Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Opera VPN

VERIFIED
VPN · Norway
Founded 1995 · opera.com/features/free-vpn ↗

Oslo-heritage browser VPN (Opera Norway AS) — Deloitte-audited free browser proxy + paid VPN Pro — but ultimately Chinese-controlled via Kunlun Tech (Opera Limited, Cayman/NASDAQ). Listed as a warning.

In short

Opera VPN, in the VPN category, offers EU hosting with Norway as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Opera VPN is the 'Norwegian outside, foreign inside' case in this category. The data controller and heritage entity is Opera Norway AS in Oslo (a 30-year-old Norwegian browser maker; the free browser VPN dates to 2016 via the SurfEasy acquisition), and the free in-browser VPN passed an independent Deloitte no-log audit (18 Jun–10 Aug 2024) confirming no logging of browsing activity or originating network address — so on a pure product-privacy axis it is defensible. But the ownership reality is the opposite of a sovereignty win: Opera Norway AS rolls up via Opera Services AS → Opera Holdings AS to Opera Limited, incorporated in the Cayman Islands and listed on NASDAQ (OPRA), which is in turn majority-owned and controlled by Kunlun Tech Co. Ltd. (Beijing-based, Shenzhen-listed; 69% stake), whose controlling shareholder Zhou Yahui is also Opera's executive chairman. The structural exposure is therefore dual and non-EEA: a minor US-nexus from the Cayman/NASDAQ listing, but material exposure to Chinese-law / non-EEA control of the ultimate parent — captured here as cloud_act_exposure: material (closest tier; the controlling jurisdiction is China, not the US). country_iso is kept as NO to reflect the Oslo operating entity / buyer-facing brand, with the Chinese control captured in ownership_signal + this rationale. The paid Opera VPN Pro (€4/mo, 6 devices) does not run on Opera's own fleet — it is a white-labelled third-party network (originally NordVPN, more recently reported to be ExpressVPN/Kape technology), neither EU-owned. Listed as a warning, not a recommendation: no EU/Norwegian sovereignty signal survives the Kunlun Tech control.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Opera VPN

Opera VPN is two products under one brand, both carrying the Opera name and its Oslo heritage. The free browser VPN is a no-registration, unlimited, browser-only TLS/HTTPS proxy built into the Opera browser, offering three broad regions (Americas, Europe, Asia) rather than country-level choice; it is a proxy for Opera browser traffic, not a full-device VPN tunnel, and lacks a kill switch. The paid Opera VPN Pro is a full-device VPN (Windows, macOS, Android — no native iOS/Linux app at audit) priced around €4/month with annual plans roughly 50% cheaper, 6 simultaneous devices, and a 30-day money-back guarantee. Crucially, VPN Pro does not run on infrastructure Opera owns: it is a white-labelled third-party network — originally NordVPN's servers, more recently reported (TechRadar) to be powered by ExpressVPN's technology — so the underlying fleet belongs to non-EU VPN consolidators.

On product privacy, Opera has a genuine credential: the free browser VPN completed an independent Deloitte no-log audit (engagement 18 June–10 August 2024) which verified that the infrastructure contains no logging functionality and collects no data about browsing activity or originating network address. Opera Norway AS is the named data controller, and the privacy statement describes both free VPN and VPN Pro as no-log services, with only a random subscriber ID shared with the third-party VPN Pro provider.

The reason this listing exists as a warning rather than a recommendation is the ownership chain — the cleanest 'Norwegian outside, foreign inside' example in the directory. Opera Norway AS (Oslo) is wholly owned through Opera Services AS and Opera Holdings AS by Opera Limited, a holding company incorporated in the Cayman Islands and listed on NASDAQ under OPRA. Opera Limited is in turn majority-controlled by Kunlun Tech Co. Ltd. — a Beijing-based, Shenzhen-listed Chinese technology group holding roughly 69% — whose controlling shareholder Zhou Yahui also serves as Opera's executive chairman. The 2016 acquisition by a Kunlun-led Chinese consortium is the moment the heritage Norwegian browser became a Chinese-controlled asset. For an EU/EEA sovereignty audit, none of the Norwegian heritage signal survives this: the ultimate decision-making and beneficial control sit under Chinese jurisdiction, the listed parent under Cayman/US-securities jurisdiction, and Norway itself is a member of the 'Nine Eyes' extended intelligence alliance. Best read: a usable free browser proxy with a real Deloitte audit, but the structural antithesis of a sovereignty pick. EU/EEA buyers wanting an actual sovereignty profile should prefer Mullvad (SE, founder-owned), OVPN (SE), ProtonVPN (CH, non-profit Foundation), or IVPN.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-06-12).
FEATURES

Capability matrix

Simultaneous devices 6 devices
Kill switch No
Audited no-logs Yes
Port forwarding No
Platforms Windows macOS Android
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €4/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    www.opera.com/legal…
    Open ↗
  • Terms of Service
    www.opera.com/terms…
    Open ↗
ALTERNATIVES

Alternatives in this category

AirVPN
Italy · Founded 2010
EU-SOVEREIGN

Italian hacktivist-founded VPN (Perugia, 2010), no-logs, port forwarding — but no longer serves Italian residents (Piracy Shield).

Public DPA Sub-processors Open source
FROM
€7/mo
CLOUD ACT
NONE
View profile →
AzireVPN
Sweden · Founded 2012
EU-HOSTED

Swedish privacy VPN (Stockholm, est. 2012) — Blind Operator, RAM-only, audited no-logs — acquired by Malwarebytes (US) 7 Nov 2024.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
View profile →
CyberGhost
Romania · Founded 2011
EU-BASED

Romanian-operated VPN (CyberGhost S.R.L., 2011) under Kape Technologies (UK; ex-Crossrider) → Unikmind/Teddy Sagi (IM) since 2023 — listed as a warning.

Public DPA Sub-processors Open source
FROM
€2/mo
CLOUD ACT
MINOR
View profile →
See all vpn alternatives →