    No HIPAA compliance claimed. Security research notes that processing sensitive healthcare data (patient portals, medical records) through Opera AI creates HIPAA violations due to OpenAI/Google data processing.

    source: seraphicsecurity.com
    PCI-DSS
    NOT CONFIRMED

    No PCI-DSS compliance. Processing payment card data or customer account information through Opera AI creates PCI-DSS violations.

    source: seraphicsecurity.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Europe (Norway); processing may transit through OpenAI (US) and Google (multiple regions) servers for inference

    Opera explicitly states: 'Opera AI does not use information that you provide in the AI chat, nor the content of websites that you are browsing, to train AI models.' However, chat data is processed by third-party providers (OpenAI, Google) for inference. OpenAI retains anonymized portions for 30 days; Google retains max 24 hours. Users advised not to input personal data, sensitive documents, or photos.

    // Security controls

    Chat Encryption in Transit & at Rest

    Yes — chat history encrypted on Opera servers, stored for 30 days. OpenAI/Google store anonymized portions per their policies (30 days and 24 hours respectively).

    help.opera.com

    VPN Service Audit

    Opera's VPN service independently audited by Deloitte and Cure53; no-log policy verified by Deloitte.

    help.opera.com

    Data Access Isolation

    Opera AI can only access data explicitly provided in chat or active tab/Tab Island. Browser data, other services, and background activity are inaccessible to the AI.

    help.opera.com

    Default Privacy Features

    Built-in ad blocking, third-party cookie blocking, VPN integration, certificate verification, crash report control, analytics opt-out.

    opera.com

    // Products & data scope

    Opera AI (Browser-Integrated)Generative AI / Browser Assistant

    data: Active tab/Tab Island content, user-provided text, image uploads (for analysis)

    Free tier (no account required); paid features available with login. Image generation, file analysis, YouTube video summarization, text translation, voice I/O. Processes data through OpenAI and Google APIs.

    // What to watch

    • ISO 27001:2022 certification is for 'Opera Group Limited' parent entity (September 2025); scope of applicability to specific products (browser, AI) not explicitly documented. Appears to be enterprise-wide certification.
    • Third-party data processing risk: Chat and web content processed by OpenAI and Google servers. While anonymized, users handle HIPAA/PCI-DSS liability when summarizing sensitive data.
    • No SOC 2 certification found; no HIPAA or PCI-DSS compliance claims. Not suitable for regulated industries handling healthcare/payment data.
    • No dedicated trust center or public security audit report published for Opera AI specifically.
    • Product is browser-integrated, not standalone SaaS; security posture tied to Opera browser security model.

    // At a glance

    Pricing model

    Freemium (free tier built into browser; premium features available)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Opera Norway AS (Opera Limited, parent - NASDAQ: OPRA)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    opera.com

    > Browse all vendor trust reports