Cybersecurity Risk Management, Strategy and Governance	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Item 16K. Cybersecurity Cyber-attacks are prevalent in the internet and technology sector in which we operate. Supervised by the audit committee, our experienced management team is responsible for identifying, assessing and mitigating cybersecurity risks. Our overall approach aims to address cybersecurity risks collaboratively and through a cross-function approach as part of our broader risk management process, with a particular focus on safeguarding the confidentiality of end-user information with which we have been entrusted. This involves identifying, preventing, and mitigating cybersecurity threats, as well as promptly and effectively responding to any cybersecurity incidents that may arise. We employ a variety of strategies and measures to identify, assess and mitigate cybersecurity risks. Cybersecurity is the shared responsibility of every staff member and supported by our Security team, Global IT and various product teams. Our Security team promulgates security and data protection standards in the form of our Security Policy and related standards, guidelines and other documents. Global IT maintains our network infrastructure, manages our hosting providers and supervises use of third-party information systems in accordance with our security requirements. Our product teams design and operate software applications in accordance with our standards, each maintaining a “security champion” as point of contact for security related topics. For example: • Development Practices: Our Security team promulgates a Product Security Standard and related guidelines under our Security Policy. Product teams are expected to adhere to the standard by conducting the required security reviews by security champions, as well as automated scanning and product monitoring. The standard also provides instructions on secure development best practices and the implementation of security requirements in our software applications. • Infrastructure Security: Our Security team promulgates an Information Security Standard under our Security Policy. Global IT and other stakeholders are expected to implement the standard’s requirements relating to network access controls, password and authentication, and endpoint security. The standard also generally requires that the third-party collocation centers we use have a valid ISO 27001 certificate and that our servers are placed in special access zones. • Security Assessments: The Security team’s security engineers conduct periodic reviews of significant new and changed infrastructure elements, as well as risk assessments of new third-party service providers. • Penetration Testing & Bug Bounty: Our Security team conducts penetration testing of systems and leverages external resources by maintaining an active bug bounty program to encourage white hat hackers to identify and report to us security vulnerabilities in our systems. • Acceptable Use: To establish best practices in our organization and to address emerging threats, our Security team has also promulgated an acceptable use policy for staff members, as well as AI usage guidelines to govern the adoption of AI tools and services in our business. • Security Training: Our Security team periodically provides security awareness training to our employees, educating them about common cybersecurity risks, phishing attacks, social engineering tactics, and safe online practices. Select staff and team members are also provided incident response training to educate them on the proper procedures for handling security incidents when they occur. Despite the measures we have taken to protect our systems, our systems have in some cases been breached in the past and we cannot guarantee that, despite our reasonable efforts, they will not be breached again in the future. Board Oversight Pursuant to its charter, our audit committee has been delegated responsibility for discussing risk assessment and risk management with our management, as well as the actions management has taken to limit, monitor or control risk exposures, including with respect to cybersecurity threats. Management presents risk management issues to the audit committee on a quarterly basis. The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Our Board of Directors also includes additional directors with extensive experience in the internet and technology sector. See “Item 6. Directors, Senior Management and Employees.” For example, Director James Jian Liu sits on our audit committee and has over 20 years of experience in internet and technologies companies and holds a bachelor’s degree in computer science from Shanghai Jiao Tong University. The work of the audit committee is reported to our board on a quarterly basis. Management’s Role Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, and putting in place appropriate mitigation measures. The Opera Risk Management Standard describes our approach to identifying, assessing, and mitigating risks in general, including cybersecurity risks in particular. Likewise, management is responsible for providing prompt and timely information to our audit committee regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident when appropriate. Management is supported, in particular, by our Head of Security, Pawel Kurzelewski, who owns Opera’s security program, as well as our VP of Group IT, Mr. Krystian Zubel, who manages our systems administration department. Mr. Kurzelewski has over 20 years of security industry experience gained at Fortune 500 listed companies, as well as a master’s degree from Wroclaw University of Science and Technology complemented by professional certifications including Certified Information Security Manager (CISM), Certified Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA). Mr. Zubel has over 20 years of IT industry experience, as well as a master’s degree in computer science specializing in computer networks and systems from Wroclaw University of Science and Technology. Mr. Zubel has been managing Opera IT projects related to critical infrastructure at Opera for over a decade and reports directly to our CEO, Mr. Lin Song, who sits on our Board of Directors, has a bachelor’s degree in information systems from the University of International Business and Economics, and has worked for our group for over 23 years serving in various technical and leadership roles. Mr. Kurzelewski and Mr. Zubel work closely with other members of our management team on cybersecurity issues, including in particular our EVP of Browsers, Mr. Krystian Kolondra. Mr. Kolondra has worked at Opera for over 19 years and has a master’s degree in computer sciences from the University of Wroclaw. Material Incidents Cybersecurity incidents, including those affecting our third-party service providers, as well as data breaches, are reported in our internal ticketing system and handled in accordance with our Incident Management Procedure. In accordance with the procedure, incidents must be promptly classified and mitigated by the incident owner based on severity. Relevant product and IT teams, together with the Security team, conduct a post-mortem analysis of all incidents to document mitigation, lessons learned, and future actions to prevent a recurrence. Incidents categorized as critical (including any personal data breach or incidents with potentially material effects) are reported within 12 hours of classification to our CEO, General Counsel and CFO for materiality assessment and, where appropriate, reporting to our audit committee. Over the past financial year, cybersecurity threats or incidents have not materially affected or are not reasonably likely to affect us, including our business strategy, financial condition or results of operations, but we cannot provide assurance that we will not be materially affected by any such risks, threats or incidents in the future.
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Board Oversight Pursuant to its charter, our audit committee has been delegated responsibility for discussing risk assessment and risk management with our management, as well as the actions management has taken to limit, monitor or control risk exposures, including with respect to cybersecurity threats. Management presents risk management issues to the audit committee on a quarterly basis. The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Our Board of Directors also includes additional directors with extensive experience in the internet and technology sector. See “Item 6. Directors, Senior Management and Employees.” For example, Director James Jian Liu sits on our audit committee and has over 20 years of experience in internet and technologies companies and holds a bachelor’s degree in computer science from Shanghai Jiao Tong University. The work of the audit committee is reported to our board on a quarterly basis. Management’s Role Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, and putting in place appropriate mitigation measures. The Opera Risk Management Standard describes our approach to identifying, assessing, and mitigating risks in general, including cybersecurity risks in particular. Likewise, management is responsible for providing prompt and timely information to our audit committee regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident when appropriate. Management is supported, in particular, by our Head of Security, Pawel Kurzelewski, who owns Opera’s security program, as well as our VP of Group IT, Mr. Krystian Zubel, who manages our systems administration department. Mr. Kurzelewski has over 20 years of security industry experience gained at Fortune 500 listed companies, as well as a master’s degree from Wroclaw University of Science and Technology complemented by professional certifications including Certified Information Security Manager (CISM), Certified Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA). Mr. Zubel has over 20 years of IT industry experience, as well as a master’s degree in computer science specializing in computer networks and systems from Wroclaw University of Science and Technology. Mr. Zubel has been managing Opera IT projects related to critical infrastructure at Opera for over a decade and reports directly to our CEO, Mr. Lin Song, who sits on our Board of Directors, has a bachelor’s degree in information systems from the University of International Business and Economics, and has worked for our group for over 23 years serving in various technical and leadership roles. Mr. Kurzelewski and Mr. Zubel work closely with other members of our management team on cybersecurity issues, including in particular our EVP of Browsers, Mr. Krystian Kolondra. Mr. Kolondra has worked at Opera for over 19 years and has a master’s degree in computer sciences from the University of Wroclaw. Material Incidents Cybersecurity incidents, including those affecting our third-party service providers, as well as data breaches, are reported in our internal ticketing system and handled in accordance with our Incident Management Procedure. In accordance with the procedure, incidents must be promptly classified and mitigated by the incident owner based on severity. Relevant product and IT teams, together with the Security team, conduct a post-mortem analysis of all incidents to document mitigation, lessons learned, and future actions to prevent a recurrence. Incidents categorized as critical (including any personal data breach or incidents with potentially material effects) are reported within 12 hours of classification to our CEO, General Counsel and CFO for materiality assessment and, where appropriate, reporting to our audit committee. Over the past financial year, cybersecurity threats or incidents have not materially affected or are not reasonably likely to affect us, including our business strategy, financial condition or results of operations, but we cannot provide assurance that we will not be materially affected by any such risks, threats or incidents in the future.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Pursuant to its charter, our audit committee has been delegated responsibility for discussing risk assessment and risk management with our management, as well as the actions management has taken to limit, monitor or control risk exposures, including with respect to cybersecurity threats. Management presents risk management issues to the audit committee on a quarterly basis. The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, and putting in place appropriate mitigation measures.
Cybersecurity Risk Role of Management [Text Block]	The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Management is supported, in particular, by our Head of Security, Pawel Kurzelewski, who owns Opera’s security program, as well as our VP of Group IT, Mr. Krystian Zubel, who manages our systems administration department.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Director James Jian Liu sits on our audit committee and has over 20 years of experience in internet and technologies companies and holds a bachelor’s degree in computer science from Shanghai Jiao Tong University. The work of the audit committee is reported to our board on a quarterly basis.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Likewise, management is responsible for providing prompt and timely information to our audit committee regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident when appropriate.

Cybersecurity Risk Management, Strategy and Governance

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 16K. Cybersecurity

Cyber-attacks are prevalent in the internet and technology sector in which we operate. Supervised by the audit committee, our experienced management team is responsible for identifying, assessing and mitigating cybersecurity risks. Our overall approach aims to address cybersecurity risks collaboratively and through a cross-function approach as part of our broader risk management process, with a particular focus on safeguarding the confidentiality of end-user information with which we have been entrusted. This involves identifying, preventing, and mitigating cybersecurity threats, as well as promptly and effectively responding to any cybersecurity incidents that may arise.

We employ a variety of strategies and measures to identify, assess and mitigate cybersecurity risks. Cybersecurity is the shared responsibility of every staff member and supported by our Security team, Global IT and various product teams. Our Security team promulgates security and data protection standards in the form of our Security Policy and related standards, guidelines and other documents. Global IT maintains our network infrastructure, manages our hosting providers and supervises use of third-party information systems in accordance with our security requirements. Our product teams design and operate software applications in accordance with our standards, each maintaining a “security champion” as point of contact for security related topics. For example:

•

Development Practices: Our Security team promulgates a Product Security Standard and related guidelines under our Security Policy. Product teams are expected to adhere to the standard by conducting the required security reviews by security champions, as well as automated scanning and product monitoring. The standard also provides instructions on secure development best practices and the implementation of security requirements in our software applications.

•

Infrastructure Security: Our Security team promulgates an Information Security Standard under our Security Policy. Global IT and other stakeholders are expected to implement the standard’s requirements relating to network access controls, password and authentication, and endpoint security. The standard also generally requires that the third-party collocation centers we use have a valid ISO 27001 certificate and that our servers are placed in special access zones.

•

Security Assessments: The Security team’s security engineers conduct periodic reviews of significant new and changed infrastructure elements, as well as risk assessments of new third-party service providers.

•

Penetration Testing & Bug Bounty: Our Security team conducts penetration testing of systems and leverages external resources by maintaining an active bug bounty program to encourage white hat hackers to identify and report to us security vulnerabilities in our systems.

•

Acceptable Use: To establish best practices in our organization and to address emerging threats, our Security team has also promulgated an acceptable use policy for staff members, as well as AI usage guidelines to govern the adoption of AI tools and services in our business.

•

Security Training: Our Security team periodically provides security awareness training to our employees, educating them about common cybersecurity risks, phishing attacks, social engineering tactics, and safe online practices. Select staff and team members are also provided incident response training to educate them on the proper procedures for handling security incidents when they occur.

Despite the measures we have taken to protect our systems, our systems have in some cases been breached in the past and we cannot guarantee that, despite our reasonable efforts, they will not be breached again in the future.

Board Oversight

Pursuant to its charter, our audit committee has been delegated responsibility for discussing risk assessment and risk management with our management, as well as the actions management has taken to limit, monitor or control risk exposures, including with respect to cybersecurity threats. Management presents risk management issues to the audit committee on a quarterly basis. The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Our Board of Directors also includes additional directors with extensive experience in the internet and technology sector. See “Item 6. Directors, Senior Management and Employees.” For example, Director James Jian Liu sits on our audit committee and has over 20 years of experience in internet and technologies companies and holds a bachelor’s degree in computer science from Shanghai Jiao Tong University. The work of the audit committee is reported to our board on a quarterly basis.

Management’s Role

Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, and putting in place appropriate mitigation measures. The Opera Risk Management Standard describes our approach to identifying, assessing, and mitigating risks in general, including cybersecurity risks in particular. Likewise, management is responsible for providing prompt and timely information to our audit committee regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident when appropriate.

Management is supported, in particular, by our Head of Security, Pawel Kurzelewski, who owns Opera’s security program, as well as our VP of Group IT, Mr. Krystian Zubel, who manages our systems administration department. Mr. Kurzelewski has over 20 years of security industry experience gained at Fortune 500 listed companies, as well as a master’s degree from Wroclaw University of Science and Technology complemented by professional certifications including Certified Information Security Manager (CISM), Certified Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA). Mr. Zubel has over 20 years of IT industry experience, as well as a master’s degree in computer science specializing in computer networks and systems from Wroclaw University of Science and Technology. Mr. Zubel has been managing Opera IT projects related to critical infrastructure at Opera for over a decade and reports directly to our CEO, Mr. Lin Song, who sits on our Board of Directors, has a bachelor’s degree in information systems from the University of International Business and Economics, and has worked for our group for over 23 years serving in various technical and leadership roles. Mr. Kurzelewski and Mr. Zubel work closely with other members of our management team on cybersecurity issues, including in particular our EVP of Browsers, Mr. Krystian Kolondra. Mr. Kolondra has worked at Opera for over 19 years and has a master’s degree in computer sciences from the University of Wroclaw.

Material Incidents

Cybersecurity incidents, including those affecting our third-party service providers, as well as data breaches, are reported in our internal ticketing system and handled in accordance with our Incident Management Procedure. In accordance with the procedure, incidents must be promptly classified and mitigated by the incident owner based on severity. Relevant product and IT teams, together with the Security team, conduct a post-mortem analysis of all incidents to document mitigation, lessons learned, and future actions to prevent a recurrence. Incidents categorized as critical (including any personal data breach or incidents with potentially material effects) are reported within 12 hours of classification to our CEO, General Counsel and CFO for materiality assessment and, where appropriate, reporting to our audit committee.

Over the past financial year, cybersecurity threats or incidents have not materially affected or are not reasonably likely to affect us, including our business strategy, financial condition or results of operations, but we cannot provide assurance that we will not be materially affected by any such risks, threats or incidents in the future.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board Oversight

Management’s Role

Material Incidents

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

The audit committee is responsible for ensuring that our management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Director James Jian Liu sits on our audit committee and has over 20 years of experience in internet and technologies companies and holds a bachelor’s degree in computer science from Shanghai Jiao Tong University. The work of the audit committee is reported to our board on a quarterly basis.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Likewise, management is responsible for providing prompt and timely information to our audit committee regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident when appropriate.